Privacy Policy and Data Protection

Respecting the privacy of Personal Data, ATOL capital s.r.o., and its subsidiaries and affiliates (collectively, "Atol") are dedicated to safeguarding Personal Data for which Atol is a Controller. The policies and practices that Atol has put in place to protect Personal Data processed by Atol in compliance with relevant Data Protection Laws are described in this Data Protection and Privacy Policy (this “Policy”).

Atol has voluntarily chosen to subject all Data Subjects to the requirements and safeguards described in this Policy. However, certain Data Subjects may not be subject to the same rights and duties due to local legal restrictions. Although Atol will make every effort to comply with this Policy for all Data Subjects, the Data Protection Laws that apply to that Data Subject in question ultimately determine the protections that are granted, and this Policy does not grant any additional rights beyond those that are provided by the applicable Data Protection Laws.

This Policy explains Atol's methods for gathering and using Personal Data, the conditions under which Atol may disclose Personal Data, the legal rights of Data Subjects, and the physical and technological security measures in place by Atol to preserve the privacy of Personal Data.

Your Personal Information is used only to administer and enhance the Site. You consent to the collection and use of information in line with this policy by using the Site.

Contact

Send an inquiry to the following address if you have inquiries or would like more information about Atol's privacy policies and how we utilize your personal data:

Email: datarequests@atol.capital
Post: ATOL capital s.r.o., Nádražní 762/32, 150 00 Prague 5, CZ

Before we can fulfill your request, we must first verify who you are.

Definitions

“Controller" implies a natural or legal person, public authority, agency, or other entity that chooses the reason for and the method for processing personal data, as that word is used under data protection laws, either alone or in collaboration with others. Atol shall be referred to as the Controller, and with respect to particular Processes, Atol may function in joint controllership with a third party.

“Data Protection Laws” refer primarily to the Regulation (EU) 2016/679 (GDPR), but may also include other relevant privacy laws, rules, or standards published by data protection authorities in areas where Atol has a physical presence.

“Data Subject” means any data that may be linked to a specific recognized or locatable individual (a "Data Subject" as defined by data protection laws). Data that has been anonymized does not count as personal data (anonymous data).

“Process” means, as appropriate, any action taken on personal data, whether or not it is done automatically. Examples include gathering, using, organizing, structuring, storing, adapting or altering, retrieving, disclosing via transmission, disseminating, or otherwise making the data available, aligning or combining, restricting, erasing, or purging.

Provisions For Processing Personal Data

When permitted by data protection laws, Atol will only utilize these personal data. Personal data must be processed in a sufficient, pertinent, and reasonable way given the business purpose(s) for which it is intended. Atol may rely on the following basis while processing personal data:

A. Permission of the data subject to the processing of his or her personal information for a specific purpose(s);

B. Processing is required to carry out a contract to which the data subject is a party or to carry out actions at the data subject's request prior to the execution of a contract;

C. Processing is required to fulfill a legal requirement that Atol must meet;

D. Processing is required to react to public health emergencies or to safeguard the security of natural people's life, health, and property in emergencies;

E. Processing is required to safeguard the vital interests of the Data Subject or another natural person; or

F. Processing is required to further the legitimate interests of Atol or a third party, unless those interests are outweighed by the needs of the Data Subject's fundamental freedoms and interests, which call for the protection of Personal Data, especially in cases where the Data Subject is a minor.

Data Subject Rights

When suitable, Atol will respect the below-outlined data subject rights. A data subject may have the following rights under specific conditions and in compliance with data protection laws:

A. Request access to the personal data that Atol maintains about them to ensure that it is being processed fairly and legally.

B. Request an update to their personal information that Atol has on file. While Atol may need to confirm the accuracy of any additional Personal Data submitted, this enables Personnel to have any incomplete or incorrect Personal Data updated.

C. Request the deletion of their personal data. This makes it possible for Personnel to request that Atol erase Personal Data when it no longer needs to do so for a legal reason. For special legal reasons or other good causes, which will be disclosed to Personnel, if relevant, at the time of the request, Atol might not always be able to accede to the request for deletion.

D. When Atol is relying on a legitimate interest (or a third party's), and the individual would like to object to the processing because it interferes with their basic rights and freedoms, they can object to the processing of their personal data.

E. Request a limitation on how your personal data is processed. This makes it possible for Data Subjects to request Atol to stop processing Personal Data in the following circumstances: (a) verifying the accuracy of Personal Data; (b) when Atol's use of Personal Data is illegal but no request has been made for its erasure; (c) when a Data Subject needs Atol to keep Personal Data even though its retention is no longer necessary and it is necessary to establish, exercise, or defend a legal claim; or (d) when a Data Subject objects to Atol's use of Personal Data.

F. Requesting a transfer of their personal information. Atol shall deliver Personal Data to Personnel or a third party in a structured, widely accepted, machine-readable manner. This privilege solely covers automated data.

G. Unless there is another agreement that has been established in advance by the deceased, access, correction, and deletion requests will be made by the deceased's close relatives for their own legal and reasonable interests.

H. Whenever Atol is using your consent to process your personal data, you can revoke it at any moment. The lawfulness of any Processing done prior to the withdrawal of permission will not be impacted by this.

Any written requests by a data subject to exercise his or her rights under data protection laws will be accepted by Atol, as appropriate, through the proper procedures. Atol will make reasonable efforts to confirm the requester's identity. If Personnel receive a request from a Data Subject regarding his or her Personal Data, they must immediately elevate it to the authorized Data Protection Officer for that jurisdiction, or to that person's designee, or submit it to: datarequests@atol.capital

In general, a Data Subject will not be charged a fee to access his or her Personal Data or to exercise any of the rights listed above. However, if the request is obviously unreasonable or unwarranted, Atol may impose a fair cost. Atol will make an effort to respond to all valid queries within a month. On rare occasions, if the request is especially complicated, Atol may take longer. Alternatively, under specific conditions, Atol may decline to abide by the request.

Protection Obligations

Atol and its personnel have put in place the necessary technological and organizational safeguards to guarantee the rights of Data Subjects and the legitimate, equitable, and transparent Processing of Personal Data as outlined in this document.

Personal Data Sharing

Atol has taken the necessary steps to ensure data protection throughout the transfer of Personal Data and has completed the necessary paperwork to preserve the privacy and fundamental liberties of Data Subjects.

Atol could give Personal Data to other entities to Process (keep, store, utilize) for Atol. All such Processors must adhere to Atol's rules and implement the necessary security measures to safeguard Personal Data. Atol only authorizes Processors to Process Personal Data for certain reasons and in line with Atol's instructions; it does not authorize them to Process Personal Data for their own purposes. For a current list of third parties processing personal data, send an email to datarequests@atol.capital

Atol could provide Personal Data to outside parties so they can process it on their own. These outside parties shall be regarded as joint-controllers of the aforementioned Personal Data. Joint controllers agree to process shared personal data in line with data protection laws, even when they have separate control over the objectives of processing.

Personal Data Protection

Atol uses a variety of tools and systems to safeguard personal information at all times. These tools and systems also enable the following capabilities: (i) anonymization and encryption of personal information; (ii) the ability to guarantee the ongoing confidentiality, integrity, availability, and resilience of processing personal information; (iii) the ability to quickly restore access and availability to personal information in the event of a technical or physical incident; and (iv) a process for deleting personal information.

Policy Updates

To remain in compliance with any changes in the legislation and/or to reflect how our company handles personal data, we may alter this privacy notice. On our website, the most recent notification version will always be accessible.