Protection of personal data

Protection of personal data

The purpose of this website is to inform you about the processing of your personal data in Komerční banka, and about your rights relating to your personal data. We want you to know what kind of personal data we collect, what we do with it, and what we use it for. You can also find information on the sources we obtain this data from, as well as learning who we can provide this data to.

We always process your personal data transparently, fairly and lawfully, and to the extent required for a given purpose. We securely retain your personal data for the period that is strictly necessary, in compliance with the time limits defined by legislation and other regulations. If the bank has a legitimate interest, we can decide for ourselves how long we will retain your data. We only process the personal data of persons aged under 18 if a child’s legal representative is acting on the child’s behalf.

We recommend that you familiarise yourself with the information contained in document Information about processing of personal data you will find below.

Cookies settings

 

Download

Document in pdf – Information About Processing of Personal Data for Clients (PDF, 294 kB)

This document will be regularly updated. The archive of previous versions of the document.

Information About Processing of Personal Data for Clients

The controller of your personal data is Komerční banka, a. s. (hereinafter KB).

Contact details of the controller:

Komerční banka, a. s., IČO: 45317054
Na Příkopě 969/33
114 07 Praha 1
P. O. BOX 839
Česká republika / Czech Republic

Contact details of the Data Protection Officer (DPO):

Kancelář pověřence pro ochranu osobních údajů KB, a.s.
Václavské nám. 796/42
114 07 Praha 1
Česká republika / Czech Republic
E-mail: osobni_udaje@kb.cz

We may only process your personal data if there is an adequate legal reason to do so, i.e., if at least one of the following conditions is met:

a) The processing is necessary for KB to meet its legal obligations, in particular for the following purposes:

  • Credit risk assessment,
  • Prevention, detection and investigation of frauds, and money laundering prevention,
  • Prevention and control of investment products and insurance products,
  • Safeguard against market abuse,
  • Regulatory reporting,
  • Taxation and accounting obligation,
  • Archiving and records management.

b) The processing is necessary for the fulfilment of a contract, in particular for the following purposes:

  • Arranging a product/service,
  • Entering into a contract for the provision of a product/service,
  • Providing customer service related to a product/service.

c) The processing is necessary for the purpose of our justified interests, in particular for the following purposes:

  • Risk management,
  • Security,
  • Defence of our legal claims,
  • Recovery and sale of receivables,
  • Product and service analysis,
  • Development and evolution of provided services,
  • Direct marketing – we can approach you with a general offer of KB products and services,
  • Company’s internal needs; reporting.

d) The processing based on your consent, in particular for the following purposes:

  • Personalized offer of products and services, marketing processing of your data, such as analyses and profiling, surveys and user testing in order to customize our offers to your needs and improve the services provided.
    In the case that you decide to give us your marketing consent, it shall apply to all companies listed in the consent. If you should request to include only some of the joint managers listed therein, we shall consider it a lack of, or as the case may be, withdrawal of your marketing consent. If you withdraw your consent with respect to one of the companies, such withdrawal shall also apply to other companies, which means that none of them shall be authorised to process your personal data for the purposes specified in the marketing consent after that date.
  • Utilising the TelcoScore service, which provides information on the creditworthiness and credibility of users of electronic communications services. More information can be found at www.sid.cz and in the document entitled “Privacy Policy Statement – TelcoScore” available at any KB branch/point of sale and at its website www.kb.cz.
  • If you are a Merchant and you use KB SmartPay and Worldline Card Acceptance Services, you give the Alliance Consent to the processing of personal data and your Company’s data for marketing purposes within the Credit Card Acceptance Alliance, whose members are joint controllers of the data. For more information on this consent, please refer to the “Information on Personal Data Processing by SmartPay” on www.kbsmartpay.com website.

The consent is voluntary; you can give it, refuse it or withdraw it at any time. The withdrawal of your consent shall be without prejudice to the lawfulness of the processing that is based on the consent given before its withdrawal.
A lack or withdrawal of the consent entails no implications for your contractual relationship with KB.

e) The processing is necessary for the protection of your vital interests or for the performance of a task carried out in the public interest or subject to the exercise of official authority potentially vested in us as the controller. Such reasons can be applied to KB only in exceptional circumstances.

Identification data of an individual
In particular, the first name, surname, birth number, date of birth, place of birth, nationality, identity cards numbers. For businesspersons, also their IČO (ID number), VAT number, etc. It also applies to individuals with a connection to specific products, e.g. a joint holder, statutory representative of a legal person, co-debtor, applicant, or family member. This data is important to make sure we really contact the right person.

Special categories of personal data (sensitive data)
In particular, the health data you provide to us with a view to strengthening your interests or that is needed to arrange for a product to be provided.

Contact details
In particular, all addresses of the subject, e.g. the permanent residence address, correspondence addresses (for businesspersons also the address of the company) and other contact details of the entities, e.g. their telephone numbers, electronic addresses, social networking addresses, data mailbox IDs, etc. This data is necessary so that we can deliver our communications to you.

Socio-demographic data
In particular, statistical data, such as age, gender, marital status (single, divorced, etc.), education, profession, employer’s data, number of children, etc. Such data that you usually share with us when you products are opened allow us to better tailor our offer and services to your needs.

Property
In particular, data related to financial circumstances, such as ownership of real estate, securities or shares. In some cases, we also process information about your income and liabilities, as well as other loans/credits balances, lease contract balances, building savings instalments, pension insurance instalments, insurance premiums, other individual expenses (e.g. alimonies), other liabilities (surety, guarantee, ...) etc. We collect this data from you in particular as part of a product/service request, or from external sources (e.g. credit registers), or from information about the use of our products, and are primarily used for the evaluation of your loan/credit applications.

Tax residence
In particular, data associated with identifying your tax residence, i.e. where you are liable to pay taxes in order to comply with the statutory tax liability.

Data on used products and services
Information about which services provided by KB or its subsidiaries and/or partner companies you have arranged and how you use them (e.g. account balances, transaction data on card payments, withdrawals from ATMs, outgoing and incoming payments, etc.). If you choose to use direct banking channels to operate your products/services, we keep information about your location, IP address, activity on our website, etc. We derive, for example, your transactional behaviour from this data and accordingly adjust our offer of products and services.

Means of electronic communication used for authentication and authorisation
In particular, data on means of electronic communication that are primarily used for authentication, i.e. verifying your identity. The data that fall into this category include, without limitation, a digital signature, certificate, or commonly used application login user name, identification or authentication through a mobile device, or serial numbers of the devices (MAC address), etc. The main reason for processing these data is to ensure a high level of security of while these means of communication are used.

Activity records of banking equipment and/or applications
In particular, identification data e.g. from payment terminals, communication channels or banking applications logs, as well as other data, such as geolocation data from payment terminals. The data is used, above all, to monitor and optimize the availability of our facilities and services, e.g. when dealing with your complaints.

Communication recordings
In particular, telephone call recordings, written records of meetings with relationship managers or other specialized staff, recordings of your complaints and claims. This data is intended to prevent you from being contacted too often and helps us to adjust our offer to your current needs. You are always informed in advance that a given telephone call is going to be monitored/recorded.

Camera recordings
In particular, data/recordings from the monitoring devices of KB’s branches/points of sale, as well as KB’s other premises, such as ATMs and safes. They are used, first and foremost, to ensure the safety of clients and employees of the bank and to protect property.

Data obtained from you or your representatives (e.g. legal guardian or statutory representative)
Data you provide us, e.g. in an application for the provision of a product/service.

Data resulting from the use of banking products and services
Data automatically recorded by banking systems and devices while your transactions are executed, such as ATM withdrawals, card payments, payments credited and debited to your current account.

Data from publicly accessible sources
These include, in particular, sanction lists of entities associated with terrorism and other internationally monitored persons subject to international sanction programmes, the insolvency register (ISIR), bankruptcy register, central register of enforcements/distraints, registers of invalid and stolen documents, register of groups of connected clients, information from the land/property register, trade register, business register, etc.

Data obtained from third parties
These include, in particular, the data on the use of products and services provided by the KB Group members, data obtained from mobile operators (using the TelcoScore service – see Section 3), or public authorities, and also data collected from specialized companies that collect information from public sources, such as ministries, the trade register, business register, land/property register, etc.

Data from the Internet, social media and social networks
These include, in particular, the so-called geolocation data that precisely identify the GPS coordinates (or an address point), an IP address, cookies, identification of a device from which you connect, information on browsers, identification of a social network profile, etc. Making use of marketing services offered by some social networking providers (e.g. Facebook), we use your profile information so that we can target our advertising campaigns to users with similar characteristics more efficiently.

Data from our web forms
These include, in particular, contact details you provide to us when you show interest in any of our products so that we can contact you.

Data related to products of other financial institutions connected to internet banking
If you connect a product you use, which is provided by another financial institution, to KB’s internet banking, we shall process the data provided by you or obtained by us, which are necessary for the proper functioning of this service, and the data on such products and their transactions to the extent the other financial institution shall have provided to us.

The regulations on personal data protection allow the controller to entrust the processing of personal data to a processor. A personal data processor is any entity that processes personal data on the basis of specific legislation, or is entrusted or authorised to do so by the controller. In such cases, the contractual and regulatory arrangements guarantee your data the same protection that Komerční banka provides. The most important processors used by KB to process personal data include:

  • IT services providers (development, maintenance and support of KB information systems),
  • Card associations,
  • Advertising and marketing agencies,
  • Companies providing data and documents archiving,
  • Companies and individuals providing legal services,
  • Companies and individuals collecting debts on our behalf,
  • Mortgage appraisers,
  • Our partners in loyalty programmes,
  • Postal services and couriers,
  • Comprehensive insurance providers,
  • Providers of services for payment cards issuing and card transactions processing,
  • Financial intermediaries.

In addition to the processors listed above, whom we authorise more or less directly to process personal data, we also pass on your personal information to other institutions or entities, in particular:

  • Government entities, courts and law enforcement authorities,
  • Czech National Bank and the Ministry of Finance,
  • Czech Office for Personal Data Protection,
  • Other banks or payment services providers to the extent provided by law,
  • Mobile telephone operators (if the client uses TelcoScore – see Section 3).

 

  • Participants of client information registers

To protect our rights by assessing your ability and willingness to repay your loan commitments, KB investigates your creditworthiness, payment discipline and integrity. We do this on the grounds of our legal obligations and/or legitimate interests, with the help of credit registers. At the same time, when negotiating a credit or loan, and possibly also during the term of a credit agreement, we pass on your data to these credit registers, without your consent being necessary. In addition to the database maintained by the Czech National Bank, we use three other credit registers:

  • Client Information Bank Register (CIBR) – more information about this register is available at www.cbcb.cz.
  • Non-Bank Client Information Register (NCIR) – more information about this register is available at www.cncb.cz.
    The above registers exchange information and share it with each other without your consent being necessary. We recommend you to consult their Information Memoranda that are available at KB Internet pages or at the registers’ websites.
  • Registr SOLUS Register – more information about this register is available at www.solus.cz

Subject to conditions as defined by law, we may also provide your personal data to our parent company, Société Générale, s.a., registered in France under Company Number R.C.S. Paris B 552 120 222, as well as other Group members incorporated in the Czech and Slovak Republics, such as:

  • Modrá pyramida stavební spořitelna, a.s., IČO (Company ID): 60192852,
  • Komerční pojišťovna, a.s., IČO (Company ID): 63998017,
  • KB Penzijní společnost, a.s., IČO (Company ID): 61860018,
  • ESSOX s.r.o., IČO (Company ID): 26764652,
  • ESSOX Finance, s. r. o., IČO (Company ID): 35846968 (Slovakia),
  • ALD Automotive s. r. o., IČO (Company ID): 61063916,
  • ALD Automotive Slovakia, s. r. o., IČO (Company ID): 47977329 (Slovakia),
  • SG Equipment Finance Czech Republic s.r.o., IČO (Company ID): 61061344,
  • Factoring KB, a.s., IČO (Company ID): 25148290

We only retain our clients’ personal data for a period of time that is appropriate to the purpose of their processing.

The relevant legislation establishes a time limit for the retention of clients’ personal data – as a rule 10 years from the termination of the contractual relationship. However, in order to protect our legitimate interests, in particular in the event of possible complaints, claims or lawsuit, we may retain your personal data longer.

As part of the service connecting other financial institutions’ products to KB internet banking, we shall retain data on these products and transactions for 5 years after such products have been disconnected from KB internet banking.

We usually store the data obtained from our web forms for up to 2 months, after which period, they shall be automatically deleted. If a contract is concluded in the meantime, we shall retain your data in accordance with applicable law.

Right of access to personal data

  • You shall have the right to request a transcript of personal data concerning your person collected by KB.

Right to personal data portability

  • You shall have the right to receive the personal data concerning your person, which you have provided to us, in a structured, commonly used and machine-readable format. This concerns your personal data undergoing automatic processing under your consent or under a contract.

Right to erasure of personal data (right to be forgotten)

  • You shall have the right to obtain from KB the erasure of personal data concerning your person without undue delay, where a legal ground is met.

Right to have personal data rectified

  • You shall have the right to obtain from KB without undue delay the rectification of inaccurate personal data concerning your person, or to have incomplete personal data completed.
  • If you notify us of a change in your personal data, we shall update it immediately.

Right to restriction of processing

  • You shall have the right to request restriction of processing of personal data concerning your person in the cases defined by law (e.g. if the personal data processed are inaccurate, or the processing is unlawful, or you have objected to the processing of your personal data where it is based on our legitimate interests).

Right not to be subject to a decision based solely on automated processing

  • You shall have the right not to be subject to a decision based solely on automated individual processing, including profiling, which produces legal effects concerning your person or similarly significantly affects you. KB shall always inform you about this situation and shall give you an opportunity to discuss the matter with a bank official and together find another, more acceptable option.
  • If you use a service that is based solely on automated decision making, you have the right to obtain human intervention, to express your point of view, or to contest the decision. In this case, a bank official shall discuss the matter with you.

Right to object

  • If KB processes your personal data based on the controller’s legitimate interests, you shall have the right to object.
  • If you object to processing of personal data concerning your person for direct marketing purposes, we shall always oblige you and shall no longer process your personal data for such purposes.

Right to lodge a complaint with a supervisory authority

  • You shall have the right to lodge a complaint with a supervisory authority (the Office for Personal Data Protection, www.uoou.cz) if you consider that the processing of personal data relating to your person has infringed the data protection rules.

When processing your personal data, we adhere to applicable law, in particular (without limitation) by:

Regulation (EU) 2016/679 on personal data protection (GDPR);
Act No. 110/2019 Coll., On the Processing of Personal Data;
Act No. 89/2012 Coll., Civil Code;
Act No. 21/1992 Coll., On Banks;
Act No. 370/2017 Coll., Payments Act;
Act No. 256/2004 Coll., On Trading in Capital Market;
Act No. 253/2008 Coll., On Selected Measures Against Legitimisation of Proceeds of Crime and Financing of Terrorism;
Act No. 480/2004 Coll., On Certain Information Society Services.

Documents
Contacts

Office of the Data Protection Officer

Komerční banka a.s.

Na Příkopě 969/33

114 07 Prague 1

Phone number: in CZE: 800 521 521, from abroad: +420 955 559 550

E-mail: osobni_udaje@kb.cz

 

Other Important Contacts

Office for Personal Data Protection

address: Pplk. Sochora 27, 170 00 Prague 7

tel.: 234 665 111

website: www.uoou.cz

Text of GDPR: http://eur-lex.europa.eu/legal-content/CS/ALL/?uri=CELEX:32016R0679

Guidlines of WP29 for GDPR:

http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1360

For employees, job seekers and external partners

This web page aims to provide employees, job seekers and external partners of the Komerční banka corporate group in the Czech and Slovak Republics with information on personal data processing and the related rights. You will learn what personal data we collect, how we manage them, from what sources we obtain them, for what purposes we use them and to whom we may provide them.

Download

Information on processing personal data (PDF, 642 kB)

The information on personal data processing will be regularly updated

Information on processing personal data

The controller of your personal data is, in each individual case, the specific company of the KB Group, as defined below (hereinafter “KB Group”), to which you provided the personal data or which obtained the personal data from you. The controller collects your personal data, manages them is responsible for their proper and lawful processing.

KB Group

ALD Automotive s. r. o., with its registered office: Praha 10, U Stavoservisu 527/1, Postal Code 108 00, Id. No.: 61063916

ALD Automotive Slovakia s. r. o., with its registered office: Bratislava, Panónska cesta 47, Postal Code 851 04, Id. No.: 47 977 329

ESSOX s.r.o., with its registered office: České Budějovice, F. A. Gerstnera 52, Postal Code 370 01, Id. No.: 26764652

Essox Finance, s.r.o., with its registered office: Bratislava, Karadžičova 16, Postal Code 821 08, Id. No.: 35 846 968

Factoring KB, a.s., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 25148290

Komerční banka, a.s., with its registered office: Prague 1, Na Příkopě 33/969, Postal Code 114 07, Id. No.: 4531 7054

Komerční banka, a.s., foreign bank’s branch, with its registered office: Bratislava, Hodžovo námestie 1A, Postal Code 811 06, Id: 47231564

KB Penzijní společnost, a.s., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 61860018

Komerční pojišťovna, a.s., with its registered office: Prague 8, Karolinská 1/650, Postal Code 186 00, Id. No.: 63998017

Modrá pyramida stavební spořitelna, a.s., with its registered office: Prague 2, Bělehradská 128/222, Postal Code 120 21, Id. No.: 60192852

SG Equipment Finance Czech Republic s.r.o., with its registered office: Prague 5 – Stodůlky, náměstí Junkových 2772/1, Postal Code 155 00, Id. No.: 61061344

SG Equipment Finance Czech Republic – org. zložka, with its registered office: Bratislava 1, Hodžovo nám. 1A, Postal Code 810 00, Id. No.: 31785972

We honour and respect the highest standards of personal data protection in processing of your personal data and comply, in particular, with the following principles:

  • We process your personal data for the set purpose, using the set means and in the set manner, and only for a period necessary for the purposes of their processing;
  • We protect your personal data and provide for their processing while ensuring the highest possible security so as to prevent any unauthorised or accidental access to your personal data, their change, destruction or loss, unauthorised transfer and other unauthorised processing;

We comply with appropriate technical and organisational measures to ensure a level of security corresponding to all possible risks; all persons who come into contact with employees’ personal data are obliged to maintain confidentiality of information obtained in connection with the processing of such data.

The data protection officer for all companies within the KB Group is:

Ing. Radek Basár, MBA
Na Příkopě 969/33
114 07 Prague 1

Tel.: +420 955 532 780

The legislation on personal data protection allows the controller to authorise another person – a processor – to process personal data. A personal data processor is every entity that processes personal data on the basis of a special law or authorisation of the controller. In some cases, this procedure is also used by companies of the KB Group in personal data processing. Compliance with the same principles of personal data processing as those followed by the KB Group is guaranteed in these cases by a contract and by law.

Your personal data are being processed in the territory of the Czech and Slovak Republics and in other countries of the European Union where entities belonging to the KB Group are seated and that share the same standards of personal data protection as the Czech and Slovak Republics. Neither the controller nor the processors involved in the processing of employees’ personal data transfer employees’ personal data to countries outside the European Union.

The manner in which the controller processes your personal data includes only manual processing in information systems.

Purpose and legal basis of personal data processing

We process personal data without your consent: (a) on the grounds of a legitimate interest with a view to selecting the most suitable candidate and filling a job vacancy as efficiently as possible, and (b) to execute the employment contract.

We process personal data with your consent with a view to offering further job vacancies to you.

Extent of personal data being processed:

Identification and contact details

Name and surname, date and place of birth, birth identification number, place of residence, telephone number, marital status, nationality, photograph, e-mail address, profile address in social networks.

Details on education and previous employment

List of completed schools, diplomas, school reports, courses, certificates, previous employers, motivation letter, driving licence, psychological tests, psychodiagnostic tests, recruitment tests.

Publicly available data

Furthermore, information may be obtained that is freely available on the internet in the Commercial Register, Trade Register, Insolvency Register or other insolvency records with a similar or identical content, or the LinkedIn social network.

Details from mutual communication

Notes made during telephone calls, video recordings, notes made during personal interviews and, if appropriate, written communication.

Protection of buildings

With a view to protecting rights and legally protected interests, your movement in buildings are recorded and camera recordings from selected areas of buildings are stored.

 

From what sources do we obtain information about you?

We obtain information from your CV, from portals focusing on job advertisements to which a response was made, from recruitment agencies, based on references and mutual communication, from social networks and the internet.  

 

For how long do we keep personal data?

We process your personal data only for the period necessary for the purposes of their processing. We regularly evaluate whether it is still necessary to process certain personal data for the given purpose. If we determine that they are no longer required for any of the purposes for which they were processed, we will destroy the data. In relation to certain purposes of personal data processing, we have evaluated the usual duration of processing of personal data as follows for the relevant purposes:

  • we process data on the grounds of a legitimate interest and the performance of a contract for the duration of the recruitment process, but not exceeding 6 months;
  • we process data related to protection of buildings on the grounds of legitimate interests for a period of 180 days.
  • if you have granted consent to processing of your personal data, the personal data will be stored for the purpose of offering another potential job vacancy for a period of 24 months or until the consent is revoked.

 

Recipients and processors of personal data

Your personal data are disclosed especially to employees in relation to the performance of their working tasks that require handling of personal data, but in each case only to the necessary extent and in compliance with all security measures.

In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include recruitment agencies and companies performing psychological tests.

Purpose and legal basis of personal data processing

We perform personal data processing without your consent to the necessary extent (a) on the grounds of performance of the contract – especially employment contract, agreement related to benefit programmes, contract with a medical facility providing occupational health services, contract for savings and insurance plans; (b) to perform a legal obligation – especially duties to notify public authorities, courts and the police, duties pertaining to the enforcement of decisions and performance of the archiving duty; (c) for the purpose of protecting the rights and legally protected interests, including, but not limited to, protection of information technology, buildings and property, and goodwill, and in relation to the management of security risks, prevention and investigation of frauds; and (d) on the grounds of legitimate interests of the controller in the area of HR consultancy, education and evaluation.

Extent of personal data being processed:

Identification and contact details

Name and surname, academic degrees, address of residence, telephone number, date and place of birth, birth identification number, marital status, photographs, nationality, information whether you are the governing body or a member of the supervisory body of another legal person, whether you operate a business, bank details, personal number.

Data for payroll agenda, remuneration and benefits

Records of hours of work, data necessary for reflecting discounts and deductions for taxes, data necessary for reflecting discounts and deductions for savings and insurance schemes, information on accidents at work, data on business trips including accommodation and booking of transport tickets and minor expenses, mandatory deductions from salary, confirmation of study, disability or old-age pension, meal vouchers, Cafeteria benefits scheme, employee equity plan, information for annual settlement of tax including the aggregate of all income and levies for the given period.

HR consultancy, education and evaluation

In the area of HR consultancy and your career development, we work with your history of jobs, remuneration and work evaluation.  Psychological reports are used for selected jobs. Information is also stored on any violations of internal regulations and the law, agreements on material responsibility, agreements on employees’ obligations, occupational medical check-ups, employee evaluation and powers of attorney. Information on training and educational programmes completed.

Protection of buildings and information systems, recording of calls, GPS records.

Camera recordings are made exclusively for the purposes of compliance with legal duties, and protection of rights and legally protected interests. For reasons of protection of information systems, information is stored on the history of your logins and logouts, and your activity in selected applications may also be logged. For selected jobs, interviews with clients are recorded as a proof of submitting a requirement for services. You will always be advised in advance if such recordings are made. The contents of this communication are confidential and we use them exclusively for the purposes of compliance with the legal duties, execution and performance of the relevant contract, protection of rights and legally protected interests. Records from GPS devices in company cars are stored for the purposes of recording private and service trips and protection of property.

Email communication sent outside KB and the SG Group, as well as uploading data to web repositories, web emails and social networks, is monitored. The aim of the monitoring is to protect client data and ensure that sensitive information does not leave the bank. This obligation is imposed on the bank by legislation. The monitoring automatically searches for chains that would indicate that the client's sensitive data such as client identification data, credit card numbers, internal data on the client's financial situation evaluation, etc. are leaving the bank. If the search algorithm evaluates a possible violation of the information handling rules (see INS24-003), it is forwarded to the SOC for further investigation.

From what sources do we obtain information about you?

We obtain information from the initial form, CV, initial interview and mutual communication. Furthermore, information is obtained from applications you use in your work and the systems of protection of buildings.
 

For how long do we keep personal data?

We process your personal data only for the period necessary for the purposes of their processing. We regularly evaluate whether it is still necessary to process certain personal data for the given purpose. If we determine that they are no longer required for any of the purposes for which they were processed, we will destroy the data. In relation to certain purposes of personal data processing, we have evaluated the usual duration of processing of personal data as follows for the relevant purposes:

  • we process data for the purposes of performing the contract during the term of the contractual relationship; furthermore, the relevant personal data can usually be utilised for a period of five years in the Czech Republic and ten years in Slovakia;
  • we process personal data of employees for the purpose of performing our legal obligations for a period of 30 years in the Czech Republic and up to 70 years of age of the data subject in Slovakia;
  • on the grounds of protection of legitimate interests, we process data related to protection of buildings for a period of 180 days, voice recordings for a period 5 years and records from information systems for a period of 10 years.
     

Recipients and processors of personal data

Your personal data are disclosed especially to employees in relation to the performance of their working tasks that require handling of employees’ personal data, but in each case only to the necessary extent and in compliance with all security measures.

In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include Edenred, Benefity Management, companies providing for operation, management and security of buildings and information systems, BCD Travel, companies of the KB Group, Societe Generale.

Purpose and legal basis of personal data processing

We perform personal data processing without your consent to the necessary extent (a) for the performance of a contract related to the provision of services to the KB Group; and (b) for the purpose of protecting the rights and legally protected interests – in particular, protection of buildings and information technologies.

Extent of personal data being processed:

Identification and contact details

Name and surname, date of birth, nationality, contact address, e-mail address.

Protection of buildings and information systems

Camera recordings are made exclusively for the purposes of compliance with legal duties, and protection of rights and legally protected interests. For reasons of protection of information systems, information is stored on the history of your logins and logouts, and your activity in selected applications may also be logged.


From what sources do we obtain information about you?

The information is obtained from the initial form and mutual communication. Furthermore, information is obtained from applications you use in your work and the systems of protection of buildings.


For how long do we keep personal data?

We process your personal data only for the period necessary for the purposes of their processing. We regularly evaluate whether it is still necessary to process certain personal data for the given purpose. If we determine that they are no longer required for any of the purposes for which they were processed, we will destroy the data. In relation to certain purposes of personal data processing, we have evaluated the usual duration of processing of personal data as follows for the relevant purposes:

  • we process data for the performance of the contract during the term of the contractual relationship between the company of KB Group and your employer, or the person for whom you perform, based on the contractual relationship, the activities that are the subject of the contractual relationship between the company of the KB Group and this person; furthermore, the relevant personal data can usually be utilised for a period of five years in the Czech Republic and ten years in Slovakia;
  • on the grounds of protection of legitimate interests, we process data related to protection of buildings for a period of 180 days and records from information systems for a period of 10 years.
     

Recipients and processors of personal data

Your personal data are disclosed especially to employees in relation to the performance of their working tasks that require handling of employees’ personal data, but in each case only to the necessary extent and in compliance with all security measures.

In addition, your personal data are transferred to third parties involved in the processing of personal data, and such personal data may also be disclosed to such third parties on other grounds in accordance with the law. Prior to any transfer of your personal data to a third party, a written contract is always executed which regulates the personal data processing so as to include safeguards for personal data processing identical to those that the controller of your personal data complies with in accordance with its statutory obligations. Important processors include companies providing for operation, management and security of buildings and information systems, companies of the KB Group.

Right to revoke consent and right to object to processing

This Information Memorandum describes why we need your personal data and that we may process such data for certain purposes only with your consent. You are not obliged to grant consent to the processing of your personal data and, at the same time, you may revoke such consent, if granted. If you revoke your consent, we will terminate the processing of the relevant personal data for purposes requiring the relevant consent.

In case of processing on the grounds of a legitimate interest, you have the right to object to such processing.

You may revoke your consent or raise an objection to personal data processing on the grounds of a legitimate interest by e-mail sent to osobni_udaje@kb.cz.

 

Your rights

We process your personal data in a transparent and proper manner and in conformity with the legal regulations. You have the right to request that we provide you with information on personal data we process in respect of you, the purpose and nature of personal data processing and the recipients of personal data. Should you determine or believe that we process your personal data contrary to protection of your private and personal life or at variance with the legal regulations, you may request explanation from us and, if appropriate, claim that a member of the KB Group eliminate or remedy such a defective state of affairs. You may also contact the Office for Personal Data Protection with a request for remedy in case of breach of our duties.