We are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection laws.
1. Data Controller
SMART TRADE CONSULT SRL is the data controller responsible for the processing of your personal data described in this Privacy Policy.
Contact Details for Privacy Matters:
- Email: [email protected]
- Website: finpathic.com
- Phone: ****************
Data Protection Officer (DPO):
- Name: Andrei ANGHEL
- Email: [email protected]
- Contact Number (Optional): ***************
2. What Personal Data We Collect
We collect personal data that is necessary to provide our investment advisory services, enhance your experience, and comply with legal obligations. The types of personal data we may collect include:
- Identity Data: Name, surname, date of birth, gender, nationality, national identification number (e.g., CNP), tax identification number.
- Contact Data: Email address, postal address, phone number.
- Financial Data: Income, expenses, assets, liabilities, investment goals, risk tolerance, bank account details, transaction history.
- Profile Data: Username, password, investment preferences, feedback, survey responses.
- Usage Data: Information about how you use our App and services, including features accessed, time spent, interaction patterns.
- Technical Data: Internet Protocol (IP) address, device type, operating system, browser type, unique device identifiers, mobile network information.
- Communication Data: Records of communications with our customer support or advisors (e.g., chat logs, email correspondence).
- Marketing and Communications Data: Your preferences in receiving marketing from us.
We only collect data that is adequate, relevant, and limited to what is necessary for the purposes stated in this policy.
3. How We Collect Your Personal Data
We collect data through various methods:
- Direct Interactions: You provide data directly when you create an account, fill out forms, enter financial information, communicate with us via chat or email, or subscribe to our services.
- Automated Technologies or Interactions: As you interact with our App, we may automatically collect Technical Data and Usage Data using technologies like cookies, analytics tools, and server logs.
- Third Parties or Publicly Available Sources: We may receive personal data from third parties (e.g., identity verification services, financial institutions) where necessary for service provision or compliance, and with appropriate legal bases.
4. Purposes and Legal Bases for Processing Your Personal Data
We will only process your personal data where we have a legal basis to do so under GDPR. The purposes for which we process your data and the corresponding legal bases are:
| Purpose of Processing Data | Type of Data Collected | Legal Basis for Processing |
|---|---|---|
| To Provide Investment Advisory Services: To generate automated investment recommendations based on your profile, manage your account, and execute transactions. | Identity, Contact, Financial, Profile, Usage | Performance of a contract: Necessary to fulfill our obligations under the service agreement with you. |
| To Comply with Legal and Regulatory Obligations: Including KYC (Know Your Customer), AML (Anti-Money Laundering) requirements, tax reporting, and other financial regulations (e.g., ASF requirements). | Identity, Contact, Financial | Compliance with a legal obligation: Necessary to meet our legal duties imposed by Romanian and EU law. |
| To Improve Our App and Services: For analytics, research, and understanding user behavior to enhance functionality, performance, and user experience. | Usage, Technical | Legitimate interests: To continually improve our services, develop new features, and ensure our App is secure and effective, where these interests are not overridden by your data protection rights. |
| To Communicate with You: About your account, service updates, security alerts, and to provide customer support. | Identity, Contact, Communication | Performance of a contract: Necessary for service-related communications. Legitimate interests: For important operational communications. |
| For Security and Fraud Prevention: To protect our services and users from fraudulent activities, unauthorized access, and other security risks. | Identity, Contact, Financial, Technical, Usage | Legitimate interests: To protect our business, systems, and users. Compliance with a legal obligation: Where fraud prevention is mandated by law. |
| For Marketing Communications: To send you newsletters, promotional offers, and information about new services or products that may be of interest to you. | Contact, Marketing and Communications, (optional: Usage, Profile for personalization based on consent) | Consent: We will only send you marketing communications where we have obtained your explicit consent. You have the right to withdraw your consent at any time. |
5. Data Sharing and Disclosure
We may share your personal data with the following categories of recipients, strictly for the purposes outlined in this Privacy Policy:
- Service Providers: Third-party companies that provide services on our behalf, such as cloud hosting (Google Cloud), analytics (e.g., Google Analytics), payment processing (Stripe) and identity verification (Stripe). These providers are bound by contractual obligations to keep data confidential and secure.
- Financial Institutions & Custodians: If your investment recommendations lead to opening accounts or executing trades, we may share necessary data with banks, brokers (Interactive Brokers Ireland Ltd.), or custodians to facilitate these services, in accordance with your instructions and consent.
- Regulatory and Law Enforcement Authorities: When required by law or regulation (e.g., ASF, tax authorities, police), or to respond to valid legal process (e.g., court order).
- Business Transfers: In the event of a merger, acquisition, asset sale, or other business transaction, your personal data may be transferred to the acquiring entity.
- Affiliates: With entities within our corporate group, where necessary for internal administration or service provision.
- Professional Advisors: Such as lawyers, auditors, and consultants for legal, financial, or operational advice.
We do not sell your personal data to third parties.
6. International Data Transfers
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (EEA), including countries that may not offer the same level of data protection as Romania or the EU. This may occur if our service providers operate outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- Transferring to countries deemed to provide an adequate level of personal data protection by the European Commission.
- Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe (known as Standard Contractual Clauses or SCCs).
- Where applicable, transfers to the USA may be made under the EU-U.S. Data Privacy Framework (DPF) or UK Extension to the EU-US DPF.
- Implementing Binding Corporate Rules (BCRs) if applicable to our corporate group.
7. Data Security
We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. These measures include:
- Encryption: Data in transit (e.g., via TLS/SSL) and at rest (e.g., database encryption).
- Access Controls: Restricting access to personal data to authorized personnel only, based on a "need-to-know" basis.
- Pseudonymization/Anonymization: Where appropriate, to reduce the direct identifiability of data.
- Regular Security Audits: Conducting periodic vulnerability assessments and penetration testing.
- Employee Training: Ensuring our staff is trained on data protection best practices and security protocols.
- Incident Response Plan: Having procedures in place to detect, assess, and respond to data breaches promptly.
Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
8. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example, we generally retain financial transaction data and customer due diligence records for 5 years from the end of the business relationship or the date of the occasional transaction, to comply with anti-money laundering (AML) and tax regulations.
9. Your Legal Rights (GDPR Data Subject Rights)
Under GDPR, you have the following rights concerning your personal data:
- The right to be informed: About how your data is processed (this Privacy Policy).
- The right of access: To request copies of your personal data we hold.
- The right to rectification: To request correction of inaccurate or incomplete data.
- The right to erasure ("Right to be forgotten"): To request deletion of your data under certain circumstances.
- The right to restrict processing: To request that we limit the processing of your data under certain conditions.
- The right to data portability: To request your data in a structured, commonly used, machine-readable format.
- The right to object to processing: To object to processing based on legitimate interests or for direct marketing.
- Rights in relation to automated decision-making and profiling: To object to decisions based solely on automated processing (including profiling) which produce legal effects concerning you or similarly significantly affect you.
- The right to withdraw consent: At any time, where we rely on consent to process your data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
To exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
Right to Lodge a Complaint:
You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) in Romania, if you believe your data protection rights have been violated.
- ANSPDCP Contact Details:
- Website: https://www.dataprotection.ro/
- Email: [email protected]
- Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, cod poČ™tal 010336, BucureČ™ti, România.
10. Children's Privacy
Our App is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will take steps to delete such information as quickly as possible.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We may also notify you through the App or via email. We encourage you to review this Privacy Policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
- By email: [email protected]