Information about the processing of personal data for customers
As our customer, you share some of your personal information with us and we collect and process those information. In this document you will find information about the processing of your personal data and rights, that results from such processing in accordance with regulation (EU) No. 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data («Regulation«).
Because you are a natural person, this information applies to you in its entirety.
Basic information about the personal data controller
The persons collecting your personal data and therefore their controllers are companies TOP Zastavárna, s.r.o., Plzeňská 59, Prague 5, RN: 24309818, GetCash, s.r.o., Na bojišti 1459/28, Prague 2, RN: 27136256, X-TER Hand, s.r.o., Na bojišti 1459/28, Prague 2, RN: 27136272. («Collector«)
If you have any questions about your personal data or to exercise some of your rights described below, it is possible to contact us by sending an e-mail to email@example.com
Who has access to your data
Other persons («Recipients«) also have access to personal data processed by Controller. These are mainly employees the Controller and third parties who are involved in fulfilling the legal obligations of Controller (e.g. auditor) or providing Controller with services related to its activities. (e.g. legal services, management of IT systems).
Your personal data are also transmitted to the competent state authorities and various persons in cases where the Controller is required to do so by law.
Scope, purpose, legal ground and duration of processing of personal data
Personal data needed to exercise the contract:
name, surname, address, social security number and, if not given, date of birth, place of birth, ID number (ID, passport, driving licence), gender, permanent or other residence, citizenship, signature, e-mail, telephone number
These types of personal data are processed by the Controller for proper performance of the contract which you have concluded with Controller. This is therefore mainly data provided in the contractual documentation and for fulfilment of mutual obligations.
The processing takes place for the period necessary for the conclusion of contract, for the period of contract’s effectiveness and after the termination of contract until the settlement of all rights and obligations arising from this contract, but no more than 3 years from the date of termination of relevant contract.
Personal data necessary for fulfilment of Controller’s legal obligations:
all names and surname, social security number and, if not given, date of birth, place of birth, gender, permanent or other residence and citizenship
These personal data are processed on the basis of Controller’s obligations arising mainly from (i) tax regulations, e.g. from the obligation to archive accounting documents (e.g. data on tax documents), (ii) the Trade Licensing Act (iii) the Act on Certain Measures against the Legalization of Proceeds of Crime or Terrorist Financing.
Termination of processing of this category of personal data occurs only after termination of legal obligations, for which fulfilment they were processed. Specific processing time depends on individual legal obligations of Controller. For tax purposes, the relevant documents are archived for a period of 10 years.
All the above mentioned data may also be used to verify the commercial credibility of public registers on the basis of the legitimate interest of the Controller for the duration of contractual relationship. Similarly, on the basis of legitimate interest of the Controller, such personal data may be processed in cases where it is necessary for exercise of rights or fulfilment of obligations of Controller, until their respective settlement.
How personal data is processed
Your personal data are processed in paper and electronic form, in accordance with the instructions of Controller, so that only persons entrusted with the purposes referred to in point 3 have access to it. Information is protected organizationally and technically from unauthorised access or misuse. Potential Recipients of personal data are bound to their proper protection by contract or law.
Your rights as a data subject
If you have questions about the processing of your personal data, please inform us via the contact details referred to in point 1. In connection with processing of personal data, you have following rights:
Right of information and access — you have right to request confirmation from Controller whether your personal data are being processed and, if so, information about: (i) the purpose of processing, (ii) the categories of personal data concerned, (iii) the Recipients, (iv) the estimated processing time, (v) your rights towards Controller, (vi) your right to lodge a complaint, (vii) whether automated processing is taking place, and (viii) in the case of transfer of data outside the European Economic Community premises on security guarantees your data.
Right to portability — if your personal data are processed for purposes of fulfilling the contract, with your express consent or automatically, you have the right to request a structured, machine-readable copy of it and, if necessary, to be handed over to another controller.
Right to rectification — you have right to have your processed data always up-to-date and accurate. You may require Controller to correct or supplement any personal data.
Right to restriction of processing — you have right to request restriction of processing from Controller if: (i) you believe that your data is not accurate until Controller verifies the accuracy of data; (ii) processing is not based on a valid legal reason, but you do not want to request the erasure of personal data; (iii) Controler no longer needs the data for defined purposes, but you require their processing to determine, exercise or defend your rights; or (iv) you have exercised your right to the objections described below.
Right to erasure — you have right to request Controller to delety any personal data. However, Controller is not obliged to comply with this request in the cases listed in Article No 17 of regulation, in particular where personal data continue to need to be processed for the purposes for which they were originally collected.
Right to object — in case of personal data processed on basis of a legitimate interest or in public interest, you have right to object to the processing to Controller.
Right to lodge a complaint — in connection with processing of your personal data, you have right to contact Office for Personal Data Protection with a complaint in cases where you believe that your right regarding personal data are being violated.