Privacy policy

Version: 1.0

This privacy policy (the "Policy") describes how DNZ BTO s.r.o., a company having its registered office atVáclavské náměstí 2132/47, Nové Město, 110 00 Prague 1, Czech Republic, ID No.: 079 64 358, registered inthe Commercial Register maintained by the Municipal Court in Prague under file C 310622 ("Controller" or"we"), processes the personal data of:

  • (a) users of the Littlebit mobile application operated by the Controller, and of other information societyservices provided by the Controller from time to time, including the website https://www.littlebitapp.com/(together the "Services"), in connection with the operation of such Services;
  • (b) other individuals dealing with the Controller in the ordinary course of the Controller's business, includingother cryptocurrency trades with the Controller; and
  • (c) candidates for new positions with the Controller in connection with the recruitment for such positions.

We provide this information under Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliamentand of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personaldata and on the free movement of such data, and repealing Directive 95/46/EC (General Data ProtectionRegulation) (the "GDPR").

1. Controller

1.1 The person responsible for your personal data – their Controller – is:

DNZ BTO s.r.o., a company having its registered office at Václavské náměstí 2132/47, NovéMěsto, 110 00 Prague 1, Czech Republic, ID No.: 079 64 358, registered in the CommercialRegister maintained by the Municipal Court in Prague under file C 310622.

1.2 If you have questions regarding this Policy or wish to exercise any of the rights described insection 8 (Your Rights), you may reach us:

  • (a) by email at info@littlebitapp.com;
  • (b) by phone at +420 720 115 800;
  • (c) by post or another delivery service at the Controller's registered office address; or
  • (d) in any other manner specified elsewhere in this Policy or directly in the Service interface.

2. Personal data

2.1 Categories of Personal Data

Taking into account all the ways you typically interact with us, we process the following categories ofpersonal data related to you:

Category: Identification Data

Example: Name and surname; date of birth

Category: Contact Data

Example: E-mail address; telephone number; home address; bankdetails.

Category: AML Data

Example: Identification and contact details; nationality, citizenship;permanent residence; tax residency; subject/type of business;origin of funds; copy of national ID or passport; bank accountdetails; details of inclusion on sanctions lists; politicalexposure details; other data necessary to carry out checksunder anti-money laundering legislation.

Category: User Data

Example: Information tied to the user account through which you usethe Services. This includes, for example, your user accountsettings and the information you enter into your account (suchas identification and contact details), details of contractualrelationships with you, your transaction history with us, yourpreferences regarding the sending of commercial2communications and other privacy matters, as well as detailsof complaints and other exercises of rights; it also includesanalytical and statistical information derived from the above.

Category: Transaction Data

Example: Any personal information regarding transactions (contracts,payments etc.) between you (directly or an organisation whichyou represent) and the Controller, including orders, bankaccount numbers, contact addresses etc.

Category: Payment Credentials

Example: Details of the payment card and bank account which you havepaired with the Services, except any login and otherpersonalised security credentials.

Category: Bank Account Access Data

Example: Information about the bank account which you have linked toyour account in the Services (on a read-only basis), includingthe date, amount and currency of your individual payments,and the identity of the respective payees.

Category: Device Data

Example: IP address of your terminal device and the approximatelocation derived from it; MAC address; type, version andtechnical parameters of your device and internet browser; timezone of the device; analytical and statistical informationderived from the above.

Category: Usage Data

Example: Information on how you use the Services, e.g. what you clickon, how much time you spend on various features or sectionsof the Services and how you move around these features orsections; analytical and statistical information derived fromany such data

Category: E-Mail Interaction Data

Example: Data about if and when you read our direct marketing e-mailsand what links you click on; analytical and statisticalinformation derived from any such data.

Category: Candidate Data

Example: CV; cover letter; education and professional experience;information provided during interviews and relatedassessments; interview and assessment performance data;previous employer references; evaluation of all ofthe information above so as to assess whether you are a goodfit for a given role; data necessary for the preparation of acontract of employment/services and compliance withemployment-related regulations.

Category: Communication Data

Example: The contents of any communications exchanged between youand us, including any personal data contained in suchcommunications which you choose to give to us.

2.2 Sources of Your Data

In general, the personal information we process comes from you or is derived from your use ofthe Services, as described in this Policy. In some cases, we may obtain your personal informationfrom external sources, such as:

  • (a) in the process of conducting AML/KYC checks while registering you for the Services oronboarding you as an investor, we may receive some of the AML Data (mostly in the form ofresults of such checks) from specialised AML/KYC service providers;
  • (b) if you’re one of our investors/supporters, we may receive some of your registration information,investment details, orders and other Transaction Data from the brokers you’ve engaged with;
  • (c) if you use any of the investing functionalities of our Services, we may receive PaymentCredentials and Bank Account Access Data from card issuers, account information serviceproviders and other payment service providers who assist us with processing payments,verifying your Payment Credentials or loading your bank account transaction history into ourServices;
  • (d) if you apply for a job with us, some of your Candidate Data may be collected from your LinkedInaccount, recruitment agencies and websites, and your current or previous employers; and
  • (e) if we need particular personal data related to you for the purpose of establishing, exercising ordefending our rights against you, or for meeting a legal obligation, we can also obtain that pieceof data from public registries, public authorities and any other external sources, as needed forthe specific purpose.

2.3 Choosing Not to Share Your Data

In principle, you don’t need to share any of your personal data with us if you don’t want to. However,in some cases, a failure to do so will result in our inability to enter into a transaction with you, providea service, or act upon your request. For example:

  • (a) if providing certain data is necessary for the preparation or fulfilment of a contract between us,or for meeting a legal obligation which applies in connection with the subject matter of thatcontract, we won’t be able to enter into the contract. Of course, this also applies similarly tothe provision of Services as such: for instance, you cannot use the ‘automatic investments’functionality of our Littlebit application unless you give us read-access to your bank account;
  • (b) if we are required to conduct identity, source of funds or other checks under anti-moneylaundering laws before transacting with you, we won’t be able to proceed unless you give usthe necessary AML Data;
  • (c) if you apply for a job with us and refuse to provide the requested Candidate Details throughthe designated online form or to an HR colleague, your application might be incomplete, and wewon't be able to consider you for the role; and
  • (d) if you wish to exercise one of the rights described in section 8 (Your Rights), we need to confirmyour identity and fully understand the nature and scope of your request. If you don’t help usverify your identity or define your request, we might not be able to assist you.

3. Processing purchases

This section explains why we process your personal data (‘purposes of processing’) and what entitlesus to do so (‘legal basis for processing’).

3.1 Provision of Services

3.1.1 Description

If you’re a user of our Services, we process your Identification Data, Contact Data, AML Data, UserData, Transaction Data, Payment Credentials, Bank Account Access Data and Communication Datafor the purpose of providing you with the Services. This includes:

  • (a) creating and maintaining your user account;
  • (b) enabling you to execute cryptocurrency transactions (automated investments, custody ofpurchased cryptocurrency, withdrawals of cryptocurrency into user wallets, etc.);
  • (c) providing customer and technical support and evaluating and handling your requests(e.g., complaints or exercises of privacy rights) and complaints made in connection withthe Services; and
  • (d) communicating with you regarding the above.

3.1.2 Legal basis

The processing is necessary for the preparation or performance of our contract with you(i.e. the provision of the Service you request from us) (Article 6(1)(b) GDPR).

3.1.3 Clarifications regarding Bank Account Access Data

We recognise that processing of Bank Account Access Data may sound invasive. Therefore, pleaseread the following additional information from us in respect of such processing:

  • We process your Bank Account Access Data solely when you turn on and use the ‘automaticinvestments’ functionality of our Littlebit application, and exclusively for the purpose of operatingit. Thanks to this functionality, you may automatically purchase Bitcoin from us in volumesdependent on the value of payments you make with your payment card. We need to be able to4read the transaction history of your bank account in order to see what payments you’ve madeand to calculate how much Bitcoin we should automatically sell to you.
  • Thanks to a separate piece of EU legislation called PSD2, neither our AISP nor we may acquireread-access to your Bank Account Access Data unless you give us your consent. Yourpermission automatically expires after 90 days, or such other time as indicated when we askfor the permission. You can also revoke your permission at any time. Once we lose yourpermission, both we and our AISP will lose the access to your Bank Account Access Data.
  • The reason we nevertheless say that we process your Bank Account Access Data due to itbeing necessary for the performance of our contract with you – rather than simply relying onyour consent as a legal basis – is a technical one: the ‘automatic investments’ functionality isso central to the Littlebit application that using the app wouldn’t make much sense withoutthe functionality. Therefore, treating your consent as ‘freely given’, and stating we rely on suchconsent in good faith would be neither fair to you, nor compliant with the GDPR.

3.2 Other Business

3.2.1 Description

If you’re our investor, customer, supplier or another business partner and are dealing with us in acontext other than the interaction with Services, we may use your Identification Data, Contact Data,Transaction Data and Communication Data to communicate and do business with you (in accordancewith any contract we might have, if applicable), and to administer our business relationship with youon an ongoing basis. This includes the preparation, negotiation and performance of our legalagreements with you or the organisation you represent, accepting or making payments from/to you,and the processing of any requests and queries you might have.

3.2.2 Legal basis

The processing is necessary for the preparation or fulfilment of our contract with you (Article 6(1)(b)GDPR), or, where no contract is in place and we are not negotiating one, because it is necessary forthe proper operation and administration of our business, in which we have a legitimate interest(Article 6(1)(f) GDPR).

3.3 Compliance with Legal Obligations

3.3.1 Description

We process your Identification Data, Contact Data, AML Data, User Data, Transaction Data,Communication Data and other personal data to the extent necessary to comply with legal obligations.For illustration, this could be:

  • (a) an obligation to demonstrate compliance with consumer protection requirements or pursuant toAct No. 89/2012 Coll., the Civil Code, and Act No. 634/2004 Coll., on Consumer Protection(in which case mainly your User Data, Transaction Data and Communication Data will beused);
  • (b) an obligation to document and implement or respond to your preferences, questions, objections,right exercises and other communications regarding the treatment of personal data inaccordance with the GDPR, Act No. 127/2005 Coll., on Electronic Communications, and ActNo. 480/2004 Coll., on Information Society Services (in which case mainly your User Data andCommunication Data will be used);
  • (c) an obligation to archive or present corporate, accounting and tax materials in accordance withAct No. 586/1992 Coll., on Income Tax, Act No. 235/2004 Coll., on Value Added Tax, Act No.563/1991 Coll., on Accounting, and Act No. 499/2004 Coll., on Archiving (in which case mainlyyour User Data and Transaction Data will be used);
  • (d) an obligation to conduct KYC/AML checks in accordance with Act No. 253/2008 Coll., onMeasures against Money Laundering and Financing of Terrorism (in which case mainly yourAML Data will be used); or
  • (e) an obligation to disclose evidence or other documentation to public authorities.

3.3.2 Legal basis

The processing is necessary for the performance of our legal obligations (Article 6(1)(c) GDPR).

3.4 Technical Operation and Improvement of Services

Description: Secure functioning. If you use Services such aswebsites or mobile applications, we process yourDevice Data to ensure that the Service functionsproperly and securely. You should also note weuse cookies for these purposes – see section 4(Cookies) below. 

Legal basis: The processing is necessary for the fulfilmentof our contract with you relating tothe provision of the Services (Article 6(1)(b)GDPR).

Description: Improvement of performance. If you use Servicessuch as websites or mobile applications, and yougive us consent, we’ll process your Usage Data toimprove its performance and user-friendliness,including the testing of various versions ofthe Service and its functionalities, measuring ofuser engagement, and the creation of variousreports, analyses and statistics based on theabove. We use cookies for these purposes – seesection 4 (Cookies) below.

Legal basis: The legal basis for such processing is yourvoluntary consent (Article 6(1)(a) GDPR).Once given, your consent is valid for as longas the respective analytics cookie remainsactive – see section 4 (Cookies) below. Youmay withdraw your consent at any time byopting out of analytics cookies in therespective Service. Such withdrawal will,however, not affect the lawfulness ofprocessing based on the consent before itswithdrawal.

3.5 Recruitment

Description: Hiring process. If you apply for a job with us, we’lluse your Identification Data, Contact Data andCandidate Data for the purpose of conductingthe recruitment process and assessing yoursuitability for the relevant position.

Legal basis: The processing is necessary for determiningwhether or not, following your application, weshould enter into a contract ofemployment/contract for services with you(Article 6(1)(b) GDPR).

Description: Job offers. If you apply for a job with us and give usconsent, we’ll include your Identification Data,Contact Data and Candidate Data in a candidatedatabase and potentially contact you with relevantjob offers with the Controller in the future.

Legal basis: The legal basis for such processing is yourvoluntary consent (Article 6(1)(a) GDPR).Once given, your consent is valid for a periodof five years. You may withdraw your consentat any time by getting in touch with us. Suchwithdrawal will not, however, affectthe lawfulness of processing based onthe consent before its withdrawal.

3.6 Marketing

Description: Marketing communications. If you have created auser account with us without opting out of receivingmarketing communications, or if you haveproactively subscribed to our marketingcommunications without opening an account, wemay use your Identification Data and Contact Datato serve you news, offers or other commercialcommunications about our Services by e-mail.

Legal basis: If you have created a user account with uswithout opting out of marketingcommunications, the legal basis is ourlegitimate interest in maximising userawareness about our Services and growingbusiness through direct marketing activities(Article 6(1)(f) GDPR). You may always optout of such communications by clicking theunsubscribe button in a marketing e-mail,adjusting marketing settings in the Serviceinterface (if available at the time) or letting usknow in a different manner. If you’ve proactively subscribed to ourmarketing communications (whether or not6you also have an account with us), the legalbasis for serving you marketingcommunications is your voluntary consent(Article 6(1)(a) GDPR). Once given, yourconsent is valid indefinitely. You maywithdraw your consent at any time by clickingthe unsubscribe button in a marketing e-mail,adjusting marketing settings in the Serviceinterface (if available at the time) or letting usknow in a different manner. Withdrawingconsent does not affect the lawfulness ofprocessing carried out on the basis of suchconsent prior to withdrawal.

Description: Direct marketing analytics. If you read or furtherinteract with a marketing or similar masscommunication from us sent via MailChimp or anequivalent mailing service, we’ll receive your EMail Interaction Data and be able to use it forvarious (internal) analytical purposes.

Legal basis: The processing is necessary for our legitimateinterest of evaluating the performance of ourmarketing communications (Article 6(1)(f)GDPR). You can opt out of marketingcommunications at any time by clicking theunsubscribe button in a marketing e-mail,adjusting marketing settings in the Serviceinterface (if available at the time) or letting usknow in a different manner.

Description: Targeting. If you use our Services and give usconsent, we’ll collect and hand some of your UsageData over to third parties so that they can serve youmore relevant ads. We use cookies for thesepurposes – see section 4 (Cookies) below.

Legal basis: The legal basis for such processing is yourvoluntary consent (Article 6(1)(a) GDPR).Once given, your consent is valid for as longas the respective marketing cookie remainsactive – see section 4 (Cookies) below. Youmay withdraw your consent at any time byopting out of marketing cookies inthe respective Service. Such withdrawal will,however, not affect the lawfulness ofprocessing based on the consent before itswithdrawal.

3.7 Protection of Legal Claims

3.7.1 Description

If (a) you are our customer or have a work or business relationship with us, (b) cause us or anotherperson damage/harm, or (c) we enter into a legal dispute, we may store, share and further use yourpersonal data for the purpose of establishing, exercising and defending our or another affectedperson’s rights against you.

3.7.2 Legal basis

The processing is necessary for the affected person’s legitimate interest in establishing, exercisingand defending its rights against you (Article 6(1)(f) GDPR).

3.8 Other Purposes

Description: Dealings not described elsewhere. If you turn to uswith a request or question or otherwisecommunicate with us in a context not specificallyaddressed elsewhere in this Policy, we’ll use yourIdentification Data, Contact Data andCommunications Data for achieving the purpose ofthe communication.

Legal basis: We’re entitled to do so either because youhave voluntarily contacted us withthe personal data and asked us (given usconsent) do something with it (Article 6(1)(a)GDPR), or, in other cases, because it’snecessary for our legitimate interest ofproperly handling all communicationsaddressed to us (Article 6(1)(f) GDPR).

Description: M&A transactions. If a third party (‘an investor’) isinterested in acquiring, directly or indirectly, the whole or a part of our business (a ‘transaction’), wemay (a) grant the investor and its advisors verylimited access to your personal data so thatthe investor may conduct due diligence on ourbusiness, and (b) following the transaction, transferyour personal data to the investor such that it canprocess the data for the same or compatiblepurposes as we have been.

Legal basis: The processing is necessary for our andthe investor’s legitimate interest in (a) preparing and executing the transactionproperly (including the proper evaluation ofour business and assets) and (b) ensuringsmooth migration of our business to theinvestor following the transaction (Article6(1)(f) GDPR).

Description: Analytics. We may use your personal data forthe purpose of creating various internal reports,analytics, statistics and financial models.

Legal basis: The processing is necessary for our legitimateinterest in maximising insight into businessperformance (Article 6(1)(f) GDPR).

Description: Free use of anonymised data. We may alsoanonymise your personal data and use suchanonymised data for any purposes whatsoever,such as the inclusion of the anonymised data invarious materials which may then be shared with,or even sold to, third parties, orthe commercialisation of the anonymised data inany other manner we deem fit.

Legal basis: The processing is necessary for our legitimateinterest in sharing insights into our businessperformance with our stakeholders and otherthird parties, and, potentially, commercialisingsuch insights (Article 6(1)(f) GDPR).

4. Cookies

4.1 If you use our Services, we’ll store small files called ‘cookies’ on your device and read them as youcontinue interacting with the Services. You may encounter the following types of cookies in ourServices:

  • (a) Strictly necessary cookies. These cookies are necessary for the Websites to work properly andcannot be turned off unless you do so in your browser settings.
  • (b) Personalisation cookies. Personalisation/preference cookies allow the Websites to remembercertain choices you make (such as your preferred language version) and as a result providepersonalised features. They will only be used if you accept them proactively.
  • (c) Analytical cookies. Analytical/statistical cookies collect data about how you visit, navigate andinteract with the Websites so that we can get to know our audience or improve the Websitesgradually. The Google Analytics service is a good example of this type of cookies. Thesecookies will only be used if you accept them proactively.
  • (d) Marketing. Marketing cookies are used to deliver advertisements which are relevant to you andyour interests. They are also used to limit the number of times you see an advertisement andto help measure the effectiveness of our or others’ advertising campaigns. Information extractedfrom marketing cookies may be shared with third parties, such as social network operators oradvertising agencies. These cookies will only be used if you accept them proactively.

4.2 Please refer to the cookie settings of our Services to learn more about the specific cookies we set.You can use such settings to adjust your cookie preferences; this doesn’t apply to strictly necessarycookies, which are set automatically and cannot be disabled.

4.3 If you’d like to avoid cookies altogether, you can restrict or prohibit their storage in the settings of yourbrowser. This is how to do it on the most prominent browsers:

4.2 Please refer to the cookie settings of our Services to learn more about the specific cookies we set.You can use such settings to adjust your cookie preferences; this doesn’t apply to strictly necessarycookies, which are set automatically and cannot be disabled.

Google Chrome

Microsoft Edge

Microsoft Internet explorer

Safari

Mozilla Firefox

Opera

You can opt out of Google Analytics tracking completely here.

5. Persons with access to your data

We may engage the following individuals and organisations in processing your personal data forthe purposes described above:

  • (a) companies controlling, controlled by, or under the control of the same person as, the Controller(together with the Controller, the “Group”);
  • (b) professional advisors (e.g. lawyers, business/management/marketing consultants, tax andaccounting advisors and auditors) which provide services to the Group;
  • (c) brokers helping the Controller onboard new investors and process their investments;
  • (d) AML/KYC experts assisting the Controller with conducting statutory checks;
  • (e) banks and other payment services providers used by the Controller to process payments orverify bank accounts;
  • (f) licensed account information service providers (AISPs) engaged by the Controller to enablesecure access to Bank Account Access Data. Presently, our AISP is GoCardless SAS,company registration No. 834422180, legal address 7 Rue de Madrid, 75008 Paris, France.This AISP is a separate controller of your personal data, please find its end-user terms of service here and its privacy policies here;
  • (g) providers of software and other technical infrastructure (e.g. cloud and hosting services);
  • (h) providers of analytical or ad targeting services (mainly Google via the Google Analytics serviceand Facebook via its marketing cookies);
  • (i) other providers of ordinary, foreseeable services necessary for the proper operation of ourbusiness;
  • (j) persons directly or indirectly acquiring or investing in our business, and their representatives;
  • (k) public authorities (e.g. courts, the police, regulatory authorities and various state bodies) whereso required by law or where this is necessary for the achievement of legitimate aims; and
  • (l) any such other individuals or organisations which you permit or instruct us to give your personaldata to.

6. Data export

6.1 We may transfer some of your personal data outside of the European Economic Area where the GDPRdoesn’t apply. This will typically (but not exclusively) be:

  • (a) the United Kingdom, which has been determined by the European Commission to ensure anadequate level of protection of personal data (a so-called ‘adequacy decision’); or
  • (b) the United States, in which case we will leverage the EU-U.S. Data Privacy Framework,use the standard contractual clauses (SCCs) adopted or approved by the EuropeanCommission or other safeguards accepted by the GDPR.

6.2 In any event, we will only export your personal data outside of the European Economic Area either(a) if the territory in question is subject to an adequacy decision (see above) or (b) if appropriatesafeguards are in place in accordance with the GDPR (e.g. export based on SCCs adopted bythe European Commission) and your data subject rights and effective legal remedies are preserved.

7. Retention period of personal data

7.1 As a general rule, we store your data until they are no longer necessary for the achievement ofthe purposes we process them for. To determine the appropriate retention period for personal data,we consider the amount, nature and sensitivity of the data, the potential risk of harm from itsunauthorised disclosure or other processing, the purposes for which we process the data and whetherwe can achieve those purposes through other means, as well as the applicable legal, regulatory, tax,accounting or other requirements. Once we no longer need your data, we will either erase (destroy)it, anonymise it, or, if this is not possible, then we will securely archive your data and isolate it fromany further use until deletion is possible.

7.2 To give you a more exact idea, the following are some of the more specific principles we follow:

  • (a) if you’ve ever created a user account with us, we will retain all User Data and Transaction Dataassociated with such account over the entire lifetime of the account plus ten years;
  • (b) if you’ve ever granted us access to your Bank Account Access Data, we will erase such dataonce our access has expired or been revoked;
  • (c) if we process a certain piece of personal data based on your consent and you withdraw suchconsent or the consent expires, we’ll erase the data after such withdrawal or expiration unlessthis Policy states we may process the data for a different purpose, on a different legal basis;
  • (d) if we are required by law to retain a certain piece of personal data (see e.g. Act No. 586/1992Coll., on Income Tax, Act No. 235/2004 Coll., on Value Added Tax, Act No. 563/1991 Coll., onAccounting, Act No. 499/2004 Coll., on Archiving or Act No. 253/2008 Coll., on MeasuresCountering Money Laundering and Financing of Terrorism), we’ll keep the data for as long asthe law prescribes, irrespective of any default retention period; and
  • (e) if we find ourselves in a dispute with you, we’ll keep personal data needed to establish, exerciseor defend our rights in such dispute (see section 3.7 (Protection of Legal Claims)) at least untilsuch time the dispute has been concluded and we no longer owe each other anything,irrespective of any default retention period.

7.3 In some cases, you have the right to demand that we erase your personal data – see section 8.4(Right to Erasure).

8. Your rights

8.1 General

  • (a) In order to retain control over your personal data, you have a multitude of rights at your disposal.Such rights are summarised further in this section, but note this summary is simplified and youshould read the GDPR or obtain independent legal advice to obtain a full picture.
  • (b) If you wish to exercise one of your rights or want to raise another request or query in connectionwith your personal data, please reach out using one of the means set out in section 1.2.
  • (c) We’ll respond to your request and let you know what steps we’ve decided to take in relation toit as soon as possible, and no later than one month from the time we’ve received a clear,complete request from you and have verified your identity. Particularly complicated requestsmight exceptionally take us up to two more months to process – we’ll let you know if thishappens to be the case.

8.2 Right of Access

You may at any time request confirmation as to whether we process personal data concerning youand, if so, for what purposes, to what extent, to whom they are disclosed, for how long we will processthem, whether you have the right to rectification, erasure, restriction of processing or objection or tofile a formal complaint, where we have obtained the personal data and whether automated decisionmaking, including profiling, occurs on the basis of the processing of your personal data. In addition,you have the right to obtain a copy of your personal data, the first provision of which is free of charge(we may charge a reasonable administrative fee for the provision of further copies).

8.3 Right to Rectification

You can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete.

8.4 Right to Erasure (‘Right to Be Forgotten’)

You can ask us to erase your personal data if:

  • (a) it is no longer necessary for the purposes for which it was collected or otherwise processed;
  • (b) it is processed based on your consent, you withdraw such consent and no other legal basis forprocessing is available;
  • (c) you object to the processing and there are no overriding legitimate grounds for the processing;
  • (d) its processing is unlawful; or
  • (e) we are required to do so by law.

Please note that the right to erasure is not absolute (unconditional); for example, we may not be ableto delete your data if we need to retain it in order to establish, exercise or defend legal claims, or if animportant public interest prevents erasure.

8.5 Right to Restriction of Processing

Where one of the following circumstances applies, you can ask us to pause (‘suspend’) processingyour personal data with the exception of storage, and to only use them for establishing, exercising ordefending legal claims or for purposes with which you give consent:

  • (a) you challenge the accuracy of the processed data (in which case we’ll restrict its processinguntil we verify accuracy);
  • (b) processing of the data is unlawful and you don’t want us to erase it;
  • (c) we no longer need the data for the purposes for which it was collected or otherwiseprocessed; or
  • (d) you have objected to the processing and there are no overriding legitimate grounds forthe processing (in which case we’ll restrict its processing pending our assessment ofthe legitimate grounds).

8.6 Right to Object

You have the right to object to the processing of personal data that we process for direct marketingpurposes (see e.g. section 3.6 (Marketing)) or for processing based on our or others’ legitimateinterests. If you object to processing for direct marketing purposes, your personal data will no longerbe processed for these purposes; in other cases, we’ll stop the processing activity if your own interestsoutweigh our interests in continuing the processing.

8.7 Right to Data Portability

You have the right to obtain personal data concerning you that you have provided to us in a structured,commonly used and machine-readable format, as well as the right to transfer this data to anothercontroller if the processing of this data is based on consent or a concluded contract and this processingis automatic.

8.8 Right to Lodge a Complaint

While we will always appreciate if you contact us first in case of any requests regarding the processingof personal data, you always have the right to file a complaint to the supervisory authority. In our casethis is the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at Pplk.Sochora 727, Holešovice, 170 00 Prague 7, Czech Republic (www.uoou.cz).

8.9 Final Provisions

8.9.1 This Policy becomes effective on the date first written above.

8.9.2 We may make changes to this Policy at any time, in which case we’ll publish a new version of it onour Services.

8.9.3 This Policy is governed by Czech law.

Do you have a question or need help?

How it works info@littlebitapp.com

Littlebit - Convinient saving companion.

Here's how it works: Littlebit helps you save by setting aside a little extra every time you pay by card. Once you connect your card and bank account, Littlebit automatically purchases bitcoin based on your spending patterns.

Security is key

We take security very seriously. Your bank account data is protected by Plaid — even we can't access it.

Your card can be disconnected from Littlebit with just one click.

We verify every user and moderate our community.

We keep your investments in a secure wallet and you can withdraw them at any time.

We maintain a strict zero-tolerance approach towards fraudulent activities.

Automated DCA Strategy

The simplicity of the DCA (dollar-cost averaging) strategy is what makes Littlebit so convenient. This proven strategy eliminates the stress of market timing while building savings through steady, disciplined investing. By investing small amounts regularly, you can grow your bitcoin holdings without worrying about short-term price swings.

Moderated community

We envision a future where everyone can build a strong financial safety net effortlessly. Join our moderated channels to discuss Bitcoin investing.

Join the waiting list

Be the first to hear when Littlebit becomes available near you - join our mailing list today.

How we handle your data