Privacy Notice

This Privacy Policy (hereinafter referred to as the ” Policy ” ) is issued by Aisa International, sro, Company ID No. 28224981, registered at the Municipal Court in Prague, File C, 133603, with its registered office at Pitterova 2855/7, Žižkov, 130 00 Prague 3 (hereinafter referred to as the ” Company ” ) as the controller of personal data entrusted to it by customers and potential customers. This Policy is effective from 04.11.2025 and is valid until amended.

This document explains how the Company uses personal data it collects from its customers and potential customers, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “GDPR”) and Act No. 110/2019 Coll., on the processing of personal data, as amended.

What information do we collect?

We process information about you if you become our client in the field of financial planning or financial advice, or brokerage of mortgage, investment and insurance products. Not all services are available in all countries, we will explain to you individually and in detail the services that are available in your country.

Categories of personal data processed by the Company:

• identification data
• contact details
• information about sources and amount of income
• data used to assess needs and assess suitability
• health data and retirement age

Furthermore, the Company carries out customer due diligence pursuant to Section 9 of Act No. 259/2008 Coll., on certain measures against the legalization of proceeds from crime and the financing of terrorism. Pursuant to Act No. 256/2004 Coll., on business on the capital market, the Company records certain communications with customers and potential customers.

We may also collect information that you provide when you voluntarily complete surveys and provide feedback through our online system called Money-Trove (hereinafter referred to as “ Trove ” ).

Information about connected individuals

In order to provide our services to you effectively, we may need to collect personal information about your immediate family members and dependents. In such cases, it is your responsibility to ensure that you have the consent of the individuals concerned to provide us with their personal information. If we provide our services to them, we will provide them with a copy of this Privacy Notice.

Why do we need to collect and use your personal data?

The processing of your personal data by the Company is based on the following legal grounds:

• Performance of a contract concluded between the Company and you as a customer . This legal reason applies to the processing of data and information that is necessary for the proper and responsible provision of the service under the contract you have concluded with us. Furthermore, this reason also applies to the processing of personal data during negotiations that are only aimed at concluding a contract between you and the Company.
• Fulfillment of the Company’s legal obligation as a personal data controller . Given that we provide services in strictly regulated areas, we must fulfill various obligations to ensure the lawfulness of our activities. This includes the obligation to process your personal data, for example, for the purpose of preventing the legalization of proceeds from crime and the financing of terrorism, consumer protection or accounting.
• Legitimate interests of the Company. Our legitimate interest is, for example, the protection of the Company’s legal interests in the event of judicial, administrative, arbitration and other proceedings or the optimization of our web services and tools and the associated analysis of user interaction.
• Your consent. We need your consent, for example, in a situation where we intend to process your personal data for marketing purposes or in the event that you entrust us with special categories of personal data (e.g. health data) for the purposes of setting up our cooperation and brokering suitable products.

How do we use information about you?

We always collect only the amount of your personal data that is necessary to achieve the stated purpose of processing. The purposes of processing your personal data include:

• handling communications with customers, potential customers and the public;
• evaluating the customer’s request for the provision of our services (in particular, evaluating the data collected during initial meetings when setting up future cooperation);
• concluding a contract for the provision of our services with the customer and subsequent performance of such contract;
• prevention of money laundering and terrorist financing;
• fulfillment of obligations set for consumer protection (fulfillment of information obligations, assessment of the customer’s creditworthiness, enabling the exercise of his rights);
• fulfillment of the Company’s obligations as a legal and economic entity (recordkeeping, archiving, tax and accounting obligations, information obligations towards supervisory authorities and institutions);
• handling claims, requests and complaints;
• recording customer data in case of disputes, administrative and other proceedings;
• optimization of the tools used in providing our services;
• sending information about the Company’s services, its activities and other information about its activities;
• monitoring customer feedback in order to improve services.

Who might we share your information with?

In order to provide our services effectively, we may provide your personal data to the following entities:

• our tied representatives who are in a contractual relationship with us and who are directly involved in the mediation and provision of our services;
• to suppliers of products and services that we provide for you in accordance with the contract;
• providers of compliance, accounting or legal services;
• to providers of IT services, tools and solutions that we use to provide our services;
• to authorities or institutions exercising supervision or oversight over our activities (CNB, Financial Analytical Office, Financial Arbitrator, etc.).

We may also share your personal data with affiliated entities within the AISA brand group of companies for internal administrative purposes (risk assessment, conflict of interest assessment, reporting, complaint handling) or for the purpose of sending important information about the functioning of the AISA group. Your personal data is not transferred to a third country.

We do not share your personal data with any entities outside the AISA group for marketing purposes.

If a third party (so-called processor) is involved in the processing of your personal data, we ensure the fulfillment of mutual obligations to protect your data on the basis of a contract in accordance with the principles of trust and our written instructions.

When transferring your personal data to third parties, the Company uses security measures to protect it during transmission. All data sent to third parties is encrypted and password protected. All data in Trove is securely encrypted and access to the system is secured by two-factor authentication.

In certain cases, we are obliged, based on the conditions defined by law and applicable legal regulations , to transfer some of your personal data to public administration authorities and authorities involved in criminal proceedings.

How long do we keep hold of your information?

The Company processes your data only for the period strictly necessary for its purpose and at the same time respects the deadlines set by law. We store personal data collected in connection with the performance of contracts for a maximum period of 6 years from the termination of the contractual relationship, taking into account the deadlines for exercising and settling any claims. E-mail communication is continuously deleted after 1 year from delivery, with the exception of communication regarding personal advice. If the communication is related to an ongoing dispute or the fulfillment of a legal obligation, it may be stored longer, namely for the duration of the relevant proceedings and the running of limitation periods. We store data processed on the basis of consent for a period of 3 years from the granting of consent. We must store some data related to accounting (e.g. billing information, etc.) for a period of 10 years from the end of the relevant accounting period.

You have the right to request the deletion of your personal data at any time. We will assess your request and comply with it if there is no legal regulation or other legitimate reason preventing us from deleting it.

How can you access the information we hold about you?

You have the right to request a copy of the personal information we hold about you. If you would like to receive a copy of some or all of your personal information by email, please write to us using the contact details below. Where appropriate, we will provide you with this information in the form of an electronic statement.

When processing personal data by automated means, you have the right to ask us to transfer your personal data to another controller designated by you.

The Company has a duty to ensure that your personal information is accurate and up-to-date. Please ask us to correct or delete any information that you believe is incorrect.

Your rights related to personal data protection

In addition to the rights described above in this Policy, you have the following rights under Articles 15 to 22 of the GDPR:

• the right to access personal data, i.e. the right to request confirmation as to whether specific personal data is being processed by the Company, as well as the provision of further information regarding the processing being carried out;
• the right to have personal data corrected if you believe it is incomplete or inaccurate;
• the right to erasure of personal data (“right to be forgotten”) if they are no longer needed for the specified purpose, or if other legal requirements are met;
• the right to restrict the processing of personal data, i.e. to order the Company to restrict their processing to only storing them until the issue that caused the restriction is resolved;
• the right to data portability, i.e. the right to request the Company to transfer your personal data to another controller, if possible and feasible;
• the right to object to processing carried out on the basis of the controller’s legitimate interests.

• the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you, and the right to human intervention in such a decision.

Automated decision making and profiling

When you use Trove, your personal data is collected by entering it into the system – automated tools and mechanisms are used for processing. If you have any doubts about the outcome of the automated process, you can contact us to consult the result or challenge it and request a correction.

For these purposes, we have implemented an internal process that ensures human intervention in the decision and allows you to express your own opinion or challenge the outcome .

We take measures to ensure the security of your data using best practices and technical standards, including encryption and maintaining a separate database stored on private servers that are fully secured and regularly checked against external attacks or accidental data loss.

We do not use any special categories of data, such as data about your health, in the automated process unless it is strictly necessary to provide our services and we have received your explicit consent.

Marketing

We would like to send you information about our products, services and other companies in our group that may be of interest to you. If you have agreed to receive marketing information, you can withdraw your consent at any time without penalty. Simply use the contact details below or unsubscribe by clicking on the relevant link in the message you receive. You can also withdraw your consent to the provision of information to other members of the AISA group.

Cookies

Cookies are small data files that require permission to be stored on your device’s hard drive. With your consent, cookies help analyze web traffic and user interaction. They also allow web applications to respond to you as an individual or to the device you are using. This allows the web application to adapt its appearance and functionality to your needs. We use traffic log cookies to identify which pages are being used. This helps us analyze website traffic data and improve our websites to better meet customer needs. We use this information only for statistical analysis purposes and then the data is deleted from the system.

You can learn more about how you can manage your cookie settings in your browser by following the links below:

• Google Chrome: https://support.google.com/accounts/answer/61416?hl=cz
• IE: http://windows.microsoft.com/cs-cz/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Edge: http://windows.microsoft.com/cs-cz/windows-10/edge-privacy-faq
• Mozilla Firefox: https://support.mozilla.org/cs/kb/delete-cookies
• Opera: http://help.opera.com/Windows/9.64/cs/cookies.html
• Safari: https://support.apple.com/cs-cz/HT201265

Right to lodge a complaint with a supervisory authority

We will be happy to resolve all your requests and suggestions with you. If you are still not satisfied, we would like to draw your attention to the possibility of filing a complaint with the supervisory authority, which is the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7, tel.: +420 234 665 111, website: https://www.uoou.cz/).

How to exercise own rights and contact us

If you have any questions about our Privacy Policy or the information we collect about you, please contact us by email at support@aisainternational.cz .

For all matters related to personal data protection, you can also contact the Data Protection Officer directly at dpo@aisainternational.cz .

Or in writing at Vinohradská 3330/220a, 100 00 Praha 10, Czech Republic .

Information about the Data Protection Officer (DPO) :

Name: Ing. Monika Škubalová, MBA

Contact: dpo@aisainternational.cz