Rules for Processing Personal Data at Česká spořitelna, a.s.

Protecting your privacy and personal data is our paramount responsibility.

We handle your personal data only in accordance with valid legislation. Please read the Rules for Processing Personal Data at Česká spořitelna to find out the principles we observe to guarantee the confidentiality and safety of your personal data.

What will you learn about personal data?

  • How we collect personal data
  • how we use and handle it
  • the sources we get it from
  • what purposes we use it for
  • Who we provide it to
  • where you can get information about your personal data being processed by us
  • what your safeguarding options are.

Information about the personal data controller:

Name: Česká spořitelna, a.s.
ID No.: 452 44 782
Tax ID No.: CZ699001261
Registered office: Olbrachtova 1929/62, 140 00 Prague 4

Information about the personal data protection trustee:

Jiří Januška
Tel.: +420 703 616 (weekdays 9:00 a.m. – 3:00 p.m.); Česká spořitelna’s toll-free info line: 800 207 207 (all other days and times)
Registered office: Olbrachtova 1929/62, 140 00 Prague 4


We process your personal data only to the extent strictly necessary to provide the respective service you are arranging with us. We divide personal data into two groups: personal data that we can’t process without your consent and personal data that we can process without your consent.  

Personal data processing where we require your consent

  • Marketing,
  • nonfinancial services provide by our partners,
  • alternative risk assessment,
  • signature biometrics,
  • voice biometrics,
  • automated decision-making,
  • handicap.

More detailed information about personal data processing consents can be found in the text of the consent document presented when arranging a service with us or signing a contract.

Consent to personal data processing for a specific purpose is voluntary.


Personal data processing where we don’t require your consent

  • Fulfilment of our obligations under concluded contracts,
  • fulfilment of our obligations under special legal regulations,
  • safeguarding our rights and legally protected interests (e.g., in connection with lawsuits and insurance claims); the scope of the personal data provided is limited to that strictly necessary to successfully exercise a claim
  • fulfilment of a task in the public interest

If your refuse to grant consent to any of the above purposes, we won’t be able to provide the respective product, service or performance we need the personal data for.


We process your personal data (identification data, contact information and information about your credit rating and how you utilise a service) based on the following laws and our observance of them:

  • Act No. 21/1992 Coll., on banks (this law sets out the conditions for a bank to operate and imposes the obligation on banks to inform each other about clients to prevent and uncover illegal activity),
  • act No. 256/2004 Coll., on capital market undertakings (this law sets out the conditions for providing investment services by security dealers),
  • act No. 634/1992 Coll., on consumer protection (this law regulates credit registers),
  • act No. 257/206 Coll., on consumer credit (this law regulates the rights and obligations connected to the provision and intermediation of consumer credit),
  • act No. 370/2017 Coll., on payment systems (this law regulates entities that are authorised to provide payment services),
  • act No. 164/2013 Coll., on international cooperation in tax administration (this law imposes the obligation to share information with other institutions about individuals with tax obligations in a different country),
  • act No. 253/2008 Coll., on certain measures against legitimisation of proceeds of crime and financing of terrorism (this law imposes the obligation to conduct client identifications and checks),
  • act No. 69/2002 Coll., on carrying out of international sanctions (this law imposes the obligation to check that a client is not under international sanctions)
  • regulations of the European Parliament and of the Council (EU), e.g., Capital Requirements Regulation No 575/2013, on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.

In some cases, we process your personal information to ensure protection of the rights and legally protected interests of Česká spořitelna and the entire Banking Group and, in some cases, third parties. Such processing can be carried out without your consent. However, the reasons that authorise us to such processing are limited. We always carefully assess the existence of legitimate interests.

Examples of personal data processing based on legitimate interests:

  • Simulating products and services to help you choose the best product
  • preparing contracts based on your request – collecting and processing the personal information required to draft a contract with you,
  • managing customer relations to provide all the services related to managing a product or dealing with your requirements, requests, complaints etc.
  • sending news, notifications and confirmations related to your product
  • reporting and creating analytical models based on aggregated and anonymised personal data and sharing them with the parent company (Erste Group Bank AG, Am Belvedere 1, A-1100 Vienna, Austria)
  • analysing your profile information as well as information about products and services for these purposes:
    - Setting suitable parameters of your contract for assessing credit and insurance risk
    - Offering the correct investment product (e.g., investment in investment certificates)
    - Preventing and identifying fraud, ensuring compliance with legislation
    - Preventing money laundering, financing of terrorism, embargos
    - Fulfilling the bank’s statutory obligations to regulators and government authorities
    - Processing camera recordings to prevent illegal activity and safeguard people and property
    - Testing changes to software
    - Conducting research and development of products/services and market development analysis
    - Analysing aggregated (anonymised) data for historical, statistical and scientific purposes



Name, surname, title, birth registration number or date of birth, address of permanent residence, number of identity card (personal ID card, passport or other similar document), signature and, in the case of natural persons (businesses), tax identification number and company identification number, i.e., all personal data that identifies you clearly and unmistakably.


Contact data

Particularly contact address, phone number, email address and other similar information. This is information that we need in order to contact you.


Credit rating (ability to make payments) and credibility

Personal information that is required by Česká spořitelna – with regard to its statutory obligation to act prudently – to execute a banking transaction without unreasonable legal and material risk. The nature and scope of such personal data depends on the nature of the banking transaction executed or service provided.


Service utilisation data

Information about the Česká spořitelna services you have arranged and how you make use of them (e.g., account balances, transaction information, records and recordings of phone calls, records of other communication).


Special categories of personal data

Biometric signature – used in place of your hand signature on a paper contract and made electronically using a special pen and tablet. Voice biometrics – voice recordings and personal data processing linked to the biometric characteristics of your voice to allow you to prove your identity in connection with the provision of financial services. We protect such personal data against misuse and allow no unauthorised person access to it.


Special categories of personal data

Česká spořitelna processes health related information only for specific products and services and only with your consent.

We process and retain the personal information that you provide to us within Česká spořitelna and the Banking Group. If personal data processing is based on your consent or Česká spořitelna’s legitimate interests, your personal data may be processed by Česká spořitelna’s external partners and suppliers. We choose the entities that work with us carefully based on guarantees that ensure the technical and organisational protection of the personal data transferred by us. Personal data may be processed by Česká spořitelna only by processors based exclusively on a personal data processing agreement.

In this respect, Česká spořitelna may, in justified instances, provide personal data to these recipients:

  • Companies within the Banking Group
    • Česká spořitelna – penzijní společnost, a.s. (ID No.: 61672033),
    • Energie ČS, a.s. (ID No.: 24256692),
    • Erste Leasing, a.s. (ID No.: 16325460),
    • Erste Grantika Advisory, a.s. (ID No.: 25597001),
    • Factoring České spořitelny, a.s. ((ID No.: 25629352),
    • MOPET CZ a.s. (ID No.: 24759023),
    • Realitní společnost České spořitelny, a.s. (ID No.: 26747294),
    • REICO investiční společnost České spořitelny, a.s. (ID No.: 27567117),
    • Stavební spořitelna České spořitelny, a.s. (ID No.: 60197609),
    • s Autoleasing, a.s. (ID No.: 27089444),
    • VĚRNOSTNÍ PROGRAM IBOD, a.s. (ID No.: 01818121),
    • Investičníweb s.r.o. (ID No.: 25738607),
    • Erste Asset Management GmbH, Am Belvedere 1, A-1100 Vídeň, Rakouská republika (FN 102018b),
    • Erste Group Bank AG, Am Belvedere 1, A-1100 Vídeň, Rakouská republika (FN 33209m),
  • Banks in the scope set out in Act No. 21/1992 Coll., on banks
  • Česká spořitelna’s external partners and suppliers for the purpose of performing a contract,
  • Marketing and research agencies for marketing or marketing surveys and offers of business, services and products of the Banking Group and designated business partners,
  • Stock exchanges and securities dealers>
  • Payment service providers and payment processors to arrange transfers of funds and execute international payments,
  • Postal and (electronic) communication services providers,
  • Card service providers for the purpose of producing and managing payment cards
  • Bank- and non-bank registers (credit bureaus), mobile phone operators, for the purpose of fulfilling the responsible lending obligation and enforcing receivables under credit/loan agreements,
  • Executors and auctioneers for the purpose of exercising related claims
  • Regulator for the purpose of supervision over Česká spořitelna’s operations according to a special law


To provide certain products (payment cards) and services (payments), we need to transfer your personal data for processing outside the Czech Republic. This means you personal data is transferred to third parties outside the EU. Transfers always take place in compliance with the law, however, and your personal data is always kept secure. This pertains particularly to cloud services (data repositories) of the respective suppliers or signature sample registries in Switzerland.


We retain your personal data only for the time strictly necessary and archive it for the periods required by law.

We process personal data for the term of our contractual relationship or other legal reason that allows us to process your personal data. This means that we have strict internal rules that check the legality of retention of personal data and ensure that we do not hold data longer than we are authorised to. Once the statutory reasons expire, we delete the respective personal data.

The personal data we process with your consent is retained only while the purpose for which you gave consent exists.


We process your personal data transparently, properly and according to the law. At the same time, however, you have the right to request information from us about the procedure we use to process personal data or for the purpose of exercising the rights below related to personal data.


Right to access personal data

You have the right to request a copy of your personal data being processed by Česká spořitelna.


Right to have your personal data corrected

If you believe that the personal data that we have about you is incorrect or incomplete, you have the right to request that it be updated or supplemented.


Right to have your personal data deleted (right to be forgotten)

You have the right to request that your personal data be deleted, provided it is not required for the purpose for which it is being processed, provided you have revoked your consent to have it processed, provided it was processed unlawfully, provided it must be deleted to fulfil legal obligations or provided it was collected in connection with an offer of information society services.


Right to restrict the processing of your personal data

You have the right to request that the processing of your data be restricted if you deny the accuracy of your personal data or its processing is unlawful but refuse to have such personal data deleted; alternatively, if you so request, we can process such personal data even after it is not longer necessary for the purpose that you provided it to Česká spořitelna (e.g., in connection with exercising claims at court if you require from us the personal data processed by us) or you raised an objection against processing, whereas it’s not clear whether our personal legitimate interests take precedence over your legitimate interests.


Right to the accuracy of personal data

In the case of automated personal data processing based on a concluded contract or consent granted to us by you, you have the right to the portability of data, which will be provided in a structured, commonly used and machine-readable format.


Right to withdrow the consent of processing of your personal data

If you have granted us consent to process your personal data for purposes that require your consent, you have the right to revoke such consent at any time. Personal data processing that occurred before you revoked consent is lawful.

To exercise your rights, you may visit any point of sale or use electronic communications channels that you use in your communications with Česká spořitelna.

We will respond without undue delay to your requests that pertain to exercising your rights, but no longer than within 30 days of receiving your request. This deadline may be extended by another two months if necessary. We will always inform you about such extension and the reasons that led us to it. We will communicate with you in the way you prefer (e-mail, post).


Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the supervisory authority (Office for Personal Data Protection) if you believe that personal data protections rules have been breached in connection with the processing of your personal data.

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
tel: +420 234 665 111


If you have any questions related to personal data, you can send them by email to or call tel.: 703 481 616 (not to be used for SMS messages) during business hours from 9 a.m. to 3 p.m., or our toll-free info line 800 207 207 on all other days and times. You can also stop by one of our branches.

Where else you can turn

Česká spořitelna
Bankovnictví budoucnosti.