The principles of processing and protecting personal data at Rellox s.r.o.
The company Rellox s.r.o., Company Number 27140130, having its registered office in Prague (the company is entered in the Commercial Register maintained at the Metropolitan Court in Prague, file C 99306), declares that it collects and processes personal data in accordance with the valid legal regulations of the EU, in particular in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
All personal data are processed in a lawful and transparent manner and only appropriate, relevant and necessary data are requested in connection with the purpose of processing.
I. WHY RELLOX COLLECTS AND PROCESSES PERSONAL DATA
The company Rellox s.r.o. collects and processes personal data in connection with its business activity, which is primarily understood to be mediation of the purchase and sale of real estate abroad and the provision of associated services. Rellox is authorised/obliged to process personal data on the following grounds:
- processing is required for the performance of a contract to which the data subject is a contracting party;
- processing is required in order to discharge a legal obligation which relates to Rellox;
- processing is required for the purposes of the legitimate interests of Rellox;
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
II. THE SCOPE OF PERSONAL DATA PROCESSING
Rellox distinguishes the persons/data subjects specified below, whose personal data are collected by Rellox and further processed, in connection with the activities carried out by Rellox and with regard to the purpose of processing personal data, the categories of personal data concerned, the categories of personal data recipients and the period of processing personal data. Rellox specifies the relevant information in relation to each data subject from the perspective of processing personal data.
II.I. Client Contracting Party
A Client “Contracting Party” is understood to be a person that has executed, is executing or plans to execute a business transaction through Rellox; for example the purchase or sale of real estate.
More information about processing the personal data of a Client Contracting Party
II.II. Client Interested Party
A Client “Interested Party” is understood to be a person that has expressed an interest in executing a business transaction through Rellox; for example the purchase or sale of real estate. This is usually a person that asks for more information about properties, the terms and conditions of a transaction and the services offered by Rellox. This is also a person that asks Rellox to mediate viewings of a property and mediate negotiations with the future other contracting party.
More information about processing the personal data of an Interested Party
II.III. Subscriber to the e-mail newsletter
A “Subscriber to the e-mail newsletter” is understood to be a person who has actively signed up to receive the e-mail newsletter published by Rellox.
The full wording of consent to receiving the newsletter and to personal data processing is found HERE.
More information about processing the personal data of a Subscriber to the e-mail newsletter
II.IV. A visitor to the Rellox website
Rellox does not collect any personal data on its website apart from short text files created by the web server – cookies. You will find more information about cookies in the Legal Provisions section. The personal data provided by the data subject via online inquiry and contact forms are dealt with from the perspective of personal data protection and processing HERE.
II.V. Employees, associates, employment candidates
Employees are understood to be persons who carry out activity for Rellox based on a work relationship (employment relationship, agreement).
Associates are understood to be persons that carry out activity for Rellox based on another legal relationship; for example, a contract on the creation of a copyright work, etc.
Employment candidates are understood to be persons that provide Rellox with their personal data for the purposes of assessing their suitability for an employment position at Rellox.
More information about processing the personal data of Employees, associates and employment candidates
III. PERSONAL DATA CONTROLLER
The personal data controller is Rellox s.r.o., Company Number 27140130, entered in the Commercial Register maintained at the Metropolitan Court in Prague, file C 99306.
IV. SECURITY AND HANDLING PERSONAL DATA
Rellox collects and processes information and documents containing personal data on paper and in electronic format. Only authorised persons have access to personal data. Rellox handles personal data such that the personal data is safeguarded against unauthorised or unlawful processing and against loss, destruction and damage.
Rellox has in place internal security guidelines and personal data protection guidelines. The purpose of the personal data protection guidelines is to define and update the rules of personal data processing at the company in accordance with Article 32 GDPR and to regulate the rights of the data subjects to access personal data in accordance with Article 15 GDPR and the communication of cases of personal data security breach in accordance with Article 33 and 34 GDPR.
V. PERSONAL DATA PROCESSORS
The controller (Rellox) processes personal data itself. The controller may entrust another subject, for example a provider of IT services, a law office, an accountant, etc., with the processing of personal data. The controller chooses such a processor and arranges with it such conditions to ensure that the rights of the data subject are safeguarded. By inviting a processor, the controller does not relieve itself of responsibility for processing personal data.
VI. TRANSFERRING PERSONAL DATA ABROAD
The free movement of personal data may not be restricted within Member States of the EU and EEA.
VII. THE DUTY OF THE CONTROLLER TO INFORM AND THE RIGHTS OF DATA SUBJECTS
A data subject (a person whose personal data Rellox collects and processes) has the right to be informed by the controller that his/her personal data is being processed. Data subjects have the following rights:
a) the right of access to personal data;
b) the right to rectification;
c) the right to erasure (”right to be forgotten”);
d) the right to restriction of data processing;
e) the right to object to processing; and
f) the right to lodge a complaint against personal data processing.
The right of access means that the data subject may ask for confirmation from the controller of whether personal data to concern that data subject are or are not being processed and if so, for what purposes, to what extent, to whom they are disclosed, for how long they will be processed, whether the data subject has the right of rectification, erasure, restriction or processing or to object, from where the controller obtained the personal data and whether automated decision-making, including any profiling, has occurred based on personal data processing. The data subject has the right to receive a copy of his/her personal data, whereby the first provision is free of charge. The controller may charge adequate recompense of administrative costs for any further provision.
The right of rectification means that the data subject may at any time demand that the controller rectify or supplement personal data if they are inaccurate or incomplete.
The right of erasure means that the controller must erase personal data if (i) they are no longer required for the purposes for which they were collected or otherwise processed, (ii) processing is unlawful, (iii) the data subject objects to processing and there is no overriding legitimate ground for processing, or (iv) legal obligation imposes this on the controller.
The right to restriction of processing means that unless the controller resolves any contentious issues regarding processing the personal data of the data subject, the controller must restrict the processing of the personal data of the data subject such that it may only store such data and, where appropriate, use them to specify, enforce or defend legal claims.
The right to object means that the data subject may object to the processing of personal data which the controller processes for the purposes of direct marketing or on the ground of legitimate interest. If a data subject objects to processing for direct marketing purposes, the personal data of the data subject shall not be processed for these purposes any longer.
The data subject may exercise all rights by contacting Rellox by e-mail at email@example.com.
The principles of processing and protecting personal data at Rellox s.r.o. are effective as of 25 May 2018.