CONSENT TO THE PROCESSING OF PERSONAL DATA

INTRODUCTION

Below you will find information about your rights and obligations related to the processing of your personal data by AB Pohledávky, a.s., registered office at Sanderova 1616/16, Holešovice, 170 00 Prague 7, Company ID No. 092 65 287.

Since we comply with all relevant legislation for the processing of personal data, in particular Regulation No. 2016/679 on the protection of personal data (“GDPR“) and Act No. 110/2019 Coll., on the Processing of Personal Data (“Personal Data Processing Act”), we hereby fulfil our information obligation to provide you with clear and comprehensible information regarding:

  1. who to contact if you have a question about the processing of your personal data;
  2. categories of personal data collected;
  3. sources of personal data;
  4. processing of personal data without consent;
  5. processing of personal data with consent;
  6. method of processing personal data and its protection;
  7. transfer of personal data;
  8. retention period of personal data;
  9. rights in connection with the processing of personal data.

 

  1. WHO TO CONTACT IF YOU HAVE A QUESTION ABOUT THE PROCESSING OF PERSONAL DATA

Personal data is any information relating to an identified or identifiable natural person (data subject).

Data subject is you, i.e., a natural person to whom the personal data relates. For example, a person who requests the Controller to provide a service or who is or will be in a contractual or other legal relationship with the Controller. Legal persons are not considered data subjects.

Processing means any operation or set of operations that are performed on personal data or sets of personal data with or without using automated procedures such as collecting, recording, organizing, structuring, storing, adapting, modifying, retrieving, viewing, using, transmitting, disseminating or any other access, alignment, combination, restriction, deletion or destruction of personal data.

Controller is the person who determines the purpose and means of personal data processing, performs processing and is responsible for it. The Controller of personal data of Data Subjects is the company AB Receivables, a.s., registered office at Sanderova 1616/16, Holešovice, 170 00 Prague 7, Company ID No. 092 65 287, incorporated in the Commercial Register kept by the Municipal Court in Prague, file No. B 25416 (“Controller”). The Controller’s e-mail address is: dpo@abpohledavky.cz.

In order to protect personal data, the Controller has appointed a Data Protection Officer who is responsible, among other things, for ensuring that all processing of personal data by the Controller takes place properly and in accordance with applicable legal regulations. The DPO’s e-mail address is info@abpohledavky.cz.

Processor is a person commissioned by the Controller to carry out processing operations on its behalf regarding personal data (for example, an intermediary or an accounting company).

  1. CATEGORIES OF PERSONAL DATA COLLECTED

The Controller processes only such personal data that enables it to properly provide its services, comply with legal obligations and protect its legitimate interests. The Controller therefore collects primarily personal data about its clients, client’s representatives, client’s debtors, representatives of these debtors and persons securing debtors’ debts, i.e., pledgers, guarantors, or the debtor’s spouse, if the contractual relationship between the client and the debtor relates to common property of spouses of the debtor (“Data Subjects”).

The Controller retains personal data about Data Subjects to the following extent: name, surname, telephone and e-mail address. This personal data is processed by the Controller so that the Controller can contact the Data Subjects.

In order to provide services and conclude the necessary contracts for these services, the Controller collects and processes, in addition to the above personal data, other identification data, which include title, date of birth, if the birth certificate number has not been assigned, place of birth, sex, permanent address or another place of residence, citizenship, Company ID No., bank account No. of Data Subjects, type, number and validity period of the ID card and the issuing authority.

The Controller may also process personal data of the Data Subjects regarding their creditworthiness, credibility and payment discipline. The Controller can further process information obtained from client information registers, which it may view in order to provide its services.

For the purpose of compliance with the obligations under Act No. 253/2008 Coll., on Certain Measures against Legalization of Proceeds from Crime and Financing of Terrorism (“AML Act”), the Controller also processes the birth certificate number of Data subjects.

This personal data is processed by the Controller only to the extent necessary for the respective purpose. If the Controller has been granted consent to the processing of the above personal data, the Controller will process this personal data also for another purpose (see section Processing of Personal Data with the Consent of Data Subjects).

  1. SOURCES OF PERSONAL DATA

The Controller collects personal data of Data Subjects from several sources; always in accordance with applicable legal regulations and on the basis of one or more legal titles.

The basic source of personal data is Data Subjects. Data Subjects provide the Controller with personal data when concluding relevant contracts for the provision of services of the Controller.

Other important sources of personal that the Controller uses include public sources, i.e.t, personal data from publicly accessible registers, lists and records (Commercial Register, Trade Register, Land Registry, Insolvency Register, etc.) and from other public sources (including selected information relevant to risk management that Data Subjects publish about themselves online or on social networks).

If the Controller has been granted consent of Data Subjects, it may also collect personal data from its business partners or members of groups of which the Controller is a member regarding the offer of services and products of the members of this group.

Personal data of Data Subjects may also be created directly at the Controller, both through the use of its services and products and through its internal activities.

  1. PROCESSING OF PERSONAL DATA WITHOUT THE CONSENT OF DATA SUBJECTS

Processing of personal data without the consent of Data subjects is performed by the Controller in particular for the following purposes:

    1. implementation identification of Data Subjects and fulfilment of other obligations according to the AML Act;
    2. performance contractual obligations under a contract concluded with Data Subjects, where this purpose also includes transfer of personal data to third parties, which the Controller uses to fulfil its contractual obligations;
    3. ensuring the protection of the rights and legitimate interests of the Controller;

Under a legitimate interest, the Controller may process personal data of Data Subjects primarily for the purpose of sending commercial communications or offers of similar services that Data Subjects have already purchased from the Controller or for the purpose of asserting the Controller’s claims against Data Subjects.

    1. retention and archiving personal data on the basis of and in accordance with applicable legal regulations.

After conclusion and during the term of the contractual relationship, the Controller is obliged to collect and process certain personal data as stipulated by the above legal regulations. For such processing, the Controller does not need the consent of Data Subjects, and therefore in the event that Data Subjects do not disclose such personal data required by legal regulations, the Controller will not be able to provide its products and services. The same may apply if the provision of personal data is necessary for the conclusion and performance of a contract, fulfilment of legal obligations of the Controller or the protection of its legitimate interests.

  1. PROCESSING OF PERSONAL DATA WITH THE CONSENT OF DATA SUBJECTS

Processing of personal data which the Controller does not perform on the basis of legal regulations and for which the Controller has no legal title may be performed only with the consent of Data Subjects. Granting of the consent is entirely at the discretion of the Data Subject and may be revoked at any time.

With the consent of the Data Subjects, the Controller processes personal data mainly for the following purposes:

    1. creation and provision of the offer of services of companies belonging to the Controller’s group and of other business partners; see the section Transfer of Personal Data.

If Data Subjects consent to the transfer of personal data (including personal ID No.) in order to receive information about products and services of companies from the Controller’s group, Data Subjects may be sent, in particular, marketing information by e-mail, addressed printed materials or SMS offers.

    1. collection and retention of copies of personal documents, unless required by law;

For the purpose of security and protection of the interests of Data Subjects and for the purpose of their unambiguous identification, the Controller will collect and retain copies of their identity documents. If obtaining a copy of such a document is not a necessary condition for the provision of the services, the Controller will produce only a transcript copy of the identity document; a

    1. use of birth number for the purpose of unambiguous identification in the information systems of the group to which the Controller belongs, unless required by law.

In such a case, your consent is required to use the personal ID No.as a unique identifier in the Controller’s systems. The purpose of such use is primarily simple and unambiguous identification of Data Subjects in the provision of the services and the limitation of possible errors that arise when multiple Data Subjects have certain identical personal data.

  1. METHOD OF PROCESSING AND PROTECTION OF PERSONAL DATA

The Controller consistently protects the personal data of Data Subjects. The processing of personal data is performed manually and by means of electronic information systems, which are subject to constant and strict physical, technical and procedural control. When using cloud storage, this storage is always located within the EU and is always protected by a high level of data security.

All persons who come into contact with the personal data in the course of fulfilling their work or contractual obligations are bound by confidentiality and are properly trained.

The Controller processes the personal data of Data Subjects by itself or within the group to which the Controller belongs. Without the consent of Data Subject or without a legal basis, the Controller will not transfer the personal data to third parties.

The Controller is entitled to entrust the performance of certain activities constituting part of its services to third parties which process personal data of Data Subjects. Such authorized persons become processors of the personal data. Processors may dispose of personal data exclusively for the purposes of performing the activity for which the Controller has entrusted them. In that case, the consent of Data Subjects is not required since such processing is directly permitted by law.

  1. TRANSFER OF PERSONAL DATA

The Controller transfers personal data of Data Subjects only in accordance with applicable legal regulations and, if required, only in in accordance with the consent of Data Subjects.

The Controller transfers personal data of Data Subjects to the following entities:

    1. in the performance of the duties of the Controller provided for by legal regulations, for example in accordance with the AML Act, in particular to courts, law enforcement agencies, tax administrators, distrainors, financial arbitrators, or social security authorities;
    2. other entities, if this is necessary for the protection of the rights and legitimate interests of the Controller, such as courts, distrainors, auctioneers, etc., to the extent necessary for the exercise of claims;
    3. persons entrusted to perform contractual and legal obligations, including the exercise of contractual rights, such as accountants, IT service providers, lawyers;
    4. members of the group to which the Controller belongs.
    5. business partners of the Controller in terms of evaluating payment discipline, credibility and creditworthiness or offering their services and products, which are namely:
Name of the entity Address Company ID No.
CEE Real Estate a.s. Vojtěšská 211/6, 110 00 Prague 1 05895464
Klub investorů a traderů s.r.o. Vinohradská 2396/184, 130 00 Prague 3 24161179
eastbutton s.r.o. Vinohradská 2396/184, 130 00 Prague 3 29363209
Catalyst Equity s.r.o. Ondříčkova 2166/14, 130 00 Prague 3 24211559
DQ Holding s.r.o. Ondříčkova 2166/14, 130 00 Prague 3 05175780
CBCB – Czech Banking Credit Bureau, a.s., Štětkova 1638/18, 140 00 Prague 4 2619969
Czech Non-Banking Credit Bureau, z.s.p.o. Štětkova 1638/18, 140 00 Prague 4 71236384
  1. PERIOD OF RETENTION OF PERSONAL DATA

The Controller retains personal data for the entire period during which it provides its services and products to Data Subjects. After the end of the cooperation, the Controller will restrict the use of the personal but will retain it due to the legal archiving obligation under the AML Act for a period of 10 years or as a result of tax or other legislation.

If Data Subjects inform the Controller of their interest in being contacted by the Controller for the purpose of offering services and products, but no specific negotiations take place to this end and Data Subjects do not grant their consent to further processing of personal data to the Controller, the Controller will erase the data one month after the Controller collected such data.

Personal data processed by the Controller on the basis of a granted consent will be retained only for the period of validity of the consent.

If the Controller processes personal data exclusively for the purposes of protecting its legitimate interests, it will retain the data only for the period of existence of the legitimate interest (e.g., during the limitation period).

  1. RIGHTS OF DATA SUBJECTS IN THE PROCESSING OF PERSONAL DATA

In terms of personal data protection, Data Subjects have certain rights that they can exercise against the Controller via e-mail address dpo@abpohledavky.cz  or at the address of the Controller’s registered office at Sanderova 1616/16, Holešovice, 170 00 Prague. Furthermore, Data Subjects may contact the Data Protection Officer via e-mail address info@abpohledavky.cz.

  1. Right of access to personal data

Data subjects have the right to access their personal data and other related information (e.g., purpose, category of personal data, retention period, source). Also, Data subjects have the right to request a copy of the processed personal data. The Controller may charge Data Subjects a fee corresponding to the costs of processing and providing such information in case of repeated requests.

  1. Right to data portability

If it is appropriate for Data Subjects in order to facilitate communication with another service provider, Data Subjects have the right to request that the Controller transfers their personal data to the new service provider, which data the Controller obtained directly from them or from other sources in order to ensure the provision of its services and products or under a granted consent.

  1. Right to revise a decision based solely on automated processing

At present, the Controller does not make decisions about the provision of services and products that would be exclusively automated. For example, if the Controller introduces automated evaluation and approval of applications without human intervention in an effort to improve and accelerate the provision of its services and products and Data Subjects do not agree with the outcome of the evaluation of their application, they may challenge and comment on the decision and request review of the decision.

  1. Right to rectify personal data

If personal data of Data Subject is incorrect, inaccurate or have changed, they have the right to correct the data. Considering the purposes for which the personal data is processed by the Controller, Data Subjects also have the right to supplement the data.

  1. Right to erase personal data

The Controller automatically deletes the personal data of Data Subjects immediately after losing the legal title for its processing (e.g., the statutory archiving period of 10 years from the termination of the contract has expired), unless otherwise provided by other legislation. Regardless, Data Subjects may exercise their right to erase the data.

  1. Right to restrict the processing of personal data

Data Subjects also have the right to restrict the processing of personal data, especially if the Controller will receive Data Subjects’ objection to the processing of personal data or their notification of the inaccuracy of their personal data.

  1. Right to revoke consent to the processing of personal data

Data Subjects may revoke their consent to the processing of personal data at any time. After revoking the consent, the Controller is obliged to terminate the processing of their personal data, unless it has another legal basis for the processing.

  1. Right to object

In the event that Data Subjects do not wish the Controller to continue the processing of their personal data that the Controller performs on the basis of the protection of its legitimate interest, Data Subjects may object to the processing. Data Subjects may file an objection either by e-mail at dpo@abpohledavky.cz.

Objections should be substantiated. It should be clear from the objection why Data Subjects consider that the processing adversely affects their privacy or the protection of their rights and legally protected interests. The Controller will then assess whether the protection of the legitimate interest of the Controller or third parties prevails over the effect of the processing on Data Subjects. This does not apply to the processing of personal data for the purpose of direct marketing, where processing is terminated automatically upon receipt of the objection. In that event, the Controller may still contact Data Subject for the purpose of exercise of rights and obligations even after opting out of receiving marketing communications.

i) Right to file a complaint with the Office for Personal Data Protection

Data Subjects have the right to file a complaint with the Office for Personal Data Protection at the address Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz, in the event that they have complaints regarding the processing of their personal data by the Controller.

——————————————————————————————————————————–

For the purpose of receiving more information about the processing of personal data or for a more detailed explanation of the above terms, Data Subjects may contact the Controller at the address Sanderova 1616/16, Holešovice, 170 00 Prague 7, e-mail address dpo@abpohledavky.cz. Moreover, Data Subject may contact the Data Protection Officer via e-mail address info@abpohledavky.cz.

We use cookies in order to provide you with customized content.
By continuing to our website, you agree to our use of cookies. Find out more here.