Privacy and Data Protection Policy (GDPR)
The Platform means, together and separately, the internet page of www.lenno.com, the "Lenno" mobile application, and any other platform through which Lenno is presented, offered and / or provides services.
Lenno means all companies within the group of the same name, including but not limited to Lenno Limited, a company registered in England and Wales under number 12008730, with registered address 64 New Cavendish Street, London, United Kingdom, W1G 8TB; Lenno JSC, a company registered in Bulgaria under number 203217465 with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria; Lenno Global Advisory JSC, a company registered in Bulgaria under number 103277217 with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria; Lenno Iberia S.L., a company registered in Spain under number B88146451 with registered address Centro de Negocios, Calle Lagasca, número 95, 28006 Madrid, Spain; Lenno Ins., a company registered in Bulgaria with registered address 2 Maria Luiza Blvd, Level 5, Sofia 1000, Bulgaria.
Please, read this Policy carefully before using the Platform or providing your Personal data, regardless electronically, through the Platform or on paper, as with the provision of your Personal data you agree with its terms. If you do not wish Lenno to process your personal data in the way described herein, please do not provide it. The provision of your personal data is performed voluntarily in order to receive certain services provided by Lenno and using and accessing the Platform, as well as performing any other requests through the Platform. Please keep in mind that Lenno will not be able to provide you with the services you have asked for if you do not provide the necessary information. Please also take in mind that in some particular cases your consent for the processing of personal data will not be required, if Lenno has a different legal basis, for example, the fulfillment of legal obligations.
Lenno Limited is a company registered in England and Wales under number 12008730. You can contact us at:
Headquarters: 64 New Cavendish Street, London, United Kingdom, W1G 8TB; email: info [at] lenno.com; Personal data officer: email: privacy [at] lenno.com.
In the course of providing the requested services, Lenno Limited may process the publicly available personal data, personal data available to Lenno Limited in the exercise of its legal rights and obligations and / or personal data provided by you, either directly or through one of the companies part of the Lenno group. The main types of personal data processed are:
• Personal identification information (name, middle and family name, PIN, date of birth, place of birth, citizenship, sex, identification document number);
• Contact details (including permanent address, address for correspondence, different from the permanent address, your telephone number or a number of a contact person, email address and others);
• Data on employment, occupation/position, work experience, education, previous employment, skills, qualifications, and others;
• Marital status information;
• Financial information (bank accounts, sources and amount of income, usual expenses (i.e. rent, utility, property tax, and other expenses);
• Data on real rights status (tangibles and real estate);
• Information about the representative (legal representative or a proxy) of our client;
• Data on indebtedness to natural or legal persons (such as names, PIN, etc.) and details of liabilities of the same (size, currency, repayment term, overdue, etc.);
• Data on collateral of liabilities (including foreign ones) to banks and other persons (type, secured receivable, debt arrears);
• Data on initiated enforcement proceedings and insolvency or liquidation procedures;
• Information regarding experience and knowledge about investments (history relating to the trading of financial instruments, the nature and volume of orders and etc.);
• Information regarding the investment objective;
• Information according to FATCA;
• Data related to health status.
In order to ensure the proper performance of services and obligations arising from contracts with the Lenno group, Lenno Limited has the right to process any information that is available in public registers and registers to which Lenno has access.
In addition to the foregoing, and in fulfillment of its legal obligations, Lenno Limited processes your data for the following purposes:
• For performing tax-insurance control of the competent authorities and determining the tax in the tax area;
• Provision of information to the competent authorities in relation to GDPR 2016/679 of 27 April 2016 and other applicable regulations;
• Obligations relating to the conduct of correct and lawful accounting;
• Prevention of fraud and money laundering.
• Direct marketing of products and services;
• Other purposes when there is no other legal basis for the processing of personal data.
The processing is required for the purposes of the legitimate interests pursued by Lenno:
• For the purpose of ensuring security and protection of all companies within the Lenno group and their visitors’ and employees’ property, interests and safety, Lenno Limited maintains video surveillance equipment;
• Assessing the level of clients’ satisfaction, as well as the efficiency of the advertising target;
• Ensuring the quality of client service (video recording and audio recording).
2. Persons who, by assigning Lenno Limited or one of the Lenno group companies, maintain equipment and software used for processing your personal data;
3. Banks serving payments made by and to you;
4. Persons to whom Lenno Limited has provided the execution of part of the service-specific activities or obligations that Lenno provides to you; Data processors who, on the basis of a Lenno Limited contract, process your personal data on behalf of Lenno Limited;
5. Natural persons providing services in order to sign a contract: notaries, lawyers, proxies;
6. Natural persons providing consultancy services in different areas - lawyers, accountants, marketing agencies, recruitment agencies, etc.;
7. Courts and other competent authorities, institutions, and persons to whom we are obliged to provide personal data under applicable law;
8. Security companies holding a license to perform private security activities processing the video recordings on the territory of Lenno Limited’s offices and / or maintaining other registers in the course of ensuring the access regime in the same sites;
9. All companies part of the Lenno group;
10. Other third parties providing services to the Lenno group companies.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The time period for keeping your personal data depends on the processing purposes for which the latter were collected:
2. Personal data processed for the purpose of issuing accounting / financial documents for the implementation of tax and social security regulations including, but not limited to - invoices, debit notes, credit notes, handover protocols, contracts for provision of service/goods, shall be kept not less than 11 years as from expiry of the limitation period for extinguishment of the respective public claim, unless the applicable law provides for a longer period.
3. Personal data processed for the purpose of direct marketing - to the explicit withdrawal of the given direct marketing consent or receipt of an objection to the processing of personal data for the purpose of direct marketing.
4. Video surveillance data from security cameras - up to 200 days as from recording creation. Phone calls shall be kept for up to 5 years from the call.
5. Personal data obtained for the purpose of concluding insurance contracts, including health condition data, shall be kept within the term of the insurance contract.
6. Personal data processed for the purpose of preventing fraud and money laundering shall be kept for a period of 5 years after the final settlement of all financial relations between the parties under Art. 67 of the LMML.
7. Personal data processed for the purpose of analyzing and evaluating job applications shall be retained for a period of 1 year after application or until the applicant has explicitly withdrawn the consent.
1. General rights
You have the following rights described below, related to the processing of personal data, which you may exercise at any time while Lenno keeps or process your personal data by sending a request to the address of the Lenno Limited referred to above or electronically by e-mail: privacy [at] lenno.com.
Any client is entitled to access his/her personal data collected by Lenno upon written request. Lenno Limited shall be obliged to grant access solely to the data concerning the respective client, where personal data of third persons may be disclosed in the course of exercising the rights described above. Upon exercising his/her right of access, any customer of Lenno Limited shall be entitled at any time to request:
• Confirmation of whether his/her personal data are being processed, information for the purposes of such processing, categories of personal data, and recipients or categories of recipients to whom personal data are disclosed;
• To be notified in writing in a plain form and the notification shall contain his or her personal data that are being processed, as well as any available information about their source;
• Information about the logic of any automated processing of personal data.
Any client shall be entitled, at any time, to request from Lenno Limited to:
• Erase, rectify or block his/her personal data, the processing of which does not comply with the applicable legislation;
• Notify any third persons to whom personal data have been disclosed of any erasure, rectification or blocking carried out in accordance with the preceding paragraph unless notification is impossible or involves excessive effort.
Any client in relation to his/her personal data, shall be entitled:
• To object before Lenno Limited the processing of his or her personal data in the presence of a legal basis for this; where the objection is justified, the personal data of the customer concerned can no longer be processed;
• To object the processing of his or her personal data for the purpose of direct marketing;
• To be notified prior to the first disclosure of his or her personal data to third persons or prior to their use for the purpose of direct marketing, as the respective client shall be entitled to object such personal data disclosure or use.
You have the right to submit a complaint directly to the supervisory authority, i.e. the Information Commissioner's Office, having its seat address at Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF(https://ico.org.uk ).
In case you have any questions and / or complaints about the processing of your personal data and/or the exercise of the above rights, you can contact the Data Protection Officer (on the contacts detailed above).
Lenno Limited DOES NOT perform profiling, due to the fact that your personal data processing is not automated.
You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising as well as to disclosure to third persons and personal data use on their behalf for the purposes of direct marketing and advertising by withdrawing your consent at any time. For this purpose, you may send an e-mail with the request to suspend the use of your personal data for the purpose of direct marketing, at: privacy [at] lenno.com.
Non-provision of such data may impede the ability for us to provide you with the type of service you have requested and / or to conclude a contract under the terms and conditions you require.
6. Data portability
Any client of the companies within the Lenno group may request his or her personal data to be transmitted or transferred to another personal data controller part or not part of the group, which shall be performed in a structured, widely used and machine-readable format. In order to facilitate the workflow and reduce the engagement of its customers, the Lenno group companies shall retain the right to transfer personal data for the purpose of providing new services within the group and without the explicit request of the clients. The respective Lenno group shall transfer the data directly if it is technically feasible.
Lenno Limited applies organizational, physical, IT and other required measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
These security measures include, but not limited to, the following activities:
• Lenno Limited has established the requirements for processing, registering and keeping personal data by implementing internal procedures, the observance of which is constantly supervised;
• The access of Lenno Limited employees to personal data and permission to process personal data in the Lenno Limited database is limited, depending on their duties and obligations;
• Lenno Limited has established confidentiality obligations for its employees;
• Access to the office equipment of Lenno Limited and the computers of each employee is limited;
• For maximum security when processing, transferring and keeping your personal data, we may use additional protection means such as encryption, pseudonymization, etc.;
• The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies.
Version 1.02, in effect as of 04/11/2019.