Patrimoniando is a software application that assists clients in organizing their investments. Our online platform allows investors to track their assets, monitor their stocks, view dynamic reports on their financial assets, and keep track of the performance of investment funds, among various other user-friendly features.
In order to achieve the stated objectives, we process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Thus, we seek to ensure that by providing information through our Website, Mobile Application, and related services, users are subject to the conditions of collection, use, storage, and sharing of personal data as outlined in this document.
As transparency is paramount in all our processes, we present the Privacy and Data Protection Policy to help you understand in a straightforward manner how we handle and process your personal data.
We kindly request that you read this Policy carefully. Our goal is to make it accessible and clear for your understanding. However, if you have any questions, please do not hesitate to contact our Data Protection Officer at the following email address:
This Privacy and Data Protection Policy aims to demonstrate to you, as the data subject, how Patrimoniando values your privacy and handles your data. We are committed to respecting and safeguarding your privacy and comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
Through this Policy, we provide simplified explanations for all matters related to the processing of personal data. Our principles and values revolve around transparency, accountability, and privacy by design and default, ensuring that your personal data is handled securely and responsibly.
PERSONAL DATA AND DATA PROCESSING
- What is personal data: Personal data refers to any information related to an identified or identifiable natural person;
- Identified personal data: These are data directly linked to the person who possesses them, allowing their identification. Examples include full name, Tax ID, driver's license, and other information that directly identifies an individual;
- Identifiable personal data: These data do not directly lead to the recognition of the person who possesses them. However, within a context of information, it is possible to reach their identification. For example, the computer's IP address, profession, marital status, residential address, and other information that, when combined or analyzed with other data, can lead to the identification of an individual;
- Data processing: Data processing refers to any operation performed involving personal data, including but not limited to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or extraction.
We process personal data based on the lawful basis specified in the GDPR, such as obtaining consent from the data subject or pursuing legitimate interests in a manner that respects your privacy rights.
DATA PROCESSING AGENTS
Controller: The controller refers to the company that processes personal data for its own purposes and determines what will be done with the data. In this Policy, the data controller is Giox Technology GmbH, a legal entity registered in Germany - Amtsgericht Charlottenburg (Berlin) under the number HRB 235751 B, with our headquarters at Pappellallee 78-79, Berlin, Germany.
Processors: Processors refer to third parties that process personal data on behalf of the controller. At Patrimoniando, we engage with companies that ensure the implementation of necessary measures for the protection of processed personal data. We have established privacy rules and agreements with these processors to ensure the security and confidentiality of your personal data.
Data Subjects: Data subjects are the individuals to whom the personal data relates. In this case, it refers to you.
Data Protection Officer (DPO): The Data Protection Officer, also known as DPO, is the person responsible within the company for overseeing compliance with data protection laws and ensuring the privacy and security of information. The DPO is also responsible for handling data subject requests and serving as a communication channel with the Data Protection Authority.
PURPOSE OF DATA PROCESSING
- Customer Contact: We process personal data to establish communication with our customers;
- Account Creation: Personal information is required to create an account on our platform;
- Content Delivery: We use personal data to share relevant content with customers through our various platforms, including our Blog, Instagram, YouTube, Email, and Telegram;
- Contact with Potential Customers and Interested Parties: We may contact individuals who have participated in our campaigns or events, as well as referrals that arise from these activities;
- Service Provision: Personal data is processed to provide the services offered by our software, utilizing the asset-related information provided by the data subject;
- Statistical Analysis: We process navigation data for statistical analysis purposes to assess the effectiveness and usability of our platform;
- Collection of Feedback, Suggestions, and Complaints.
DATA PROCESSED BY US
- For customer contact, we process the following information: Name; Phone number; Email address;
- Account Creation on the platform: We collect the following information for account creation: Name; Email address; Password; Photo;
- In order to promote our content and services, we may process personal data to send communications. The processed data may include: Name; Phone number; Email address; and other information provided by you during campaigns to receive the most relevant content.
METHODS OF DATA COLLECTION
- Directly from the customer: We collect personal data directly from our customers when they provide information during registration, account creation, or when contacting us;
- Marketing campaigns: We may collect personal data through marketing campaigns, such as surveys, promotions, or contests;
- Data publicly made available: We may collect personal data that is publicly available, such as professional or business contact information;
- By filling out our contact or personal data request form on the website: We collect personal data when individuals fill out our contact or personal data request forms on our website;
- Registration for downloading content from our platform: When individuals register to download content from our platform, we collect personal data to provide access to the requested content;
- Referrals from our business partners: We may receive personal data from our business partners when they refer individuals to our services.
At Patrimoniando, we are committed to following the principles of the General Data Protection Regulation (GDPR) in all our data processing activities. We adhere to the guidelines of 'Privacy by Design,' which means that all our services are designed with user privacy in mind at every stage, and 'Privacy by Default,' ensuring that the most secure configuration is always applied by default. Below are the principles we uphold:
- Purpose limitation: We collect and process personal data for specified, explicit, and legitimate purposes. We ensure that data is not processed in a manner incompatible with these purposes;
- Data minimization: We only collect and process personal data that is necessary and relevant for the purposes defined. We strive to minimize the amount of personal data collected and stored;
- Data adequacy: We ensure that the personal data we collect and process is accurate, complete, and up-to-date. We take reasonable steps to rectify or delete inaccurate or incomplete data;
- Security: We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. We regularly assess and update our security measures to maintain data security;
- Prevention: We take measures to prevent unauthorized disclosure or access to personal data. Access to personal data is restricted to authorized personnel and is granted on a need-to-know basis;
- Accountability and transparency: We are accountable for our data processing activities and are transparent about how we handle personal data. We provide clear information about our data processing practices through this Privacy and Data Protection Policy;
- Transparency: We provide individuals with clear and concise information about our data processing activities, including the purposes of processing, the types of data collected, and the rights of individuals regarding their personal data;
- Access and rectification: We respect individuals' rights to access their personal data and, upon request, provide them with access to their data and the ability to rectify any inaccuracie;
- Data quality: We strive to ensure the quality and accuracy of personal data we collect and process. We take steps to maintain data integrity and promptly update or delete inaccurate or outdated data;
- Non-discrimination: We do not discriminate against individuals based on the exercise of their data protection rights. We treat all individuals equally and fairly, regardless of their data protection choices.
By adhering to these principles, we aim to protect the privacy and rights of individuals whose personal data we process.
COOKIES AND TRACKING TECHNOLOGIES
We take the security of your personal data seriously and have implemented various measures to protect it from unauthorized access, disclosure, alteration, or destruction. Here are some of the security safeguards we have in place:
- Data Encryption: We use encryption techniques to secure your personal data during transit and storage. This ensures that your data remains confidential and protected from unauthorized access;
- Access Controls: We have implemented strict access controls to limit access to personal data to only those employees or authorized individuals who have a legitimate need to access it. Access is granted based on the principle of least privilege, ensuring that individuals only have access to the data necessary for their specific roles and responsibilities;
- Secure Storage: We store personal data in secure environments, such as encrypted databases or secure cloud storage, with appropriate access restrictions. This helps prevent unauthorized physical or electronic access to the data;
- Regular Data Backups: We perform regular backups of personal data to ensure its availability and integrity. These backups are securely stored and can be restored in the event of data loss or system failures;
- Employee Training: We provide regular training to our employees on data protection, security best practices, and their responsibilities regarding the handling of personal data. This helps ensure that our staff members understand the importance of data security and are equipped to handle personal data appropriately;
- Incident Response: We have established an incident response plan to address any potential data breaches or security incidents. This plan includes procedures for identifying, reporting, and responding to security breaches, as well as mitigating their impact and preventing future incidents;
- Security Audits and Assessments: We conduct regular security audits and assessments to identify vulnerabilities in our systems and processes. These audits help us identify areas for improvement and implement necessary security measures to enhance data protection.
While we take reasonable precautions to protect your personal data, it is important to understand that no method of transmission or storage is 100% secure. We cannot guarantee the absolute security of your data, but we continuously strive to maintain the highest level of security measures to protect your personal information.
If you have any concerns about the security of your personal data or if you become aware of any potential security vulnerabilities, please contact us immediately using the contact form provided at the end of this policy or directly our Data Protection Officer (DPO) on .
Your trust is important to us, and we are committed to ensuring the security and confidentiality of your personal data.
At Patrimoniando, we may share or transfer personal data to third parties, both within Germany and abroad, in accordance with the provisions of the General Data Protection Regulation (GDPR). The sharing of data may occur in the following circumstances:
- Business Partners: We may share personal data with our trusted business partners when it is necessary to fulfill legitimate and justified purposes;
- Customer Relationship Management (CRM) Systems: We use CRM systems to manage our customer relationships. Personal data may be shared with these systems to ensure efficient communication and service delivery;
- Cloud Storage Providers: We utilize cloud storage services to securely store information. Personal data may be shared with these providers for the purpose of data storage;
- Analytical Tools: We employ analytical tools to analyze the performance of our communication channels and social media. Personal data may be shared with these tools for performance analysis.
In all circumstances, Patrimoniando is committed to sharing only the personal data that is strictly necessary to fulfill the specific purpose.
We assure you that Patrimoniando will not, under any circumstances, commercialize the personal information of data subjects. Additionally, we may share the personal data of data subjects with competent authorities only in strict compliance with the law.
DATA SUBJECT RIGHTS
As an individual whose personal data we process, you have certain rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to respecting and fulfilling these rights. Below are the data subject rights you have:
1º - Right to information: You have the right to be informed about the collection and use of your personal data. We provide transparent information about our data processing activities through this Privacy and Data Protection Policy.
2º - Right of access: You have the right to access your personal data that we hold. Upon request, we will provide you with a copy of your personal data in a commonly used and machine-readable format.
3º - Right to rectification: You have the right to request the correction or amendment of any inaccurate or incomplete personal data we hold about you. We will promptly update or rectify your data upon verification of your request.
4º - Right to erasure: You have the right to request the deletion or removal of your personal data when there is no compelling reason for us to continue processing it. However, please note that certain legal obligations or legitimate interests may override this right.
5º - Right to restrict processing: You have the right to request the restriction of processing of your personal data in certain circumstances. We will limit the processing of your data while considering your request, such as when you contest the accuracy of the data or object to its processing.
6º - Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller where technically feasible.
7º - Right to object: You have the right to object to the processing of your personal data on grounds relating to your particular situation. We will cease processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
8º - Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects or significantly affects you. We do not engage in solely automated decision-making that produces legal effects or similarly significant consequences.
9º - Right to withdraw consent: If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
To exercise your data subject rights or if you have any questions about your rights, please contact us using the Privacy Request form provided at the end of this policy or contact directly our Data Protection Officer (DPO) on . We may require additional information to verify your identity and ensure the security of your personal data.
Please note that there may be exceptions or limitations to these rights under applicable laws. We will inform you of any relevant exceptions or limitations when responding to your request.
We are committed to ensuring that you can exercise your rights effectively and transparently, and we will make every effort to address any concerns or complaints you may have regarding the processing of your personal data.
CHANGES IN THE POLICY
All personal data processed by Patrimoniando will be in accordance with this Privacy and Data Protection Policy. The company reserves the right to modify this Policy, in whole or in part, at any time, by including the latest update date as indicated below.
DATA PROTECTION OFFICER AND CERTIFICATIONS
Our DPO holds the following certifications:
- EXIN Privacy and Data Protection Essentials;
- EXIN Information Security Foundation based on ISO/IEC 27001;
- EXIN Data and Privacy Protection Foundation;
- EXIN EXIN Privacy and Data Protection Practitioner;
- EXIN Data Protection Officer.
You can view our DPO's profile with the certifications at the following link: https://app.exeed.pro/holder/profile/54851
Should you have any questions or concerns regarding our Privacy and Data Protection Policy, please don't hesitate to contact our Data Protection Officer (DPO) at . Our DPO is available to assist you and address any inquiries you may have.
We value your privacy and are committed to ensuring the security and protection of your personal data. If you need any further information or clarification, please do not hesitate to reach out to us.
Thank you for your trust and cooperation.
REVIEW AND PUBLICATION
This Policy will be reviewed within a maximum period of 1 year but may be reviewed/changed at any time if necessary, following the company's approval process.
The updated version of this policy will be duly made available whenever changes are made.
Publication of this Privacy and Data Protection Policy on the website: January 2023.