ABOUT SVOBODA & WILLIAMS s.r.o.

SVOBODA & WILLIAMS s.r.o. - exclusive Affiliate of Christie’s International Real Estate for the Czech Republic and Slovakia – is a leading real estate agency providing full service in the sale, acquisition and lease of niche residential and commercial properties in premium locations of Prague, Brno, and the entire Czech Republic. We have been offering our services to clients as Svoboda & Williams and FeelHome since 1993. We represent only the highest quality properties and offer meticulous, prompt and professional service. Innovation is key to every area of our business, which keeps Svoboda & Williams Estate Agents at the forefront of the market. SVOBODA & WILLIAMS s.r.o. is considered an exemplary entity with a high standard of social responsibility, with the goal of establishing a long-term relationship with the Client based upon mutual trust and reliability. This relationship rests upon the honoring of privacy, loyalty, and absolute respect for the needs of the Client and the Client’s individual requests. In view of this, we have prepared for you, our Client, the following

PERSONAL DATA PROCESSING AND CLIENT PRIVACY PROTECTION POLICY OF SVOBODA & WILLIAMS s.r.o. (“DATA PROCESSING POLICY”)

The objective of this DATA PROCESSING POLICY issued by SVOBODA & WILLIAMS s.r.o., with registered office at Na Perštýně 362/2, 110 00 Praha 1, identification number (IČ): 27588785, is to provide Clients with information as to what personal data SVOBODA & WILLIAMS s.r.o., as a Controller, processes in regard to its Clients – natural persons in the provision of services consisting in brokering the sale or acquisition of real estate properties, lease of real estate properties, real estate management, and other services, and in regard to visits to websites operated by SVOBODA & WILLIAMS s.r.o., the use of SVOBODA & WILLIAMS s.r.o. applications, and in regard to contacts with potential Clients, for what purposes and for what duration of time SVOBODA & WILLIAMS s.r.o. processes such personal data in accordance with the valid legal regulations, to whom and on what grounds it may disclose or transfer such data, as well as information on what rights natural persons have in connection with the processing of their personal data.

This Policy pertains to the processing of the personal data of the Clients of SVOBODA & WILLIAMS s.r.o. and also, in a corresponding manner, of their representatives or contact persons, potential Clients or persons interested in the services of SVOBODA & WILLIAMS s.r.o., and visitors to websites operated by SVOBODA & WILLIAMS s.r.o., and users of SVOBODA & WILLIAMS s.r.o. applications, this being, in each case, within the scope of personal data corresponding to their relationship with SVOBODA & WILLIAMS s.r.o.

WHAT DOES THIS DATA PROCESSING POLICY CONTAIN?

1. DEFINITIONS

Personal Data (hereinafter “Data”) = any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, e.g., a name, identification number, location data, network identifier, or to one or more factors specific to such person’s physical, physiological, genetic, mental, economic, cultural or social identity. This means that personal data also include data such as e-mail, address, telephone number, user name, profile photos, personal preferences, user-generated content, information pertaining to physical characteristics. They may also include unique numerical identification data such as the IP address of the user’s computer or the MAC address of a device and cookie files.

Genetic Data = personal data relating to the inherited or acquired genetic characteristics of a natural person which provide unique information regarding such person’s physiology or health and which result primarily from the analysis of a biological sample from the natural person in question.

Biometric Data = personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images, dynamically recorded hand-written signature, or dactyloscopic data.

Data Concerning Health = personal data related to the physical or mental health of a natural person, including data on the provision of health care services, which reveal information about his or her health status.

Anonymous Data = such data which, either in its original form or upon processing, cannot be linked to an identified or identifiable data subject.

Pseudonymized Data = data that has been processed in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Data Subject = a natural person to whom personal data pertain. Natural persons are also considered to include persons doing business on the basis of a trade licensing or other authorization.

Controller = the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor/Recipient = a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, and which is stated in the List of External Processors.

Processing of Personal Data = any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;.

Personal Data Breach = a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;.

Consent of the Data Subject = any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Office = the Office for Personal Data Protection, with registered office at Pplk. Sochora 29, Praha 7, PSČ 170 00, www.uoou.cz

GDPR = REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Personal Data Protection Act = Act No. 101/2000 Coll., on the Protection of Personal Data, as amended.

Information Society Services Act = Act No. 480/2004 Coll., on Certain Information Society Services, as amended.

Client = a natural person or legal person who has been reached out to by, or who has reach out to, SVOBODA & WILLIAMS s.r.o. for the purpose of the sending of an offer of services, requesting services, entering into an agreement, or who has already entered into such an agreement.

Data Privacy Officer („DPO“) = a data protection officer – the person responsible within SVOBODA & WILLIAMS s.r.o. for the processing of personal data.

2. PERSONAL DATA CONTROLLER

SVOBODA & WILLIAMS s.r.o.
with registered office at Na Perštýně 362/2, 110 00 Praha 1
identification number (IČ): 27588785
www.svoboda-williams.com

(hereinafter “SVOBODA & WILLIAMS s.r.o.” or the “Controller”)

as the Controller, is aware of the legal obligations pertaining to the processing of the Data of its Clients and the liability imposed upon it in this regard by the legal regulations of the Czech Republic and of the EU. This regulation provides the basic framework for the manner and conditions of handling Clients’ Data, of how to proceed in processing Data, and who to turn to in the performance of obligations arising under the Personal Data Protection Act, the Information Society Services Act, the GDPR, and this DATA PROCESSING POLICY.

3. DATA PRIVACY OFFICER (DPO) CONTACT

SVOBODA & WILLIAMS s.r.o.
Data Privacy Officer

Na Perštýně 362/2, 110 00 Praha 1
identification number (IČ): 27588785

poverenec@svoboda-williams.com

4. LEGAL FRAMEWORK, PERSONAL DATA PROCESSING PRINCIPLES

The basic legal framework for the processing of personal data consists of the GDPR, the Personal Data Protection Act, the Information Society Services Act, and other related legal regulations.

The fundamental principle of Data processing is for it to be processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”). Data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is possible.

Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”); accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”).

Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organizational measures, in order to safeguard the rights and freedoms of the data subject (“storage limitation”).

Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”);

As a Controller, we take appropriate measures in order to provide data subjects with all information pertaining to the acquisition, processing, erasure and security of personal data in a concise, transparent, comprehensible and easily accessible manner, using clear and simple language. We must fulfill these obligations, as the Controller, and we do so, among other things, through this DATA PROCESSING POLICY.

5. WHAT DATA ON CLIENTS DO WE OBTAIN, HOW DO WE OBTAIN THEM, AND HOW DO WE USE THEM

SVOBODA & WILLIAMS s.r.o. can collect or acquire Data through our websites, forms, applications, electronic or telephone contact, personal meeting or otherwise. At times, Data will be provided to SVOBODA & WILLIAMS s.r.o. by the Client directly, such as when creating a user account on our websites, when contacting us by telephone, by e-mail or in person, at times we collect them as a Controller, such as through the use of cookie files, in order to ascertain how you use our websites or applications, or we obtain them from other persons, e.g. from associated parties – real estate agents and real estate agencies, e.g. Christie‘s International Real Estate.

Automated decision-making, including profiling – may be used by the Controller in sending or displaying personalized messages or content. This is a specific method, which is any form of automated processing of Data consisting of the use thereof personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's personal preferences, interests, economic situation, behavior, location, health, reliability, or movements. That means that the Controller can collect Data in various situations, see Table No. 1 below. The Controller can centralize and analyze such data in order to be able to assess and estimate the Client’s personal preferences and interests. On the basis of such an analysis, the Controller then sends or displays messages or content adapted to the interests and needs of the Client. If certain conditions are fulfilled, the Client has the right to object to the use of the Data for the purposes of profiling, see Table No. 2 below.

Data are collected by the Controller:

  • on the legal grounds as set out in Art. 6, paragraph 1 letter b) of the GDPR, i.e. because the processing is necessary for the performance of a contract to which the Client is a contracting party, as the data subject, or for the implementation of measures taken prior to the execution of the agreement upon the Client’s request. The Data are provided obligatorily and the purpose of the processing of such Data is the execution and performance of a contractual relationship and related actions (communication with the Client in regard to services and real estate properties being offered, etc.). The source of the Data is the Client or a person authorized by the Client. If the Client does not provide the Data, an agreement cannot be entered into with him/her or negotiations held for the purpose of the execution of an agreement, or a service provided that the Client has requested (e.g. the sending of specific information regarding a real estate property, making an appointment for a meeting, visiting a real estate property, entering into an agreement with the Controller, or a third party (purchase/sale of a real estate property, lease of a real estate property, real estate property management, etc.) (hereinafter “Performance of a Contract”).

  • on the legal grounds as set out in Art. 6 paragraph 1 letter f) of the GDPR, i.e. because the processing is necessary for the purposes of the Controller’s legitimate interests, so that the Controller may send the Client marketing and commercial messages – newsletters, targeted advertising, adapted recommendations, etc., all of which within the meaning of the Information Society Services Act. The Data are provided voluntarily on the basis of the Client’s consent. The source of the Data is the Client or a person authorized by the Client. If the Client does not provide the Data, commercial messages (newsletters) cannot be sent to the Client and the Client cannot properly use the Controller’s websites or applications either (hereinafter “Consent to CM and Cookies“)

  • on the legal grounds as set out in Art. 6 paragraph 1 letter c) of the GDPR, i.e. because the processing is necessary for the fulfillment of the Controller’s legal obligation, so that the Controller may fulfill legal requirements under special legal regulations (e.g. Act No. 326/1999 Coll., on the Residency of Foreigners within the Territory of the Czech Republic, Act No. 253/2008 Coll., on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism, etc.). The Data are provided obligatorily and the purpose of the processing of such Data is the execution and performance of a contractual relationship and related actions (communication with the Client in regard to services and real estate properties being offered, etc.). The source of the Data is the Client or a person authorized by the Client. If the Client does not provide the Data, an agreement cannot be entered into with him/her or negotiations held for the purpose of the execution of an agreement, or a service provided that the Client has requested (e.g. the sending of specific information regarding a real estate property, making an appointment for a meeting, visiting a real estate property, entering into an agreement with the Controller, or a third party (purchase/sale of a real estate property, lease of a real estate property, real estate property management, etc.) (hereinafter “Legal Obligation”)

  • on the legal grounds as set out in Art. 6 paragraph 1 letter c) of the GDPR, i.e. because the processing is necessary for the fulfillment of the Controller’s legal obligation, so that the Controller may fulfill legal requirements under special legal regulations (e.g. Act No. 326/1999 Coll., on the Residency of Foreigners within the Territory of the Czech Republic, Act No. 253/2008 Coll., on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism, etc.). The Data are provided voluntarily and the purpose of the processing of such Data is the execution and performance of a contractual relationship and related actions (communication with the Client in regard to services and real estate properties being offered, etc.). The source of the Data is the Client or a person authorized by the Client. Even if the Client does not agree to the provision of the Data, an agreement can be entered into with the Client and negotiations can be held with the Client for the purpose of the execution of the agreement, or a service provided that the Client has requested (e.g. the sending of specific information regarding a real estate property, making an appointment for a meeting, visiting a real estate property, entering into an agreement with the Controller, or a third party (purchase/sale of a real estate property, lease of a real estate property, real estate property management, etc.) (hereinafter “Legal Obligation with Consent”)

  • on the legal grounds as set out in Art. 6 paragraph 1 letter f) of the GDPR, i.e. because the processing is necessary for the purposes of the Controller’s legitimate interests, so that the Controller may ensure the security of its platforms and services against misuse, better comprehend the Client and ensure the proper functioning of its websites and applications, ensure the performance of the Controller’s contractual obligations, etc. The Data are provided obligatorily and the purpose of the processing of such Data is ensuring the security of the Controller’s websites / applications and their protection against misuse, as well as better comprehension of the needs and wants of the Client, improved services and brand awareness, ensuring the proper functioning of CM, advertising, and the improvement and protection thereof through cookies and ensuring the fulfillment of the Controller’s contractual obligations in regard to third parties, particularly the owners of real estate properties, developers, etc. The source of the Data is the Client or a person authorized by the Client. If the Client does not provide the Data, this can affect our ability to provide the Client with our services (hereinafter “Legitimate Interests”).

Further explanations provided below as follows:

Table No. 1

During what interactions can the Client provide Data and the Controller collect Data? What Data can the Controller obtain from the Client directly or as a result of the Client’s communication with the Controller? – CATEGORY OF PERSONAL DATA In what manner and why can the Controller use the Data? What is the legal basis for the use of Data?
Contact for the purpose of inquiring about the Controller’s servicesData collected during contact between the Client and the Controller – interest in offers for purchase/sale of a real estate property, offers for leases of real estate properties, offers of the Controller’s other services etc.). According to the type of services requested, this can include the name, surname, surname at birth, tel. number, email address, reservation number, credit card number, bank account number, contact address, nationality, date of residence/stay, purpose of residence/stay, visa number, vehicle license plate number, permanent residence address, flight number, personal identification number (birth number), citizenship card or passport number, date of birth, gender, the authority that issued the identification card and its validity period, copy/ scan of the citizenship card/passport/signature So that the Controller may contact the Client back, identify and verify the Client, enter into an agreement with the Client Performance of a ContractThe provision of a service that the Client has requested (e.g. the sending of specific information in regard to a real estate property, making an appointment for a meeting, visiting a real estate property, targeted feedback, entering into an agreement with the Controller, or a third party (brokerage/purchase/sale/lease/management of a real estate property, etc.)
So that the Controller may identify and verify the Client. Legal ObligationThe fulfillment of the Controller’s obligation arising under special legal regulations (Act on the Residency of Foreigners within the Territory of the Czech Republic, Act on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism).
So that the Controller may identify and verify the Client. Legal Obligation with ConsentThe fulfillment of the Controller’s obligation arising under special legal regulations (Act on the Residency of Foreigners within the Territory of the Czech Republic, Act on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism).
Creation and administration of accountData collected during the creation of an account on the Controller’s websites or applications (Feedback form, etc.). According to the manner of contact, this may include the name, surname, gender, e-mail address, address, telephone number, photograph, date of birth, user name and password, preferences, categories of real estate properties, favorite real estate properties. So that the Controller may administrate the Client’s account, communicate with the Client, and so that the Client may change settings within his/her account and preferences. Performance of a ContractThe provision of a service that the Client has requested (e.g. the creation of an account, the sending of specific information in regard to a real estate property, targeted feedback, etc.)
So that the Controller may send the Client adapted marketing messages upon his/her request, according to the Client’s preferences. Consent to CM and Cookies
So that the Controller may offer personalized services according to the Client’s preferences, monitor and improve websites / applications, conduct analyses and collect statistical data, secure websites against misuse. Legitimate InterestsEnsuring the security of the Controller’s websites / applications and their protection from misuse, as well as better comprehension of the Client’s needs and wants, improved services and brand awareness.
Newsletter and Subscription for Advertising Messages (CM) (OS) According to the intensity of communication, these Data may include e-mail address, name and surname, preferences. So that the Controller may send the Client adapted marketing messages upon his/her request, according to the Client’s preferences Consent to CM and Cookies
So that the Controller may perform analysis and collect statistical data. Legitimate InterestsAdapting its marketing messages, ascertaining their effectiveness and ensuring the most relevant information for the Client, as well as better comprehension of the Client’s needs and wants, improved services and brand awareness.
So that the Controller may keep an updated list of cancelled CM subscriptions, if the Client has unsubscribed from the CM. Legal ObligationStorage of Data in a list of cancelled CM subscriptions, if the Client has unsubscribed from the CM.
Viewing internet pagesInformation regarding the Client and his/her behavior collected with the help of cookie files or through similar technologies in the viewing of the Controller’s web pages or those of third parties. According to the intensity of communication, these Data may include data on the use of websites / applications by the Client, primarily the place of origin, login information, pages viewed, videos watched, favorite/preferred real estate properties, the search object, location, duration of the visit, IP address, information on the browser, information on the device. The Controller uses cookies for Data that have already been shared (newsletter subscription, e-mail, etc.), as well as to enable the proper functioning of the Controller’s websites and applications, for the proper displaying of content, for the creation and remembering of login information, origination, language preference, as well as device parameters, display resolution, etc., to improve the Controller’s websites and applications, to secure the websites and applications against misuse, to eliminate malfunctions, to conduct statistical surveys for the purpose of preventing double-counting, to ascertain the Client’s reaction to the Controller’s advertising campaigns, to improve offers, to ascertain the origin of the Client’s interest in the Controller’s websites and applications. Legitimate interestsEnsuring the proper functioning of websites and applications, CM, advertising, and the improvement and protection thereof through cookies.
To deliver targeted internet advertising according to the Client’s behavior, to display real estate properties and content on social media platforms, to adapt services, sending recommendations, CM or content on the basis of the Client’s profile and interests, to display the Controller’s websites and applications to the Client in so-called “custom mode”, e.g. personalization, automatic login, cookies for modifications to the user interface, display size, font preferences, enabling the sharing of the Controller’s content on social networks, etc. (share buttons to display the page). Consent to CM and cookies

6. WHO HAS ACCESS TO DATA – CATEGORIES OF DATA RECIPIENTS

The Controller can share the Client’s Data in order to fulfill its legal obligations, to improve its services, or if it receives the Client’s consent to such sharing.

Data can be processed in the Controller’s name only by trustworthy external processors / recipients. The Controller only provides such information to these external processors / recipients that they need in order to provide the service, and requires that they not use the Data for any other purpose. The Controller makes every effort to ensure that all of the third parties that it works with will store the Data in a duly secure manner. Services that require the processing of Data are provided to the Controller by, for example, contracted real estate agents, external IT service suppliers, such as providers of platforms with hosting services, administration and support of our databases, as well as of our software and applications that may contain Data (these services may sometimes include access to Data with the goal of performing the required tasks), as well as owners of real estate properties, developers, persons conducting monitoring of social media, identity administration, evaluations and reviews, customer relationship management, web analysis and search engines, tools for the processing of content generated by the user, advertising, marketing and digital agencies and agencies for social media that supply advertising, marketing services and campaigns, analyze their effectiveness and administer contacts with the Client.

List of Data Recipients

The Controller is obligated to disclose Data to third parties if it has such an obligation for the purpose of fulfilling a statutory obligation, or for the protection of the rights, property, interests or safety of the Controller, its Clients, employees, external agents.

The Controller can also disclose Data if it has the Client’s consent to do so or if the law allows it to do so.

The Controller does not offer or sell Data.

Collected Data will not be shared with any third party, with the exception of the above.

7. WHERE DO WE STORE DATA

The Data that we collect in regard to the Client are stored and processed only within the territory of the EU, or within the territory of states that have undertaken to comply with EU standards for the processing and security of personal data (USA). Outside of the EU, personal data are processed or stored only with processors / recipients who are certified according to the EU – U.S. Privacy Shield – these being Google LLC and Dropbox, Inc.

8. HOW LONG DO WE STORE DATA

The Client’s Data are stored for as long as this is necessary in order to fulfill the purpose for which the Controller received the same, in order to comply with the Client’s needs, or in order to full its legal obligations.

In order to determine the duration of Data storage, the following criteria shall apply:

  • if the Client is interested in a real estate property being offered by the Controller or has entered into an agreement with the Controller – the Data in the Client’s Contact Form are stored for a duration of 6 months from the acquisition thereof, Data in electronic form are stored for a duration of 10 years from the acquisition thereof, or from the termination of the contractual relationship with the Client, unless legal regulations provide a longer period of time (Performance of a Contract),

  • if the Client has entered into an agreement with the Controller on the short-term lease of a real estate property – Data in paper form will be disposed of within 1 month of the termination of the contractual relationship, Data in electronic form are stored for a period of 18 months from the termination of the contractual relationship with the Client, unless legal regulations provide a longer period of time (Performance of a Contract),

  • if the Client is interested in being sent CM, Data are stored for a period of 10 years from their acquisition (Consent to CM and Cookies),

  • if the Client contacts us with an enquiry or request for us to contact him/her, Data are stored for a period of time as necessary for the processing of the enquiry and further for a period of 10 years from the last interaction (Performance of a Contract), if the Client creates an account, the Controller stores the Data until the Client requests for erasure, or for a period of 10 years from the last activity on the Client’s account (Legitimate Interests),

  • if the Client consented to being sent direct marketing messages, Data are stored until the Client cancels the subscription thereof or requests for the Controller to erase them, or for a period of 10 years from the last interaction (Consent to CM and Cookies),

  • if cookies are located on the Client’s device, Data are stored for the period of time as necessary in order to achieve the purpose thereof, according to the type of cookie (Consent to CM and Cookies),

  • if the Controller copies the Client’s citizenship card/passport and is thereby fulfilling legal requirements according to special legal regulations (e.g. Act No. 326/1999 Coll., on the Residency of Foreigners within the Territory of the Czech Republic, Act No. 253/2008 Coll., on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism, etc.), Data are stored for a period of 10 years from their acquisition, or from the termination of the contractual relationship with the Client or the realization of the transaction, unless legal regulations provide a longer period of time (Legal Obligation with Consent),

  • if the Controller is fulfilling legal requirements according to special legal regulations (e.g. Act No. 326/1999 Coll., on the Residency of Foreigners within the Territory of the Czech Republic, Act No. 253/2008 Coll., on Certain Measures Against the Legalization of the Proceeds of Criminal Activity and the Financing of Terrorism, etc.), Data are stored for a period of 10 years from their acquisition, or from the termination of the contractual relationship with the Client or the realization of the transaction, unless legal regulations provide a longer period of time (Legal Obligation).

  • The Controller may store some Data in order to fulfill its legal obligations, and to be able to duly protect its legitimate interests, or for statistical purposes or historical research purposes.

    If the purpose of the storage of Data has been fulfilled and the duration of their storage has elapsed, the Data are erased from the Controller’s systems and records or anonymized, so that the identification of the Client is no longer possible.

    9. HOW ARE DATA SECURED

    The Controller makes every effort to duly protect the Data, from the moment of their acquisition until the moment of their erasure, pseudonymization or anonymization. The Controller stores and processes Data in a secured manner in accordance with the level of standards within the given sector and has taken all reasonable security measures, through the use of conscientiously adjusted internal processes and security policies, so that no misuse of Data or unauthorized access to Data can occur. The Controller has contractually ensured that every authorized and trustworthy processor (see Art. 6 of this document) handles Data in this same manner.

    As follows from the technical nature of the functioning of data transmission on the Internet, the Controller cannot ensure the security of the Client’s Data being transmitted to the Controller’s websites. Therefore, the securing of any information transmitted in such manner is beyond the Controller’s technical capabilities.

    10. CLIENT’S RIGHTS AND OPTIONS

    Client’s Rights Explanation for the Client
    Right to be informed The Client has the right to be provided with clear and plainly comprehensible information by the Controller as to the manner in which the Controller uses the Data and what the Client’s rights are in regard to the Data. The Controller does this through this DATA PROCESSING POLICY.
    Right of access to Data The Client has the right of access to the Data that the Controller has available in regard to him/her (with certain exceptions). For this purpose, the Controller’s contact information is provided above.

    The Controller is entitled to charge a reasonable fee to cover the administrative costs associated with the provision of requested information.

    The Controller is entitled to not react to requests that are manifestly unfounded, purposeless or repetitive.
    Right to rectification The Client has the right for his/her Data to be rectified if they are incorrect or outdated, or for them to be supplemented if they are incomplete. The Client can modify the Data through his/her account, or can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to erasure / right to be forgotten In some cases, the Client has the right for his/her Data to be erased. This right can be utilized if this is not in breach of the Controller’s legal grounds or legitimate interests. For this purpose, the Controller’s contact information is provided above.
    Right to refuse direct marketing (OS), including profiling The Client has the right, at any time, to unsubscribe from receiving direct marketing messages, by clicking on the relevant link in the CM (opt–out). In order to stop profiling, the Client can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to withdraw consent to Data processing The Client can withdraw his/her consent to the processing of Data at any time (this only pertains to those Data that are processed on the basis of such a consent). The lawfulness of the processing of Data prior to the withdrawal of consent is not affected thereby. The processing of Data based upon consent is set out in Table No. 1. In order to withdraw consent, the Client can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to refuse processing on the basis of legitimate interests The Client can oppose, at any time, the processing of Data on the basis of legitimate interests. The processing of Data on grounds of a legitimate interest is set out in Table No. 1. In order to oppose the processing of Data on the basis of legitimate interests, the Client can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to lodge a complaint with a supervisory authority If the Client believes that the Controller’s actions in connection with the handling of Data are in breach of the GDPR, the Client has the right to contact the Office for Personal Data Protection and lodge a complaint against such an alleged breach in the Controller’s actions. Prior to lodging any complaint with the Office for Personal Data Protection, please do not hesitate to contact us at the contact information set out above.
    Right to data portability The Client has the right to move, copy or transfer Data from the Controller’s database to another database. This right only applies to Data that the Client has provided for the purpose of the performance of a contract or on the basis of consent and the processing of which is conducted by automated means. The processing of Data on grounds of the performance of a contract or on the basis of consent is set out in Table No. 1. For information on portability, the Client can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to restriction of processing The Client has the right to request a restriction in the processing of his/her Data by the Processor. This right means that the Controller can store Data, but will not process or use them any further. This right can be utilized in the event that a) the Client is denying the accuracy of the Data, for the period of time necessary in order for the Controller to verify the accuracy of the Data, or b) processing is unlawful and the Client opposes the erasure of the Data and instead requests the restriction of the use thereof, or c) the Controller no longer needs the Data for the purposes of processing, but the Client requires them for the establishment, exercise or defense of legal claims, or d) the Client objects to processing on the basis of the Controller’s legitimate interests, until it is verified whether the Controller’s legitimate interests override the Client’s legitimate grounds. To utilize the right to the restriction of processing, the Client can contact the Controller. For this purpose, the Controller’s contact information is provided above.
    Right to deactivate cookies The Client has the right to deactivate cookies. Internet browsers are usually programmed in such a way that they allow cookies, but the Client can change this setting in the internet browser’s settings. Blocking cookies can prevent the proper functionality of a website. Further information on cookies at http://www.aboutcookies.org/.

    This Data Processing Policy is effective from 25 May 2018 and has been issued in accordance with the GDPR.