From: Blockad s.r.o. (as defined below), as data controller

To: You, as data subject

Version: 1.0


Dearest reader,


Thank you for taking the time to visit www.rbf.capital (the “website”). You should know that some of your personal data may be processed when you browse and interact with the website. Therefore, as its administrators, we consider it our highest priority to keep you well informed about how we treat such data. This data protection memorandum (“Memo”) is intended to give you a full overview of how we process your personal information from the moment you arrive at the website until you leave it, and beyond1.

Please get in touch at gdpr@rockawaycapital.com should you have any questions regarding this Memo whatsoever.


1. What personal data do we process?

If you take into account all the ways in which you can interact with the website (including the sending of job applications and similar), then we may process the following categories of personal data concerning you:


Category of Personal Data: E-Behavior Details

Description: This includes information about the way you browse and interact with the website, such as what you click on, how much time you spend on the website and its sections, the type of the device you use, and the IP address of such device and the location determined based on such address, as well as information obtained from cookies and similar technologies.

Processed Whenever You have the website open.


Category of Personal Data: Identification Details

Description: This includes in particular your name and date of birth.

Processed Whenever You contact us at our e-mail.


Category of Personal Data: Contact Details

Description: This includes in particular your contact address, phone number and e-mail address.

Processed Whenever You apply for a job.


Category of Personal Data: Professional Details

Description: This includes in particular details about your education (both official and by means of training courses and similar), relevant skills, prior work or other relevant experience, CVs, and similar.

Processed Whenever You apply for a job or an investment.


Category of Personal Data: Assessment Details

Description: If you’re applying for a job or an internship with us, this includes all data collected during the recruitment process about your fitness for the position applied for, your performance at interviews, assessment centers and tests, and your cover letter sent as part of your on-line application. If you’re applying for an investment, this includes all personal data concerning you which you provide us in your cover letter or other documents sent as part of your on-line application.

Processed Whenever You apply for a job or an investment.


Category of Personal Data: Queries

Description: This means any personal data concerning you other than your Identification Details and Contact Details included in any e-mail you send us to one of the e-mail addresses stated on the website.

Processed Whenever You contact us at our e-mail.


2. Why do we process your data and what allows us to do so?


We collect and work with various personal data concerning you for multiple purposes (depending on what you do on the website) —

  • without your prior consent, where this is necessary as a measure towards us reaching a legal agreement with you, or to pursue our legitimate interests or fulfil our legal obligations; or
  • with your prior consent, but only for limited purposes when you apply for a job or an internship.

The sub-sections to follow go into more detail.


2.1. If you browse the website…

(a) Collection of E-Behavior Details (1): Cookies

Do you like cookies? Well, then you’ve come to the right place! If you visit the website, we’ll deposit tiny files into your device called ‘cookies’. These enable us to map your activity on the website. Some cookies disappear after you’ve left, while other ones stay put and reactivate each time you visit the website. We also use so-called web beacons – tiny pictures embedded at various locations around the website which have a function very similar to cookies. To not overcomplicate things, we’ll just refer to all of the foregoing as ‘cookies’; similarly, we’ll just say we ‘store’ cookies on your device even though technically we also read them, too. You should know that some (but not all) cookies make you identifiable – not to us, but to network operators and similar – and therefore qualify as personal data. To the extent they do, we classify them as E-Behavior Details processed based on our legitimate interests (Art. 6(1)(f) GDPR) (see further below).

The first category of cookies which are stored on your device directly from the website helps us:

  • identify you when you switch among different sections of the website or when you leave and revisit the website, e.g. to be able to remember which language version you’ve selected;
  • remember if you’ve given us your consent under this Memo, if applicable at the time you’re reading this;
  • protect your identity, e.g. to ensure no one abuses your connection and passes themselves off as yourself; and
  • record, analyze and remove defects on the website.

These cookies are necessary for the proper functioning of the website; you can disable them in your browser settings, but in such case please note that it’s possible the website may not work correctly.

Also, we store a second category of cookies on your device which helps us:

  • monitor the popularity of the website and get an idea about who and where our visitors might be (without being able to identify any individuals); and
  • display different variants of the website if we’re testing out new functionalities.

These cookies are necessary for the proper functioning of the website; you can disable them in your browser settings, but in such case please note that it’s possible the website may not work correctly.

Don’t feel like cookies after all? You may disable the storing of cookies in your browser settings. Here’s where you’ll find out how to do that on popular browsers (just follow the links):

(b) Collection of E-Behavior Details (2): Miscellaneous

While we may get derive some of your E-Behavior Details from cookies, this won’t always apply. Using other technical means, we also process other E-Behavior Details such as:

  • your IP address (being the address which your device uses to communicate with other devices connected to the internet);
  • the type, version and language settings of your device’s operating system and browser; and
  • the internet address from which you’ve arrived at the website.

We process your E-Behavior Details based on our legitimate interests (i.e. without your consent) (Art. 6(1)(f) GDPR), for the following purposes:


Category of Personal Data: Acquisition of information which enables us to improve the functionality and content of the website.

Statement of Legitimate Interest: Improvement of the website, Improvement of the Rockaway group’s image.


Category of Personal Data: Collation of statistics and overviews, particularly session and user amount monitoring.

Statement of Legitimate Interest: Measuring the effectiveness of the website.


Category of Personal Data: Testing of new functions with a limited audience prior to full release.

Statement of Legitimate Interest: Smooth functioning of the website, Improved user experience.


Category of Personal Data: Fraud and security breach prevention.

Statement of Legitimate Interest: Smooth functioning of the website, User and user data security.


You may object to any of the processing activities above at privacy@blockad.cz – please see section 5.6 below for details.

We store your E-Behavior Details for no longer than 38 months, depending on the technology involved.

2.2. If you apply for an investment…

Please note that we’re not a ‘data controller’ when it comes to the investment applications at https://www.rockawaycapital.com/en/get-investment/, but only a processor. This means that we don’t determine how your information is handled once you submit the application form. Instead, it is Blockad s.r.o., ID No.: 080 064 58 (“BL”), which acts as controller (instead of us) for the purpose of the entire investee selection process. Our only task is to transfer the contents of your investment application to BL securely. Now we’re already here, however, the following is a summary of why and how BL processes your information once we give it to them:


Category of Personal Data: Identification Details, Contact Details, Professional Details, Assessment Details

Purpose of Processing: BL uses this personal data to assess whether or not it or one of its affiliated companies should invest in your business. In particular, collecting these details enables it to contact you, talk to you about your business ideas and determine whether or not you’ll be the right fit for each other business-wise.


BL may process the aforementioned data relating to you for the purposes described because it’s necessary as a measure towards reaching a binding agreement with you (such as an investment contract) (Art. 6(1)(b) GDPR).

BL stores your Identification Details, Contact Details and Professional Details until the end of the investee selection process you choose participate in (whatever the outcome), or, as the case may be, for as long as you work together. It will erase your Assessment Details after the end of the investee selection process (whatever the outcome).

BL gets your personal data either from yourself, from persons who know you, or from publicly available sources such as LinkedIn or company websites.

Personal data used by BL in connection with the investee selection process are accessible to us (in that we collect them on BL’s behalf), technical and other support services providers (e.g. Google or Microsoft), persons working at or closely with BL, and other persons who – with your permission – BL shares your details with for the purposes of potential business cooperation. To the extent any of the foregoing recipients process your data outside of the European Economic Area, BL ensures that adequate protection is safeguarded contractually using the model clauses issued by the European Commission or otherwise.

Please write us at privacy@blockad.cz should you have any questions about the processing of your information by BL or wish to exercise any of your rights under the GDPR (see section 5 below) – we will either deal with your query on BL’s behalf or pass it on to BL.


2.3. If you apply for a job or an internship…

This section applies whenever you wish to submit an application for a job at https://rockawayx.com/career.

Since a lot of your information is processed in connection with these applications and the recruitment process to follow, we have designated a whole separate document calledData Protection Memorandum – Candidates” to this group of processing activities. Please see the individual job ads and the Rockaway Academy internship application page for more.


2.4. If you send us an e-mail…

At Rockaway we are always happy to answer any questions or other messages you may have for us. Accordingly, we invite you to get in touch at various locations on the website. If you decide to send us an e-mail at contact@rbf.capital or any other e-mail address stated on the website, we’ll process the following categories of personal data relating to you for the following purposes:


Category of Personal Data: Identification Details, Contact Details, Queries

Purpose of Processing: We process this data to be able to answer your e-mail and help you with any request you may have for us.


We are allowed to process the abovementioned personal data categories for the given purposes because it’s necessary for us to be able to pursue our legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interests lie in wanting to connect with individuals who are interested in our business and anything else connected with Rockaway, as well as ensuring accurate reporting of our activities by the press.

As a general rule, we’ll delete our correspondence immediately after we’ve stopped communicating and there’s no legitimate need for us to keep the correspondence (such as us promising you to get back to you in the future). In exceptional cases we might also have to hold on to your e-mails if this is necessary for the protection of our rights (e.g. to be able to use our correspondence as evidence of something).

Who else has access to your data?

Whenever necessary for the attainment of the processing purposes described in section 2 above, we might have to share some of your personal data with the following types of recipients:

(a) BL

As explained in section 2.2 above, BL receives and is the controller with respect to all of your personal data processed in relation to investment applications.

(b) Other Persons with Access

  • cloud service providers (e.g. Google and Microsoft);
  • analytical services providers (e.g. Google via its Google Analytics service);
  • other technical and support services providers (e.g. software providers); and
  • persons working at or closely with Rockaway.

To the extent any of the foregoing recipients process your data outside of the European Economic Area, RV ensures that adequate protection is safeguarded contractually using the model clauses issued by the European Commission or otherwise.

4. Where do we get your personal data?

We get most of the personal data concerning you from yourself – e.g. when you send us an e-mail or fill out any application form on the website. There are exceptions, though: for example, we obtain your E-Behavior Details using cookies and similar technologies. We never buy your data from anyone; neither would we ever sell it.

5. What rights do you have in relation to your personal data?

As the sole proprietor of your personal data, you have multiple rights which you can use to maintain or regain full control of them whenever you deem fit:

5.1. Right to access

You have the right to know all there is to know about how Rockaway processes your personal data as well as your rights connected with such processing. While this Memo should answer most of your questions already, you may at any time ask us for confirmation as to whether or not we process (certain) personal data concerning you – if indeed we do, you are entitled to full information about such processing activity. The right to access includes the option to request a copy of all personal data concerning you which we process; we’ll give you the first copy for free and only charge you a fee for any further copies.

5.2. Right to correction

We all make mistakes sometimes. Should you ever notice that some of the personal data concerning you and processed by us are inaccurate or incomplete, you have the right to demand that we correct or supplement them without undue delay.

5.3. Right to be forgotten

In some cases you have the right to demand that we erase your personal data. We are obliged to do so if:

(a) we no longer actually need the personal data for the purposes for which they were originally processed;

(b) you have withdrawn you consent with the processing of the data and no other legal basis exists for such processing;

(c) you have objected to a certain processing activity performed by us based on our legitimate interests and we conclude that such legitimate interests no longer exist; or, as the case may be, you have objected to a processing activity used for direct marketing; or

(d) the processing activity in question has been or has become unlawful.

Please beware that your right to erasure isn’t absolute even if one of the conditions above is met – we may have the right to keep some of your personal data if this is necessary for the fulfilment of our legal obligations or for the protection of our legal claims.

5.4. Right to restriction of processing

In some circumstances you may have the right to demand that we limit the processing of your personal data (other than erase them altogether). This means that we will have to set your data aside and stop processing them for the time being, but not forever (that would be where the right to erasure comes in). We are obligated to restrict processing:

(a) if you dispute the accuracy of the personal data processed, until we can verify the accuracy and make corrections, if needed;

(b) if our processing of your personal data has been or has become unlawful (e.g. because it is excessive for the respective purpose) but you don’t want us to erase them (perhaps because you do need us to have them for later purposes);

(c) if we no longer need the personal data, but you require them to be able to protect your legal claims; or

(d) if you object to a processing activity, in which case we will suspend the processing while we investigate the merits of your objection.

5.5. Right to data portability

You have the right to obtain all such personal data concerning you and collected or otherwise processed by us based on your consent. If you invoke this right, we will be obliged to provide you all such data in a structured, commonly used and machine-readable format (XLS, PDF or similar). Your data portability right only applies to data which we process automatically.

5.6. Right to object

You may object to any processing performed based on our legitimate interests. If the processing at issue is conducted for direct marketing purposes, we’ll stop the processing activity immediately; in other instances we’ll first investigate the merits of your objection and cancel the processing if we find that we have no substantial legitimate interests to continue with the processing activity.

5.7. Right to lodge a complaint

Regardless of any other rights you might invoke, you may always file a complaint with the competent supervisory authority. This is especially so if you feel that your personal data are being processed unlawfully. Should you wish to lodge a complaint against processing performed by Rockaway, the competent authority would be the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů) located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.

6. Where and how do I invoke my rights?

If you have a question about Rockaway’s data protection policy or your rights under it, wish to exercise any of your rights under section 5, want to withdraw your consent with the processing of personal data or simply need to get in touch in a related matter, please e-mail us at privacy@blockad.cz. Don’t worry about the form of your e-mail or correct terminology – just make sure you describe what you’d like us to do or stop doing.

We’ll do our best to deal with your query as fast as we can, but in any event within one month. Since we’re no automated tech-giant, please understand that some of the more complicated queries might exceptionally take us up to two more months to sort out – but we’ll obviously let you know if this happens to be the case.

Please note that we may only advise you on your rights within the context of the personal data which pertains to you and is processed by us; we highly encourage you to seek independent legal advice on any and all other matters.

7. Who is responsible for handling your personal data?

Save for the processing described in section 2.2 above, the following organization (the so-called controller) decides how your personal data should be processed and is responsible for ensuring that your privacy rights are always respected:

Registered office and contact address:


Name: Blockad s.r.o.

ID No. (IČO): 080 064 58

E-mail: privacy@blockad.cz


References in this Memo to “Blockad” mean the controller as defined in section 7 of this Memo.


1Legalese Notice: This Memo should be understood as providing you information related to data processing within the meaning of Arts. 13 and 14 of the EU General Data Protection Regulation (“GDPR”).