Privacy policy of Česká spořitelna

Česká spořitelna (ČS) finds privacy and personal data protection as one of its primary duties; it uses personal data fully in compliance with the applicable legislation. The following are the principles adopted to secure confidentiality and security of your personal data.

We consider privacy and protection of personal data as our primary obligation. We treat personal data exclusively in compliance with the applicable legislation. We would like to present the following Principles that explain all that we do to ensure the confidentiality and the security of your personal data, as our clients.

The purport of this document is to provide you with information about the type of personal data we collect and about the way we treat personal data, from what sources we obtain them and for what purposes we use them, to whom we are authorised to disclose them, where you can obtain information on your personal data processed by us, and what are the individual security options for each client of Česká spořitelna.

What personal data does Česká spořitelna collect?

• Personal data used for accurate and unique client identification (identification data) and personal data enabling contacts with the client (contact data). Identification data include: name, surname, title, personal identification number (if any), date of birth, permanent residence address, ID card number, number of passport or other similar document; as for clients - private individuals - entrepreneurs - it is also their VAT number and company identification number. Contact data include in particular: client contact address, phone/fax number, e-mail address, and other similar information.
• Data necessary for Česká spořitelna to comply with its legal obligation to perform its business activities in a prudent manner and without unnecessary legal and material risks. The character and scope of the personal data depend on the nature of the specific banking transaction or service provided to the client.
• As regards the contractual relationship between Česká spořitelna and its clients, the provision of personal data by clients is entirely voluntary, however, it is a prerequisite for the execution of any business transaction or the provision of any service.

Where from does Česká spořitelna obtain personal data?

• From clients - when negotiating a specific business deal or service and during their subsequent implementation.
• From publicly accessible registers, lists and records (e.g. the Commercial Register, Register of Trades, Land Registry, public telephone directory, etc.).
• From other entities if so stipulated by a special regulation (e.g. § 38a of The Banking Act No. 21/1992 Coll., or § 260 and 260g of the Civil Procedure Code No. 99/1963 Coll., etc.).
• From other entities, but only with the client's consent.
• From other entities (e.g. from client information registers operated by non-bank entities, such as LLCB, z.s.p.o. with registered office in Praha 4, Na vítězné pláni 1719/4, postal code 140 00; the SOLUS Association, with registered office in Praha 4, Antala Staška 510/38, postal code 140 00, etc.), however, only with the client's consent.

For what purposes does Česká spořitelna use and process personal data?

• For purposes relating to banking transactions and services, particularly to evaluate banking transactions and/or service applications, and to secure all other activities necessary for the implementation of such transaction or service.
• For compliance with the obligations of Česká spořitelna arising from special regulations (namely Act No. 21/1992 Coll., on Banks, Act No. 61/1996 Coll., on Some Measures against the Legalisation of the Proceeds of Crime, etc.).
• For its own internal needs, especially to perform analyses and evaluations of potential risks, to protect its rights and interests protected by law, to monitor the quality of services and the satisfaction of clients, and to optimise the provided services and products.
• For business purposes, e.g. for the development of new products targeted at the client's needs and at informing the clients about new products and services of Česká spořitelna and its subsidiaries.

How does Česká spořitelna protect personal data?

• Personal Data are under continuous physical, electronic and procedural control; as Česká spořitelna has at its disposal up-to-date control, technological, and security mechanism ensuring maximum possible protection of processed data against any unauthorised access or transmission, against their loss or destruction, as well as against any other possible forms of abuse. 
• All persons coming into contact with the personal data of clients while performing their work duties or contractually assumed obligations are bound by a non-disclosure obligation under the law or a confidentiality agreement.
• Moreover, all client information is classified as a bank secret.

To whom does Česká spořitelna provide personal data?

• To the state authorities or other entities to whom it is obliged to provide such information under special laws (e.g. Act No. 21/1992 Coll., on Banks, Act No. 61/1996 Coll. on Some Measures against the Legalisation of the Proceeds of Crime, etc.), in particular to state administration bodies, courts, bodies active in criminal proceedings, supervisory authorities, executors, public notaries - judicial commissioners, etc.
• To banks in the extent as determined by a special law - either directly or through a legal entity specifically established to maintain the Client Information Register (see § 38a of Act No. 21/1992 Coll., on Banks) - and to the Information Database maintained by the Czech National Bank (Česká národní banka).
• To other entities if it is necessary for the protection of the rights of Česká spořitelna, e.g. to insurance companies or insurance brokers in relation to claims under insurance policies, to courts, court executors, auctioneers, etc., whereas the extent of provided information is limited to data necessary for the successful satisfaction of claims.
• To specialized external organizations ("processors"), which do data processing for Česká spořitelna pursuant to Personal Data Processing Contract (see § 13 of Act No. 101/2000 Coll., on the Protection of Personal Data). Česká spořitelna carefully selects such a processor that is able to provide maximum guarantees with respect to the technical and organizational securing of the protection of submitted personal data.
• To companies operating within the Bank Group (the Bank Group comprises subsidiaries of Česká spořitelna (members of the Financial Group of Česká spořitelna), the company holding the decisive interest in ČS (Parent Company), and companies, in which the Parent Company holds an interest exceeding 25% of their registered capital, or a share exceeding 25% of the voting rights) for business purposes, however, provided that it acquires the client's consent therewith; up-to-date information on the members of the Bank Group is accessible at all branches of Česká spořitelna and on the website of Česká spořitelna.
• With the client's consent or at his/her own request, personal data can be provided also to other entities.

What possibilities do clients have with regard to processing and use of their personal data?

Except for cases as specified by the law, where personal data processing does not require consent on the part of the client (see § 5 of No. 101/2000 Coll., on the Protection of Personal Data), Česká spořitelna processes personal data exclusively with the client's consent. It is at the client's discretion, whether or nor he/she wants to give his consent in the extent as suggested by ČS or whether he/she wants to restrict it. Giving consent is entirely voluntary and is not a precondition for the conclusion of banking transactions. Unless agreed otherwise with ČS, the client may notify ČS (during the existence of their business relationship) that he/she wants to restrict, change or revoke his/her consent. Česká spořitelna is bound by the extent of the consent given by the client and shall fully respect it.

Do clients have access to their personal data and what are the obligations of Česká spořitelna?

The client may request information about his/her personal data used and processed by Česká spořitelna at any of the bank's branches. Česká spořitelna will generate such information in the extent as stipulated by law (see § 12, Paragraph 2 of Act No. 101/2000 Coll., on the Protection of Personal Data) without unnecessary delay and will forward it to the client personally, unless expressly agreed otherwise with the client.

Česká spořitelna is entitled to compensation of the costs associated with the provision of such information (see § 12 of No. 101/2000 Coll., on the Protection of Personal Data). In the event of any violation of clients' rights or the law as a consequence of personal data processing, clients may seek remedy using all remedial measures available under existing legislation (see § 21 of the Act on Personal Data Protection No. 101/2000 Coll.). If the client finds out or deems that his/her rights have been infringed or that the obligations stipulated by law have been violated within the processing of personal data on the part of Česká spořitelna or other entities processing such data, the client may seek remedy of the same, while utilising all means available under the applicable legislation (see § 21 of  No. 101/2000 Coll., on the Protection of Personal Data). The client may contact the Office for Personal Data Protection with his/her suggestions.

Where can clients get more detailed information and/or make objections to personal data processing?

Clients can call 800207207 - a toll-free Help Line of the Financial Group of Česká spořitelna at any time to receive answers to any questions they may have regarding their personal data. Information about personal data processed by Česká spořitelna may be requested at any of its branches. Clients who want to make objections against personal data processing or revoke their prior consent or change its extent shall proceed in one of the following ways:

• Visit the nearest branch of Česká spořitelna
• Use SERVIS 24 Telebanking or SERVIS 24 Internetbanking
• Send an e-mail to: csas@csas.cz, or call a toll-free Help Line at 800207207
• Call or send a written, fax or e-mail request to the Ombudsman Team:

Ombudsman Finanční skupiny České spořitelny
Olbrachtova 1929/62
14000 Praha 4

tel.: +420956717718
fax: 224640663
e-mail: ombudsman@csas.cz

How does Česká spořitelna inform about the principles and the rules for personal data processing and protection

• These Principles are published in the Information Book available to the public at all branches of Česká spořitelna and on its website.
• The rules of personal data processing and protection are explained to clients each time they negotiate specific transaction or service; when entering into their first contract with Česká spořitelna, clients are requested to express their view regarding the Consent with Personal Data Processing as proposed by Česká spořitelna. Clients are familiarised with the rules for personal data processing and protection when concluding a business transaction or within the provision of services, whereas clients are simultaneously requested to express their view regarding the Consent with Personal Data Processing as proposed by Česká spořitelna. These Principles also apply reasonably to personal data processing by members of the Financial Group of Česká spořitelna.