We care and so there are somethings you need to know
Privacy policy
Introduction
This Privacy Notice applies to the processing of personal data related to the website of Eva Investment Ltd. (hereinafter: Data Controller).
Visitors of the website acknowledge that it processes personal data related to the electronic interface evainvestment.eu as described below.
Providing personal data is required for registration, and it is also possible to contact us. It is necessary to process your personal data during registration for making payments and for providing the service.
If during the use of our service you feel that you have additional questions beyond what is contained in this Notice, or if any part of the Notice is not clear or needs clarification, please contact the staff member responsible for the protection of personal data at the e-mail address or telephone number provided below. Upon receiving your request, we will provide detailed information in each case in accordance with the contents of your request about the personal data processed, the purpose, legal basis, duration of data processing, and the activities related to the data processing.
Data Controller
EVA INVESTMENT LTD.
- Registered office: DSO-IFZA, IFZA properites, Dubai Silicon Oasis
- Registration number: DSO-FZCO-14378
- Licence number: 15669
- Telephone: 0562438052
- Website: https://www.evainvestment.eu/
- Electronic mail address: office@evainvestment.eu
- Person in charge: Éva Szabó, board member
Data Subjects
Natural and legal bodies using paid services on the Data Controller's website.
Data Processing Principles
In order to protect and respect the privacy of the Data Subjects, the Data Controller processes data in accordance with the applicable laws in force, with particular respect to Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information and Regulation 2016/679 of the European Parliament and the Council (27 April 2016) that is applicable from 25.05.2018. (General Data Protection Regulation, hereinafter: GDPR)
Consent to Data Processing
The Data Subject must clearly consent to any data processing operation for which consent is required. The consent is to be given by the Data Subject upon registration, by confirming acceptance of the privacy notice. The Data Controller disclaims any liability for damage or legal violations due to erroneous data or data entered intentionally incorrectly.
Data Processor
The Data Controller engage a data processor during the provision of the service to provide services to the end clients.
| Purpose | Data Subprocessor |
|---|---|
| Server hosting and storage, development and maintenance of the website | WebOrigo Magyarország Zrt. (2161 Csomád, Szent István utca 48., Hungary) |
| Analytics Services (Google Analytics) | Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) |
| Analytics Services (Microsoft Clarity) | Microsoft EMEA Ltd. (South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland) |
Data Security
The Data Controller takes all necessary technical and organizational measures in order to ensure the security of the personal data provided during the entire data processing operation. During data processing, the Data Controller stores personal data in electronic form exclusively on its own internal servers. The Data Controller does not receive authorization or access to the Data Subject's portfolio in any manner.
Data Processing Operations
No profiling takes place during the processing of contact details. No automated decision-making or joint data processing takes place in any case, and the Data Controller does not transmit the data to third countries.
During the processing of data subject to registration, the Data Controller performs profiling in order to offer the Data Subject a strategy that best suits his/her investment attitude and portfolio. Automated decision-making does not take place because accepting the recommendations of the system is at the Data Subject's sole discretion.
Contacts
Data is processed solely to enable contact with the data subject or subscription to a newsletter, or to respond to a specific message.
Contact details: Name, e-mail address
| Purpose | Legal basis Paragraph (1) of Article 6 of the GDPR | Data Subjects concerned | Data | Retention period | Source of data |
|---|---|---|---|---|---|
| Reply to a message | a) – the data subject’s consent | Sender of the message | Contact details | 2 years | Data Subject |
| Sending newsletters | Subscriber to newsletter | Until when unsubscription is requested. | |||
| Transmission of data: | No data transfer occurs | ||||
| Data processor: | Server provider | ||||
| Rights of Data Subjects: | The data subject may exercise the following rights: Access, Rectification, Erasure, Restriction, Portability | ||||
Registration with subscription
After subscription, the User has the opportunity to buy virtual products from the Data Controller which gives its investment tips taking into account the User's investment attitudes, portfolio and market trends. Accepting the advice and making the investment decision is always up to the User. The Data Controller does not have access to the User's portfolio in any way, under any circumstances, and does not carry out any transactions with it, but it gets access to the User's financial data.
The service is subject to a subscription and can only be used by people over 18 years of age. Data processing is carried out at the same level and with the same liability for all service packages.
Registration data for legal entities:
- unique identifier assigned by the system
- password (bcrypt hashed)
- company details (varied by countries)
- contact person’s e-mail address
- contact person’stelephone number
- contact person’s date of birth
- contact person’s mother’s maiden name
- passport or personal ID copy of the contact persion’s
- bank account statements (no longer than 3 months) of the company proving that the company is registered and operated by the given contact person’s
Registration data for natural bodies:
- unique identifier assigned by the system
- password (bcrypt hashed)
- personal e-mail address
- personal telephone number
- personal date of birth
- personal mother’s maiden name
- passport or personal ID copy
- bank account statements (no longer than 3 months)
Data of investment transactions: The Data Controller analyses the transactions carried out by the User and their settings in terms of amount, portfolio, frequency, risk appetite, industry, asset type, region and currency; based on which the Data Subject’s investor profile can be created.
| Purpose | Legal basis Paragraph (1) of Article 6 of the GDPR | Data Subjects concerned | Data | Retention period | Source of data |
|---|---|---|---|---|---|
| Authentication and account verification | b) – performance of a contract | Registered subscriber | Registration data | 10 years | Data Subject |
| Authentication and account verification | Data of investment transactions | ||||
| Transmission of data: | No data transfer occurs | ||||
| Data processor: | Server provider | ||||
| Profiling | It is done solely for the purpose of creating the financial profile and making customised proposals by evaluating the market conditions and the Data Subject’s investing activities. | ||||
| Automated decision-making | None | ||||
| Rights of Data Subjects: | The data subject may exercise the following rights: Access, Rectification, Erasure, Restriction, Portability | ||||
Payment and Financial Settlement
The subscription may be paid for via the payment platform on the website of the Data Controller. During the payment process, the Data Controller redirects the Data Subject to the website of the financial service provider, so it does not get access to the identifiers and data required for the payment.
Based on the service contract, the Data Controller issues an invoice to the User.
Billing information: Name, e-mail address, tax ID or tax registration number.
| Purpose | Legal basis Paragraph (1) of Article 6 of the GDPR | Data Subjects concerned | Data | Retention period | Source of data |
|---|---|---|---|---|---|
| Billing | b) – performance of a contract | Registered user | Billing information | 10 years | Data Subject |
| Transmission of data: | None | ||||
| Data processor: | None | ||||
| Rights of Data Subjects: | The data subject may exercise the following rights: Access, Rectification, Erasure, Restriction, Portability | ||||
Website Cookies
Cookies are small programs that help the functional operation of the website you are visiting, and collect data for traffic analysis purposes, or possibly for marketing purposes. When cookies are used, these small programs or data packets are sent to the user's computer and stored there for a certain period of time. Cookies may come either from the website you are visiting or from a third party. Cookies allow a website to “remember” certain actions or preferences of the user. Cookies help to identify users, record users' individual settings related to the use of the website, and allow users to use the websites without having to re-enter data (e.g. memorizing passwords).
Browsers allow cookies to be installed on your computer or other device only with your consent. Completely disabling cookies may limit the usability of the website or may prevent you from using certain functions on a specific page. Therefore, restricting the use of cookies that ensure the operation of the site is not recommended in contrast to restricting convenience or third-party cookies. You can set the use of cookies in each browser as follows:
By accepting website cookies, you consent to their installation, and your consent will be stored for 30 days based on the rules applicable to convenience cookies.
- Internet Explorer: https://support.microsoft.com/hu-hu/help/17479/windows-internet-explorer-11-change-security-privacy-settings
- Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
- Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
- Safari: https://support.apple.com/hu-hu/HT201265https://support.apple.com/hu-hu/HT203987
| Purpose | Legal basis Paragraph (1) of Article 6 of the GDPR | Data Subjects concerned | Data | Retention period | Source of data |
|---|---|---|---|---|---|
| Session cookies | a) – the data subject’s consent | Registered person | Browsing operations | Session | Data Subject's IT device |
| Analytical cookies | Website settings | 90 days | |||
| Transmission of data: | Data transferred to the Analytical subprocessors | ||||
| Data processor: | None | ||||
| Rights of Data Subjects: | The data subject may exercise the following rights: Access, Rectification, Erasure, Restriction, Portability | ||||
Recipients of Data
The data provided can only be seen by the Data Controller as well as by the employees of the Data Controller to the extent they need it for their work. Your personal data will not be transferred to third parties except where it is required by the law.
The Rights of Data Subjects
Right to access (Article 15 of the GDPR)
The Data Subject is entitled at any time to request information about the personal data relating to him/her that are being processed. At the request of the Data Subject, the Data Controller shall provide information on the processed personal data relating to the Data Subject, the purpose, legal basis and duration of the data processing, and the legal basis and recipients of any data transfer. The Data Controller shall provide the requested information in a reasonably understandable way in writing as soon as possible but no later than within a month after submission of the relevant request.
In addition to the above, the Data Subject is entitled to receive from the Data Controller the personal data disclosed by him/her, in a structured, commonly used and machine-readable format.
Right to rectification (Article 16 of the GDPR)
The Data Subject may request the rectification of any inaccurate personal data at any time, and the Data Controller shall comply with such request as soon as possible.
Right to erasure, right to be forgotten (Article 17 of the GDPR)
The Data Subject has the right to obtain from the data controller the erasure of their personal data without undue delay and the data controller shall be obliged to erase such personal data of the Data Subject without undue delay.
The Data Subject acknowledges that if this renders the performance of the service contract impossible, he/she must also terminate the contract.
The Data Controller does not have to erase the data if it is necessary to assert or protect its own lawful claims. (Point e) of Article17(3) of the GDPR)
Right to restriction of processing (Article 18 of the GDPR)
The Data Subject has the right to obtain from the Data Controller the restriction of processing.
The Data Subject acknowledges that if this renders the performance of the service contract impossible, he/she must also terminate the contract.
Right to portability (Article 20 of the GDPR)
The Data Subject has the right to receive the personal data concerning him/her, which he/she has provided to a Data Controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller. Except where the Data Controller processes the data for its own legitimate interests. (Data processing due to financial claims.)
Legal Remedy
If you consider that your rights related to the processing of your personal data have been violated, you may contact the Data Controller with your questions or for legal remedy at the contact details provided above.