GDPR (for clients)

PRIVACY POLICY

The purpose of this document is to familiarize you (data subjects) with your rights and to provide you with clear information on how your personal data will be handled. We appreciate the trust you place in us when sharing your personal data. When processing personal data, we proceed in accordance with Act No. 101/2000 Coll., on the protection of personal data, and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), which entered into force on 25 May 2018.

For the sake of completeness, we assume that all the information you provide to us is true and up-to-date, and that, in the event of a change in this information, you will inform us without undue delay so that a timely correction can be made.

I. PERSONAL DATA PROCESSING PRINCIPLES

  • In every case, we process all personal data in a lawful, correct, fair, transparent, and responsible manner.
  • Processing is limited in purpose, which means that we only process personal data for specified, explicit, and legitimate purposes and it is not processed further in a way that is not compatible with those purposes.
  • In order to minimize data, we only process personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • We process accurate and updated personal data – if personal data is inaccurate, we ensure its correction or deletion, for which we may require your necessary cooperation.
  • We store personal data in a form that makes it possible to identify data subjects for no longer than is necessary for the purposes of the processing.
  • We ensure that all of our IT systems and other repositories where we store personal data are protected against unauthorized access (through a firewall, antivirus protection, and strict requirements for passwords, logging in to systems etc.).

II. PERSONAL DATA CONTROLLER

BICZ Holding, which comprises the companies:

BICZ a.s., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 06969321

BICZ BOND 2020 s.r.o., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 08608245

BICZ Core Operations s.r.o., headquartered at Jana Masaryka 1316/16, 500 12 Hradec Králové, ID: 26205939

BICZ Design s.r.o., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 08126496

BICZ Finance a.s., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 07921551

BICZ Charity s.r.o., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 08126216

BICZ Real Estates a.s., headquartered at Antala Staška 2027/77, 140 00 Prague 4 – Krč, Company ID No.: 08136416

(hereinafter the “Data Controller“).

III. WHAT PERSONAL DATA DO WE PROCESS AND HOW DO WE OBTAIN IT?

We process data that is provided by you. In particular cases, this may be data provided for the conclusion of contractual documentation between you and us in connection with an offer for the mediation of a purchase, sale, or rental of immovable property and all legal, financial, and consultancy services associated with it, data provided during a personal encounter (including data handed over during inspections of immovable property), or data provided over the phone, in writing, vie e-mail, or via other means of communication.

If we need your consent to process certain personal data for specific purposes, we only process such data for the given purpose with your consent.

We process the following personal data:

E-mail, name, surname, title, address, mailing address, date of birth, age, personal identification number, company identification number, tax identification number, phone number, information about services we have provided you with, information on immovable property whose sale, purchase, or rental we are mediating for you (in conjunction with other data).

The BICZ holding does not process special categories of personal data, or so-called sensitive data, and no automated decision-making or profiling takes place.

IV. FOR WHAT PURPOSES AND DURATION DO WE PROCESS PERSONAL DATA AND WHAT ENTITLES US TO DO SO?

1. Processing of personal data for the purpose of concluding a contract and performing contractual obligations

For the purposes of concluding contractual documentation with you and engaging in the communication associated therewith, we process the following common personal data: name, surname, personal identification number or date of birth, phone number, e-mail address, address, nationality, marital status, account number, and ID card number and its validity period.

Our legal title (entitlement) to the processing of this data is based directly on the performance of our contractual obligations under the contract or another contractual document concluded between you and us. It does not have to be a contract concluded in standard printed form and signed by hand. It can also be a contract concluded orally over the phone.

For this purpose, we process personal data for the duration of the contractual relationship between us. After the termination of the contractual relationship, some data is retained for the purpose of performing legal obligations or on the grounds of a legitimate interest, as is elaborated in the following sections of this document.

2. Personal data processing for compliance with accounting, tax, and other legal obligations

In order to meet our obligations arising from the legal regulations, in particular in the areas of accounting and tax law and obligations arising under Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime and the financing of terrorism (“AML Act”), we process the following data:

  • name and surname
  • personal identification number
  • date and place of birth
  • permanent residence
  • nationality
  • number of identity card or other identity document
  • issuing authority / validity

The period for which the data is processed is determined directly by the relevant legal regulations that impose the obligation to process it.

3. Personal data processing for the purposes of pursuing our legitimate interests or the legitimate interests of a third party

A legitimate interest may cover a whole range of situations. The legitimate interests for which we process personal data:

It is our legitimate interest to protect and prove our rights and legal claims, in particular those arising from concluded contracts or damage incurred. For these purposes, we retain data after the termination of the contractual cooperation or our last contact, if the contract was not concluded according to the obligatory archiving period. This period is set in view of any limitation periods of claims, while taking into account the fact that we do not need to learn of any claim exercised in court at the moment when it is exercised by the other party. For this purpose, data from contracts and our mutual communications are stored.

V. MAKING PERSONAL DATA ACCESSIBLE TO THIRD PARTIES

Some third parties that are in the position of processors may assist us in the performance of our contractual or legal obligations. If such a situation occurs, we will have written contracts in place with these processors in order to fulfil our personal data protection obligations and keep your data safe.

The personal data will also be made accessible to the competent administrative authorities if such an obligation is imposed by law (in particular, in a case where an inspection is carried out in which the authority is entitled to request the submission of personal data).

VI. INFORMATION ABOUT YOUR OTHER RIGHTS IN THE AREA OF PERSONAL DATA PROTECTION

1. Right to access personal data

This is the right to a confirmation of whether we are processing your personal data and, if so, a right to access this data and information about its processing.

2. Right to personal data rectification

This is the right to correct inaccurate personal data without undue delay. In view of the purposes of processing, you have the right to complete incomplete personal data, even by providing an additional declaration.

3. Right to erasure of personal data (right to be forgotten)

In the cases stipulated by law or the GDPR, you have the right to request the erasure of your personal data without undue delay (in the GDPR, the grounds are listed Article 17, including exceptions in which the deletion will not be not carried out).

4. Right to the restriction of processing

In the cases stipulated in Article 18 of the GDPR, you have the right to request that we limit the processing of your personal data.

5. Right to data portability

Under the conditions stipulated in Article 20 of the GDPR, you have the right to obtain your personal data and hand it over to another controller. If technically feasible, you have the right to request the direct transfer of data to another controller.

6. Right to raise an objection

In cases where we process personal data for the purposes of pursuing our legitimate interests, you have the right to object to such processing and we will discontinue the processing of your data, unless our legitimate interest prevails over your interests or rights and freedoms.

7. The right to file a complaint with the supervisory authority

If you believe that your privacy rights are being violated, you have the right to file a complaint with the Office for Personal Data Protection.

VII. PERSONAL DATA SECURITY MEASURES

Your personal data stored in electronic form is saved with password-protected security software. Your data and contact information stored on a mobile phone or other portable device is protected by a password determined by the owner of the device.

Documents in paper form containing your personal data and data as described above are protected by depositing them in an archive for paper documents, which is secured by a lock, and the paper documents are only accessible to persons designated by the controller.

If you have any questions regarding the processing of your personal data, you can contact us on the client line: +420 775 774 011, info@bicz.cz.

GDPR (for candidates)

PRIVACY POLICY

The companies of the BICZ holding are the controllers and processors of the personal data of job candidates.

1. Purposes and data retention period

The personal data of the candidates specified below is processed for the following purposes:
a) The selection of a suitable employee in an ongoing selection procedure (entering into an employment relationship).
For the selection of a suitable employee and the subsequent conclusion of an employment contract (contract for work or work agreement), it is necessary to process the personal data of candidates involved in the selection procedure. For the selection of a suitable intermediary or service provider and the subsequent conclusion of a mandate contract or work contract. This purpose is fulfilled with the completion of the selection procedure.

b) The protection of the Employer’s legitimate interests (defence of the Employer)
After the completion of the selection procedure, the personal data of unsuccessful candidates will be retained in order to protect the legitimate interests of the Employer. Such processing concerns in particular the protection of the Employer against a potential dispute with candidates regarding their rejection or prior to an audit carried out by auditing bodies. Personal data will be retained for up to 3 years after the end of the selection procedure (limitation period); possibly longer if an audit or judicial proceedings subsequently take place.

2. Scope of personal data processing
The scope of personal data strictly corresponds to the purposes of its processing. The controller will process the personal data specified in the candidate’s curriculum vitae, or in other documents submitted by the candidate (documents on education, cover letters, etc.), as well as data handed over in person during interviews, etc.

3. Data processing and protection methods
The personal data of the candidates is obtained directly from the candidate (e.g. in a submitted CV). Personal data is also collected as part of the activities of a particular employer (e.g., an evaluation of an HR specialist or manager). Data can also be obtained from other sources, e.g. through professional social networks or from recruitment agencies.

4. Transfer (disclosure) of personal data
The controller does not expect data to be transferred or disclosed to third parties. However, the transfer of data to partners and advisers cannot be ruled out if there is a legitimate interest to do so. Furthermore, the disclosure of data to public authorities and other institutions may be obligatory.

5. Rights of candidates

Candidates have the right to request access to their data, to copy, correct, or delete their data (if the purpose of processing has ceased to exist, if the consent to processing is withdrawn by the candidate, or if the processing is unlawful), to limit the processing of their data, and the right to personal data portability under the conditions of Articles 15 to 21 of the GDPR. Candidates have the right to object to the processing of their data for compliance with legal requirements (Article 21 GDPR). Candidates have the right to file a complaint about the handling of their data with the Office for Personal Data Protection.

If you have any questions regarding the processing of your personal data, you can contact us on the client line: +420 775 774 011, info@bicz.cz.