Principles of personal data processing

Information sheet on the protection of personal data and its processing

With this document we provide you with information about your rights related to the processing of personal data in Maxima reality s.r.o.. When processing personal data, we are governed by legal regulations, in particular the GDPR and the Personal Data Processing Act. The processing of personal data is always carried out only to the extent specified by the specific service or purpose of the processing.

This document will be updated regularly.

We handle personal data with due care and in accordance with applicable law. We protect personal data to the maximum extent possible, which corresponds to the technical level of available means.

At Maxima reality s.r.o. there are strict rules determining which employee or department can access personal data and which personal data it can process. In principle, we do not transfer personal data outside Maxima reality s.r.o., except when we have our consent, is required to do so by law or our legitimate interest (for example, in the case of suppliers or in the case of requests from law enforcement agencies, etc.).

We process personal data of children (i.e. persons under 15 years of age) only if the child was first acted on behalf of the child by his or her parent or other representative. The high standards of personal data protection that apply in our personal data processing group also apply to children to an unchanged extent. These standards are fully adequate for the processing of children's personal data. As a parent or other representative of a child, you are responsible for ensuring that the provision of data about the child is in line with his/her interests and that you inform the child in a clear manner about our processing of personal data and of his/her rights.

We recommend that you read the information carefully. We have done everything possible to make them as understandable as possible. If something is still unclear to you, we will be happy to explain any concept or passage to you. More about the processing of personal data can be found at www.maxima.cz/zasady-ovani-osobnich-udaju.

If you do not agree with the way we process your personal data, you can take the steps below to protect your rights.

The protection of privacy and personal data is supervised by:

Office for the Protection of Personal Data

Address: Pplk. Sochora 27, 170 00 Prague 7

tel.: 234 665 111 website: www.uoou.cz

Principles of personal data processing

Basic information about the administrator

The company MAXIMA REALITY, s.r.o. with its registered office at Revoluční 655/1, Staré Město, 110 00 Praha 1, Company ID: 25149610, registered at the Municipal Court in Prague under file number C 53747 (hereinafter referred to as”MAXIMA“) with which the data subject has entered into a contractual relationship (hereinafter referred to as “Admin“). MAXIMA is then a member of the EEC Group, which consists of companies in which European Housing Services s.r.o., ID: 078 14 496, or its subsidiaries or grand-companies, where applicable; these persons may change over time (hereinafter referred to as the “EEC Group”).

Purpose and scope of personal data processing

The Controller processes personal data in accordance with Act No. 110/2019 Coll., on the processing of personal data and with the law of the European Union, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “”GDPR“).

The controller processes personal data only for the specified purpose, to the extent specified below, for the period specified in the concluded contracts or in the relevant legislation.

The controller processes personal data necessary for the performance of the contract concluded between the controller and the data subject, for the purpose of implementing the business relationship between the controller and the data subject contained in the contract, and for the management of the relationship with the data subject. The controller processes personal data on the basis of its legitimate interests, if these interests are not outweighed by the interests, rights or freedoms of the data subject. The Controller further processes personal data for analysis and improvement of the quality of its services, for analysis and market research. The controller will use personal data to create relevant promotions and offers of the company's products and services.

Basic purpose of processing personal data

Purposes of the processing of personal data for which the personal data are intended and the legal basis for processing:

  • performance of the contract and the provision of services
  • Assurance of operational activities
  • accounting and tax purposes
  • debt collection
  • compliance with a legal obligation
  • direct marketing
  • Protection of property and persons
  • archiving conducted on the basis of the law.


Scope of personal data processing:

The controller processes personal data to the extent that it was provided to it by the data subject or otherwise collected by the controller and processes it in accordance with the applicable legislation or to fulfill the legal obligations of the controller. In particular, the following categories of personal data are concerned:

  • address and contact details, in particular name, surname, date of birth, birth number, place of residence, place of birth, telephone number and others,
  • effigy,
  • descriptive information, such as bank account number,
  • other data arising from a specific contract or law,
  • data provided in excess of the applicable laws processed within the framework of the consent granted by the data subject (processing of photographs, use of personal data for the purpose of personnel procedures, cookies, etc.).


Rights of the data subject:

The controller processes personal data transparently, fairly and in accordance with GDPR. The data subject has the right to access his data, to an explanation, as well as other rights if he considers that the processing is not correct. The data subject may lodge a complaint with the Office for Personal Data Protection.

The controller informs the subjects of personal data about their rights, which are as follows:

  • the right to know the purpose of processing personal data,
  • the right to know the categories of personal data concerned,
  • the right to know the recipients or categories of recipients of personal data,
  • the right to know the period for which personal data will be stored,
  • the right to request from the controller the correction or erasure of personal data or restriction of their processing and the right to object to such processing, the right to data portability to another controller,
  • the right to lodge a complaint with the supervisory authority,
  • the right to all available information about the source of the personal data, unless it is obtained from the personal data subject,
  • the right to withdraw consent to the processing of personal data at any time if the personal data are processed on the basis of the consent granted,
  • whether automated decision-making, including profiling, is taking place
  • the right to be informed if the Controller intends to process the data provided for a purpose other than that for which it was collected,
  • the right to refuse recording or monitoring of telephone calls with the Administrator's employees.

The data subject has the right not to provide the Controller with his personal data. In the event that the provision of such personal data is mandatory (by law or contract), the Controller notifies the data subject that he will not be able to provide his services.

In the event that we have received your personal data from a person other than you, we draw your attention to the following:

You have the right to know:

  • identity and contact details of the controller
  • purposes of processing and legal basis of processing
  • categories of personal data concerned
  • recipient of personal data
  • the controller's intention to transfer personal data to the recipient in a third country
  • the right to know the period for which personal data will be stored,
  • the right to request from the controller the correction or erasure of personal data or restriction of their processing and the right to object to such processing, the right to data portability to another controller,
  • the right to lodge a complaint with the supervisory authority,
  • the right to all available information about the source of the personal data, unless it is obtained from the personal data subject,
  • the right to withdraw consent to the processing of personal data at any time if the personal data are processed on the basis of the consent granted,
  • whether automated decision-making, including profiling, is taking place
  • the right to be informed if the controller intends to process the data provided for a purpose other than that for which it was collected.


Processors and recipients of personal data:

Processors and recipients of personal data managed by the Controller are:

  • persons from the EEC Group involved in the provision of services
  • suppliers and service providers,
  • financial institutions and banks,
  • state and other authorities in the performance of legal obligations,
  • other entities cooperating with the Administrator in providing financial advisory and brokerage services to the Administrator's clients, especially in the area of mortgage loans.


Transfer of personal data to third countries

The controller may transfer personal data to third countries, outside the European Economic Area, e.g. USA and Switzerland.

In the event that personal data is transferred to countries outside the European Economic Area or to countries that do not have an adequate level of protection under applicable laws, in particular the GDPR and other EU and national data protection regulations, such transfer will take place on the basis of a case-by-case exception, or the Controller will ensure that adequate safeguards are provided to ensure the protection of personal data in accordance with the GDPR, in particular Article 42. Article 2 of the GDPR.

Cookies

What are “cookies”?

“Cookies” are small data files used as unique identifiers. Each cookie is unique to your web browser. A cookie contains anonymous information and is sent from the server of the website you are viewing to your computer or mobile phone. It will be stored on your device and only this server will be able to search or retrieve the contents of this cookie. The cookies sent may be sent back to the website servers with updated data during your browsing of the website. Cookies are used by the vast majority of websites for their activity.

Cookies may be set by the websites you visit (“our cookies”) or they may be set by an organisation that is not the owner of the website you are viewing (“third party cookies”). For example, they can be set up by other websites that run content on the page you are viewing, or by an independent analytics company. The websites you visit may also include content embedded from other websites and those sites may also set their own cookies. Websites may use third-party advertising networks to provide targeted advertising. These cookies may be able to track your browsing of different sites.

How cookies are divided

Cookies can be divided according to who places them on your website, i.e. into:

  • First party cookies — their validity is limited to the domain of the website you are viewing. These cookies are considered more secure.
  • Third party cookies — are placed using a script from another domain. Users can be tracked across domains. They are often used to evaluate the effectiveness of advertising channels.

This website uses two types of cookies:

Short-term session cookies — Session cookies are stored only temporarily during the browsing session and are deleted from your device when you close your browser.

Persistent cookie — This type of cookie is stored on your computer for a fixed period of time, depending on your browser settings and cookie settings (usually a month, a year or more) and these cookies are not deleted when you close your browser. Persistent cookies are used to identify you from one browsing session to the next, for example to store your preferences so that they will remember them for the next visit. You can also remove them manually.

How do we use cookies?

We use cookies to improve your user experience by allowing websites to identify you, either for the duration of your visit (using session cookies) or for repeat visits (using persistent cookies). The cookies we use may:

  • be strictly necessary for your navigation of the Site or to provide certain essential functions; or
  • improve the functionality of our website, for example by storing your preferences. Record your choices (such as your username or language) and allow us to provide a personalized experience; or
  • to help us improve the performance of our website to provide you with a better user experience. The information provided by these cookies is anonymous and helps us understand how our visitors use our website so that we can improve the presentation of their content. These services are generally provided by independent measurement and research companies, so in the case of these cookies they may be third party cookies.

If we did not use cookies, our website would treat you as a new visitor every time you come to a new page of our website — for example, when you enter your login information and go to the next page, it would not recognise you and you would not be able to stay logged in.

We need to use cookies to maintain the effectiveness of our website and to provide you with a user-friendly experience. Therefore, cookies cannot be blocked on their own and by continuing to browse our website and use our online services, you agree that we may place these cookies on your device.

Our website also uses cookies for behavioural advertising, which allows us to modify advertising and ensure that it is relevant to you, based on the areas you visit on our website and the geographical location of your IP address. These cookies are placed by third-party advertising networks with our consent.

What we use cookies for

We use the following cookies on our website:

  • Technical -- first-party, short-term. They ensure the basic technical functionality of the website, i.e. logging in, remembering settings, using services, etc.
  • Statistical and diagnostic (e.g. Google Analytics) — first party, long-term. They are used to generate anonymous statistics about the use of the site.
  • Advertising — first and third parties. They are used for behavioral targeting of interest-based advertising. When advertising has to be shown (as the main income for the site and its content creation), let the users/readers be shown offers that may actually be of interest to them.


What to do if you do not want to use cookies

Consent to the placement of cookies is voluntary. If you wish, you can block some or all cookies or delete cookies that have already been set. You can find all the details on how to manage cookies and how to block them in different types of web browsers at www.aboutcookies.org, or

  • https://support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies (for Internet Explorer); or
  • https://support.mozilla.org/cs/kb/povoleni-zakazani-cookies (for Mozzilla/Firefox browser);
  • https://support.google.com/chrome/answer/95647?visit_id=0-636535873837482984-3731587686&hl=cs&rd=1 (for Chrome);
  • http://www.opera.com/help/tutorials/security/privacy/ (for Opera browser);
  • https://support.apple.com/kb/ph21411?locale=cs_CZ (for Safari browser).

However, you must be aware that if you block or delete cookies sent from our website that are strictly necessary or ensure functionality and performance, you may not be able to use the site.

You can view the types of cookies used on our website and thus get information on how to change your cookie settings or how to block cookies used on our website.

Third-party websites

If you use our partners' websites, a cookie may be set by the websites you visit. We do not operate this site and therefore have no control over the distribution of these cookies. More information about these cookies can be found on the website of the relevant third party.

MAXIMA uses these cookies.

All of the above cookies are used only for the purpose set out in this table.

Contact details

In the event of any query or exercise of its right, which is provided for by the GDPR, the controller provides his contact details, to which the data subject may contact.

E-mail: gdpr@maxima.cz