RULES FOR PROCESSING PERSONAL DATA

Investujte do budoucnosti Trineto

In connection with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), as amended, and further in connection with Act No. 110/2019 Coll., the Act on the Processing of Personal Data, TRINETO a.s., Company ID: 21409561, with its registered office at Školská 689/20, Nové Město (Prague 1), 110 00 Prague, registered in the Commercial Register kept by the Municipal Court in Prague under file number B 28798/MSPH, would like to inform you about how we collect and process your personal data.

### (1) INTRODUCTORY PROVISIONS (Basic Information)
These personal data processing rules provide essential information on the processing of personal data within the framework of the website operated by the Administrator and the use of various functionalities of the Website, as well as on the rights of the persons whose personal data are involved and the obligations of the administrator who processes such personal data.

**Personal data** means any information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a specific identifier such as a name, an identification number, location data, a network identifier, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

**Processing of personal data** means any operation or set of operations performed upon personal data or sets of personal data, whether by automated processes or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure, or destruction.

### PERSONAL DATA ADMINISTRATOR (Who Administers Your Personal Data)
The administrator of your personal data is TRINETO a.s., Company ID: 21409561, with its registered office at Školská 689/20, Nové Město (Prague 1), 110 00 Prague, registered in the Commercial Register kept at the Municipal Court in Prague under file number B 28798/MSPH (hereinafter referred to as “Administrator” or “Company”).

#### 2. Contact Details of the Administrator
– **Registered Office:** Školská 689/20, Nové Město (Prague 1), 110 00 Prague
– **Company ID:** 21409561
– **E-mail:** info@trineto.com
– **Website:** trineto.com

If you have any questions about these rules or wish to exercise any of your rights as set out in Article (3)(F) below, please do not hesitate to contact us at one of the above addresses.

### 3. BASIC INFORMATION ON THE PROTECTION OF YOUR PERSONAL DATA (What Personal Data We Record and How It Is Handled)
The Company, as a personal data administrator, processes your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Law on the Processing of Personal Data, as amended. Below, you will find all essential information regarding the processing of your personal data.

#### A. Categories of Personal Data Processed (What Personal Data We Process About You)
The Company only processes personal data that it necessarily needs, including but not limited to:
– **Identification and Address Data:** e.g., name, surname, date of birth, permanent address, IP address, etc.
– **Contact Data:** e.g., correspondence address, telephone number, email address, etc.
– **AML Data:** e.g., name, surname, copy of identity card, indication of whether the person is politically exposed, etc.
– **Login Details:** e.g., login name, password, BankID identity, etc.
– **Product Data:** e.g., bank account number, login to the account, user interface information.
– **Communication Data:** e.g., call and email records, customer satisfaction scores, IP address, etc.
– **Profile Data:** e.g., age, gender.
– **Marketing Data:** e.g., name, surname, email address, telephone number, etc.

#### B. Cookies
The Administrator automatically processes cookies on the Website. All information on the processing of cookies can be found in the separate “Cookies Policy.”

#### C. Lawful Grounds for Processing Your Personal Data (On What Basis We Process Your Personal Data)
Your personal data is processed by the Administrator mainly on the following legal grounds:
1. **Consent:** Your personal data is processed based on your voluntary consent.
2. **Contractual Necessity:** Processing is necessary for the performance of a contract.
3. **Legal Obligation:** Processing is necessary for compliance with a legal obligation.
4. **Legitimate Interests:** Processing is necessary for the legitimate interests of the Administrator or a third party.

#### D. Purposes of Processing Your Personal Data (For What Purposes We Process Your Personal Data)
Your Personal Data is processed by the Administrator for the following legitimate purposes:
1. **Provision of Services:** To provide you with services within the scope of our business.
2. **Performance of Legal Obligations:** Compliance with legal obligations.
3. **Communication and Marketing Activities:** For communication and marketing activities.
4. **Exercise of Rights and Protection of Legal Claims:** To exercise our rights and legal claims.
5. **Satisfaction Survey:** To check the quality of services and evaluate customer satisfaction.

#### E. Recipients of Your Personal Data (Who Else Has Access to Your Personal Data)
Your personal data is primarily managed and processed by the Administrator. To the extent necessary, we also make your personal data available to:
1. **Employees and Associated Persons:** Working closely with the Administrator.
2. **IT Solution Providers:** Including cloud and hosting service providers.
3. **Marketing and Analytics Service Providers:** Including Google LLC, Seznam.cz, a.s., Facebook, Smartupp, and more.
4. **Professional Advisors:** Such as attorneys, accountants, tax advisors, etc.
5. **Public Authorities:** As required by law.

#### F. Rights of Data Subjects (What Are Your Rights in Relation to the Protection of Your Personal Data)
You have the following rights regarding your personal data:
1. **Right to Be Informed:** About the processing of your personal data.
2. **Right to Rectification:** To correct inaccurate or outdated personal data.
3. **Right to Erasure:** To have unlawfully processed personal data deleted.
4. **Right to Object:** To the processing of personal data.
5. **Right to Restriction of Processing:** To limit the processing of your personal data.
6. **Right to Withdraw Consent:** At any time to the processing of your personal data.
7. **Right to Data Portability:** To request the transfer of your personal data.
8. **Right to Be Informed of a Security Breach:** Concerning the handling of your personal data.

If you wish to exercise any of your rights, contact the Administrator by sending an email to info@trineto.com. Your request will be processed within 30 days, extendable to 2 months in exceptional cases. Complaints can be directed to the Office for Personal Data Protection, but we encourage you to first address any concerns directly with the Administrator.

#### G. Retention Period of Personal Data (How Long We Keep Your Personal Data)
Your personal data will be processed as long as necessary to provide services or fulfill legal obligations. In cases where consent has been given, personal data will generally be processed for a maximum of 3 years or until consent is withdrawn.

#### H. Security of Personal Data (How We Secure Your Personal Data)
The Administrator has taken technical and organizational measures to ensure the security of your personal data, including regular security checks, encryption, access rights management, and data backup. Personal data stored in paper form is secured in lockable premises accessible only by authorized personnel.

### (4) CONCLUSION
This Personal Data Processing Policy of TRINETO a.s. is valid and effective as of November 1, 2022, and is available electronically at https://www.trineto.com. These rules may be unilaterally amended by the Administrator.