Personal Data Protection
INFORMATION ON DATA PROCESSING AND PROTECTION
I. INFORMATION ABOUT THE DATA CONTROLLER
1. ZEITRAUM s.r.o., ID No. 04184246, entered in the Commercial Register kept by the Prague Municipal Court in Section C, File No. 243782, with its seat at U Půjčovny 952/2, 110 00 Praha 1 (“ZEITRAUM”) in its capacity as the data controller has drawn up the present material to inform the data subjects (i.e., the “client”) about the processing of their personal data.
2. Customers who have questions regarding the processing of their personal data may approach ZEITRAUM via e-mail email@example.com or by sending a letter addressed to the seat of the company.
II. FUNDAMENTAL PRINCIPLES OF DATA PROCESSING
1. ZEITRAUM will at all times treat all personal data in accordance with the applicable law. In this document, clients learn of the rules in place at ZEITRAUM for the processing of personal data, and find out about the principles observed by ZEITRAUM in order to ensure the confidentiality and protection of personal data.
2. When processing personal data of clients, ZEITRAUM will always abide by the following principles in particular:
a. ZEITRAUM processes personal data in a transparent manner, always in compliance of all laws and legal regulations.
b. ZEITRAUM always proceeds in a fair and transparent way when processing personal data, and seeks to minimize the purposes and the scope of data processing as much as possible.
c. ZEITRAUM informs its clients using comprehensive, concise, and appropriate language, free from extraneous details, so that the client may understand the information on data processing and protection.
d. ZEITRAUM sees to it that no client suffers any infringement of any of their rights (and of their right to dignity in particular), and sets utmost store in the protection of client’s privacy and personal life from unauthorized intrusion and interference.
e. ZEITRAUM provides its clients with information about the processing of personal data before concluding a contract or providing a service by ZEITRAUM (this document is available on ZEITRAUM’s website: www.zeitgeist.re) as well as during all face-to-face meetings with clients.
III. SCOPE, LEGAL TITLE, AND DURATION OF PERSONAL DATA PROCESSING
1. ZEITRAUM processes the personal data of clients in the following scope:
a. Data for identification – personal data which allow for the unique and unmistakable identification of the client (first and last name, academic titles), place of permanent residence, number of the client’s ID, birth identification number and signature; his includes all personal data through which the client as data subject may uniquely and unmistakably be identified.
b. Contact data – personal data which facilitates contact with the client (i.e., in particular, the contact address, phone and fax number, e-mail address, etc. given by the client). This data makes it possible to establish contact with the client.
c. Data originating from external sources – i.e., in particular, publicly accessible registers such as the Commercial Register, Insolvency Register, etc.
d. Copies of official documents,
e. Recorded correspondence with clients (including email communication).
f. Information about concluded contract
g. Information needed for bookkeeping
h. Information bank details and banking information
j. Special categories of personal data (sensitive data) processed only in exceptional cases with strict observance of applicable regulations on personal data (obligation towards Aliens police authority).
k. In order to ensure safety of accommodated clients, ZEITRAUM operates safety cameras in designated common use areas in accommodation facilities. The visual recordings from the cameras are recorded using servers belonging to ZEITRAUM and accessible only to designated workers of ZEITRAUM. The recordings are stored only for 24 hours (and then automatically deleted by new recordings).
2. Legal grounds for the processing of personal data
ZEITRAUM will only ever gather and handle personal data in the extent necessary and for the relevant purpose; personal data is only ever processed so as to attain the designated purpose. The provision of personal data by clients is always voluntary; if data was made available for processing on the basis of a consent notice, the client may demand that the processed data be deleted (see further below).
In certain cases, e.g. providing accommodation, ZEITRAUM may need the client’s personal data already at the time of the application/reservation of the accommodation. This is because without this data ZEITRAUM would not be able to provide the services requested by the client due to ZEITRAUM’s duties under the law and protection of ZEITRAUM’s legitimate interests.
ZEITRAUM is entitled to process personal data of clients on basis of the following legal grounds:
a. Consent notice – consent is given for one or several specific purposes. The notice of consent with the data processing by ZEITRAUM, freely given by the data subject, shall list which specific personal data will be processed by ZEITRAUM based on consent notice by data subjects (clients).
b. Performance of contract – ZEITRAUM needs the personal data of the client in order to conclude the agreement with them and to subsequently perform under the same; this legal ground for data processing may regularly be invoked also during the pre-contractual stage.
c. Compliance with the law – ZEITRAUM needs the personal data of the client in order to fulfill its statutory duties and obligations as a data controller.
d. Legitimate interest – The processing of personal data is necessary to protect ZEITRAUM’s legitimate interests, with the exception of those cases in which the client’s interests or their fundamental rights and basic freedoms take precedence over the interests of ZEITRAUM.
3. ZEITRAUM processes the personal data of clients for the following purposes:
a. Performance of contract – Personal data processing is indispensable to properly exercise the rights and discharge the obligations which arise for ZEITRAUM from the contractual relationship with the client (e.g. preparing the agreement, or monitoring the proper provision of services under the agreement).
ZEITRAUM will process personal data for this purpose for the duration of the contractual relationship and for the duration of the limitation period relating to rights and obligations arising from the contract and for the duration of possible archiving.
b. Legitimate interests of ZEITRAUM – The personal data processing is indispensable for this purpose (e.g.: monitoring and preventing fraud; physical protection of the premises and property of ZEITRAUM; internal reporting; resolution of conflicts with the client, protection and exercise of ZEITRAUM’s rights; direct marketing; marketing activities, statistical purposes), in the same scope as for the purpose of the performance of contracts.
ZEITRAUM will process personal data for this purpose for the duration of the contractual relationship and until the expiry of all relevant periods of limitation related to the exercise of rights and discharge of obligations within that relationship.
c. Observance of legal duties – The processing of personal data for this purpose is indispensable because an act of law or other generally binding statutory provision requires such processing (e.g. to to observe the duty of due care, or to fulfill notification duty vis-a-vis public authorities, or to fulfill obligations in connection with the enforcement of public-law decisions, or to fulfill identification and KYC duties or other duties in connection with the prevention of money laundering if ZEITRAUM has such duties, or to fulfill archiving duties).
ZEITRAUM will process personal data for this purpose within the scope prescribed by law in each individual case. In this respect, ZEITRAUM may furnish and store copies of documents and other materials (including the client’s ID, if the client specifically consented to have their ID photocopied), in each case in accordance with the relevant agreement and its annexes, and in accordance with the applicable laws and regulations.
ZEITRAUM will process personal data for this purpose for as long as required under the applicable provisions of statutory law.
IV. sources from which the personal data originates
1. ZEITRAUM gathers personal data within the context of its operations:
a. directly from the client, during the negotiations of its contractual relationship and the subsequent performance under the same;
b. from publicly accessible registers, lists, and records (Commercial Register, Trade Licensing Register, Insolvency register etc.)
V. DATA PROCESSING METHODS
1. ZEITRAUM will process the personal data of its clients both by means of automated processing and manually.
VI. INFORMATION REGARDING DISCLOSURE AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES – data recipients and data processors
1. ZEITRAUM will disclose the personal data of its clients to public authorities, entities whom ZEITRAUM must grant access to the data under the law – i.e., in particular, Aliens police of the Czech republic, administrative authorities, courts, court bailiffs, notary publics, court commissioners, insolvency trustees, etc.
2. ZEITRAUM as the data controller will process the personal data using its own staff and has implemented the technical, organizational, and personnel measures and precautions that guarantee a high level of protection and the non-disclosure of personal data of its clients. In this sense, ZEITRAUM will make use of the following data processors when processing its clients’ personal data; ZEITRAUM relies on these when providing services and products (in particular in the area of marketing) or, as the case may be, has commissioned them with the discharge of its contractual obligations and its duties under the law, in each case on the basis of a data processing agreement:
a. companies belonging ZEITRAUM Group:
– Family Office Noack s.r.o.
– Family Office Junghänel s.r.o.
– Zeitgeist Asset Management s.r.o.
– Zeitgeist Hospitality Management s.r.o.
– Zeitgeist Asset Management s.r.o.
– Zeitgeist Asset Management sp.z.o.o.
– Zeitgeist Asset Management GmbH
b. external service providers
– accountants, tax advisers and other specialists
– IT services providers
VII. RIGHTS OF THE DATA SUBJECT IN CONNECTION WITH THE DATA PROCESSING
1. The client’s personal data will always be processed in a transparent and proper manner and in compliance with the statutory requirements. With that said, the client may at any time turn to ZEITRAUM to ask for information on the manner in which their personal data is being processed or in order to enforce any of their related rights as set out below:
a. Right of access – The client may ask ZEITRAUM for access to their personal data and, in particular, explanations as to the manner in which this data is being processed, whereas these explanations shall have the form of a notice informing the client of the purpose of data processing; the scope and contents of the processed personal data or, as the case may be, data categories (including all information on the sources from which such data originated, where available); and the nature of the means of automatic processing, if automatic processing is used in decision-making processes (i.e., if, based on said data processing, steps are taken or decisions are passed which have impact on the rights and legitimate interests of the client and of the recipient of the personal data, or data categories).
b. Right to rectification of faulty data – If the client believes that the personal data processed by ZEITRAUM is inaccurate or incomplete, they may call upon ZEITRAUM to update or supplement said data. The client may object to any processing of inaccurate data or processing which is not in compliance with the law, and may demand the rectification of such data.
c. Right to deletion of personal data (“right to be forgotten”) – The client has the right to demand that their personal data are deleted if such data is no longer required for the purpose for which it was processed, if the client has withdrawn their consent with the processing, or if the data processing was unlawful in which case deletion is mandated under the law.
d. Right to restrict data processing – The client may demand that the data processing be restricted if they challenge the accuracy of their personal data or if the processing has been unlawful but they do not wish to see the data deleted; if ZEITRAUM no longer needs the specific personal data for the purposes of processing but the client may still require such data (e.g. in connection with the enforcement of claims in court); or if the client in its capacity as the data subject whose data is being processed but it has yet to be determined whether its legitimate interests take precedence over those of ZEITRAUM.
e. Right to data portability – In the case of automated processing based on an agreement or based on consent given to ZEITRAUM, the client has the right to transfer their data from one controller to another (or to the client), in which case they must receive a copy of the data in a structured, commonly used, machine-readable format.
f. Right to withdraw the consent to data processing – To the extent that the data subject has granted ZEITRAUM consent with the processing of their personal data for purposes that require prior consent, the data subject may revoke the consent at any time. Data processing which took place before the consent was withdrawn, however, is deemed lawful and legitimate.
g. Right to complain to the supervisory authority – The client may bring their complaints before the supervisory authority, i.e., the Czech Data Protection Office (Úřad pro ochranu osobních údajů) if the client believes that data processing and rules on personal data protection were breached in connection with the processing of client’s data.
Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Prague 7, Phone No.: +420 234 665 111.
2. The data subjects who wish to exercise these rights should contact ZEITRAUM at firstname.lastname@example.org or send a letter addressed to the registered seat of ZEITRAUM.
3. ZEITRAUM will always promptly respond to request concerning the exercise of rights of the client in their capacity as data subjects, and in any case no later than within the statutory time period of 30 calendar days from receiving the request. In individual, well-substantiated cases, this time period may be extended by two additional months. ZEITRAUM will always notify the client of such an extension of the time period for responding to their request, and in so doing will specify the reasons that substantiate the extension.
Valid as of 25 May 2018