Privacy policy | Direct Fidoo Platform

Direct Fidoo Platform Privacy Policy

(valid from 26 March 2026, download in PDF format)

Introduction

At Direct Fidoo, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use Fidoo Platform, in compliance with the EU General Data Protection Regulation (GDPR) and applicable national laws. We want you to be confident that we handle your information with the utmost care and according to all legal obligations.

Who We Are

Direct Fidoo Platform a.s. (“we” or “Direct Fidoo Platform”), with its registered office at Pod Dráhou 1636/1, 170 00 Prague 7 - Holešovice, Company ID (IČO) 23351942 , is registered in the Commercial Register maintained by the Municipal Court in Prague (Section B, Insert No. 29756) under Company ID (IČO) 23351942 is the company providing Fidoo Platform services. In most cases, we are the data controller responsible for deciding why and how your personal data is processed. This includes when we help you effectively manage your company’s finances through Fidoo Platform and when we facilitate additional services we offer or intermediate.

Direct Fidoo Platform as Data Controller: When you use Fidoo Platform features and services that we provide directly – such as setting up your user account, using the multibanking functions, or accessing the Marketplace offers –we take on the responsibility of a data controller for your personal data. We also act as a controller for data we process to run and secure our platform or to comply with our legal obligations.

No Sensitive Data: Please note that, unless required by law (e.g. AML/KYC controls) or with your specific consent, we do not collect or process any special categories of personal data (“sensitive personal data”) through Fidoo Platform. This means we will never ask for information like your racial or ethnic origin, political opinions, religious beliefs, health etc., as part of Fidoo Platform. Fidoo Platform is focused on finance and business information, and you should refrain from providing any sensitive personal details on our platform.

Third-party providers: Fidoo Platform is a platform offering a variety of services. Some of these services may be provided by third parties. These services are governed by 3rd party terms and privacy notices.

What Personal Data We Collect and Why

Fidoo Platform is a corporate multibanking platform with additional services. Although Fidoo Platform focuses on business customers, it may still involve processing various types of personal data about different categories of users. The individuals whose data wemay process include: (a) employees of our corporate clients who use Fidoo Platform, (b) the corporate account owners or administrators (such as a company’s statutory representatives or managers who sign up and oversee the Fidoo Platform account), and (c) other authorized persons the company designates (for example, an external accountant or contractor who is granted access to Fidoo Platform to manage the company’s finances). We explain below the kinds of data we collect from these users and the purposes for which we use it.

To ensure transparency, we have summarized below the specific legal grounds on which we rely to process your data:

TABLE

We may obtain and use business information about companies from publicly available sources and public registers, including via our contracted provider Dun & Bradstreet. This may include company identification and profile data (e.g., company name, registration/ID numbers, registered address, industry classification, status, ownership/management information) to help us onboard customers, pre-fill company details, verify information, assess risk, and prevent fraud. Where such sources contain information about natural persons (e.g., statutory representatives or beneficial owners listed in registers), we process that information in accordance with this Privacy Policy. Dun & Bradstreet processes data under its own terms and privacy information.

Sharing Personal Data within Direct Group

Sharing Personal Data Within Direct Group and with Service Providers

Direct Fidoo Platform a.s. is part of the Direct Group. In certain situations, we may share personal data with other companies within the Direct Group (the “Direct Group Companies”) and with selected third-party service providers supporting the operation of Fidoo Platform. We do not rely on a single blanket consent for all such sharing. Instead, we share personal data only where there is a specific purpose and an appropriate legal basis under applicable data protection law.

A current list of Direct Group Companies is available here: Společnosti ze skupiny Direct Group | Fidoo

Because Fidoo Platform includes multibanking, transaction overview, account connectivity and related financial-service functionality, some of the information we process may also constitute banking, financial, commercial or other confidential information. Where such information includes personal data, we process and disclose it only as necessary for the purposes described in this Privacy Policy and subject to appropriate confidentiality, security and contractual safeguards. We may share personal data within Direct Group Companies and, where relevant, with our processors, sub-processors, infrastructure providers, professional advisers, auditors and other service providers for the following purposes:

(a) Internal administration and group operations

We may share personal data for internal administrative purposes within the group, including group governance, internal reporting, IT and security administration, fraud prevention, compliance support, legal and tax support, risk management, audit, and customer or service operations coordination.

Legal basis: our legitimate interests (or those of another Direct Group Company), where applicable, and/or compliance with legal obligations.

(b) Providing, operating and supporting Fidoo Platform services

Where needed to provide, maintain, operate, secure, support, troubleshoot or improve Fidoo Platform (including related business processes, infrastructure and service operations), we may share relevant personal data with Direct Group Companies and service providers that support these activities.

Legal basis: performance of a contract, legitimate interests, and/or legal obligation (depending on the processing activity).

(c) Account administration, identity verification and access management

We may share personal data to administer user accounts, manage permissions and roles, verify identity, authenticate users, enable secure access and maintain authorization records across relevant products, modules and support systems.

Legal basis: performance of a contract, legitimate interests, and/or legal obligation.

(d) Banking connectivity and transaction-related services

Where relevant for multibanking, payment-related workflows, account information services, account connectivity, transaction enrichment or related support, we may share relevant personal data with Direct Group Companies and trusted service providers used toenable these functionalities.

Legal basis: performance of a contract, consent where required for a specific banking connection or instruction, legitimate interests, and/or legal obligation.

(e) Security, fraud prevention and incident management

We may share personal data where necessary to detect, prevent and investigate fraud, unauthorized access, abuse, service misuse, cybersecurity threats or technical incidents, and to respond to, document and remediate such events.

Legal basis: legitimate interests and/or legal obligation.

(f) Compliance, legal and regulatory obligations

We may share personal data where necessary to comply with applicable law, accounting and tax requirements, AML-related obligations where applicable, lawful requests of public authorities, court orders, regulatory requirements, and internal compliance or record- keeping obligations within Direct Group.

Legal basis: legal obligation and/or legitimate interests, where applicable.

(g) Service improvement, testing and analytics

We may use and share limited personal data within Direct Group or with service providers to test, develop and improve Fidoo Platform, provided that, where reasonably possible, we use aggregated, anonymised, pseudonymised or otherwise minimised data for such purposes.

Legal basis: legitimate interests.

(h) Marketing communications from Direct Fidoo Platform

We may use your contact details and limited business profile data to send you information about Fidoo Platform products and services.

Legal basis: consent where required by law, or legitimate interest where permitted by law (including applicable rules on electronic communications). You may object or opt out at any time.

(i) Marketing communications relating to other Direct Group Companies

If you choose to receive them, or where otherwise permitted by applicable law, we may use your contact details and limited profile or business information to send you offers, updates and news relating to products and services of other Direct Group Companies that may be relevant for your company. We will always identify the sender and provide an easy way to unsubscribe or withdraw consent.

Legal basis: consent where required by law; in limited cases, legitimate interest may apply where permitted by law and subject to your right to object.

What data may be shared

Depending on the relevant purpose, the personal data shared may include in particular:

identification and contact data (e.g. name, business email, phone number, role, company, company identifiers);
account and relationship data (e.g. workspace role, permissions, user status, service activation status);
authentication, authorization and access-management data;
bank connectivity data and account identifiers;
transaction-related data, including balance information, payment instructions, transaction history and transaction metadata where relevant to the service;
service, technical and operational data (e.g. logs, security-related metadata, device/browser data, IP address, audit records, support records);
business profile data (e.g. company segment/type, use of products or modules);
limited marketing preference data (e.g. whether you opted in or out, communication preferences).

We apply a need-to-know and data minimisation approach. We do not share more personal data than is reasonably necessary for the relevant purpose.

Categories of recipients

We may disclose personal data to the following categories of recipients:

Direct Group Companies;
our processors and sub-processors providing hosting, cloud, infrastructure, data
storage, communications, analytics, support, security, audit, legal, tax or other operational services;
open-banking, bank-connectivity and transaction-enrichment providers used to enable Fidoo Platform functionalities;
Marketplace partners or other third-party providers where you request, activate or pursue a specific service or offer;
courts, regulators, supervisory authorities, law enforcement authorities or other public bodies where disclosure is required by law or a binding request.

Roles of recipients

Depending on the specific processing activity, a Direct Group Company or other recipient may act:

as a processor acting on our behalf, where it provides support or operational services to us;
as an independent controller, where it determines its own purposes and means of processing (for example, a Marketplace partner or another Direct Group Company communicating with you about its own services in accordance with applicable law);
in some cases, potentially as a joint controller, where we jointly determine certain purposes and means of processing.

Where required by law, we will provide additional information about the relevant controller(s) and the essence of any joint-controller arrangement.

International transfers

If any Direct Group Company or service provider processes personal data outside the EEA, we ensure that such transfers are protected by appropriate safeguards as required by applicable law (for example, an adequacy decision or Standard Contractual Clauses), as further described in the section “Data Location (Where We Store Your Data & International Transfers)”.

Data for Your Fidoo Platform User Account and Platform Usage

When your company signs up for Fidoo Platform, we collect personal data to create user accounts for each authorized user. This includes identification and contact details such as your name, business email address, phone number, job title/role, and the company you work for. We need this information to register you as a user, to authenticate you when you log in, and to know who is using our services. We also assign user credentials (like login username and password); passwords are stored in a protected form. In some cases, your company may also provide additional identifiers to help manage users – these are also recorded as part of your profile.

While you use the Fidoo Platform application, we collect certain usage and technical data automatically. This includes things like log records of your actions (e.g. when you logged in, or approved an action), device or browser information, and IP addresses, which we use for security monitoring and troubleshooting. We process this operational data to ensure the platform’s integrity, prevent fraud, and protect both your company’s and our interests (for example, by tracking access to prevent unauthorized use). Such processing is in our legitimate interest to keep Fidoo Platform secure and reliable.

Fidoo Platform Multibanking Services

The core feature of Fidoo Platform is the multibanking module – it allows your company to link multiple bank accounts and view all your financial information in one place. To provide this service, we collect and process financial data from your linked bank accounts with your authorization. Specifically, once you or your company connect an account through

Fidoo Platform, we will receive:

Bank Account Details: information identifying the accounts you connect (such as the bank name, IBAN or account number, account type, and the account holder’s name). This may include identifying information about the account owner (whichcould be your company’s name and in some cases your name if you are personally a bank account holder).
Account Balance and Transaction History: we retrieve your account’s current balance and transaction data from your bank. This transaction data includes details of payments in and out of the account – for example, the date and amount of each transaction, the currency, the transaction description/reference, the payer or payee name (counterparty), and any other details provided in your bank statement. Fidoo Platform compiles this information to show your financial position and to help you analyze company spending and income. For instance, you can see a list of all transactions across connected accounts, with information on who you paid or who paid your company (counterparties), which helps with bookkeeping and cash-flow management.

To enable these multibanking features in a secure way, we partner with trusted third- party open-banking service providers: Finbricks and Salt Edge. These providers help us connect with your bank and fetch the data on our behalf. When you link a bank account in Fidoo Platform, you will go through a secure authentication process (complying with PSD2 open banking standards) facilitated by Finbricks or Salt Edge. They handle any banking credentials or tokens needed and use them to retrieve your account information and transactions. Fin Bricks and Salt Edge essentially bridge Fidoo Platform with your bank, allowing us to download complete transaction history and account details through a unified interface. We do not see or store your raw banking passwords – instead, we receive the data (like transaction records and balances) that these providers send back to us after you authorize access.

Additionally, Fidoo Platform uses a partner called Dateio to help make your transaction information more understandable. Dateio’s service takes the raw transaction entries (which can sometimes be unclear) and enriches them with specific details – for example, it can identify the merchant or payee from a transaction record and categorize the expense (like tagging a payment as “Travel - Airline” or “Office Supplies”). This means when you view your transaction history in Fidoo Platform, you might see the merchant’s name and a spending category, rather than just a random string of text from the bank statement. Dateio processes the transaction data (which includes merchant names, locations, etc.) and returns these enriched details to us. This helps your company get better insights into its financial transactions. Importantly, these third-party providers (Finbricks, Salt Edge, Dateio) are bound by strict agreements to use your data only for the purposes of providing these services to Fidoo Platform. We remain responsible for protecting your data throughout this process and ensure that all such processing is compliant with GDPR.

No Special Category Data in Banking: We note that the financial data we access is standard account and transaction information. We do not use any special category of personal data for providing the multibanking service.

Marketplace Module and Partner Offers

Beyond core banking, Fidoo Platform also features a Marketplace where you can explore and request various financial or business services from our vetted partners. If you choose to utilize the Marketplace, we will collect certain data from you to facilitate your requests and share the necessary details with the specific service provider (with your knowledge and consent).

The Marketplace services and the typical personal data involved include:

Insurance Offers (Direct Pojišťovna): You can request business insurance quotes (e.g., property insurance, liability insurance) through Fidoo Platform from our partner Direct Pojišťovna, a.s. To get an insurance offer, we may ask for information such as your name and contact details (so the insurer can reach out to you), your company’s identification details, and relevant information about the risk or assets to be insured. For example, for a vehicle fleet insurance quote, we might collect the number of vehicles and their details; for property insurance, we might collect the location and value of the property. We will forward the necessary information to Direct Pojišťovna so they can prepare a tailored insurance offer for you/your company. (Direct Pojišťovna will become a separate data controller for the data you provide for the insurance service, and they will use it only for preparing the quote and any further services you agree to.)
Factoring Offers: If your company is interested in factoring (i.e. selling invoices or receivables to get instant cash flow), Fidoo Platform can connect you with our factoring partners. To obtain a factoring offer, we typically collect your basic contact information and company details, as well as financial information about the invoices or receivables you seek to finance. For instance, we may ask for the volume of outstanding invoices, typical invoice amounts, or your annual turnover. This data is shared with the selected factoring company so they can evaluate your eligibility and propose terms (such as advance rate, fees). Only the information required to make an offer (e.g. your company name, contact person, and relevant financial figures) is provided, and the partner uses it solely for that purpose.
Credit Offers: The Marketplace also lets you explore business loans or credit lines from selected fintech lenders. If you apply for a credit offer through Fidoo Platform, we will, with your authorization, gather information needed for the credit assessment. This usually includes identification and contact data (your name, email, phone, company name) and key financial data about your business. For example, we might collect your company’s revenue figures, any available financial statements or performance metrics, the amount of credit you seek, and the intended use of funds. This information is forwarded to the chosen lender who will use it to perform a preliminary risk analysis and come back with a credit offer orquote. The lender, once in contact with you, may ask you to provide additional information to complete their underwriting process outside Fidoo Platform. We ensure that the data we transmit is limited to what is necessary for the initial offer.
Fleet Purchase/Leasing Offers (Direct Auto): If your company wants to purchase or lease vehicles, our partner Direct Auto s.r.o. can provide quotes via Fidoo Platform. To facilitate a fleet offer, we would collect your contact and company details and information about your vehicle needs. For example, we may ask how many vehicles you are interested in, what types or models, whether you prefer leasing or buying, and any specific requirements (e.g., electric vehicles, maintenance services). We share this information with Direct Auto, who will prepare a proposal for a fleet solution (e.g., pricing for the desired number of cars or a lease plan). Personal data involved here would typically be limited to your identity and business contact information. Direct Auto will use the information only to generate and discuss the offer with you.

For all Marketplace services, you are in control – we only collect and share your data with a partner if you decide to request or accept an offer. We will clearly describe the information that is needed for the particular service when you view the offer. We also ensure that each of our Marketplace partners handles your data securely and lawfully. Once the relevant data is passed to the partner at your request, they will usually become the data controller for that information (for instance, if you proceed to take a loan or insurance, the provider will process your data under their own privacy policy). We recommend that you review the partner’s privacy notice when pursuing a particular offer, but rest assured we do not share more information than necessary for connecting you with these services.

Data Retention (How Long We Keep Your Data)

We retain your data for only as long as is necessary to fulfill the purposes described in this Policy or to comply with legal requirements.

In practice, this means:

For active Fidoo Platform users, we will keep your personal data for as long as your company remains a customer and your user account is active, so that we can provide the service. This includes keeping your account information, transaction records, and other necessary data during the subscription or contract period.
If you or your company terminate the use of Fidoo Platform, we will either delete or anonymize personal data we no longer need. Some data may be kept for a short additional period in backups or archives before it is safely erased in our regular purge cycles.
In certain cases, we may need to retain specific information for a longer duration if required by law or for legitimate business reasons. For example, financial transaction data might be subject to mandatory retention under accounting, tax, or anti-money-laundering laws. In compliance with such laws, we might retaintransaction records or identification data for a number of years (e.g. 5–10 years as required by financial regulations and depending on the jurisdiction of your location) after the transaction or after the end of our business relationship. We may also keep limited personal details if needed to protect our rights, resolve any disputes, enforce our agreements, or defend legal claims.
Where we process your data based on your consent, we may keep them until you revoke yoru consent or opt-out of such processing.

We regularly review the personal data we hold and ensure we don’t keep anything beyond its usefulness. Once the purpose for which we collected personal data is fulfilled and we are not legally required to retain it, we will either securely delete the data or irreversibly anonymize it.

Deleting Your Fidoo Platform User Profile (In-App)

We allow Fidoo Platform users to request deletion of their user profile directly in the application (under the “My profile” section). This feature is intended for deletion of the user profile associated with a specific username (i.e. a specific login email address).

Before submitting the request, the user will be shown information about the consequences of deleting their profile. In particular, if the deletion request is successfully processed:

the user’s roles in companies/workspaces in Fidoo Platform will be removed,
the user will be logged out after the deletion process has started,
the user will receive a notification confirming that the deletion was successful.

Please note that processing of a deletion request may take up to 30 days. Following conditions and limitations for in-app profile deletion may apply:

We may not be able to process your in-app deletion request in all cases. In particular, a deletion request cannot be processed if the user is the last (or only) Workspace Owner in any company workspace. In such case, the user must first ensure that another user is assigned as Workspace Owner before submitting the deletion request.

Deletion of a user profile affects only the specific user profile for which the request was submitted. If a person has multiple usernames (multiple login email addresses), deletion of one user profile does not automatically delete or affect the other usernames, which remain unchanged unless separately deleted.

Deletion of a user profile also does not automatically disconnect bank accounts or other accounts connected to company workspaces via open-banking integrations, where such connections are maintained at company level and may remain active for the client company.This in-app profile deletion process is without prejudice to our obligations to retain certain data where required by applicable law (for example, accounting, tax, AML, fraud prevention, or legal claims). In such cases, we may retain limited data for the legally required period even after your user profile has been deleted or deactivated.

Data Location (Where We Store Your Data & International Transfers)

The security of your data is our priority. The primary storage of Fidoo Platform data and our core databases are hosted on secure servers provided by Microsoft Azure located within the European Union. This ensures that your financial and personal data is protected by the strict standards of the GDPR.

Some of our technology partners or sub-processors (such as cloud service providers or technical support tools) may operate globally. If it is ever necessary to transfer your personal data outside the EEA, we ensure it is done securely and lawfully.

We rely on:

Adequacy Decisions: Transferring data to countries that the EU Commission has recognized as providing an adequate level of protection.
Standard Contractual Clauses (SCCs): Implementing strict data transfer agreements approved by the European Commission with our partners to guarantee your data remains protected to European standards.

Rest assured, we do not transfer your data to third countries without ensuring appropriate safeguards are in place.

Mobile Application (Fidoo Mobile App)

This section applies specifically to the Fidoo mobile application for iOS and Android (the “Mobile App”). It supplements the rest of this Privacy Policy and describes how we process personal data and technical information when you use the Mobile App.

What data we collect in the Mobile App and why

To provide, secure, and improve the Mobile App, we may collect and process the following categories of data:

1) Device and app technical data

We may process technical information about your device and the Mobile App installation, for example:

device model and manufacturer,
operating system type and version (e.g., iOS / Android version),
app version, build number, and configuration version,• language and region settings, device time zone,
device identifiers or installation identifiers generated by the app or SDKs (where applicable),
IP address and network-related metadata,
information about the use of specific app features (e.g., whether a feature is enabled/disabled).

Purpose: to ensure compatibility, maintain app functionality, diagnose issues, secure the service, and improve performance and user experience.

Legal basis: performance of a contract (providing the service), legitimate interests (security, troubleshooting, service improvement), and in some cases consent (where required by law).

2) Push notification tokens and notification delivery data

If you enable push notifications, we process push notification tokens (e.g., APNs token for iOS / FCM token for Android) and related technical metadata necessary to deliver notifications to your device. We may also process records indicating whether a notification was sent, delivered, or opened (where available and enabled).

Purpose: to deliver important service notifications (e.g., security notifications, approvals, status updates) and, where applicable and permitted, optional informational messages.

Legal basis: performance of a contract (service-related notifications), legitimate interests (service security and reliability), and/or consent (for optional notifications/marketing where required by law).

You can manage push notification permissions in your device settings and, where available, in the Fidoo Platform Mobile App settings.

3) Biometric authentication (Face ID / Touch ID / fingerprint / device biometrics)

The Mobile App may allow you to enable biometric authentication supported by your device for login or approval of selected actions.

When you use biometrics in the Mobile App:

we do not collect, store, or otherwise process your raw biometric data (such as fingerprint images, facial scans, or biometric templates), biometric matching is performed by your device operating system and secure hardware/software environment,the Mobile App only receives information from the system API indicating whether biometric authentication was successful (and may receive limited technical status/error codes, depending on the platform API).

Purpose: to improve security and convenience of authentication/authorization in the Mobile App.

Legal basis: performance of a contract (secure access to service features), legitimate interests (security), and/or your choice to enable this feature in the app/device settings.

Please note that the availability and behavior of biometric authentication depend on your device, operating system, and your device settings.

4) Security data and cryptographic device binding (including Wultra components)

To protect your account and support secure mobile authentication and approval flows, the Mobile App uses security mechanisms that may include cryptographic binding of the device to your account (for example via Wultra technologies or equivalent security components).

In this context, we and/or our security technology providers may process data necessary to establish and maintain secure activation and device binding, such as:

activation identifiers and activation status,
cryptographic public keys and related cryptographic metadata,
security events and audit logs (e.g., activation, re-activation, revocation, failed attempts),
app/device security metadata needed to validate trusted communication and operation approvals,
push registration data used for secure notification/approval workflows (where applicable).

Important: the purpose of this processing is security, strong authentication, fraud prevention, and protection of your account and transactions. We do not use these security mechanisms for advertising purposes.

Purpose: strong customer authentication, secure device activation, operation signing/approval, fraud prevention, security monitoring, and protection of the Mobile App and connected services.

Legal basis: performance of a contract, legal obligation (where security/authentication requirements apply), and legitimate interests (security and fraud prevention).

5) Mobile analytics, diagnostics, and crash logs

We may collect analytics and diagnostic data from the Mobile App, including crash reports and error logs, to understand how the app performs and to fix issues.

This may include:

app events (e.g., feature usage, navigation events),
technical diagnostics (e.g., app version, OS version, device model),
performance metrics (e.g., app start time, response time, failure rates),
crash logs, stack traces, and error reports.

Where possible, we configure analytics and diagnostics tools to minimize data collection and avoid collecting unnecessary content. We also aim to limit or pseudonymize identifiers where feasible. We do not intentionally use crash/analytics tools to collect the content of your banking credentials or other data that is not necessary for diagnostics and service improvement.

Purpose: app stability, bug fixing, performance optimization, service improvement, and user experience improvement.

Legal basis: legitimate interests (service improvement and reliability), and consent where required by law for analytics technologies.

Third-party providers used in the Mobile App

To operate the Mobile App, we may use third-party service providers and SDKs. Depending on the specific feature and platform, these may include providers in the following categories:

Push notification providers for delivering notifications.
Security and authentication providers (e.g., Wultra components) for secure activation, cryptographic device binding, and operation approval flows.
Analytics and diagnostics providers (e.g., mobile analytics and crash reporting tools) for app performance monitoring and crash reporting.

Other technical service providers / SDK providers integrated into the Mobile App to support specific functions.

Where a third party acts as our processor, it processes data on our behalf and under our instructions. In some cases, a third party may act as an independent controller for its own processing (for example, where required by platform rules or for its own service operations), and its processing is governed by its own privacy notice and terms.

We select providers carefully and require appropriate contractual, organizational, and technical safeguards. If any provider processes data outside the EEA, we ensure appropriate transfer safeguards in accordance with applicable law, as described in the section “Data Location (Where We Store Your Data & International Transfers)”.

Mobile permissions

The Mobile App may request certain device permissions (for example, notifications, camera for scanning QR codes during activation, or biometric authentication integration through system settings/API) only where needed for specific features. We request permissions contextually and you can manage them in your device settings. If you deny certain permissions, some features of the Mobile App may be unavailable or may not function properly.

Retention of mobile app technical, security, and analytics data

We keep mobile app technical logs, security logs, and diagnostic/crash data only for as long as necessary for the purposes described above, including security incident investigation, fraud prevention, troubleshooting, and service improvement, unless a longer retention period is required by law or needed to establish, exercise, or defend legal claims. Retention periods may differ depending on the type of data and the purpose (for example, security audit logs may be retained longer than routine diagnostic log.

Your Rights Under GDPR and How to Exercise Them

As an individual (“data subject”) whose data is processed in connection with Fidoo Platform, you have several rights granted by the GDPR. We respect your rights and have processes to help you exercise them. In summary, you have the right to:

Access your data: You can request confirmation of whether we are processing your personal data, and if so, ask for a copy of the data we hold about you, as well as information on how we use it.
Rectification: If any of your personal data we have is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay. For example, if your email address or phone number changes, you can ask us to fix it (or simply update it in your profile).
Erasure: You can request that we delete your personal data in certain circumstances – for instance, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes called the “right to be forgotten.” We will honor such requests to the extent required by law. (Please note that if your data is needed for legal obligations or legitimate interests – for example, we must keep transaction records for compliance reasons – we might not be able to erase those until the retention requirement expires).
Restriction of processing: You have the right to ask us to restrict (temporarily halt) the processing of your personal data in certain situations. For example, you might do this if you contest the accuracy of the data or the legality of our processing – we would mark the data and only store it, not use it, until the issue is resolved.•
Data portability: For personal data you have provided to us and which we process by automated means based on your consent or for performance of a contract, you can request to receive it in a structured, commonly used, machine-readable format. You may also request that we transmit that data directly to another data controller where technically feasible. This right is designed to make it easier for you to move your data between services.
Object to processing: You can object to certain types of processing of you personal data. Most importantly, you have the right to object to your data being used for direct marketing purposes – if we ever send you marketing communications (for example, about new products in the Fidoo Platform Marketplace) you can opt out at any time and we will stop. Additionally, if we process your data based on our legitimate interests, you can object if you believe your privacy interest outweighs ours. We will then re-evaluate the balance and, unless we have a compelling legitimate reason to continue, we will cease the processing in question.
Withdraw consent: In cases where we rely on your consent to process data (such as if you explicitly consented to receive promotional offers via email), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before you withdrew, and it won’t affect processing under other legal bases, but it will mean we stop any processing that was based on consent. For example, if you consented to receive a newsletter or special offers, you can opt out and we will stop sending them. Certain types of consent can be withdrawn also directly in Fidoo Platform application.
To exercise any of these rights, you can contact us by email at dpo@fidoo.com or by mail at our registered address mentioned below. Please specify which right you wish to exercise and provide sufficient information for us to verify your identity (we need to make sure we’re releasing data to the right person). Exercising your rights is free of charge in most cases. We will respond to your request as soon as possible, and at the latest within one month, as required by GDPR (this time frame can be extended by two further months for complex requests, but we would inform you if that’s the case).

If you have any concerns or are not satisfied with our response, you also have the right to lodge a complaint with a supervisory authority. In the Czech Republic, the relevant authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů at www.uoou.cz). You can contact them or your local EU data protection authority about any issue. Of course, we encourage you to contact us first and we will do our best to resolve any issue to your satisfaction.

You may exercise your data protection rights regarding Finbricks by submitting a request to the email address support@finbricks.com. Detailed information on the processing of the Client’s personal data is available on the website www.kb.cz in the document “Information on the Processing of Personal Data.”You may exercise your data protection righs regarding Salt Edge by submitting a request via the contact details set out in the Salt Edge Privacy Policy. Detailed information on the processing of via Salt Edge is available in the Salt Edge Privacy Policy at https://www.saltedge.com/pages/dashboard_privacy_policy.

Contact

You can contact us at dpo@fidoo.com for any privacy-related inquiries. Direct Fidoo Platform a.s. is registered in the Commercial Register maintained by the Municipal Court in Prague (Section B, Insert No. 29756) under Company ID (IČO) 23351942. Our registered office is at Pod Dráhou 1636/1, 170 00 Prague 7, Czech Republic.

=============================================================================

This Privacy Policy is intended to give you a clear and accessible overview of how we handle your personal data in Fidoo. We aim to keep it up to date as our services evolve or as laws change. We will notify our users or corporate clients of any important changes to this policy. For the full details or any specific inquiries, don’t hesitate to reach out to us.

============================================================================