Information about personal data processing

Information about personal data processing

The Financial Market Guarantee System (hereinafter the “Guarantee System”) processes as controller personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”), and in accordance with Act. No 110/2019 Coll., on personal data processing and related legal regulations.

Purposes of personal data processing in the Guarantee System

The Guarantee System processes personal data for the following purposes:

  • Processing personal data when paying compensation of receivables from deposits pursuant to Section 41a et seq. of Act No. 21/1992 Coll., on banks, as amended (hereinafter the “Act on Banks”)
  • Processing personal data when testing the functionality of the compensation payment system pursuant to Section 41n of the Act on Banks
  • Processing the personal data of employees and members of bodies of the Guarantee System
  • Processing personal data for the purpose of organising award procedures (including employment applicants) and concluding contracts
  • Processing personal data when handling requests for information
  • Processing personal data required for legal disputes
  • Processing personal data through video devices

If the Guarantee System occasionally processes personal data for a purpose not specified herein, it will always ensure that such processing is legal.

Processing personal data of bank, cooperative credit union and building savings bank clients

The Guarantee System processes personal data of the clients of banks, cooperative credit unions and building saving banks (hereinafter the “bank”) only for the purpose of (a) paying compensation of receivables from deposits and (b) testing the functionality of the system for paying compensation of receivables from deposits. Both of these processing methods are performed under the Art. 6 (1) (c) of the Regulation and are necessary to perform the statutory obligations of the Guarantee System to compensate receivables from deposits under statutory conditions (Section 41a et seq of the Act on Banks) and to regularly test the functionality of the payment system (Section 41n of the Act on Banks). The scope of the processed personal data is given by the Section 41c par. 3 of the Act on Banks and by the Czech Ministry of Finance Decree No 71/2011 Coll. In the case of payment of compensation for receivables from deposits, the clients’ personal data are provided to the paying institution for the performance of the payment. In the case of testing the functionality of the payment system, the clients’ personal data are deleted from the Guarantee System environment immediately after the test is performed. The personal data of bank clients for the purpose of paying compensation for receivables from deposits and for the purpose of testing the functionality of the payment system are processed by automated means. To ensure the confidentiality of bank clients’ personal data, the Guarantee System has adopted adequate organisational and technical measures, including personal data encryption. The Guarantee System does not provide bank clients’ personal data to countries outside the European Union. Bank clients’ personal data are provided to other European Union Member States only if they are clients of a foreign branch of a Czech bank, where the payment of compensation to clients of this foreign branch is ensured by the Guarantee System through the foreign deposit insurance system. The personal data of bank clients designated for specific payments of compensation for receivables from deposits are erased in accordance with the Guarantee System’s internal regulations after the passing of the deadline for compensation payment, the termination of insolvency proceedings concerning the respective former bank, or deletion of the respective former bank from the commercial register in the case of the winding up of the bank, depending on which occurs later.

Processing personal data for the purpose of organising award procedures (including employment applicants) and concluding contracts

The Guarantee System processes personal data of (potential) contractors, their employees or representatives for the purpose of organising award procedures, subsequent conclusion of contracts and proper performance of commitments there concluded. Legal basis for this personal data processing is given by the Art. 6 (1) (b) of the Regulation. The Guarantee System processes for this purpose identification data of the data subject, his/her contact details and where applicable also professional data or banking data such as account number etc. The period of storage of this data is determined by the requirements of the Act no. 137/2016 Coll. on Public Procurement, as amended, if this Act applies on the given award procedure and in others cases by internal rules of the Guarantee System. In any case, the principle of storage limitation (see Art 5 (1) (e) of the Regulation) is fulfilled. In case of not selected employment applicants, the data are erased immediately after the closure of the selection procedure if the data subject does not give consent to further processing. These personal data are not provided to any third parties.

Processing personal data when handling requests for information

The Guarantee System also processes personal data for the purpose of proper execution of the requests for information under Act no. 106/1999 Coll., on Free Access to Information, as amended. Legal basis for this data processing is given by the Art. 6 (1) (c) of the Regulation. The Guarantee System processes for this purpose identification data and contact details obtained directly from the applicant requesting the information. The data are processed for the period of the application execution and then during the relevant limitation period.These personal data are not provided to any third parties.

Processing of personal data through video devices

The Guarantee System processes personal data through video devices in accordance with Art. 6 (1) (f) of the Regulation to ensure physical security of the Guarantee System premises and to protect the information assets that are processed and stored within its premises.

The video devices monitor only precisely defined sections of the internal Guarantee System premises, they do not monitor exterior of the premises. The general public can be monitored only by video devices placed at the main and side entrance to the Guarantee System premises and then by a video device placed at the entrance to the meeting room of the Guarantee System. The video devices record only video, sound is not recorded.

The records are stored only for a limited period of time in which the Guarantee System would be able to detect an incident of unauthorised entrance to the Guarantee System premises or unauthorised manipulation with information assets of the Guarantee System.

The Guarantee System has implemented a range of technical and organisational measures to protect the personal data contained in records from the video devices. These measures are defined in the internal regulations of the Guarantee System. The records are not disclosed to any third parties with the exception of cases when an incident investigation would require disclosure of the records to the law enforcement agencies, courts or administrative authorities in procedures related to the relevant incident.

Rights of data subjects

The Regulation provides data subjects (natural persons whose data are processed) with the following rights in particular:

  • Right to information about personal data processing (Art. 13-14 of the Regulation)
  • Right to access personal data (Art. 15 of the Regulation)
  • Right to rectification of personal data if the controller has inaccurate or incomplete data (Art. 16 of the Regulation)
  • Right to erasure of personal data (Art. 17 of the Regulation)
  • Right to restrict processing (Art. 18 of the Regulation)
  • Right to personal data portability to another controller (Art. 20 of the Regulation)
  • Right to object to the processing of their personal data (Art. 21 of the Regulation)

To apply their rights, the personal data subjects may submit a request using the specimen forms which are available at this link.

In this connection, the Guarantee System states that the application of certain rights with the controller, the Financial Market Guarantee System, may be limited or precluded with regard to the fact that in some cases personal data are processed based on statutory obligations (e.g. personal data processing when paying compensation for receivables from deposits or personal data processing when testing the functionality of the compensation payment system).

Process for submitting and handling requests to apply the rights of personal data subjects:

A request through which the data subject may apply the aforementioned rights may be filed in hardcopy or electronically to the contact addresses .

The request will be handled without undue delay, at latest within a deadline of one month from delivery of the request. If necessary and with respect to the complexity and number of requests, the Guarantee System may extend this deadline by another two months (such potential extension must be explained).

If the data subject does not agree with the manner of handling the request, they may file a complaint against it. The executive committee of the Guarantee Fund will decide about the complaint within one month from delivery of the complaint. Additionally, the data subject may file a complaint to the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Prague 7.

Requests from data subjects are handled free of charge. An exception may apply in situations when the requests are obviously unjustified or unreasonable, in particular due to their repetition.

In this case, the Guarantee System:

- may impose a reasonable fee taking into account the administrative costs related to providing the requested information or communication or to performing the requested actions;

or

- may refuse the request.

The applicant will be informed about the handling of the request or refusal of the request, along with the reason for refusal, by the aforementioned deadline.

Data protection officer

In accordance with the Regulation, the Guarantee System has appointed a data protection officer, whom data subjects may contact regarding matters of personal data processing.

Contact information of the data protection officer:

JUDr. Ing. Zuzana Suchá

Týn 639/1
110 00 Praha 1

Tel: +420 237 762 791

E-mail: zsucha@gsft.cz