The purpose of this website is to inform you about the processing of your personal data in Komerční banka, and about your rights relating to your personal data. We want you to know what kind of personal data we collect, what we do with it, and what we use it for. You can also find information on the sources we obtain this data from, as well as learning who we can provide this data to.
We always process your personal data transparently, fairly and lawfully, and to the extent required for a given purpose. We securely retain your personal data for the period that is strictly necessary, in compliance with the time limits defined by legislation and other regulations. If the bank has a legitimate interest, we can decide for ourselves how long we will retain your data. We only process the personal data of persons aged under 18 if a child’s legal representative is acting on the child’s behalf.
We recommend that you familiarise yourself with the information contained in document Information about processing of personal data you will find below.
Information about cookies
Document in pdf – Information About Processing of Personal Data for Clients (PDF, 348 kB)
This document will be regularly updated. The archive of previous versions of the document.
The controller of your personal data is Komerční banka, a.s. (“KB” or “Komerční banka”).
Contact information for the controller:
Komerční banka a.s., Company No: 45317054
Na Příkopě 33
114 07 Prague 1
P.O. BOX 839
Contact information for the Data Protection Officer (DPO):
You can contact the DPO by e-mail (firstname.lastname@example.org) or by writing to the following address:
Office of the Data Protection Officer
Na Příkopě 969/33
114 07 Prague 1
KB collects and uses your personal data, and is responsible for ensuring that your data is processed correctly and lawfully. You can also assert your rights regarding Komerční banka as the controller of your data, as explained below. This does not concern Komerční banka only: if you grant us Group Marketing Consent, your data can be shared throughout the KB Group (see What kinds of consent do we have in Komerční banka?). Examples of situations when we most often obtain your data are:
Arranging to use KB services
The most frequent situation in which we obtain your data is that you arrange to use one of our products or services, or express an interest in them, when you usually give us your basic data and any data needed for you to enter into a contract with us on the product or service.
Using KB products and services
We also obtain your data when you use KB products and services. “Use” covers many different situations: withdrawing or depositing cash at an ATM, taking out loans and mortgages, making insurance claims, connecting to other banks’ products via KB internet banking, and many other operations.
Communications with KB
We also obtain data from communications over the telephone, internet, and in writing, and when you visit a branch. We also use recordings from security cameras and data related to online communications.
There are many reasons why we process your personal data, but we always do so only to the extent required for a given purpose. Most often we process your personal data so that we can provide you with the products and services you use or want to use. We also process your data so that we can satisfy our contractual obligations and the legal and regulatory requirements, and to pursue our legitimate interests.
In other cases we are only authorised to process your data with your explicit consent, unless there is an exemption in the legislation.
We set out the main categories of our purposes below.
Providing products and services
As part of discussing a product or service, you may model a suitable product on our website or at a branch. You may obtain information on the product or service from the internet, our branch network or our client centre. We will process the data you provide through these channels to facilitate your interest in the product or service, and we will contact you as part of discussing the product or service. We will retain the data you provide through these channels for a period of three months at most, and the legal basis here is the concluding of a contract.
If you decide that the product or service you discussed with us is suitable for you, we are obliged to identify you in detail and collect and retain any other data needed to draw up the relevant contract for the product or service. For credit and investment products, we will require a larger set of data from you, and we will carry out additional processing of your data, which you can read about in more detail in Assessing credit risk.
So that we can ensure the quality of the products and services you use, we are obliged to retain, update and process the relevant data. As part of the performance of the contract, we are also obliged to provide you with this information through the channels you have selected for these products and services, i.e. at our branches, through our direct banking channels, or at our client centre. If you also decide to use direct banking channels for servicing these products and services, we collect information on your location, IP address, etc. We record and evaluate this data so that we can minimise any risks related to the misuse of these direct channels.
If necessary, we will inform you – via SMS, e-mail, messages sent via our direct channels or in another standard way – of any events concerning your products and services, and, e.g., of any changes to our opening hours, any change of your branch or banking advisor, etc.
In this case, the legal basis for processing your data is the concluding and performance of a contract. To defend our legal claims, we will continue to retain this data after the product or service has ended – for more details see How long do we retain your data?
Defending our legal claims
We also process your personal data, including your communications history and information about products and services, to the extent required for any legal claims or potential legal claims against you, especially on the basis of your contractual relationship with us. We also use third parties for debt recovery. For this purpose we will retain your data for a period of 18 years following the termination of the contractual relationship.
The legal basis here is the protection of our legitimate interests.
Preventing, checking, detecting and investigating fraud, and preventing money laundering
We also use your personal data to check for and prevent any potentially unethical or fraudulent conduct. The legislation obliges us to exercise professional care in matters concerning the prevention, detection and investigation of such conduct. To this end we also collect your personal data and data on the products and services you use. We can then create indicators based on this data that help prevent potential fraud and provide better protection for your money. This may involve for instance information on the theft of your ID card or credit card, or data on the country where you normally use your direct banking channels.
The legal basis for such processing is compliance with our legal obligation as the controller.
Tax and accounting requirements
We also collect and process your personal data to comply with our legal obligations as the controller with regard to the state and the regulatory authorities. We are obliged to do so by the Accounting Act, the VAT Act and many other regulations, including the US Foreign Account Tax Compliance Act (FATCA), as part of compulsory reporting to the state and the regulatory authorities. We also transfer all of this mandatory information within the KB Group.
We process and transfer this data to comply with our legal obligation as the controller, and in our legitimate interest.
Protecting against market abuse
The legislation also obliges us to check compliance with the Capital Market Trading Act and prevent its abuse, which could harm our other clients or our group. We process your personal data for this reason too.
We use camera systems installed on our premises, in front of their entrances and at our ATMs to protect our property, i.e. our buildings and equipment, to protect individuals against unlawful conduct, and to prevent and investigate such conduct. We retain the recordings from these camera systems for the period strictly necessary, and when warranted, especially when there are security breaches, we subsequently process these recordings and transfer them to the appropriate public authorities, such as the law enforcement authorities.
The retention, processing and transfer of this data is essential for us to pursue our legitimate interests.
Prevention and control for investment and insurance products
Before making an investment, the legislation and the regulatory requirements oblige us to assess your knowledge and experience of investing in investment instruments, as well as your attitude to risk and your financial resources. We obtain information for these assessments from an Investment Questionnaire, which we retain (see How long do we retain your data?). In compliance with the regulatory requirements, we also collect and retain records of all communications with you concerning investment or insurance products (e.g. recordings of telephone calls, minutes from meetings, e-mails, Skype calls and messages, etc.). In line with the regulatory requirements for reporting your transactions, we collect data on your instructions and your transactions with investment instruments.
The company’s internal needs and reporting
Our employees process your personal data for the company’s internal needs, e.g. for reporting on the efficiency of our servicing and selling.
The legal basis for such processing is our legitimate interest.
Assessing credit risk
We use profiling to correctly assess risks when providing credit products. We use your personal data to create a unique profile so that we can determine whether you will be able to repay a loan. When you ask for a loan, we will for instance evaluate the credit risk using credit registers and our internal resources. We can also use automated processing to perform this evaluation.
To minimise risk, the bank keeps records of persons who have provided false information, experienced difficulties paying their debts, etc.
The legal basis for such processing is compliance with our legal obligation as the controller, and also our legitimate interest.
We also use your personal data and information on selected products and services for regulatory reporting. We use this data to produce reports for our internal use, and we are obliged to transfer information on certain products and services to the regulator.
The basis for such processing is compliance with our legal obligation as the controller.
Debt recovery and factoring
Occasionally you may have problems repaying any loans we have provided. Our primary objective here is to resolve these problems with you efficiently and to our mutual satisfaction, but sometimes we may be unable to find common ground. In these situations we have to use the personal data we have recorded on you, and in some cases we may also use data, especially contact data, from publicly accessible sources such as social networks, etc., so that we can contact you for instance. Under certain circumstances (you fail to respond, you are unreachable, you have no interest in resolving the situation, etc.) we may have to transfer your debts to a company that specialises in debt recovery. In such cases we will transfer the relevant personal data to the company, together with any other relevant data on the debt in question. We also transfer this data if we decide to assign the debt.
The basis for processing and transferring the relevant data is our legitimate interest.
We distinguish three basic types of marketing purposes: marketing as Komerční banka’s legitimate interest, direct marketing as a legitimate interest, and marketing on the basis of your consent.
Marketing as a legitimate interest
As part of marketing as a legitimate interest, we carry out basic analyses of your data concerning your use of our products and services. At the same time this legitimate interest allows us to segment our clients in order to choose the most important form of servicing and offer suitable products and services, and it also allows us to find out clients’ opinions. You may object to marketing as a legitimate interest.
Direct marketing as a legitimate interest
As part of direct marketing as a legitimate interest, we may offer you KB products and services through our branch network and direct channels, or via e-mail, SMS and social networks. You may object to direct marketing as a legitimate interest. If you object to such processing, we will automatically comply with your wishes.
Marketing with consent
Purposes for which we need your explicit consent to process your personal data are offering products and services (including via direct channels) provided by the KB Group and third parties who work with us, marketing processing, and analyses and profiling aimed at tailoring our offers to meet your needs and improving the services we provide. As we do not wish to annoy you with unnecessary and inappropriate communications, we use the personal data we collect to get a better idea of your needs so that we can offer you suitable solutions. We may offer you credit products or payment instruments, or congratulate you on your birthday.
We can use a wide range of channels to communicate with you: letters, telephone calls, e-mails, SMS, messages at ATMs, and messages (or pop-ups) in internet banking.
Information on the use of our products and services helps us to monitor and constantly improve their quality and retain your loyalty. We also process personal data to support our business decisions and identify business potential.
Before this information can be used it must be processed, which in particular involves data processing for marketing purposes. This refers to statistical and mathematical analyses aimed at gaining an insight into a client’s behaviour and anticipating the client’s future behaviour and business potential, as well as client profiling, various kinds of segmentation, reporting, etc. Processing can be manual or automated.
We process this data on the basis of your explicit consent. You can find detailed information on Group Marketing Consent in Marketing Consent.
We can only process your personal data within a specific scope, and provided that at least one of the following conditions is satisfied:
In specific cases we are authorised to process your personal data in order to protect the rights and legitimate interests of Komerční banka, Komerční banka Group and third parties. In these cases we are authorised to process your personal data without your consent, but always for the reasons that authorise us to carry out such processing. Processing on the basis of our legitimate interest is limited, and the legitimate interests we define and on whose basis we carry out processing are always carefully assessed.
The main types of processing we carry out to pursue our legitimate interests are primarily:
This chapter covers the different kinds of consent we collect in Komerční banka.
What is consent?
Consent is any freely given, specific, informed and unambiguous indication of a person’s wishes, in which he or she, by means of a statement or another clear affirmative act, signifies agreement to the processing of his or her personal data. Consent is voluntary, and you can give, refuse or withdraw your consent at any time. If this concerns Group Marketing Consent, you can withdraw it at any company in the KB Group.
Refusing to give your consent, or withdrawing it, has no effect on your contractual relationship with Komerční banka. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Types of marketing consent
Marketing consent refers to consent to processing clients’ data for the purposes of carrying out marketing activities, and sharing data for these purposes between the companies to which you have given your consent.
Group Marketing Consent (“Marketing Consent”)
If you have given us your Marketing Consent, this consent applies to the KB Group as a whole. In this case all companies in the KB Group will be joint controllers of your personal data, and they can share and process the data specified in the consent form for the purposes specified in the consent form.
You can give your consent in person in Komerční banka’s branch network, in one of our subsidiaries’ branch networks, when signing contractual documents for any KB Group products brokered by selected third parties, and via our direct banking channels (MojeBanka, Mobilní banka).
When giving your consent, and subsequently, you cannot choose which companies this applies to or not, and we will be obliged to treat any request that only some of the joint controllers be included as refusing to give or withdrawing your Marketing Consent. You can withdraw your consent at branches of KB Group’s sales network. If you withdraw your consent from one KB Group company, this will also apply to the other members of the KB Group, meaning that subsequently none of them will be able to continue processing your personal data for the purposes specified in your Marketing Consent form.
The KB Group jointly processes all data given by consent, and this data may also be transferred between the controllers. This means for instance that if you have signed the Marketing Consent form, the information you give to a KB banking advisor will be available for marketing purposes to the other joint controllers such as Modrá pyramida stavební spořitelna, a.s. This also means that we share publicly accessible information on you between all companies in the KB Group.
You give your Marketing Consent to the following companies, which we refer to as the “KB Group”:
The “KB Group” comprises the following companies:
Komerční banka, a.s., Company No: 45317054
Modrá pyramida stavební spořitelna, a.s., Company No: 60192852
Komerční pojišťovna, a.s., Company No: 63998017
KB Penzijní společnost, a.s., Company No: 61860018
ESSOX s.r.o., Company No: 26764652
ALD Automotive s. r. o., Company No: 61063916
SG Equipment Finance Czech Republic s.r.o., Company No: 61061344
Factoring KB, a.s., Company No: 25148290
According to the legal definition, the controller of personal data is anyone who determines the purpose and means of processing personal data, and for this purpose carries out the collecting, processing and retention of personal data. All of the companies listed above are joint controllers of your personal data, and they can share and process the data specified in the consent form for the purposes specified in the consent form.
Completing the Marketing Consent form
The Marketing Consent form has two boxes: “Agree” and “Disagree”
By ticking the “Agree” box and signing the form, you give your consent for the KB Group to process your personal data for marketing purposes.
By ticking the “Disagree” box and signing the form, you do not give your consent for the companies listed above to process your personal data for marketing purposes within the scope defined in the form.
Crossing out, overwriting or otherwise altering the Marketing Consent form will be regarded as refusing to give consent (the same as choosing “Disagree”)
It is sufficient to give your Marketing Consent only once to a single company in the KB Group and it will remain valid and in effect for the duration of your last contractual relationship with at least one of the companies in the KB Group, and then for one year after it ends, or until you withdraw your consent.
If you give your Marketing Consent when discussing a product or service, for instance, and you ultimately decide not to become our client (i.e. no contractual relationship is established with a member of the KB Group), your consent will apply for one year after you gave it, unless you withdraw it in the meantime. When your Marketing Consent is no longer valid and in effect, your personal data will be deleted, or it will only be processed within the scope and for purposes for which the legislation does not require consent.
Alliance Consent (Cataps Marketing Consent)
If you are a retailer and you use the card acceptance services of the companies KB SmartPay and Worldline, you give your Alliance Consent to the processing of your personal data and your company’s data for marketing purposes within the Alliance relating to card acceptance. The Alliance’s members are joint controllers of this data.
You give your consent to the following companies, which we refer to as the “Alliance”:
Komerční banka, a.s., Company No: 45317054
KB SmartPay (Cataps, s.r.o.), Company No: 03633144
Worldline NV/SA, CBE (Crossroads Bank for Enterprises) No 0418.547.872
This data will be processed from the moment Alliance Consent is given for marketing purposes until the elapse of two years after the termination of your last contractual (or other legal) relationship with one of the personal data controllers in the Alliance.
You can find more information on this consent in Smartpay’s document “Information on Processing Personal Data”.
If you have given us this consent, we will obtain, through the processor – Společnost pro informační databáze, a.s., Company ID 26118513, aggregated information in order to assess your ability and willingness to fulfil your obligations under the contracts entered into according to the current application or your future requests for entering into contracts with Komerční banka. This information can indicate your payment morale in terms of how you use electronic communications services with the operators: T-Mobile Czech Republic, a.s., Company ID 64949681, O2 Czech Republic a.s., Company ID 60193336, O2 Family, s.r.o virtual operator, Company ID 24215554, Vodafone Czech Republic a.s., Company ID 25788001. For more information, please visit www.sid.cz and consult the “TelcoScore Privacy Statement” available at any Komerční banka branch and on its website www.kb.cz. Such consent may be withdrawn in writing at any branch of Komerční banka.
There are two main reasons why we process and retain your data, and related to these reasons are the time limits for which we need to retain your data:
We also retain data on your products and transactions obtained from other financial institutions for the period of five years from their disconnecting from KB internet banking.
The regulations on personal data protection allow the controller to entrust the processing of personal data to a processor. A personal data processor is any entity that processes personal data on the basis of specific legislation, or is entrusted or authorised to do so by the controller. In such cases the contractual and regulatory arrangements guarantee your data the same protection that Komerční banka provides. The most important processors Komerční banka uses for processing personal data are:
To protect our rights by assessing your ability and willingness to repay your loan commitments, Komerční banka investigates your creditworthiness, payment discipline and integrity. We do this on the grounds of our legal obligations or legitimate interests, with the help of credit registers. When negotiating a loan, and perhaps during the credit agreement, we transfer information on you to these credit registers, and your consent may not be required. In addition to the database maintained by the Czech National Bank, we use three credit registers: the Client Information Bank Register (CIBR), the Non-Bank Client Information Register (NCIR), and the SOLUS association.
Client Information Bank Register
The Client Information Bank Register is operated by CBCB – Czech Banking Credit Bureau, a.s., which collects information on the creditworthiness, payment discipline and integrity of banks’ clients. The data in this register can be shared without the client’s consent, and you can request a printout from the register. You can find out more about the CIBR at www.cbcb.cz.
Non-Bank Client Information Register
The Non-Bank Client Information Register is operated by CNCB – Czech Non-Banking Credit Bureau, z.s.p.o. Again, your consent is not required for the data to be shared. As a bank we are not part of the register, and your data is only shared. You can find out more about the NCIR at www.cncb.cz.
These registers exchange information, and they can also do this without your consent. For more information on these registers, we refer you to their Information Memoranda, which you can find on Komerční banka’s website and the registers’ websites.
Your personal data may also be kept in the SOLUS register, on the basis of the Consumer Protection Act. This register allows users to share consumers’ identification data. It also covers matters such as consumers’ creditworthiness, payment discipline and integrity. Your consent is not required for the provision of such information, and Komerční banka can transfer your data to and from the SOLUS register without asking for your consent. If you want to find out more about the SOLUS register, please visit www.solus.cz
Recording book-entry securities
Investments are a somewhat specific field, where a record must be kept of any book-entry securities you own. For this purpose your personal data is provided to third parties, such as the Central Securities Depository and organisations that keep separate records of these securities.
If this concerns a foreign operator that registers such information, personal data is provided in compliance with the local legislation. In the aforementioned cases this concerns the performance of contracts that comprise the legal framework for repeated investments. Your consent is not required here, as this data is processed on the basis of the contract.
Exchanging information and tax issues
Under international agreements such as FATCA, etc., we are obliged to provide data on our clients to the Ministry of Finance of the Czech Republic. For more information on these agreements, please visit www.mfcr.cz
Central Register of Accounts (CNB)
We transfer your personal data to the Central Register of Accounts, which is maintained by the Czech National Bank. This is a central database with basic information on the accounts that credit institutions keep for their clients, who are natural and legal persons and other entities. The Central Register of Accounts allows the state administration to request a check of the accounts kept at credit institutions in the Czech Republic in order to avoid the financial system being abused for money laundering or financing terrorism.
The TelcoScore service is operated by Společnost pro informační databáze, a.s., Company ID 26118513, and provides information on the creditworthiness and credibility of users of electronic communications services (see also chapter 6 above). Obtaining your creditworthiness data through TelcoScore is only possible on the basis of your consent to the transfer of your telephone number and/or birth number to the operators.
On request and without consent
A range of public authorities may request information on our clients. They include the Czech Police, the courts, the Czech National Bank and health insurance companies. However, we only provide this data in situations where we are legally obliged to do so.
In Komerční banka we always try to be as transparent as possible, which is why we think it is important that you know how we process your personal data. For this reason we list here the basic categories for the individual items of data.
This includes the subject’s first name, surname, birth registration number, date or place of birth, identity card numbers and birth certificate. If you are in business, this is also your company ID number, tax registration number, etc.
Address and contact data
This includes all of the subject’s addresses – e.g. permanent place of residence, correspondence addresses, and for entrepreneurs their company’s address, and the subject’s contact data, e.g. telephone numbers, e-mail addresses, social network addresses, data boxes, etc.
This includes statistical data, such as your age, sex, marital status, education, income and profession, information on your employer, how many children you have, etc.
This includes data on your finances, such as any property, shares or other securities you may own. In some cases you will also inform us of your income and liabilities. It also includes the balances of any loans and leasing contracts, payments to building society schemes, pension scheme contributions, insurance premiums (property, household, life, accident and vehicle insurance, etc.), other individual expenditure items (e.g. maintenance), other liabilities (e.g. surety), etc.
This includes data on your tax residence, i.e. where you are obliged to pay tax.
Non-financial business characteristics of a client
This includes information on suppliers and customers, the client’s business strategy, information on any group of connected clients, information on the market environment and situation in the sector, business risks, etc.
Data on products
Data for financing products
This includes the personal data of debtors and co-debtors, information on the parameters of a credit transaction, the identification and value of collateral, etc.
Data for investment banking and insurance products
This includes the personal data of the holders and managers, contract numbers, the level of investment, the order book, information on transactions, insurance claims, etc.
Data for day-to-day banking products
This includes the personal data of the holders and managers, contract numbers, payment card numbers including security data, information on transactions, the sales channels used, etc.
Data from public registers
This includes sanctions lists of persons linked with terrorism and other persons on international watch lists who are subject to international sanctions, ISIR – the insolvency register, the bankruptcy register, the central debt collection register, registers of invalid and stolen documents, the register of groups of connected clients, information from the land register, etc.
Information from the internet, social media and social networks
This includes, e.g., geolocation data identified by GPS coordinates (or the address point), the IP address, cookies, the identification of the device used, information on web browsers, your profile on social networks, etc.
Electronic communication means for authentication and authorisation
This includes data on electronic communication means that are mainly used for authentication, i.e. to verify your identity. Data that comes under this category includes your digital signature, your digital certificate, or the user name you ordinarily use to log into applications, or your device’s serial and manufacturing numbers (MAC address), etc.
Records from banking machines and applications
This includes identification data from, e.g., payment terminals, communication channels and logs from monitoring banking applications, as well as other information such as geolocation data from terminals.
This includes data and recordings from the monitoring of Komerční banka’s branches and other premises, such as ATMs and safes.
Records of data subjects’ links with products and services
This includes any co-applicants’ personal data and the requisite parameters (interest rate, repayment instalments, etc.), records on relationships, records on the family, information on business relations e.g. between supplier and customer, etc.
Products of other financial institutions connected to KB internet banking
If you connect your product provided and administered by another financial institution to KB internet banking, we process the data provided by you in this context or obtained by us that is necessary for the proper functioning of this service, and information about these products and their transactions to the extent provided by the other financial institution.
Data we neither collect nor process
Special categories of personal data
This is a special type of data that includes information on your race, ethnicity, trade union membership, any health problems, and sexual orientation. It also includes data related to genetic and biometric information. Komerční banka does not collect this data.
You have the right to ask us for information on your personal data that we process, the purpose and nature of processing personal data, and the recipients of personal data.
If you discover or believe that our processing your personal data is contrary to the protection of your personal and private life, or in violation of the legislation, you are entitled to ask us for an explanation, or to ask Komerční banka to remedy the situation.
If we are in breach of our obligations, you also have the right to ask the Office for Personal Data Protection to take remedial measures.
A list of your rights:
Komerční banka treats all of the above rights in the same way, and always tries to satisfy your requirements.
Komerční banka has a reasonable period to process your request when you exercise a right – usually this is 30 days.
You will be informed by letter when Komerční banka has finished processing your request. You can exercise your rights by sending Komerční banka a letter or e-mail, or directly at one of our branches.
When exercising selected rights, Komerční banka may need your cooperation to identify you. You can exercise your rights on your own behalf or on behalf of someone you represent on the basis of power of attorney or other authorisation.
If you have any questions, please call Komerční banka’s Infoline on 800 521 521, go to www.KB.cz/osobni-udaje or write to us at email@example.com.
Alternatively, please contact our Data Protection Officer (DPO), who is responsible for supervising the processing of personal data in Komerční banka.
Office of the Data Protection Officer
Komerční banka a.s.
Na Příkopě 969/33
114 07 Prague 1
When providing products and services to legal persons, we also obtain and process data on natural persons who are authorised to represent the bank’s clients, as well as on other natural persons whose personal data is processed in direct connection with conducting their activities, and which the bank must or is entitled to process for its own purposes.
This primarily concerns the registered owners and beneficial owners, persons authorised to view or dispose of funds on their accounts (including holders of business payment cards), persons providing collateral, and other subjects connected with these persons. We obtain data primarily from our clients or their representatives, from publicly accessible sources, and also from specialised databases maintained by third parties.
This involves subjects’ identification data, i.e. their addresses, contact and sociodemographic data, their role and position in a company, their area of interest, scans of documents, information on links with other subjects, and information required by the legislation, especially the laws on money laundering, taxation and the provision of payment and investment services, and any other regulations the bank has to comply with when conducting its business.
We acquire and process this data:
If you gave your consent for the KB Group to process your personal data for marketing purposes, the data specified above can also be processed for these purposes.
Komerční banka is the parent company of the KB Group and a member of the Société Générale international financial group. KB ranks among the leading banking institutions in the Czech Republic, as well as in Central and Eastern Europe. It is a universal bank providing a wide range of services in retail, corporate and investment banking. Member companies of the Komerční banka Group provide additional specialised financial services such as pension schemes and building society schemes, leasing, factoring, consumer lending and insurance. These are available through KB’s branch network, its direct banking channels and its subsidiaries’ own sales networks. KB also provides services in Slovakia through a branch that serves corporate clients, as well as through selected subsidiaries.
The Société Générale Group
Since October 2001 Komerční banka has been part of Société Générale’s international retail banking group. Société Générale is one of the largest financial services groups in Europe.
Société Générale has been playing a vital role in the economy for the last 150 years. It operates in 67 countries with over 147 000 employees. The Société Générale Group serves 31 million clients throughout the world, and its teams offer advice and services to individual, corporate and institutional customers in three core businesses:
When processing your personal data, we comply with the applicable legislation, especially the Personal Data Protection Act, the Banks Act and the Anti-Spam Act, which prohibits the sending of unsolicited commercial communications.
The most important legislation on personal data protection or related to it is:
Office of the Data Protection Officer
Komerční banka a.s.
Na Příkopě 969/33
114 07 Prague 1
Phone number: in CZE: 800 521 521, from abroad: +420 955 559 550
Office for Personal Data Protection
address: Pplk. Sochora 27, 170 00 Prague 7
tel.: 234 665 111
Text of GDPR: http://eur-lex.europa.eu/legal-content/CS/ALL/?uri=CELEX:32016R0679
Guidlines of WP29 for GDPR:
This web page aims to provide employees, job seekers and external partners of the Komerční banka corporate group in the Czech and Slovak Republics with information on personal data processing and the related rights. You will learn what personal data we collect, how we manage them, from what sources we obtain them, for what purposes we use them and to whom we may provide them.
Information on processing personal data (PDF, 642 kB)
The information on personal data processing will be regularly updated
The controller of your personal data is, in each individual case, the specific company of the KB Group, as defined below (hereinafter “KB Group”), to which you provided the personal data or which obtained the personal data from you. The controller collects your personal data, manages them is responsible for their proper and lawful processing.
ALD Automotive s. r. o., with its registered office: Praha 10, U Stavoservisu 527/1, Postal Code 108 00, Id. No.: 61063916
ALD Automotive Slovakia s. r. o., with its registered office: Bratislava, Panónska cesta 47, Postal Code 851 04, Id. No.: 47 977 329
ESSOX s.r.o., with its registered office: České Budějovice, F. A. Gerstnera 52, Postal Code 370 01, Id. No.: 26764652
Essox Finance, s.r.o., with its registered office: Bratislava, Karadžičova 16, Postal Code 821 08, Id. No.: 35 846 968
Factoring KB, a.s., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 25148290
Komerční banka, a.s., with its registered office: Prague 1, Na Příkopě 33/969, Postal Code 114 07, Id. No.: 4531 7054
Komerční banka, a.s., foreign bank’s branch, with its registered office: Bratislava, Hodžovo námestie 1A, Postal Code 811 06, Id: 47231564
KB Penzijní společnost, a.s., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 61860018
Komerční pojišťovna, a.s., with its registered office: Prague 8, Karolinská 1/650, Postal Code 186 00, Id. No.: 63998017
Modrá pyramida stavební spořitelna, a.s., with its registered office: Prague 2, Bělehradská 128/222, Postal Code 120 21, Id. No.: 60192852
SG Equipment Finance Czech Republic s.r.o., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 61061344
SG Equipment Finance Czech Republic – org. zložka, with its registered office: Bratislava 1, Hodžovo nám. 1A, Postal Code 810 00, Id. No.: 31785972
We honour and respect the highest standards of personal data protection in processing of your personal data and comply, in particular, with the following principles:
We comply with appropriate technical and organisational measures to ensure a level of security corresponding to all possible risks; all persons who come into contact with employees’ personal data are obliged to maintain confidentiality of information obtained in connection with the processing of such data.
The data protection officer for all companies within the KB Group is:
Ing. Radek Basár, MBA
Na Příkopě 969/33
114 07 Prague 1
Tel.: +420 955 532 780
The legislation on personal data protection allows the controller to authorise another person – a processor – to process personal data. A personal data processor is every entity that processes personal data on the basis of a special law or authorisation of the controller. In some cases, this procedure is also used by companies of the KB Group in personal data processing. Compliance with the same principles of personal data processing as those followed by the KB Group is guaranteed in these cases by a contract and by law.
Your personal data are being processed in the territory of the Czech and Slovak Republics and in other countries of the European Union where entities belonging to the KB Group are seated and that share the same standards of personal data protection as the Czech and Slovak Republics. Neither the controller nor the processors involved in the processing of employees’ personal data transfer employees’ personal data to countries outside the European Union.
The manner in which the controller processes your personal data includes only manual processing in information systems.
Purpose and legal basis of personal data processing
We process personal data without your consent: (a) on the grounds of a legitimate interest with a view to selecting the most suitable candidate and filling a job vacancy as efficiently as possible, and (b) to execute the employment contract.
We process personal data with your consent with a view to offering further job vacancies to you.
Extent of personal data being processed:
Identification and contact details
Name and surname, date and place of birth, birth identification number, place of residence, telephone number, marital status, nationality, photograph, e-mail address, profile address in social networks.
Details on education and previous employment
List of completed schools, diplomas, school reports, courses, certificates, previous employers, motivation letter, driving licence, psychological tests, psychodiagnostic tests, recruitment tests.
Publicly available data
Furthermore, information may be obtained that is freely available on the internet in the Commercial Register, Trade Register, Insolvency Register or other insolvency records with a similar or identical content, or the LinkedIn social network.
Details from mutual communication
Notes made during telephone calls, video recordings, notes made during personal interviews and, if appropriate, written communication.
Protection of buildings
With a view to protecting rights and legally protected interests, your movement in buildings are recorded and camera recordings from selected areas of buildings are stored.
From what sources do we obtain information about you?
We obtain information from your CV, from portals focusing on job advertisements to which a response was made, from recruitment agencies, based on references and mutual communication, from social networks and the internet.
For how long do we keep personal data?
We process your personal data only for the period necessary for the purposes of their processing. We regularly evaluate whether it is still necessary to process certain personal data for the given purpose. If we determine that they are no longer required for any of the purposes for which they were processed, we will destroy the data. In relation to certain purposes of personal data processing, we have evaluated the usual duration of processing of personal data as follows for the relevant purposes:
Recipients and processors of personal data
Your personal data are disclosed especially to employees in relation to the performance of their working tasks that require handling of personal data, but in each case only to the necessary extent and in compliance with all security measures.
In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include recruitment agencies and companies performing psychological tests.
We perform personal data processing without your consent to the necessary extent (a) on the grounds of performance of the contract – especially employment contract, agreement related to benefit programmes, contract with a medical facility providing occupational health services, contract for savings and insurance plans; (b) to perform a legal obligation – especially duties to notify public authorities, courts and the police, duties pertaining to the enforcement of decisions and performance of the archiving duty; (c) for the purpose of protecting the rights and legally protected interests, including, but not limited to, protection of information technology, buildings and property, and goodwill, and in relation to the management of security risks, prevention and investigation of frauds; and (d) on the grounds of legitimate interests of the controller in the area of HR consultancy, education and evaluation.
Name and surname, academic degrees, address of residence, telephone number, date and place of birth, birth identification number, marital status, photographs, nationality, information whether you are the governing body or a member of the supervisory body of another legal person, whether you operate a business, bank details, personal number.
Data for payroll agenda, remuneration and benefits
Records of hours of work, data necessary for reflecting discounts and deductions for taxes, data necessary for reflecting discounts and deductions for savings and insurance schemes, information on accidents at work, data on business trips including accommodation and booking of transport tickets and minor expenses, mandatory deductions from salary, confirmation of study, disability or old-age pension, meal vouchers, Cafeteria benefits scheme, employee equity plan, information for annual settlement of tax including the aggregate of all income and levies for the given period.
HR consultancy, education and evaluation
In the area of HR consultancy and your career development, we work with your history of jobs, remuneration and work evaluation. Psychological reports are used for selected jobs. Information is also stored on any violations of internal regulations and the law, agreements on material responsibility, agreements on employees’ obligations, occupational medical check-ups, employee evaluation and powers of attorney. Information on training and educational programmes completed.
Protection of buildings and information systems, recording of calls, GPS records.
Camera recordings are made exclusively for the purposes of compliance with legal duties, and protection of rights and legally protected interests. For reasons of protection of information systems, information is stored on the history of your logins and logouts, and your activity in selected applications may also be logged. For selected jobs, interviews with clients are recorded as a proof of submitting a requirement for services. You will always be advised in advance if such recordings are made. The contents of this communication are confidential and we use them exclusively for the purposes of compliance with the legal duties, execution and performance of the relevant contract, protection of rights and legally protected interests. Records from GPS devices in company cars are stored for the purposes of recording private and service trips and protection of property.
We obtain information from the initial form, CV, initial interview and mutual communication. Furthermore, information is obtained from applications you use in your work and the systems of protection of buildings.
Your personal data are disclosed especially to employees in relation to the performance of their working tasks that require handling of employees’ personal data, but in each case only to the necessary extent and in compliance with all security measures.
In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include Edenred, Benefity Management, companies providing for operation, management and security of buildings and information systems, BCD Travel, companies of the KB Group, Societe Generale.
We perform personal data processing without your consent to the necessary extent (a) for the performance of a contract related to the provision of services to the KB Group; and (b) for the purpose of protecting the rights and legally protected interests – in particular, protection of buildings and information technologies.
Name and surname, date of birth, nationality, contact address, e-mail address.
Protection of buildings and information systems
Camera recordings are made exclusively for the purposes of compliance with legal duties, and protection of rights and legally protected interests. For reasons of protection of information systems, information is stored on the history of your logins and logouts, and your activity in selected applications may also be logged.
From what sources do we obtain information about you?
The information is obtained from the initial form and mutual communication. Furthermore, information is obtained from applications you use in your work and the systems of protection of buildings.
For how long do we keep personal data?
In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include companies providing for operation, management and security of buildings and information systems, companies of the KB Group.
Right to revoke consent and right to object to processing
This Information Memorandum describes why we need your personal data and that we may process such data for certain purposes only with your consent. You are not obliged to grant consent to the processing of your personal data and, at the same time, you may revoke such consent, if granted. If you revoke your consent, we will terminate the processing of the relevant personal data for purposes requiring the relevant consent.
In case of processing on the grounds of a legitimate interest, you have the right to object to such processing.
You may revoke your consent or raise an objection to personal data processing on the grounds of a legitimate interest by e-mail sent to firstname.lastname@example.org.
We process your personal data in a transparent and proper manner and in conformity with the legal regulations. You have the right to request that we provide you with information on personal data we process in respect of you, the purpose and nature of personal data processing and the recipients of personal data. Should you determine or believe that we process your personal data contrary to protection of your private and personal life or at variance with the legal regulations, you may request explanation from us and, if appropriate, claim that a member of the KB Group eliminate or remedy such a defective state of affairs. You may also contact the Office for Personal Data Protection with a request for remedy in case of breach of our duties.