Czech koruna
    Czech koruna
    Česky
    Česky

Information on the Personal Data Processing

I.

Personal Data Processing Personal data are processed in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, on the Protection of Natural Persons with regard to the processing of Personal Data and on the free Movement of such Data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as the "Regulation") and Act No. 110/2019 Coll., on Personal Data Processing.

II. The Controller

Družstvo PRIVATEUM GLOBAL
ID No: 17725020,
with its Seat at: Marie Cibulkové 1615/1b, 140 00 Prague
registered with the Commercial Register kept by the Municipal Court in Prague, Section Dr, Insert 8994
(hereinafter as the "Company")

III. Categories of Clients

  • III.1. The Company processes personal data of the Clients, who use or intend to use the PRI Pay Terminal service.

IV. Principles of Personal Data Processing

  • IV.1. The Company always processes personal data in accordance with the principles of personal data processing.
  • IV.2. The Company processes personal data lawfully, in a transparent manner, and fairly.
  • IV.3. The Company collects personal data for specified, explicit, and legitimate purposes only, personal data are not processed in a way that is incompatible with those purposes.
  • IV.4. It only processes personal data that are adequate, relevant, and limited to what is necessary in relation to the stated purpose of the processing.
  • IV.5. The Company processes personal data that are accurate and, where necessary, up-to-date; the Company will take all reasonable measures to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are erased or rectified without delay.
  • IV.6. The Company will delete personal data when the purpose of the processing ceases to exist. The Company shall not store personal data in a form which permits identification of the Client for longer periods than it is necessary for the purposes for which they are processed, data may be stored for longer periods if they are processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • IV.7. The Company ensures appropriate security of personal data, including protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

V. Legal Basis, Purpose of Personal Data Processing and Source of the Personal Data

  • V.1. The purpose of the processing of personal data is in particular the provision of services of the Company - PRI Pay Terminals.
  • V.2. The Company processes personal data on the basis of one of the legal grounds:
  • V.2.i. for the performance of a contract to which the Client is party or in order to take steps at the request of the Client prior to entering into a contract,
  • V.2.ii. for compliance with a legal obligation to which the controller is subject (in particular Act No. 253/2008 Coll., on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism, as amended (hereinafter “AML law”), Act No. 89/2012 Coll., the Civil Code etc.),
  • V.2.iii. for the purposes of the legitimate interests pursued by the controller or by a third party (e.g. risk management of the Company, security).
  • V.3. If none of the reasons mentioned in V.2 is given, the Company shall request the Client’s consent. Consent is voluntary, the Client may grant, refuse or withdraw the consent at any time. The Client may grant its consent with the offer of products and services and marketing processing of personal data.
  • V.4. If the Client refuses to provide its personal data, the Company may not provide him or her the services.
  • V.5. The Company obtains personal data mainly from the following sources:
    • a) directly from the Client,
    • b) from publicly available sources, websites or
    • c) from third parties, if applicable.

VI. The Scope of the Data Processed

  • a) identification and contact details – title, name and surname, date of birth, address of residence, delivery address, telephone number, email address,
  • b) information required by AML law – birth certificate number, place of birth, nationality, gender, number of identity card (passport or national identity card), the country and the authority that issued the identity card and the period of validity,
  • c) data of the use of services and products – e.g. transaction data,
  • d) payment details – e.g. bank account number,
  • e) data related to ownership of tokens, cryptocurrency,
  • f) device data - device ID, IP address, language settings, browser settings,
  • g) other information, if necessary, to the minimum extent necessary for the provision of the services.

VII. Recipients and Categories of Recipients of Personal Data

  • VII.1. The Company is entitled to provide personal data of Clients to the following categories of recipients of personal data, in particular for the purposes of fulfilling legal obligations and performance of the contract:
    • a) to employees of the Company for the performance of their duties,
    • b) to state authorities (supervisory authority, court, law enforcement authorities etc.),
    • c) service providers on the basis of the Agreement, if necessary,
    • d) to other persons with the Client’s prior consent.
  • VII.2. In some cases, it is necessary to use service providers for the provision of the services of the Company. The Company cooperates in particular with the following service providers:
    • a) providers for the purpose of identification of the Clients and fulfilment of other duties according to AML law,
    • b) providers offering marketing and IT services, cloud service providers,
    • c) payment systems providers or
    • d) attorneys, tax advisors and Company auditors.

VIII. Rights of Clients

  • VIII.1. Clients have rights in relation to their personal data under the relevant legislation. In particular, this includes the right of access, rectification, erasure or restriction of processing, the right to withdraw consent to the processing of personal data, the right to object to processing, the right to data portability and the right to lodge a complaint with a supervisory authority. The Client may exercise his or her rights via the e-mail address [email protected] of the Company.
  • VIII.2. Right of Access to Personal Data
  • VIII.2.i. The Client shall have the right to obtain confirmation from the Company as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to such personal data.
  • VIII.2.ii. The Company will provide a copy of the personal data processed. It may charge a reasonable fee based on administrative costs for additional copies at the request of the Client. If the Client makes a request by electronic means, the information shall be provided in electronic form unless the Client requests otherwise.
  • VIII.3. Right to Rectification
  • VIII.3.i. The Client has the right to have inaccurate personal data concerning him or her rectified by the Company without undue delay. Taking into account the purposes of the processing, the Client has the right to have incomplete personal data completed, including by providing a supplementary statement.
  • VIII.4. Right to Erasure
  • VIII.4.i. The Client has the right to obtain the erasure from the Company of the personal data concerning the Client without undue delay. The Company is obliged to delete the personal data without undue delay if one of the reasons set out in the Regulation applies (e.g. the personal data are no longer needed, the Client withdraws the consent on the basis of which the data were processed, the personal data have been processed unlawfully) and if the processing is no longer necessary.
  • VIII.5. Right to Restriction of Processing
  • VIII.5.i. The Client has the right to obtain from the Company restriction of the processing in the cases provided by the Regulation (i.e., in particular, the Client contests the accuracy of the personal data, the processing is unlawful and the Client opposes its erasure. The Company no longer needs the personal data for the purposes of the processing, the Client has objected to the processing until it is verified that the legitimate grounds of the Company override those of the Client).
  • VIII.6. Right to Data Portability
    • VIII.6.i. The Client shall have the right to obtain the personal data concerning him or her that he or she has provided to the Company in a structured, commonly used and machine-readable format and the right to transmit such data to another controller, without hindrance from the Company, if:
    • a) the processing is based on his or her consent or on a contract, and
    • b) the processing is carried out by automated means.
  • VIII.6.ii. In exercising his or her right to data portability, the Client shall have the right to have personal data transmitted directly from one controller to another controller, where technically feasible.
  • VIII.7. Right to Object
  • VIII.7.i. The Client shall have the right to object at any time, on grounds relating to his or her particular situation to processing of personal data concerning him or her (if the processing is necessary for the performance of a task carried out in the public interest, the processing is necessary for the purposes of the legitimate interests of the Company or a third party), including profiling.
  • VIII.7.ii. The Client is entitled to object to the processing if the personal data is processed for direct marketing purposes.
  • VIII.8. Right to Withdraw Consent to the Processing of Personal Data
  • VIII.8.i. The Client has the right to withdraw his or her consent to the processing of personal data if the personal data have been provided on the basis of his or her consent.
  • VIII.9. Right to Lodge a Complaint
  • VIII.9.i. The Client has the right to lodge a complaint with the supervisory authority (Personal Data Protection Office, Pplk. Sochora 27, 170 00 Prague 7, tel. +420 234 665 111, e-mail: [email protected], website: https://www.uoou.cz).
  • VIII.10. Retention Period of Personal Data
  • VIII.10.i. Personal data will be processed for as long as the personal data are necessary. In some cases, the retention period is stipulated by law.
  • VIII.10.ii. Data which are processed on the basis of AML law, shall be retained for 10 years after the end of the transaction or business relationship.
  • VIII.10.iii. Data which are processed on the basis of the performance of a contract are processed for the duration of the contract and one year after the termination of the contract.
  • VIII.10.iv. Data which are processed for the purposes of the legitimate interests of the Company e.g. for the purposes of court dispute, may be processed for the duration of the court dispute.
  • VIII.10.v. In case of processing based on the consent of the Client, the period is of validity of the consent.
  • VIII.11. Security of Personal Data
  • VIII.11.i. The Company protects the personal data of Clients by means of security technologies and maintains appropriate technical and organisational measures to prevent the improper or accidental disclosure, use, access, loss, alteration or damage of personal data. It uses the maximum possible security technology for this purpose.
  • VIII.12. The Company has appointed the Data Protection Officer Henrik Gharagyozyan, e-mail: [email protected]
  • VIII.13. Personal data will not be transferred to a third country or international organization.
  • VIII.14. The Company uses automated decision-making and profiling in particular for the purpose of fulfilling the duties of AML law. The Client has a right to contest such decision.