Privacy Policy

This Privacy Policy describes how Bois - FM s.r.o., Registered address: Příkop 843/4, Zábrdovice, 602 00 Brno, Registration Number: 224 84 752, support@boisfm.com (also referred to in this Policy as “we”, “our” or “us”) collect, use, and share information related to your use of our products, services, and the website. This Policy complies with the requirements of the European General Data Protection Regulation (“GDPR”) and seeks to establish the transparent, lawful, fair and secure handling of personal data of our customers and users.

This Privacy Policy explains what personal data we collect through our website and services, how and why we collect it, how we use it and what third parties we share it with. Additionally, it describes your personal data rights and how you may exercise them.

Secure storage and handling of funds you entrust with us as well as ensuring fairness, competitiveness, genuinity and transparency of the market and your Orders and Transactions are our first and foremost priority. We may revise this Privacy Policy from time to time but we will never do so in a manner that would compromise the importance of our mission. If any modifications are made to this Policy (and other policies, including Terms of Service), we will notify you of the changes via email and on this page.


1. Definitions

The following section covers the basic definitions used in this Privacy Policy. It describes what is meant by your personal data and who controls and processes your personal data.

1.1. Personal Data

“Personal Data” means any information that may be used to identify you as an individual, directly or indirectly. Such information includes your personal name, identification number, location data, and any information found online that may reveal your physical, genetic, mental, economic, cultural, or social identity.

1.2. Information about the Deceased

Personal Data requires a person to have legal capacity, meaning they can exercise their rights, give consent, and enter into agreements. Legal capacity begins at birth and is lost upon death. Therefore, in this Policy, any information related to a deceased person is not seen as Personal Data and is excluded from its meaning.

Nevertheless, we will ensure that your personal data collected from you during your life is kept securely and safely with us after your death. We will not share or disclose it in any manner that is not defined in this Policy or otherwise permitted by the GDPR.

1.3. Controller of your Personal Data

As defined in the GDPR, Bois - FM s.r.o. is the Controller of your personal data. It means that we determine what information we collect, how and why we collect it, how it is shared and disclosed, and what means we use to process this information.

1.4. Processing of your Personal Data

We use specific vendors and partners that are responsible for processing your personal information. For more specific information, please check out Section 8 to learn how your data is processed, what vendors we use for processing your personal data, and what countries we may send your data to for processing.
‍

2. Information We Collect
‍
To provide our Services and offer our Products, we must collect information about you.

2.1. Information that You Provide

This category includes content and information that you provide when you use our Services and Products. Bois - FM s.r.o. will never ask you to submit any information related to your racial or ethnic origin, sex life or sexual orientation, political opinions, philosophical or religious beliefs, biometric or genetic data, and trade union membership.

2.1.1. Account Registration

When you create your personal account, we may ask for your contact information, including your full name, personal address, e-mail address, and phone number. In addition, to further verify your identity for compliance measures imposed by us under the relevant legislative acts, such as Act No 253/2008 Sb. of 5 June 2008 on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism of the Czech Republic (the “AML/CTF Act”), we may collect the following personal information from you:
- Formal identification information, such as identity documents issued by the competent government authorities in the country of your domicile and/or birth, e.g., passport, national ID card, residence permit, and other relevant identification documents necessary to determine your identity.
- Financial information, such as bank account details, payment card information, transaction history, trading data, tax information, and other relevant details.
- Business information, such as incorporation certificates, extracts from commercial registries, VAT numbers, and information about the ultimate beneficial owners (UBOs), shareholders, and management board members.
- Employment information, such as job title, employer’s location, and job description.
- Transaction information, such as details of your transactions and recipients.

2.1.2. Communications

If you contact us directly, we may ask for additional information from you, such as your name, e-mail address, personal address, phone number, and other personal details. If you communicate with us, we will always state the reasons why we need this information from you.

2.1.3. Payment Information

Our Services allow users to opt for a desired payment method to execute Orders and Transactions via third-party payment processors. We do not store financial account details; they are handled by our payment processor.

2.2. Cookie Files

We use cookies on our website to gather information about user interaction with our Services. The information collected via cookies may include your use of website features, visit frequency, interactions with functionalities, and other relevant details.

Cookies are small text files stored in your web browser, allowing the Service or a third party to recognize you and improve user experience.
Cookies can be either:
- Persistent cookies (remain on your device even when offline)
- Session cookies (deleted when you close your browser)

2.3. Log Files

We use log files to store information gathered from your use of our Services. The information stored may include Internet Protocol (IP) addresses, browser type, operating system (OS), Internet Service Provider (ISP), referring/exit pages, landing pages, time and date stamps, and clickstream data. This information may be considered Personal Data under GDPR regulations.

2.4. Information from Partners and Third Parties

Our authorized partners may provide us with Personal Data collected from you. We ensure our partners have lawful rights to collect, use, and share your Personal Data before disclosing it to us.
‍
These partners include but are not limited to:
- Public Databases, Identity Verification Partners, and Credit Institutions: We gather information to verify identities per applicable laws, including name, address, employment information, credit history, and affiliations with restricted groups.
- Blockchain Data: We collect publicly available blockchain data to detect and prevent illegal activities, including those defined in AML/CTF Law.
- Marketing Partners, Advertisers, and Analytics Partners: We collect personal data from these entities to research user interaction and preferences regarding our Services and Products.


3. Anonymized Data

As defined by the GDPR, anonymization is a technique that alters personal information to the point where it can no longer be linked to an individual.

Bois - FM s.r.o. may use anonymized data for research, quality improvement of our Services, customer demand analysis, marketing, security vulnerability detection, and other business purposes.


4. How We Use Information

We use information we collect in various ways, including the following:
– Providing, operating and maintaining our Services;
– Processing payments, executing Orders, Trades and Transactions in a manner consistent with the rules of market fairness, trasparency, competitiveness, and genuinity;
– Detecting and preventing loss of funds, including losses occuring as a result of fraud and abuse of our Services;
– Ensuring compliance with the relevant laws and regulations to prevent anti-money laundering, terrorism financing, fraud and other financial crimes;
– Complying with the anti-financial crime regimes and obligations, regulated and imposed by the competent authorities of Czech Republic, such as the Financial Analytical Office (Finanční analytický úřad hereinafter, the "FAU");
– Communicating with you, including direct means or through our partners, to perform customer support activities, to inform you of the changes and updates related to the Services, to notify you of important information related to the Services and for marketing and promotion;
– Sending you e-mails, including notification e-mails, reminders and confirmations;
– Improving the quality of our Services;
– Conducting research and development related to our Services to develop new features and functionalities and introduce new products and services;
– Performing measurement and analytics activities to learn how our users interact with our Services and understand our users' behaviour and preferences;
– Promoting safety, security and integrity of your funds, our Services and data.


5. How We Share This Information

We may share the information we collect in various ways and with third parties.

5.1. Vendors and Service Providers

We provide information we collect to vendors and service providers that help us keep our business running. Such vendors include (but are not limited to) payment platforms, web and mobile analytics services, advertisers, partners in IT such as hosting and software providers, as well as sales and marketing products.

5.1.1. Non-EU/EEA Vendors

Please kindly note that some of our service providers are located outside of the EU/EEA area. For further information on how your data is handled when sharing it with third parties outside of the EU/EEA, please see Section 11 of this Policy.

5.2. Payment Platforms

As a merchant, we share your information with payment services and platforms such as Paytend Europe UAB, to process your transaction and complete your order. Payment providers like Paytend Europe UAB collect information specifically for the purposes of processing your transaction: for further details, please kindly visit their official website.
Bois - FM s.r.o. may forward your information to payment platforms in order to finalize your order; however, we never keep your payment information or use it in any way other than to process your transaction.

5.3. Identity Verification Services

We use third-party verification services such as SumSub - Sum and Substance Ltd. to verify your identity for the purposes of complying with AML/CTF Law legal requirements and to ensure the safety, transparency, and lawful nature of your activities. By using the services of our verification partners, we compare the personal information you or other third parties provide us with the information from the verification partners’ databases and/or public records.

5.4. Advertisers

To ensure you see the ads that may be of interest to you, we work with third-party advertising partners. These partners may receive information from us to personalize ads to fit your interests. They may also collect information about you and use it in accordance with their own privacy policies. We never sell your information to advertisers. Additionally, we make sure advertisers we choose are compliant with the GDPR and manage your information accordingly.

5.5. Partners that Work with Us

Due to the nature of our business, we communicate and establish business connections with various partners in the fields of banking, legal services, compliance, accounting, and other relevant fields. We may provide your information to them to ensure uninterrupted, accurate, and integral provision of our Services and commence activities that help us maintain our business activities.

5.6. Law Enforcement and Compliance

In some circumstances, we may need to disclose your personal information in accordance with the law and current regulations to law enforcement authorities, government officials, or other relevant third parties. It may be necessary in the case of court proceedings, compliance with a legal order, or other legal processes, as well as for the purposes of financial crime, money laundering, and terrorism financing prevention, if we have strong grounds to believe any natural or legal person to be involved in or associated with the said forms of crime.

5.7. Business Transfers

In cases of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets, or succession of Bois - FM s.r.o., your personal information may be disclosed to the new owner, acquirer, or successor of the company or other relevant third parties.


6. How We Secure This Information

At Bois - FM s.r.o., we understand the importance of keeping your personal information secure and integral, as any breach of personal data may lead to detrimental consequences for you and your funds. Therefore, we employ various physical, technical, and administrative safeguards to ensure the integrity, security, and confidentiality of your personal data.

Your personal information is secured with the help of the Transport Layer Security (TLS) protocol, designed to protect and secure your information from unauthorized access and breaches of privacy. TLS protocol is mainly used for encrypting the information exchanged between our website and servers. We also use TLS to encrypt all e-mails and messages exchanged with us. We use the latest and most secure version of TLS (v1.3) to date and make sure to update it if a more secure and reliable version is released in the future.

In addition, your transaction and other personal information are stored by us in an encrypted manner. Such encrypted data is stored and maintained with the help of our relevant service providers that ensure physical, technical, electronic, and administrative safeguards. Please note that some of these vendors may be located outside of the EU/EEA zone: to learn more about how your personal data is collected, stored, handled, and processed by such vendors, please read Section 11 of this Policy.

At the same time, even with all the security and safety measures imposed by us at all times, we cannot guarantee that your data may not be breached, accessed without authorization, or otherwise leaked. We ask you to acknowledge that a significant part of data security lies with you, and it is important to treat your personal data with diligence, attentiveness, and care. It is strongly recommended to:
- Use a strong password that includes a combination of letters, numbers, and special characters.
- Ensure your internet connection is secure (check for a lock symbol in the URL bar).
- Be cautious of fraudulent and compromised versions of our website maintained by unauthorized persons with malicious intent.

Should you become aware of any attempt to misuse your personal information through the above-mentioned or other means, or should you believe your personal information is not stored, handled, and maintained securely by us, please notify us immediately at support@boisfm.com


7. Retention of Personal Information

In compliance with the European General Data Protection Regulation (GDPR) and in line with the requirements set forth by regulators and financial supervisory authorities, we are committed to ensuring the secure and lawful storage of your personal information.

Your personal information is stored securely for as long as your account is active and thereafter for a period necessary to:
- Fulfill the purposes for which it was collected.
- Meet our legal and regulatory obligations.
- Preserve financial records.

Specifically, we retain customer information for a period of 5 years following the closure of your account or the last interaction with our services. This retention period complies with our obligations under anti-money laundering (AML), counter-terrorism financing (CTF) regulations, and other relevant financial supervisory requirements.

Retention periods for different types of personal information:
- AML/CTF compliance data → 5 years (to comply with financial crime prevention regulations).
- Marketing contact information → Retained until you withdraw consent (immediately deleted upon withdrawal).
- Call records & customer support communication → Up to 5 years (for quality control & regulatory compliance).
- Cookies & log file data → Up to 1 year (to improve user experience and service security).

We will review and anonymize or securely delete information that is no longer necessary for its original purpose or required by law.

For more details on our data handling practices, including how to access, correct, or delete your personal information, please refer to the “Rights of the Data Subject” section of this Policy.


8. Legal Basis and Legitimate Interests

Our legal basis to collect, use, and share your personal data varies depending on the context.
‍
The following are the situations in which we perform processing:
- When we have your consent, meaning you have read our data processing purposes and have agreed to them by giving your consent; such as in cases that include but are not limited to being subject to our marketing notifications and campaigns and granting your consent to use your personal information to enhance your experience of using our website and Services.
- When we need to perform a contract with you, meaning that your information is necessary to process and finalize your order or comply with the terms of any other contract we have entered into with you; to enforce the terms of this Policy and other agreements; to provide our Services; to provide customer service and support; to ensure the quality of our Services and communications.
- When we have a legal obligation to comply with, meaning that data disclosure is necessary to comply with the legal requirements set by law or legal order.
- When we have a legitimate interest, meaning that we process your personal data to operate and provide our Services, improve our Products, ensure proper security, and prevent illegal activities and misuse of your data. We only process data based on a legitimate interest when it does not override your fundamental rights.


9. Rights of the Data Subject

As a data subject, you have certain rights provided by the GDPR that you may invoke.

9.1. Access, Update, Correct or Erase Your Information

You have the right to request access to, update, correct, or erase your information. You may do so at any time by emailing us at support@boisfm.com.

9.2. Objecting to and Restricting Processing of Information

You may also exercise these rights at any moment by contacting us at support@boisfm.com.

9.3. Data Portability

If you wish to receive all the personal information we have collected from you to then provide it to another controller, you may do so by contacting us at support@boisfm.com.

9.4. Opt-Out of Marketing Messages

You have the right to opt-out of marketing messages at any moment. This can be done by clicking the ‘unsubscribe’ option in the marketing emails from us. You may also contact us at support@boisfm.com, and we will unsubscribe you.

9.5. Withdraw Your Consent

You may withdraw your consent for processing your personal information at any moment. Please note that the lawfulness of consent before withdrawal will not be affected.

9.6. Complaining to a Data Protection Authority (DPA)

You have the right to complain to the DPA of your country of residence about the collection and processing of your personal information by us.


10. Automated Processing and Decision-Making

We may employ automated tools to determine fraud or financial crime risks associated with any order, trade, transaction, or customer. However, we do not perform any decision-making based on fully automated processing, or processing that relies solely on machine-generated conclusions without human control, assessment, or intervention.

Similarly, we do not use algorithmic and automated systems to make decisions that have serious life-affecting consequences, except for the cases laid down by relevant data protection provisions.


11. International Transfer of Data

We strive to enhance the security of the personal information you entrust to us. Therefore, we opt for the most secure and diligent data processors. Some of these processors are located overseas outside of the EU/EEA area, in countries that have different regulations on personal data protection.

However, our partners follow the GDPR requirements and safeguards when receiving and handling your personal data.
- For transfers of information to and from processors located in the UK, the European Commission adequacy decision has been adopted, meaning that data may flow freely from the EU/EEA to the UK and back, as the EU considers the UK’s data protection regime equivalent to the GDPR.
- For transfers of information into the EU from other countries covered by the European Commission adequacy decisions, such as Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Japan, Jersey, New Zealand, Switzerland, and Uruguay, we comply with the local legal requirements and ensure specific arrangements for secure data transfers.
- For transfers of information to processors located in the US, we no longer rely on processors certified under the EU-US Privacy Shield Framework, as it was invalidated in 2020 by the decision of the European Court of Justice.


12. Children’s Privacy

We do not knowingly collect and process any personal information from children under 13 years of age. If we need to collect and process personal data of a child under 13, we require explicit consent from the child’s legal representative, such as a parent or guardian.

If you suspect that a child under 13 has provided us with their personal information without explicit consent, please contact us at support@boisfm.com.


13. Changes to the Policy

We may modify this Policy from time to time to adapt it to changing regulations and new developments. Changes will be posted on our Website. Additionally, we will notify you of changes via email.


14. Contact Information

If you have any questions or concerns regarding this Policy, your personal data rights, and how to invoke them, or any other questions about your personal information, please contact us at email: support@boisfm.com