I hereby agree that the Bank may process my personal data for the purpose of addressing this request that I am submitting via the website, in the extent of the information I provided and for such time as necessary for the processing of my request; (ii) I acknowledge the content of the instructions stated below.
pursuant to Section 11 of Act No. 101/2000 Coll., on Personal Data Protection (hereinafter just “APDP”)
1. Extent and purpose of processing personal data
UniCredit Bank Czech Republic and Slovakia, a.s. (hereinafter just the “Bank”) processes its clients’ personal data to an extent corresponding to the information provided by the client in connection with the provision of individual banking products, for the purpose of dealing with the client about a contract, and for providing banking services pursuant to its banking licence. Unless the clients provide explicit written disapproval, the Bank also processes the clients’ personal data to the extent provided by law when offering the clients products and services. To an extent that is in accordance with the law or the client’s respective consent, the Bank processes personal data relating to the clients’ creditworthiness and trustworthiness that is obtained from the client, interbank or other credit registers, and other sources.
2. Personal data processing period
The Bank is obliged under Section 16 of Act No. 253/2008 Coll., on Certain Measures against the Legalisation of Proceeds from Criminal Activity and Financing of Terrorism, and the provisions of Section 21, paragraph 2 of Act No. 21/1992 Coll., on Banks, as subsequently amended (hereinafter just the “Banking Act”) to keep clients’ personal data and information and documents about transactions for a period of 10 years after executing a transaction or terminating a business relationship with the client.
3. Method of personal data processing
The Bank processes the clients’ personal data automatically as well as manually in compliance with all security policies for the administration and processing of personal data and does so on its own or through processing companies with which the Bank has entered into contracts for processing of personal data in accordance with Section 6 of the APDP. All locations at which personal data is processed by the Bank or the Bank’s processing companies are registered as personal data processing sites at the Office for Personal Data Protection. Personal data shall not be transferred to countries having regulations for handling personal data inferior to those in the Czech Republic without the client’s express consent.
4. Willingness to provide personal data, consequences of refusal
The provision of personal data by the client is voluntary. However, the provision of certain personal data, to the extent in which the Bank is obliged to ascertain, process and keep the clients’ personal data under the law, is a condition for providing services on the part of the Bank. This obligatory data includes: all names and last names, birth number (if none assigned, then date of birth), place of birth, gender, permanent or other residential address, and citizenship. If the client is a self-employed individual, then his or her business name with its differentiating addendum or other designation, the place of business and identification number, and the type and number, state, issuing authority (if relevant) and period of validity of an identification document are also required. The provision of additional personal data depends solely on the will of the client, and the Bank does not require the submission of such information for the provision of banking services. By the client’s allowing the recording of other personal data into a contract that he or she concludes with the Bank, such action will be regarded as express conferment of agreement with the processing of such personal data by the Bank for the entire duration of the contractual relationships.
5. To whom personal data may be made available
The clients’ personal data may be made accessible to the Bank’s employees, persons co-operating with the Bank in fulfilment of its obligations (including execution of rights and responsibilities ensuing from the contracts concluded with the client), persons entitled under other legal regulations (for example, supervisory bodies, including those in the countries of the registered offices of entities incorporated in the UniCredit Group), entities included in the UniCredit Group and persons or entities maintaining the interbank information systems in the countries of the registered offices of the Bank’s shareholders, and other companies processing personal data, as well as their employees, if relevant, and especially for purposes of fulfilling the contract with the client and, as the case may be, for ensuring protection of the Bank and UniCredit Group against risks, rendering of accounts, auditing and internal controlling. This information may also be disclosed to other persons and entities subject to special consent from the client. Some of the clients’ personal data (bank account information, identification information of the account holders, and matters evidencing the clients’ creditworthiness and trustworthiness) also may be made available to other banks or branches of foreign banks in keeping with the Bank’s responsibility to proceed prudently in performing its activities, and that even through a legal entity that is not a bank (Section 38a, paragraph 1 of the Banking Act).
6. Access of the subject of the data to information
The Bank is obliged to inform the client in writing, at his or her request, to what extent and for what purpose the client’s personal data is processed, who will process the personal data and by what means, and to whom the personal data may be made accessible. The precise extent of information is defined in Section 12, paragraph 2 of the APDP. For so providing information, the Bank is entitled to require compensation that is reasonable but that does not exceed the costs of providing such information.
7. Protection of the rights of the subject of the data
A client who believes that the processing of his or her personal data performed by the Bank, or by the specific processing company engaged by the Bank, is inconsistent with the protection of the client or with the law, and especially if the personal data is inaccurate in consideration of the purpose of its processing, may request that the Bank or the specific processing company explain and remedy such situation. In particular, this may include blocking, correcting, amending or deleting the personal data. If the client’s request is legitimate, the Bank or the specific processing company shall remedy the defective situation without delay. At the same time, the client is entitled to contact the Office for Personal Data Protection directly. If the client incurs damage, other than injury to property, due to personal data processing, the procedure for making claims under the Civil Code shall apply.