We recognize that our visitors, users, and others who visit our websites (collectively ‘Users’) value their privacy. This document contains important information regarding the rules we follow in personal data processing.
We always process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’).
BASIC INFORMATION
Identification and contact details of the Provider:
| name | FAMILY ACE investiční společnost, a.s. |
| CRN | 22642463 |
| Registered office | Na příkopě 859/22, Nové Město, 110 00 Prague 1 |
| Email address | info@familyace.cz |
| Telephone number | +420 602 110 257 |
(hereinafter the ‘Provider’)
Data protection officer:
The provider has appointed a data protection officer who assists in resolving personal data protection issues. If necessary, the User can contact him directly. The data protection officer is available to answer questions regarding the handling of personal data, or to provide further information on personal data protection:
| Email address | info@familyace.cz |
| Telephone number | +420 602 110 257 |
Personal data transfer to a third country or international organization:
The Provider does not transfer personal data to third countries or international organizations pursuant to Art. 44 et seq. the GDPR.
Automated individual decision-making and profiling:
The provider does not perform profiling or automated individual decision-making.
Supervisory authority:
The supervisory authority in place of the Provider’s registered office is the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Prague 7, email address: posta@uoou.cz, tel. No.: 234 665 125.
Provider’s position:
The Provider only acts as the data controller.
THE PROVIDER IS THE DATA CONTROLLER
The Provider acts as the data controller in relation to the personal data of persons who send a request via the Provider’s website form.
What personal data does the Provider process, for what purpose and on what legal basis?
The data processed by the Provider is primarily from job applicants, customers, contracts concluded with customers, public sources and cooperating third parties. The purpose of processing personal data is to offer employment, products and services provided by the Provider, as the administrator and/or manager of the fund and/or sub-fund. Communication with customers and job applicants takes place through all channels, including electronically (email, web interface).
The Provider is also obliged to process personal data for the purposes of preventing money laundering and the financing of terrorism.
The Provider also processes data obtained from the User when the User visits the Provider’s website and fills out and sends the web form. When a user fills out and sends the web form on the Provider’s website, the Provider collects and processes the following types of personal data that are stored: email, first name and last name (if individual items of the form are filled in). The Provider also processes the following data: browser type and language, server requirements, including time data and referring URL. This data is necessary for the website to be displayed correctly. They may also be used as necessary to maintain the secure operation of the website and for other purposes described in this Privacy Policy. The Provider processes this personal data based on his legitimate interest or the User’s consent. Information about cookies is provided below.
Sensitive personal data
As a personal data controller, the Provider does not process personal data of Users in special categories of personal data pursuant to Art. 9 of the GDPR.
How long does the Provider process personal data for?
The personal data is only processed for as long as there is a legal reason for its retention, after which the data is immediately erased.
Personal data processed for the fulfilment of obligations arising from special legal regulations is processed by the Provider for the period specified in the relevant applicable regulations. This includes legal data retention or documentation obligations, particularly obligations relating to data retention arising from civil, commercial or tax regulations. If the data retention obligation expires, the personal data will be erased immediately.
Other personal data is processed for a period of: 6 months
Who can process personal data?
Personal data protection regulations allow the Provider to entrust the processing to a processor. If the Provider uses this procedure to process your personal data, he only does so if the personal data protection standards of the relevant processor are at least at the same level as those of the Provider, and if the processor meets the conditions set by law. Processors used by the Provider to process personal data particularly include the following:
- administrators of funds managed by the Provider;
- information technology providers or operators;
- marketing and market research agencies;
- depositaries that process them for the purpose of fulfilling their obligations arising from the performance of the activities of an investment fund depositary.
METHODS OF SECURING PERSONAL DATA
In order to secure the User’s data against unauthorised or accidental disclosure, the Provider uses reasonable and appropriate technical and organizational measures.
The Provider ensures that if servers are located in a data centre operated by a third party, similar technical and organizational measures are also implemented by this third party.
All data is only stored on servers located in the European Union or in countries that ensure the protection of personal data in a manner equivalent to the protection provided by the applicable regulations of the Czech Republic.
The provider uses the following data security procedures: Technical measures consist in the application of technologies that prevent unauthorised access by third parties to the User’s data, particularly the use of firewalls, updated antivirus programmes, etc. For maximum protection, the Provider uses data encryption. Operating systems in which personal data are processed and operating areas where personal data are processed are protected by physical and electronic protection consisting of controlled entry and access of employees, physical protection by persons, technical (mechanical means) and electronic security systems. Organizational measures constitute a set of rules of conduct for employees and are incorporated into the Provider’s internal regulations, which are considered confidential for security reasons. The adopted procedures aim to minimise the number of persons who have access to the personal data and the ability to handle it. All employee access to personal data, as well as the methods of handling it, are monitored and recorded.
USER RIGHTS
Every User has:
- the right to access personal data: Users have the right to ask the Provider whether or not their personal data is being processed, and if it is, they have the right to access this personal data and the following information:
- the purpose of processing;
- the category of processed personal data;
- recipients who will have access to the personal data;
- the planned retention period for the personal data;
- the right to request rectification, erasure of personal data, or restriction of their processing, or to object to the processing;
- the right to file a complaint with the supervisory authority;
- all available information about the source of the personal data, if not obtained from Users; the fact that automated decision-making, including profiling, is taking place.
The User also has the right to obtain a copy of the processed personal data.
2. The right to rectification of personal data: Users have the right to have the Provider rectify inaccurate personal data without undue delay, or to complete incomplete personal data.
3. The right to erasure of personal data: Users have the right to have the Provider erase their personal data without undue delay if:
- the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- the User withdraws his consent on the basis of which the data was processed and there is no other legal basis for the processing;
- the User objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data was processed illegally;
- the personal data must be erased to comply with a legal obligation of the EU or Member State law;
- the personal data was collected for the provision of information society services; however, the right to erasure does not apply if processing is necessary for compliance with legal obligations, for the establishment, exercise or defence of legal claims, and in other cases specified in the GDPR.
4. The right to restriction of processing: Users have the right to ask the Provider to restrict processing in any of the following cases:
- If the User disputes the accuracy of the personal data for the period necessary for the Provider to verify the accuracy of the personal data;
- if the data processing is unlawful and the User refuses the erasure of personal data and requests the restriction of its use instead;
- the Provider no longer needs the personal data for processing purposes, but the User requires it to determine, exercise or defend legal claims;
- the User has objected to the processing until it is determined whether the Provider’s legitimate reasons outweigh those of the data subject.
5. The right to object to processing: Users have the right to object to the processing of their personal data on the basis of a legitimate interest on grounds relating to their particular situation at any time. In this case, the Provider shall not process the personal data until he demonstrates compelling legitimate grounds for the processing that override the interests or rights of the Users, or to establish, exercise or defend legal claims.
6. The right to data portability: Users have the right to obtain their personal data given to the Provider in a structured, commonly used and machine-readable format, and the right to transfer this data to another controller, where: a) the processing is based on consent, and b) the processing is carried out by automated means. In exercising their right to data portability, Users have the right to transfer personal data directly from one controller to another, if technically feasible.
7. The right to file a complaint with the supervisory authority: If the User believes that the Provider is not processing his personal data lawfully, he has the right to file a complaint with the supervisory authority. The contact details of the supervisory authority are listed above.
8. The right to information regarding the rectification or erasure of personal data, or the restriction of processing: The Provider is obliged to notify individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data, or restriction of processing, except where this proves impossible or requires disproportionate effort. If the User requests it, the Provider shall inform them about these recipients.
9. The right to be informed of a personal data breach: If it is likely that a personal data breach will result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of this breach without undue delay.
10. The right to withdraw consent to personal data processing: If the processing of some of the personal data is based on consent, Users have the right to withdraw their consent to the processing of their personal data at any time in writing.
If Users wish to exercise any of the above rights, they can do so by sending an email to the following address: info@familyace.cz. This does not apply to the right to file a complaint with the supervisory authority; The contact details of the supervisory authority are listed above.
COOKIES
The Provider uses cookies, which are small text files that identify users of the Provider’s website and record their user activities.
The text in a cookie file often consists of a series of numbers and letters that uniquely identify the User’s computer, but do not provide any specific personal information about the User. A cookie file typically contains the name of the domain from which it was sent, age information, and an alphanumeric identifier.
The Provider’s website automatically identifies the User’s IP address. All this information is recorded in an activity file by the server, which allows for subsequent data processing. The provider also records the request from the browser and the time of the request, the status and the amount of data transferred as part of this request. It also collects information about the browser and operating system of your computer, as well as their versions, and the websites from which you accessed the Provider’s website. Your computer’s IP address is only stored for the duration of your use of the website, and then for as long as necessary. After their expiration, the IP address is erased or anonymised by truncation.
Types of cookies and similar technologies
Technical cookies and similar technologies: For the reason of his legitimate interest, the Provider uses technically necessary cookies that are needed for the operation of the website and to ensure its functionality. These can be persistent or session cookies. A persistent cookie remains on your hard drive even after you close your browser. Persistent cookies can be used by the browser during subsequent visits to the Provider’s website. Persistent cookies may be removed. Session cookies are temporary and are erased once the browser is closed. The Provider uses this data to operate the website, particularly to identify and resolve errors, to determine website usage, and to make adjustments or improvements. These are data processing purposes for which the Provider has a legitimate interest pursuant to Art. 6(1)(f) of the GDPR.
Users can block these cookies in their browsers settings. The provider warns that if they do so, some parts of the website will not function properly. The Provider uses the WebStorage listed in the table below in the same way and for the same reasons.
The Provider uses the WebStorage listed in the table below in the same way and for the same reasons.
With the User’s permission, the Provider also uses other cookies:
Analytical cookies and similar technologies: These cookies help the Provider analyse how Users use the website. They can be used to measure and improve website performance. These cookies show how the User came to the website, whether directly, through a search engine or via a link on social media. They also show the Provider how long Users stay on the page and what links they click on.
These cookies are only set on the User’s device if they give their consent during their first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Analytical cookies can be rejected at any time by making a change in the cookie settings.
The Provider uses the WebStorage listed in the table below in the same way and for the same reasons.
Advertising cookies and similar technologies: Advertising cookies allow us to display ads based on the User’s preferences. They can be used to allow the Operator to create a profile of the User’s interests and to display relevant ads to the User.
These cookies are only set on the Users’ device if they give their consent during their first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Advertising cookies can be rejected at any time by making a change in the cookie settings. If the User does not consent, he will not receive content and ads tailored to his interests.
The Provider uses the WebStorage listed in the table below in the same way and for the same reasons. To obtain and manage the User’s consent, the Provider uses the CookiesLišta.cz platform from Soft Evolution s.r.o., CRN: 46982230, Martinice 100, 594 01 Velké Meziříčí. This platform collects device information, browser information, anonymised IP address, the date and time of visit, requesting URLs, website path, and geographic location. This makes it possible to inform Users about the Provider’s web environment and to obtain, manage and document their consent. The legal basis for data processing is Art. 6(1)(c) of the GDPR, as the Provider is legally obliged to provide proof of consent pursuant to Art. 7(1) of the GDPR. The data will be erased as soon as it is no longer needed for logging and there are no legal retention requirements. For more information on the topic of personal data protection by the platform provider, visit: https://www.cookieslista.cz.
The Provider’s website may also contain third-party cookies. The provider uses the following cookies:
| Processor | Cookies designation | Personal data | Purpose of processing | Legal Reason | Processing time |
|---|---|---|---|---|---|
| Technical cookies / similar technologies | |||||
| FAMILY ACE investiční společnost, a.s. | dcb_dsv | no | Version of consent to the processing of cookies. | legitimate reason | local storage / 365 days |
| FAMILY ACE investiční společnost, a.s. | dcb_config | no | Configuration of consent to the processing of cookies. | legitimate reason | local storage / 365 days |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | cookiePreferences | no | Registers the user's cookie preferences. | user consent | 2 years |
| Analytical cookies / similar technologies | |||||
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga | no | ID used to identify users | user consent | 2 years |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga_ | no | ID used to identify users | user consent | 2 years |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gid | no | ID used to identify users for 24 hours after the last activity | user consent | 24 hours |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat | no | Used to track the number of Google Analytics server requests when using Google Tag Manager | user consent | 1 minute |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _dc_gtm_ | no | Used to track the number of requests from the Google Analytics server | user consent | 1 minute |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | AMP_TOKEN | no | It contains the token code that is used to retrieve the client ID from the AMP Client ID service. | user consent | 30 seconds to 1 year |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat_gtag_ | no | It is used to set up and get tracking data. | user consent | 1 hour |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gac_ | no | It contains information related to the user's marketing campaigns. These are shared with Google AdWords/Google Ads when Google Ads and Google Analytics accounts are linked. | user consent | 90 days |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utma | no | An ID used to identify users and sessions. | user consent | 2 years after last activity |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmt | no | It is used to track the number of requests from the Google Analytics server. | user consent | 10 minutes |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmb | no | It is used to differentiate between new sessions and sessions. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated each time data is sent to the Google Analytics server. | user consent | 30 minutes after the last activity |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmc | no | It is only used with old versions of Urchin Google Analytics, not with GA.js. It is used to differentiate between new sessions and sessions at the end of the session. | user consent | End of session (browser) |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmz | no | It contains information about the traffic source or campaign that directed users to the website. The cookie is set when the GA.js javascript is loaded and is updated when data is sent to the Google Analytics server. | user consent | 6 months after last activity |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmv | no | Custom information for web developers is received through the _setCustomVar method in Google Analytics. The cookie contains new updates as well as new reports on the Google Analytics server. | user consent | 2 years after last activity |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmx | no | It is used to determine whether a user is included in an A/B test or a multivariate test. | user consent | 18 months |
| Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmxx | no | It is used to determine when an A/B or multivariate test in which the user participates ends. | user consent | 18 months |
Browser cookie settings
Most browsers accept cookies automatically. However, certain controls can be used to block or remove them.
Instructions for blocking or deleting cookies in browsers can usually be found in the privacy policy or help documentation of individual browsers.
Log files
The User’s browser automatically reports certain information each time the Provider’s website is viewed. Servers automatically record certain information that a web browser sends each time you visit a website. These server logs (‘log files’) may contain information such as the web request, IP address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, number of pages viewed and the order of those pages, the amount of time spent on certain pages, the date and time of the request, and one or more cookies that can uniquely identify the browser.
Social media
The Provider is on social media to communicate with customers, interested parties and logged in users, and to inform them about his offers.
The Provider emphasizes that Users use these platforms and their functions at their own risk. This particularly applies to the use of interactive features (e.g. commenting, sharing, rating). The Provider bears no responsibility for the handling of this personal data and points out that personal data may also be processed outside the European Union.
FINAL PROVISIONS
The Provider will update this Privacy Policy in the event of any changes. The up-to-date version of the Privacy Policy will always be available on the Provider’s website. If there is a significant change in the methods of handling personal data in this Privacy Policy, the Provider shall inform the User of this by posting a visible notice before implementing these changes.
Latest update on 30 April 2025