Privacy and Data Protection Policy (GDPR)

GENERAL PROVISIONS

Lenno Global Advisory („LGA”) respects the privacy of its customers and ensures the utmost protection of their personal data. The current Privacy Policy and personal data protection (hereinafter referred to as „Privacy Policy“) has been prepared and is based on the Bulgarian and European legislation on data protection and enters into force as of 25.05.2018.

The present Privacy Policy regulates the processing of personal data of natural persons or representatives of legal entities of our clients or potential clients, as well as the users of our Web site: www.lenno.com („the Web site“), in relation to the services offered by LGA, including provided by and available on the Web site.

The present Privacy Policy, together with the “Cookies” Policy set the rules which LGA will comply with when processing the personal data, collected from you or about you, or which you provide. Please, read this Policy carefully before using the Web site or providing your Personal data, regardless electronically, through the Web site or on paper, as with the provision of your Personal data you agree with its terms. If you do not wish your personal data to be processed in the way described in the current privacy Policy, please do not provide them.

The provision of personal data on your side is voluntary and for the use of certain services provided by us, the use of the Web site and/or accessing it, applying for a job and etc. Please keep in mind that we will not be able to provide you with the services you have asked for if you do not provide the necessary information. Please also take in mind that in some particular cases Your consent for the processing of personal data will not be required, if LGA has a different legal basis, for example, fulfillment of legal obligations.

WHO PROCESSES YOUR PERSONAL INFORMATION AND WHO IS LIABLE FOR IT

LGA, with UIC 103277217 is a licensed Investment Intermediary, regulated in accordance with Directive 2014/65/ЕС (MIFID II). LGA is licensed and regulated from the Financial Supervision Commission (FSC) under the registration number RG-03-188. LGA is a company, registered in the “Register of personal data controllers and the persona; data registers kept by them” under the CPDP with id number 50050. You can contact us at any of the following coordinates:

Headquarters: Sofia, 1000, Oborishte, 2 „Maria Luiza“ Blvd., Level 5; Telephone: 0700 42 442; Email info [at] lenno.com; Personal data officer: with address: Sofia, 1000, Oborishte, 2 „Maria Luiza“ Blvd., Level 5, and email: privacy [at] lenno.com;


CATEGORIES OF PERSONAL DATA, PROCESSED BY LGA

If a potential account decides to open a trading account with LGA or an existing client uses such account and/or submits a request for the provision of one or more investment services and/or for the performance of one or more investment services, certain information will be requested. LGA can process the publicly available personal data and/or personal data available to LGA in the exercise of its legal rights and obligations and/or personal data, provided by You. The main types of personal data processed are:

•    Personal identification information (name, middle and family name, PIN, date of birth, place of birth, citizenship, sex, identification document number);
•    Contact details (including permanent address, address for correspondence, different from the permanent address, your telephone number or a number of a contact person, email address and others);
•    Data on employment, occupation / position, work experience, education, previous employment, skills, qualifications and others;
•    Marital status information;
•    Financial information (bank accounts, sources and amount of income, assets, incl. Portfolios and financial instruments, financial condition, the ability to bear losses and etc.);
•    Information regarding experience and knowledge about investments (history relating to the trading of financial instruments, the nature and volume of orders and etc.);
•    Information regarding the investment objective;
•    Information according to FATCA;
•    Information about the representative (legal representative or a proxy) of our client.


The purpose of collecting this information is to identify and categorize a potential client and to evaluate whether the service required by client is suitable, before signing a contract or applying for a job.

The provision of additional information may be required periodically, which on one hand will help improve the services which LGA provides, an on the other is necessary for fulfilling the legal obligations for data maintenance, through which LGA individualises the user of the Web site as own client in its current type and volume.


SOURCES THROUGH WHICH LGA COLLECTS INFORMATION

•    Online request form for opening a trading account, including the use of Demo account and/or request for performing one or more investment services;
•    Documents provided for identification, client categorization upon opening a trading account, including the use of Demo account;
•    Executed online transactions in relation to the services provided by LGA;
•    Declaration for the purposes of the automatic exchange of financial information pursuant to Art. 142t, paragraph 1 from от Tax-Insurance Procedure Code (TIPC);
•    Declaration under по Article 4, paragraph 7 and under paragraph 6, Art. 5, item 3 from LLML;
•    A Statement about the Beneficial owner under art. 6, para. 2 of the LMML;
•    Declaration under Art. 42, paragraph 2, item 2 from LМML for a politically exposed person;
•    
Online form for a job application;

•    Correspondence by email or chat as well as communication over the phone with LGA;
•    Visiting the Web site of LGA;
•    Power of attorney to a representative of our client (if there is a representative elected or appointed);
•    And all other sources, which help generate the legal minimum of information, which we are required to collect.


USE OF INFORMATION AND THE PURPOSE OF PROCESSING PERSONAL DATA

LGA processes personal information for the following purposes:

1.    Processing of personal data, which is required for the conclusion and execution of a contract with us or in relation to the preparation for concluding a contract with us.

•    Identifying a client upon concluding a new contract or amending an existing contract with us; clarifications about the services used; execution of a concluded contract;
•    Client classification as a retail, professional or eligible counterparty in order to grant legally established documents and other information;
•    Data obtained by You upon the execution of obligations arising from contracts, entered with You or a Company represented by You, exercising of rights and the enforcement of and ensuring the execution of contracts from our clients;
•    Administering and answering client complaints and/or requests;
•    Sharing important information regarding changes in our policy and other administrative information;

•    Analysis and evaluation of job applications.

2.    For the execution of its legal duties, LGA processes your data for the following purposes:

•    Issuing invoices;
•    For performing tax-insurance control of the competent authorities and determining the tax in the tax area;
•    Providing information to the Commission for Personal Data Protection in relation to the obligations laid down in the regulation for personal data protection – the General Data Protection Regulation (EU) 2016/679 from 27 April 2016 and etc.;
•    Providing information to the Financial Supervision Commission, Bulgarian stock exchange- Sofia JSC and Central depositary JSC;
•    Obligations laid down in the Tax-Insurance Procedure Code and other related regulations in relation to the keeping of proper and lawful accounting;
•    Prevention of fraud and money laundering.


3.    LGA processes the relevant data obtained with the explicit consent of the customer for their processing for the following purposes:

•    Direct marketing of products and services.

4.    The processing is required for the purposes of the legitimate interests pursued by LGA:

•    For the purpose of ensuring security and protection of LGA’s and its visitors’ and employees’ property, interests and safety, LGA maintains video surveillance equipment;
•    Assessing the level of consumers’ satisfaction, as well as the efficiency of the advertising target, and to correspond to your expactations by presenting appropriate advertising;
•    Ensuring the quality of customer service (video recording and audio recording).


CATEGORIES OF THIRD PERSONS THAT MAY ACCESS AND PROCESS YOUR PERSONAL DATA

LGA does not disclose the collected and stored nonpublic information and the client’s personal data before any unrelated third party or to related parties, unless it is permitted by applicable law or with the explicit consent and permission of the client. Depending on the product or service, as well as certain restrictions regarding confidential information, personal customer data and information may be disclosed to:

1.    Service providers and consultant specialist which provide administrative, financial, legal, research or other services under a contract with LGA;

2.    Persons who are assigned by LGA to maintain the equipment and software used for the processing of your personal data, assigned by LGA; Лица, които по възлагане на ЛГА поддържат оборудване и софтуер, използвани за обработване на личните Ви данни;

3.    Persons to whom LGA has provided the execution of part of the activities or obligations associated with a specific service we provide to you; personal data processors who, on the basis of a contract with LGA, process your personal data on behalf of the LGA as well as other companies of the holding structure of Lenno JSC with UIC 203217465 in the provision of related services or activities;

4.    Natural persons or legal entities providing consultancy services in different areas - lawyers, accountants, marketing agencies, recruitment agencies, etc.

5.    Courts and other competent authorities, institutions, and persons to whom we are obliged to provide personal data under current legislation;

6.    Any person authorized by the client, as stated by the latter or by a contract;

7.    Security companies holding a license to perform private security activities processing the video recordings on the territory of LGA offices and / or maintaining other registers in the course of ensuring the access regime in the same sites.


HOW LONG DO WE KEEP YOUR PERSONAL DATA

The time period for keeping your personal data depends on the processing purposes for which they were collected:

1.    Personal data processed for the purpose of concluding/amending and executing contracts between LGA and you or a company represented by you- within the contract period and as of the definitive settlement of all financial relations between the parties. LGA may keep part of your personal data for a longer period of time until the expiration of the applicable limitation period in order to be protected from any customer claims regarding performance / termination of contracts as well as in case of a legal disputes that has been already arisen until its final settlement by a court / arbitration adjudication that has entered into force.

2.    Personal data processed for the purpose of issuing accounting / financial documents for the implementation of tax and social security regulations including, but not limited to - invoices, debit notes, credit notes, handover protocols, contracts for provision of service/goods, shall be kept not less than 11 years as from expiry of the limitation period for extinguishment of the respective public claim, unless the applicable law provides for a longer period.

3.   Personal data processed for the purpose of direct marketing - to the explicit withdrawal of the given direct marketing consent or receipt of an objection to the processing of personal data for the purpose of direct marketing.

4.    Video surveillance data from security cameras - up to 100 days as from recording creation. Phone calls shall be kept for up to 5 years from the call.

5.    Personal data processed for the purpose of preventing fraud and money laundering shall be kept for a period of 5 years after the final settlement of all financial relations between the parties under Art. 67 of the LMML.


6.    Personal data processed for the purpose of analyzing and evaluating job applications shall be kept for a period of 1 year after application or until the consent is explicitly withdrawn by the applicant.

YOUR RIGHTS IN RELATION TO THE PROCESSING OFYOUR PERSONAL DATA

1.    General rights

You have the following rights described below, related to the processing of personal data, which you may exercise at any time while we keep or process your personal data by sending a request to the address of the LGA referred to above or electronically by e-mail: privacy [at] lenno.com.

Any client is entitled to access his/her personal data collected by LGA upon written request. LGA shall be obliged to grant access solely to the data concerning the respective client, where personal data of third persons may be disclosed in the course of exercising the rights described above. Upon exercising his/her right of access, any LGA customer shall be entitled at any time to request:


•    Confirmation of whether his/her personal data are being processed, information for the purposes of such processing, categories of personal data, and recipients or categories of recipients to whom personal data are disclosed;
•    To be notified in writing in a plain form and the notification shall contain his or her personal data that are being processed, as well as any available information about their source;
•    Information about the logic of any automated processing of personal data.


Any client shall be entitled, at any time, to request from LGA to:

•    erase, rectify or block his/her personal data, the processing of which does not comply with the applicable legislation;
•    Notify any third persons to whom personal data have been disclosed of any erasure, rectification or blocking carried out in accordance with the preceding paragraph unless a notification is impossible or involves excessive effort.

Any client in relation to his/her personal data, shall be entitled to:

•    Object before LGA the processing of his or her personal data in the presence of a legal basis for this; where the objection is justified, the personal data of the customer concerned can no longer be processed;
•    Object the processing of his or her personal data for the purpose of direct marketing;
•    Be notified prior to the first disclosure of his or her personal data to third persons or prior to their use for the purpose of direct marketing, as the respective client shall be entitled to object such personal data disclosure or use.

2.    You have the right to a complaint before a supervisory authority

You have the right to submit a complaint directly to the supervisory authority, i.e. Commission of Personal Data Protection, having its seat address at: 2 Prof. Tsvetan Lazarov 1592 Sofia (www.cpdp.bg).

In case you have any questions and / or complaints about the processing of your personal data and / or the exercise of the above rights, you can contact the Data Protection Officer (on the contacts detailed above).

3.    Profiling

Upon assessing the appropriateness of the investment services provided by LGA and the investment activities carried out, LGA does not perform profiling as the processing of your personal data is not automated. The preparation of the assessment is strictly individual for each client and is done in accordance with the requirements of the law by certain employees to whom the LGA has commissioned this assessment.

4.    An objection against direct marketing

You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising as well as to disclosure to third persons and personal data use on their behalf for the purposes of direct marketing and advertising by withdrawing your consent at any time. For this purpose, y

5.    Can you refuse to provide personal data to LGA and what are the consequences of it?

In order to conclude a contract with you and / or to provide you with the requested services in accordance with our legal and respective contractual obligations, LGA requires certain data detailed in this Privacy Policy.

Non-provision of such data may impede the ability to assess the appropriateness and expedience of personal data processing and lead to obstruction for us to provide you with the type of service you have requested and / or to conclude a contract under the terms and conditions you require. Based on the information we receive, we may also consider that the product or service may be inappropriate for you and we shall notify you in writing.


HOW DO WE PROTECT YOUR DATA

LGA applies organizational, physical, IT and other required measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.

These security measures include, but not limited to, the following activities:

•    LGA has established the requirements for processing, registering and keeping personal data by implementing internal procedures, the observance of which is constantly supervised;
•    The access of LGA employees to personal data and permission to process personal data in the LGA database is limited, depending on their duties;
•    LGA has established confidentiality obligations for its employees;
•    Access to the office equipment of LGA and the computers of each employee is limited;
•    For maximum security when processing, transferring and keeping your personal data, we may use additional protection means such as encryption, pseudonymisation, etc.;
•    The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies.


"COOKIES" POLICY 

To learn more about the “Cookies” Policy, please visit the “Cookies” Policy page.

СUSTOMER'S CONSENT

By opening a trading account in LGA and / or when applying for one or more investment services and / or an application to perform one or more investment activities and / or using LGA Web site, the client of the company and / or the user of the Web site agrees with the collection and use of non-public information and personal data by LGA as provided in this Privacy Policy. This consent also includes, but is not limited to, registration made on the LGA Web site, use of mobile application registration, demo account opening and registration, registration in training and information courses and / or applications supported by LGA, etc.

PRIVACY POLICY AMENDMENTS

We may periodically update our Privacy Policy. Upon a change in the current policy, a notification shall be posted on our Website as well as the updated Privacy Policy. All amendments and addendums to the Privacy Policy shall be applied solely after publishing the actual content available through our Web site.

Trade Responsibly: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 65% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.