Privacy and Data Protection Policy (GDPR)
The Platform means, together and separately, the internet page of www.lenno.com, the "Lenno" mobile application, and any other platform through which Lenno is presented, offered and / or provides services.
Lenno means all companies within the group of the same name, including but not limited to Lenno Limited, a company registered in England and Wales under number 12008730, with registered address 64 New Cavendish Street, London, United Kingdom, W1G 8TB; Lenno JSC, a company registered in Bulgaria under number 203217465 with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria; Lenno Global Advisory JSC, a company registered in Bulgaria under number 103277217 with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria; Lenno Iberia S.L., a company registered in Spain under number B88146451 with registered address Centro de Negocios, Calle Lagasca, número 95, 28006 Madrid, Spain; Lenno Ins., a company registered in Bulgaria with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria.
Lenno Global Advisory JSC, a single-member joint-stock company, incorporated in accordance with the Bulgarian legislation and registered with the Commercial register and register of NPLE with UIC 103277217. Lenno Global Advisory JSC is an Investment Intermediary in accordance with Directive 2014/65/ЕС (MIFID II), licensed and regulated by the Financial Supervision Commission (FSC) under registration number RG-03-188. Lenno Global Advisory JSC collects, processes and keeps your personal data as per the requirements described hereinafter. You can contact Lenno Global Advisory JSC at any of the following coordinates:
Registered office at 2 Maria Luiza Blvd., 5th floor, 1000, municipal district of Oborishte, city of Sofia; Phone number: 0700 42 442; Email: info [at] lenno.com; Personal data officer’s coordinates: 2 Maria Luiza Blvd., 5th floor, 1000, municipal district of Oborishte, city of Sofia; Email: privacy [at] lenno.com.
If a potential client decides to open a trading account with Lenno Global Advisory JSC or an existing client uses such account and/or submits a request for the provision of one or more investment services and/or for the performance of one or more investment services, certain information shall be requested. Lenno Global Advisory JSC is entitled to process the publicly available personal data and/or personal data known to Lenno Global Advisory JSC upon the exercise of its legal rights and obligations and/or personal data, provided by you. The general types of processed personal data are:
• Personal identification information: first name, middle name and surname, personal identification number, date of birth, place of birth, citizenship, sex, identification document number;
• Contact details: including domiciling address, address for correspondence, different from the domiciling address, your phone number or a number of a contact person, email address and others);
• Data on employment, occupation/position, work experience, education, previous employment, skills, qualifications, and others;
• Marital status information;
• Financial information (bank accounts, sources and amount of income, assets, incl. financial instruments’ portfolios, financial condition, the ability to bear losses, etc.); • Information regarding experience and knowledge about investments (history relating to the trading of financial instruments, the nature and volume of orders and etc.);
• Information regarding investment targets;
• Information according to FATCA;
• Information about a representative (legal representative or a proxy) of a client.
The purpose of collecting this information is to identify and categorize the prospective client and to evaluate whether the service requested by him is appropriate before signing a contract or when applying for a job.
Additional information may be periodically required to help improve the services that Lenno Global Advisory JSC provides and, on the other, is necessary in order to fulfill the regulatory data maintenance obligations through which Lenno Global Advisory JSC individualizes the Platform user as its client in an up-to-date type and volume.
• Online request form for opening a trading account, including the use of Demo account and/or request for performing one or more investment services;
• Documents provided for identification, client categorization upon opening a trading account, including the use of Demo account;
• Executed online transactions in relation to the services provided by Lenno Global Advisory JSC;
• Statement for the purposes of the automatic exchange of financial information pursuant to Art. 142t, Para. 1 of the Tax-Insurance Procedure Code (TIPC);
• Statement under Art. 4, Para. 7 and Para. 6, Art. 5, item 3 of the Law on Measures against Money Laundering (LMML);
• Statement about the Beneficial owner under Art. 6, Para. 2 of the LMML;
• Statement under Art. 42, Para. 2, item 2 of the LМML for a politically exposed person;
• Online form for a job application;
• Correspondence by email or chat as well as communication over the phone with Lenno Global Advisory JSC;
• Visiting the Platform of Lenno Global Advisory JSC;
• Companies part of Lenno group in case services are provided jointly;
• Power of attorney to a representative of a client (if there is a representative elected or appointed);
• And all other sources, which help generate the legal minimum of information, which Lenno Global Advisory JSC is required to collect.
Lenno Global Advisory JSC processes personal data for the following purposes:
1. Processing of personal data that is directly required for the provision of services and/or upon job application:
• Identifying a client prior to and/or upon concluding a new contract or amending an existing contract; clarifications of the services provided; execution of a concluded contract;
• Client classification;
• Data obtained from a client upon the performance of obligations arising from agreements, rights exercising and ensuring the execution of agreements;
• Up-to-date identification of users of the Platform as clients;
• Processing job application before Lenno Global Advisory JSC;
• Accepting and answering clients’ complaints and/or requests;
• Debt payments, rescheduling of due amounts; management of receivables collection;
• Sharing important information regarding changes herein and other relevant information;
2. For the execution of its legal duties, Lenno Global Advisory JSC processes your data for the following purposes:
• Issuing invoices;
• For performing tax-insurance control of the competent authorities and determining the tax in the tax area;
• Providing information to the Commission for Personal Data Protection in relation to the obligations laid down in the regulation for personal data protection – the General Data Protection Regulation (EU) 2016/679 from 27 April 2016, etc.;
• Obligations provided for in the Tax-Insurance Procedure Code and other related statutory instruments in relation to the keeping of proper and lawful accounting;
• Prevention of fraud, money laundering, and terrorist financing.
3. Lenno Global Advisory JSC processes personal data obtained with the explicit consent of the client for the following purposes:
• Direct marketing of products and services.
4. The processing is required for the purposes of the legitimate interests of Lenno Global Advisory JSC:
• For the purpose of ensuring security and protection of Lenno Global Advisory JSC and its visitors’ and employees’ property, interests and safety, Lenno Global Advisory JSC maintains video surveillance equipment;
• Assessing the level of clients’ satisfaction, as well as the efficiency of the advertising target;
• Ensuring the quality of clients’ service (video recording and audio recording).
Lenno Global Advisory JSC does not disclose collected and stored nonpublic information and the client’s personal data before any unrelated third party or to related parties unless it is permitted by the applicable law or with the explicit consent and permission of the client. Depending on the product or service, as well as certain restrictions regarding confidential information, personal data of clients and information may be disclosed to:
1. Service providers and consultant specialists who provide administrative, financial, legal, research or other services under a contract with Lenno Global Advisory JSC.
2. Persons who are assigned by Lenno Global Advisory JSC to maintain the equipment and software used for the processing of your personal data.
3. Persons to whom Lenno Global Advisory JSC has provided the execution of part of the activities or obligations associated with a specific service provided to you; personal data processors who, on the basis of a contract with Lenno Global Advisory JSC, process your personal data on behalf of Lenno Global Advisory JSC as well as other companies of the Lenno group in the course of provision of related services or activities.
4. Natural persons or legal entities providing consultancy services in different areas - lawyers, accountants, marketing agencies, recruitment agencies, etc.
5. Courts and other competent authorities, institutions, and persons to whom Lenno Global Advisory JSC is obliged to provide personal data under current legislation.
6. Any person authorized by the client, as stated by the latter or by a contract.
7. Security companies holding a license to perform private security activities processing the video recordings on the territory of Lenno Global Advisory JSC offices and / or maintaining other registers in the course of ensuring the access regime in the same sites.
8. Companies part of the Lenno group in case services are provided jointly.
9. Other companies that provide services to the companies of the Lenno group.
The time period for keeping your personal data depends on the processing purposes for which they were collected:
1. Personal data processed for the purpose of concluding/amending and executing contracts between Lenno Global Advisory JSC and you or a company represented by you- within the contract period and as of the definitive settlement of all financial relations between the parties. Lenno Global Advisory JSC may keep part of your personal data for a longer period of time until the expiration of the applicable limitation period in order to be protected from any client’s claims regarding performance / termination of contracts as well as in case of a legal disputes that has been already arisen until its final settlement by a court / arbitration adjudication that has entered into force.
2. Personal data processed for the purpose of issuing accounting / financial documents for the implementation of tax and social security regulations including, but not limited to - invoices, debit notes, credit notes, handover protocols, contracts for provision of service/goods, shall be kept not less than 11 years as from expiry of the limitation period for extinguishment of the respective public claim, unless the applicable law provides for a longer period.
3. Personal data processed for the purpose of direct marketing - to the explicit withdrawal of the given direct marketing consent or receipt of an objection to the processing of personal data for the purpose of direct marketing.
4. Video surveillance data from security cameras - up to 200 days as from the recording creation. Phone calls shall be kept for up to 5 years from the call.
5. Personal data processed for the purpose of preventing fraud and money laundering shall be kept for a period of 5 years after the final settlement of all financial relations between the parties under Art. 67 of the LMML.
6. Personal data processed for the purpose of analyzing and evaluating job applications shall be kept for a period of 1 year after application or until the consent is explicitly withdrawn by the applicant.
1. General rights
You have the following rights described below, related to the processing of personal data, which you may exercise at any time while Lenno Global Advisory JSC keeps or process your personal data by sending a request to the address of the Lenno Global Advisory JSC referred to above or electronically by e-mail: privacy [at] lenno.com.
Any client is entitled to access his/her personal data collected by Lenno Global Advisory JSC upon written request. Lenno Global Advisory JSC shall be obliged to grant access solely to the data concerning the respective client, where personal data of third parties may be disclosed in the course of exercising the rights described above. Upon exercising his/her right of access, any Lenno Global Advisory JSC client shall be entitled at any time to request:
• confirmation of whether his/her personal data are being processed, information for the purposes of such processing, categories of personal data, and recipients or categories of recipients to whom personal data are disclosed;
• to be notified in writing in a plain form about his or her personal data that are being processed, as well as any available information about their source;
• information about the logic of any automated processing of personal data.
Any client shall be entitled, at any time, to request from Lenno Global Advisory JSC to:
• erase, rectify or block his/her personal data, the processing of which does not comply with the applicable legislation;
• notify any third party to whom personal data have been disclosed of any erasure, rectification or blocking carried out in accordance with the preceding paragraph unless notification is impossible or involves excessive effort.
Any client in relation to his/her personal data, shall be entitled to:
• object before Lenno Global Advisory JSC against the processing of his or her personal data in the presence of a legal basis for this; where the objection is justified, the personal data of the client concerned can no longer be processed;
• object against the processing of his or her personal data for the purpose of direct marketing;
• be notified prior to the first disclosure of his or her personal data to a third party or prior to their use for the purpose of direct marketing, as the respective client shall be entitled to object against such personal data disclosure or use.
2. Complaint to a supervisory authority
You have the right to submit a complaint directly to the supervisory authority, i.e. Commission of Personal Data Protection, having its seat address at: 2 Prof. Tsvetan Lazarov, 1592 Sofia, Bulgaria (www.cpdp.bg).
In case you have any questions and / or complaints about the processing of your personal data and/or the exercise of the above rights, you can contact the Data Protection Officer (via the contacts detailed above).
Upon assessing the appropriateness of the investment services provided by Lenno Global Advisory JSC and the investment activities carried out, Lenno Global Advisory JSC does not perform profiling as the processing of your personal data is not automated. The preparation of the assessment is strictly individual for each client and is done in accordance with the requirements of the law by certain employees to whom the Lenno Global Advisory JSC has commissioned this assessment.
4. An objection against direct marketing
You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising as well as to disclosure to third parties and personal data use on their behalf for the purposes of direct marketing and advertising by withdrawing your consent at any time. For this purpose, you can send an electronic message requesting the respective suspension of the use of your personal data for the purpose of direct marketing at privacy [at] lenno.com.
5. Can you refuse to provide personal data to Lenno Global Advisory JSC and what are the consequences of it?
Non-provision of such data may impede the ability to assess the appropriateness and expedience of personal data processing and lead to obstruction for providing you with the type of service you have requested and / or to conclude a contract under the terms and conditions you require. Based on the received information, Lenno Global Advisory JSC may also consider that the product or service may be inappropriate for you and shall notify you in writing.
6. Portability of personal data
You have the right to request that your personal data be transmitted or transferred to another data controller in a structured, widely used and machine-readable format. If it is technically feasible, Lenno Global Advisory JSC shall transfer the data directly. In order to facilitate the workflow and reduce the engagement of its clients, the companies of the Lenno group shall be entitled to transfer personal data in order to provide new services within the group structure and without the express request of the clients.
Lenno Global Advisory JSC applies organizational, physical, IT and other required measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
These security measures include, but are not limited to, the following activities:
• Lenno Global Advisory JSC has established the requirements for processing, registering and keeping personal data by implementing internal procedures, the observance of which is constantly supervised;
• The access of Lenno Global Advisory JSC employees to personal data and permission to process personal data in the Lenno Global Advisory JSC database is limited, depending on their duties;
• Lenno Global Advisory JSC has established confidentiality obligations for its employees; • Access to the office equipment of Lenno Global Advisory JSC and the computers of each employee is limited;
• For maximum security when processing, transferring and keeping your personal data, Lenno JSC may use additional protection means such as encryption, pseudonymization, etc.;
• The security measures applied are subject to constant improvement and adaptation to state-of-the-art technologies.
Version 1.02, in effect as of 04/11/2019.