Privacy and Data Protection Policy (GDPR)
The provision of personal data on your side is voluntary and for the use of certain services provided by us, the use of the Web site and/or accessing it, applying for a job and etc. Please keep in mind that we will not be able to provide you with the services you have asked for if you do not provide the necessary information. Please also take in mind that in some particular cases Your consent for the processing of personal data will not be required, if LGA has a different legal basis, for example, fulfillment of legal obligations.
LGA, with UIC 103277217 is a licensed Investment Intermediary, regulated in accordance with Directive 2014/65/ЕС (MIFID II). LGA is licensed and regulated from the Financial Supervision Commission (FSC) under the registration number RG-03-188. LGA is a company, registered in the “Register of personal data controllers and the persona; data registers kept by them” under the CPDP with id number 50050. You can contact us at any of the following coordinates:
Headquarters: Sofia, 1000, Oborishte, 2 „Maria Luiza“ Blvd., Level 5; Telephone: 0700 42 442; Email info [at] lenno.com; Personal data officer: with address: Sofia, 1000, Oborishte, 2 „Maria Luiza“ Blvd., Level 5, and email: privacy [at] lenno.com;
If a potential account decides to open a trading account with LGA or an existing client uses such account and/or submits a request for the provision of one or more investment services and/or for the performance of one or more investment services, certain information will be requested. LGA can process the publicly available personal data and/or personal data available to LGA in the exercise of its legal rights and obligations and/or personal data, provided by You. The main types of personal data processed are:
• Personal identification information (name, middle and family name, PIN, date of birth, place of birth, citizenship, sex, identification document number);
• Contact details (including permanent address, address for correspondence, different from the permanent address, your telephone number or a number of a contact person, email address and others);
• Data on employment, occupation / position, work experience, education, previous employment, skills, qualifications and others;
• Marital status information;
• Financial information (bank accounts, sources and amount of income, assets, incl. Portfolios and financial instruments, financial condition, the ability to bear losses and etc.);
• Information regarding experience and knowledge about investments (history relating to the trading of financial instruments, the nature and volume of orders and etc.);
• Information regarding the investment objective;
• Information according to FATCA;
• Information about the representative (legal representative or a proxy) of our client.
The purpose of collecting this information is to identify and categorize a potential client and to evaluate whether the service required by client is suitable, before signing a contract or applying for a job.
The provision of additional information may be required periodically, which on one hand will help improve the services which LGA provides, an on the other is necessary for fulfilling the legal obligations for data maintenance, through which LGA individualises the user of the Web site as own client in its current type and volume.
• Online request form for opening a trading account, including the use of Demo account and/or request for performing one or more investment services;
• Documents provided for identification, client categorization upon opening a trading account, including the use of Demo account;
• Executed online transactions in relation to the services provided by LGA;
• Declaration for the purposes of the automatic exchange of financial information pursuant to Art. 142t, paragraph 1 from от Tax-Insurance Procedure Code (TIPC);
• Declaration under по Article 4, paragraph 7 and under paragraph 6, Art. 5, item 3 from LLML;
• A Statement about the Beneficial owner under art. 6, para. 2 of the LMML;
• Declaration under Art. 42, paragraph 2, item 2 from LМML for a politically exposed person;
• Online form for a job application;
• Correspondence by email or chat as well as communication over the phone with LGA;
• Visiting the Web site of LGA;
• Power of attorney to a representative of our client (if there is a representative elected or appointed);
• And all other sources, which help generate the legal minimum of information, which we are required to collect.
LGA processes personal information for the following purposes:
• Identifying a client upon concluding a new contract or amending an existing contract with us; clarifications about the services used; execution of a concluded contract;
• Client classification as a retail, professional or eligible counterparty in order to grant legally established documents and other information;
• Data obtained by You upon the execution of obligations arising from contracts, entered with You or a Company represented by You, exercising of rights and the enforcement of and ensuring the execution of contracts from our clients;
• Administering and answering client complaints and/or requests;
• Sharing important information regarding changes in our policy and other administrative information;
• Analysis and evaluation of job applications.
• Issuing invoices;
• For performing tax-insurance control of the competent authorities and determining the tax in the tax area;
• Providing information to the Commission for Personal Data Protection in relation to the obligations laid down in the regulation for personal data protection – the General Data Protection Regulation (EU) 2016/679 from 27 April 2016 and etc.;
• Providing information to the Financial Supervision Commission, Bulgarian stock exchange- Sofia JSC and Central depositary JSC;
• Obligations laid down in the Tax-Insurance Procedure Code and other related regulations in relation to the keeping of proper and lawful accounting;
• Prevention of fraud and money laundering.
• Direct marketing of products and services.
• For the purpose of ensuring security and protection of LGA’s and its visitors’ and employees’ property, interests and safety, LGA maintains video surveillance equipment;
• Assessing the level of consumers’ satisfaction, as well as the efficiency of the advertising target, and to correspond to your expactations by presenting appropriate advertising;
• Ensuring the quality of customer service (video recording and audio recording).
LGA does not disclose the collected and stored nonpublic information and the client’s personal data before any unrelated third party or to related parties, unless it is permitted by applicable law or with the explicit consent and permission of the client. Depending on the product or service, as well as certain restrictions regarding confidential information, personal customer data and information may be disclosed to:
2. Persons who are assigned by LGA to maintain the equipment and software used for the processing of your personal data, assigned by LGA; Лица, които по възлагане на ЛГА поддържат оборудване и софтуер, използвани за обработване на личните Ви данни;
3. Persons to whom LGA has provided the execution of part of the activities or obligations associated with a specific service we provide to you; personal data processors who, on the basis of a contract with LGA, process your personal data on behalf of the LGA as well as other companies of the holding structure of Lenno JSC with UIC 203217465 in the provision of related services or activities;
4. Natural persons or legal entities providing consultancy services in different areas - lawyers, accountants, marketing agencies, recruitment agencies, etc.
5. Courts and other competent authorities, institutions, and persons to whom we are obliged to provide personal data under current legislation;
6. Any person authorized by the client, as stated by the latter or by a contract;
7. Security companies holding a license to perform private security activities processing the video recordings on the territory of LGA offices and / or maintaining other registers in the course of ensuring the access regime in the same sites.
The time period for keeping your personal data depends on the processing purposes for which they were collected:
2. Personal data processed for the purpose of issuing accounting / financial documents for the implementation of tax and social security regulations including, but not limited to - invoices, debit notes, credit notes, handover protocols, contracts for provision of service/goods, shall be kept not less than 11 years as from expiry of the limitation period for extinguishment of the respective public claim, unless the applicable law provides for a longer period.
3. Personal data processed for the purpose of direct marketing - to the explicit withdrawal of the given direct marketing consent or receipt of an objection to the processing of personal data for the purpose of direct marketing.
4. Video surveillance data from security cameras - up to 100 days as from recording creation. Phone calls shall be kept for up to 5 years from the call.
5. Personal data processed for the purpose of preventing fraud and money laundering shall be kept for a period of 5 years after the final settlement of all financial relations between the parties under Art. 67 of the LMML.
6. Personal data processed for the purpose of analyzing and evaluating job applications shall be kept for a period of 1 year after application or until the consent is explicitly withdrawn by the applicant.
1. General rights
You have the following rights described below, related to the processing of personal data, which you may exercise at any time while we keep or process your personal data by sending a request to the address of the LGA referred to above or electronically by e-mail: privacy [at] lenno.com.
Any client is entitled to access his/her personal data collected by LGA upon written request. LGA shall be obliged to grant access solely to the data concerning the respective client, where personal data of third persons may be disclosed in the course of exercising the rights described above. Upon exercising his/her right of access, any LGA customer shall be entitled at any time to request:
• Confirmation of whether his/her personal data are being processed, information for the purposes of such processing, categories of personal data, and recipients or categories of recipients to whom personal data are disclosed;
• To be notified in writing in a plain form and the notification shall contain his or her personal data that are being processed, as well as any available information about their source;
• Information about the logic of any automated processing of personal data.
Any client shall be entitled, at any time, to request from LGA to:
• erase, rectify or block his/her personal data, the processing of which does not comply with the applicable legislation;
• Notify any third persons to whom personal data have been disclosed of any erasure, rectification or blocking carried out in accordance with the preceding paragraph unless a notification is impossible or involves excessive effort.
Any client in relation to his/her personal data, shall be entitled to:
• Object before LGA the processing of his or her personal data in the presence of a legal basis for this; where the objection is justified, the personal data of the customer concerned can no longer be processed;
• Object the processing of his or her personal data for the purpose of direct marketing;
• Be notified prior to the first disclosure of his or her personal data to third persons or prior to their use for the purpose of direct marketing, as the respective client shall be entitled to object such personal data disclosure or use.
You have the right to submit a complaint directly to the supervisory authority, i.e. Commission of Personal Data Protection, having its seat address at: 2 Prof. Tsvetan Lazarov 1592 Sofia (www.cpdp.bg).
In case you have any questions and / or complaints about the processing of your personal data and / or the exercise of the above rights, you can contact the Data Protection Officer (on the contacts detailed above).
Upon assessing the appropriateness of the investment services provided by LGA and the investment activities carried out, LGA does not perform profiling as the processing of your personal data is not automated. The preparation of the assessment is strictly individual for each client and is done in accordance with the requirements of the law by certain employees to whom the LGA has commissioned this assessment.
You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising as well as to disclosure to third persons and personal data use on their behalf for the purposes of direct marketing and advertising by withdrawing your consent at any time. For this purpose, y
Non-provision of such data may impede the ability to assess the appropriateness and expedience of personal data processing and lead to obstruction for us to provide you with the type of service you have requested and / or to conclude a contract under the terms and conditions you require. Based on the information we receive, we may also consider that the product or service may be inappropriate for you and we shall notify you in writing.
LGA applies organizational, physical, IT and other required measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
These security measures include, but not limited to, the following activities:
• LGA has established the requirements for processing, registering and keeping personal data by implementing internal procedures, the observance of which is constantly supervised;
• The access of LGA employees to personal data and permission to process personal data in the LGA database is limited, depending on their duties;
• LGA has established confidentiality obligations for its employees;
• Access to the office equipment of LGA and the computers of each employee is limited;
• For maximum security when processing, transferring and keeping your personal data, we may use additional protection means such as encryption, pseudonymisation, etc.;
• The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies.
To learn more about the “Cookies” Policy, please visit the “Cookies” Policy page.