Information about personal data processing

Information about personal data processing

The Financial Market Guarantee System (hereinafter the “Guarantee System”) processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”), and in accordance with the law on personal data processing and related legal regulations.

Purposes of personal data processing in the Guarantee System

The Guarantee System processes personal data for the following purposes:

-   Processing personal data when paying compensation of receivables from deposits pursuant to Section 41a et seq. of Act No. 21/1992 Coll., on banks, as amended (hereinafter the “Act on Banks”)

-   Processing personal data when testing the functionality of the compensation payment system pursuant to Section 41n of the Act on Banks

-   Processing the personal data of employees and members of bodies of the Guarantee System

-   Processing personal data for the purpose of organising award procedures (including employment applicants) and concluding contracts

-   Processing personal data when handling requests for information

-   Processing personal data required for legal disputes

If the Guarantee System occasionally processes personal data for a purpose not specified herein, it will always ensure that such processing is legal.

Processing personal data of bank, credit union and building society clients

The Guarantee System processes personal data of the clients of banks, credit unions and building societies (hereinafter the “bank”) only for the purpose of (a) paying compensation of receivables from deposits and (b) testing the functionality of the system for paying compensation of receivables from deposits. Both of these processing methods are necessary to perform the statutory obligations of the Guarantee System to compensate receivables from deposits under statutory conditions (Section 41a et seq of the Act on Banks) and to regularly test the functionality of the payment system (Section 41n of the Act on Banks). In the case of payment of compensation for receivables from deposits, the clients’ personal data are provided to the paying institution for the performance of the payment. In the case of testing the functionality of the payment system, the clients’ personal data are deleted from the Guarantee System environment immediately after the test is performed. The personal data of bank clients for the purpose of paying compensation for receivables from deposits and for the purpose of testing the functionality of the payment system are processed by automated means. To ensure the confidentiality of bank clients’ personal data, the Guarantee System has adopted adequate organisational and technical measures, including personal data encryption. The Guarantee System does not provide bank clients’ personal data to countries outside the European Union. Bank clients’ personal data are provided to other European Union Member States only if they are clients of a foreign branch of a Czech bank, where the payment of compensation to clients of this foreign branch is ensured by the Guarantee System through the foreign deposit insurance system. The personal data of bank clients designated for specific payments of compensation for receivables from deposits are erased in accordance with the Guarantee System’s internal regulations after the passing of the deadline for compensation payment, the termination of insolvency proceedings concerning the respective former bank, or deletion of the respective former bank from the commercial register in the case of the winding up of the bank, depending on which occurs later.

Rights of data subjects

The Regulation provides data subjects (natural persons whose data are processed) with the following rights in particular:

-   Right to information about personal data processing (Art. 13-14 of the Regulation)

-   Right to access personal data (Art. 15 of the Regulation)

-   Right to rectification of personal data if the controller has inaccurate or incomplete data (Art. 16 of the Regulation)

-   Right to erasure of personal data (Art. 17 of the Regulation)

-   Right to restrict processing (Art. 18 of the Regulation)

-   Right to personal data portability to another controller (Art. 20 of the Regulation)

-   Right to object to the processing of their personal data (Art. 21 of the Regulation)

To apply their rights, the personal data subjects may submit a request using the specimen forms which are available at this link .

In this connection, the Guarantee System states that the application of certain rights with the controller, the Financial Market Guarantee System, may be limited or precluded with regard to the fact that in some cases personal data are processed based on statutory obligations (e.g. personal data processing when paying compensation for receivables from deposits or personal data processing when testing the functionality of the compensation payment system).

 

Process for submitting and handling requests to apply the rights of personal data subjects:

A request through which the data subject may apply the aforementioned rights may be filed in hardcopy or electronically to the contact addresses .

The request will be handled without undue delay, at latest within a deadline of one month from delivery of the request. If necessary and with respect to the complexity and number of requests, the Guarantee System may extend this deadline by another two months (such potential extension must be explained).

If the data subject does not agree with the manner of handling the request, they may file a complaint against it. The executive committee of the Guarantee Fund will decide about the complaint within one month from delivery of the complaint. Additionally, the data subject may file a complaint to the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Prague 7.

Requests from data subjects are handled free of charge. An exception may apply in situations when the requests are obviously unjustified or unreasonable, in particular due to their repetition.

In this case, the Guarantee System:

-  may impose a reasonable fee taking into account the administrative costs related to providing the requested information or communication or to performing the requested actions;

or

-  may refuse the request.

The applicant will be informed about the handling of the request or refusal of the request, along with the reason for refusal, by the aforementioned deadline.

 

Data protection officer

In accordance with the Regulation, the Guarantee System has appointed a data protection officer, whom data subjects may contact regarding matters of personal data processing.

Contact information of the data protection officer:

JUDr. Ing. Zuzana Suchá

Týn 639/1
110 00 Praha 1

Phone: +420 234 767 671

E-mail: zsucha@gsft.cz