| From: | Rockaway (as defined below), as data controller |
| To: | You, as data subject |
| Version: | 1.0 |
Dearest reader,
Thank you for taking the time to visit www.rockawaycapital.com (the “website”). You should know that
some of your personal data may be processed when you browse and interact with the website. Therefore,
as its administrators, we consider it our highest priority to keep you well informed about how we treat such
data. This data protection memorandum (“Memo”) is intended to give you a full overview of how we process
your personal information from the moment you arrive at the website until you leave it, and beyond1.
Please get in touch at gdpr@rockawaycapital.com should you have any questions regarding this Memo whatsoever.
If you take into account all the ways in which you can interact with the website (including the sending of job applications and similar), then we may process the following categories of personal data concerning you:
| Category of Personal Data | Description | Processed Whenever You… |
|---|---|---|
| E-Behavior Details | This includes information about the way you browse and interact with the website, such as what you click on, how much time you spend on the website and its sections, the type of the device you use, and the IP address of such device and the location determined based on such address, as well as information obtained from cookies and similar technologies. | … have the website open. |
| Identification Details | This includes in particular your name and date of birth. | … contact us at our e-mail; |
| Contact Details | This includes in particular your contact address, phone number and e-mail address. | … apply for a job or an internship; |
| … apply for an investment. | ||
| Professional Details | This includes in particular details about your education (both official and by means of training courses and similar), relevant skills, prior work or other relevant experience, CVs, and similar. | … apply for a job or an internship; … apply for an investment. |
| Assessment Details | If you’re applying for a job or an internship with us, this includes all data collected during
the recruitment process about your fitness for
the position applied for, your performance at
interviews, assessment centers and tests, and
your cover letter sent as part of your on-line
application. If you’re applying for an investment, this includes all personal data concerning you which you provide us in your cover letter or other documents sent as part of your on-line application. | … apply for a job or an internship; … apply for an investment. |
| Queries | This means any personal data concerning you other than your Identification Details and Contact Details included in any e-mail you send us to one of the e-mail addresses stated on the website. | … you contact us at our e-mail. |
We collect and work with various personal data concerning you for multiple purposes (depending on what you do on the website) —
The sub-sections to follow go into more detail.
(a) Collection of E-Behavior Details (1): Cookies
Do you like cookies? Well, then you’ve come to the right place! If you visit the website, we’ll deposit tiny files into your device called ‘cookies’. These enable us to map your activity on the website. Some cookies disappear after you’ve left, while other ones stay put and reactivate each time you visit the website. We also use so-called web beacons – tiny pictures embedded at various locations around the website which have a function very similar to cookies. To not overcomplicate things, we’ll just refer to all of the foregoing as ‘cookies’; similarly, we’ll just say we ‘store’ cookies on your device even though technically we also read them, too. You should know that some (but not all) cookies make you identifiable – not to us, but to network operators and similar – and therefore qualify as personal data. To the extent they do, we classify them as E-Behavior Details processed based on our legitimate interests (Art. 6(1)(f) GDPR) (see further below).
The first category of cookies which are stored on your device directly from the website helps us:
These cookies are necessary for the proper functioning of the website; you can disable them in your browser settings, but in such case please note that it’s possible the website may not work correctly.
Also, we store a second category of cookies on your device which helps us:
Don’t feel like cookies after all? You may disable the storing of cookies in your browser settings. Here’s where you’ll find out how to do that on popular browsers (just follow the links):
(b) Collection of E-Behavior Details (2): Miscellaneous
While we may get derive some of your E-Behavior Details from cookies, this won’t always apply. Using other technical means, we also process other E-Behavior Details such as:
We process your E-Behavior Details based on our legitimate interests (i.e. without your consent) (Art. 6(1)(f) GDPR), for the following purposes:
| Purpose of Processing | Statement of Legitimate Interest |
|---|---|
| Acquisition of information which enables us to improve the functionality and content of the website. | Improvement of the website; Improvement of the Rockaway group’s image. |
| Collation of statistics and overviews, particularly session and user amount monitoring. | Measuring the effectiveness of the website. |
| Testing of new functions with a limited audience prior to full release. | Smooth functioning of the website; Improved user experience. |
| Fraud and security breach prevention. | Smooth functioning of the website; User and user data security. |
You may object to any of the processing activities above at gdpr@rockawaycapital.com– please see section 5.6 below for details.
We store your E-Behavior Details for no longer than 38 months, depending on the technology involved.
Please note that we’re not a ‘data controller’ when it comes to the investment applications at https://www.rockawaycapital.com/en/get-investment/, but only a processor. This means that we don’t determine how your information is handled once you submit the application form. Instead, it is Rockaway Ventures a.s., ID No.: 063 87 136 (“RV”), which acts as controller (instead of us) for the purpose of the entire investee selection process. Our only task is to transfer the contents of your investment application to RV securely. Now we’re already here, however, the following is a summary of why and how RV processes your information once we give it to them:
| Personal Data Category | Purpose of Processing |
|---|---|
| Identification Details Contact Details Professional Details Assessment Details | RV uses this personal data to assess whether or not it or one of its affiliated companies should invest in your business. In particular, collecting these details enables it to contact you, talk to you about your business ideas and determine whether or not you’ll be the right fit for each other business-wise. |
RV may process the aforementioned data relating to you for the purposes described because it’s necessary as a measure towards reaching a binding agreement with you (such as an investment contract) (Art. 6(1)(b) GDPR).
RV stores your Identification Details, Contact Details and Professional Details until the end of the investee selection process you choose participate in (whatever the outcome), or, as the case may be, for as long as you work together. It will erase your Assessment Details after the end of the investee selection process (whatever the outcome).
RV gets your personal data either from yourself, from persons who know you, or from publicly available sources such as LinkedIn or company websites.
Personal data used by RV in connection with the investee selection process are accessible to us (in that we collect them on RV’s behalf), technical and other support services providers (e.g. Google or Microsoft), persons working at or closely with RV, and other persons who – with your permission – RV shares your details with for the purposes of potential business cooperation. To the extent any of the foregoing recipients process your data outside of the European Economic Area, RV ensures that adequate protection is safeguarded contractually using the model clauses issued by the European Commission or otherwise.
Please write us at gdpr@rockawaycapital.com should you have any questions about the processing of your information by RV or wish to exercise any of your rights under the GDPR (see section 5 below) – we will either deal with your query on RV’s behalf or pass it on to RV.
This section applies whenever you wish to:
Since a lot of your information is processed in connection with these applications and the recruitment process to follow, we have designated a whole separate document called “Data ProtectionMemorandum – Candidates” to this group of processing activities. Please see the individual job ads and the Rockaway Academy internship application page for more.
At Rockaway we are always happy to answer any questions or other messages you may have for us. Accordingly, we invite you to get in touch at various locations on the website. If you decide to send us an e-mail at info@rockawaycapital.com, press@rockawaycapital.com or any other e-mail address stated on the website, we’ll process the following categories of personal data relating to you for the following purposes:
| Personal Data Category | Purpose of Processing |
|---|---|
Identification Details Contact Details Queries | We process this data to be able to answer your e-mail and help you with any request you may have for us. |
We are allowed to process the abovementioned personal data categories for the given purposes because it’s necessary for us to be able to pursue our legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interests lie in wanting to connect with individuals who are interested in our business and anything else connected with Rockaway, as well as ensuring accurate reporting of our activities by the press.
As a general rule, we’ll delete our correspondence immediately after we’ve stopped communicating and there’s no legitimate need for us to keep the correspondence (such as us promising you to get back to you in the future). In exceptional cases we might also have to hold on to your e-mails if this is necessary for the protection of our rights (e.g. to be able to use our correspondence as evidence of something).
Whenever necessary for the attainment of the processing purposes described in section 2 above, we might have to share some of your personal data with the following types of recipients:
(a) RV
As explained in section 2.2 above, RV receives and is the controller with respect to all of your personal data processed in relation to investment applications.
(b) Other Persons with Access
To the extent any of the foregoing recipients process your data outside of the European Economic Area, RV ensures that adequate protection is safeguarded contractually using the model clauses issued by the European Commission or otherwise.
We get most of the personal data concerning you from yourself – e.g. when you send us an e-mail or fill out any application form on the website. There are exceptions, though: for example, we obtain your E-Behavior Details using cookies and similar technologies. We never buy your data from anyone; neither would we ever sell it.
As the sole proprietor of your personal data, you have multiple rights which you can use to maintain or regain full control of them whenever you deem fit:
You have the right to know all there is to know about how Rockaway processes your personal data as well as your rights connected with such processing. While this Memo should answer most of your questions already, you may at any time ask us for confirmation as to whether or not we process (certain) personal data concerning you – if indeed we do, you are entitled to full information about such processing activity. The right to access includes the option to request a copy of all personal data concerning you which we process; we’ll give you the first copy for free and only charge you a fee for any further copies.
We all make mistakes sometimes. Should you ever notice that some of the personal data concerning you and processed by us are inaccurate or incomplete, you have the right to demand that we correct or supplement them without undue delay.
In some cases you have the right to demand that we erase your personal data. We are obliged to do so if:
Please beware that your right to erasure isn’t absolute even if one of the conditions above is met – we may have the right to keep some of your personal data if this is necessary for the fulfilment of our legal obligations or for the protection of our legal claims.
In some circumstances you may have the right to demand that we limit the processing of your personal data (other than erase them altogether). This means that we will have to set your data aside and stop processing them for the time being, but not forever (that would be where the right to erasure comes in). We are obligated to restrict processing:
You have the right to obtain all such personal data concerning you and collected or otherwise processed by us based on your consent. If you invoke this right, we will be obliged to provide you all such data in a structured, commonly used and machine-readable format (XLS, PDF or similar). Your data portability right only applies to data which we process automatically.
You may object to any processing performed based on our legitimate interests. If the processing at issue is conducted for direct marketing purposes, we’ll stop the processing activity immediately; in other instances we’ll first investigate the merits of your objection and cancel the processing if we find that we have no substantial legitimate interests to continue with the processing activity.
Regardless of any other rights you might invoke, you may always file a complaint with the competent supervisory authority. This is especially so if you feel that your personal data are being processed unlawfully. Should you wish to lodge a complaint against processing performed by Rockaway, the competent authority would be the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
If you have a question about Rockaway’s data protection policy or your rights under it, wish to exercise any of your rights under section 5, want to withdraw your consent with the processing of personal data or simply need to get in touch in a related matter, please e-mail us at gdpr@rockawaycapital.com. Don’t worry about the form of your e-mail or correct terminology – just make sure you describe what you’d like us to do or stop doing.
We’ll do our best to deal with your query as fast as we can, but in any event within one month. Since we’re no automated tech-giant, please understand that some of the more complicated queries might exceptionally take us up to two more months to sort out – but we’ll obviously let you know if this happens to be the case.
Please note that we may only advise you on your rights within the context of the personal data which pertains to you and is processed by us; we highly encourage you to seek independent legal advice on any and all other matters.
Save for the processing described in section 2.2 above, the following organization (the so-called controller) decides how your personal data should be processed and is responsible for ensuring that your privacy rights are always respected:
| Name: | ROC services, s.r.o. |
| ID No. (IČO): | 241 53 273 |
| Registered office and contact address: | Commercial Register administered by the Municipal Court in Prague, file No. C 183542 |
| E-mail: | gdpr@rockawaycapital.com |
References in this Memo to “Rockaway” mean the controller as defined in section 7 of this Memo.
1Legalese Notice: This Memo should be understood as providing you information related to data processing within the meaning of Arts. 13 and 14 of the EU General Data Protection Regulation (“GDPR”).