General Data Protection Regulation (GDPR)

Protection of personal data

Personal Data Protection Officer:


Personal data protection policy

OTP invest d.o.o. adopted the Personal Data Protection Policy applicable from 25 May 2018, ie the date of application of the General Regulation on Data Protection (EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, hereinafter: Regulation).

The Regulation and the Law on the Implementation of the General Regulation on Data Protection replace the existing legal regulations related to the protection of personal data.

The Regulation provides natural persons with greater control over their personal data, determines which rights they have and defines the obligations of persons who process personal data, ie the controller and executor of processing.

OTP invest is the manager of personal data processing that it processes on the basis of the following legal bases:

processing is necessary to comply with the legal obligations of the processing manager;
processing is necessary for the execution of the contract to which the respondent is a party or in order to take action at the request of the respondent prior to the conclusion of the contract;
processing is necessary for the legitimate interests of the controller or a third party, except where those interests are stronger than the interests or fundamental rights and freedoms of the respondent requiring the protection of personal data, especially if the respondent is a child and
the respondent has given consent to the processing of his or her personal data for one or more special purposes.

Every client of OTP invest has the right to inspect the data collected by him about the company, has the right to correct inaccurate data, or update the data, as well as the portability of data to another controller. The client can exercise the right to delete his data if one of the following conditions is met:

personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the client withdraws the consent on which the processing is based even if there is no other legal basis for the processing;
the client objects to the processing and there are no stronger legitimate reasons for the processing;
personal data has been processed illegally;
personal data must be deleted in order to comply with a legal obligation.

The client may exercise the right to restrict processing in the following cases:

disputes the accuracy of personal data, for the period during which the controller is allowed to verify the accuracy of personal data;
processing is illegal and the respondent opposes the deletion of personal data and instead requests a restriction on their use;
the controller no longer needs personal data for the purposes of processing, but the client requests them in order to set, realize or defend legal claims;
the client has objected to the processing pending confirmation as to whether the legitimate reasons of the processing manager go beyond the client's reasons.

The client also has the right to object. It can be forwarded directly to the Company or the Data Protection Officer on the contact information published on the website, as well as to the Agency for Personal Data Protection.

All additional information related to personal data protection, the client can get from the data protection officer: or by reviewing the Personal Data Protection Policy published on the Company's website.

Below we provide a link to the Regulation: as well as the website of the Personal Data Protection Agency:

Your OTP invest d.o.o.