PERSONAL DATA PROCESSING
We protect your data. We consider privacy and personal data protection as a primary obligation.
We handle personal data solely in compliance with the valid legislation. We hereby introduce the principles that clarify what we do to ensure the confidentiality and security of the personal data processed and provide information on the rights relating to the personal data processing. This communication is aimed at providing information on the personal data we collect, how we handle such data, the sources from which we obtain such data and for what purposes we use them, to whom we are allowed to provide such data and where you can obtain information on the personal data we process.
Personal data administrator
Burza cenných papírů Praha, a. s. (Identification No. (IČ): 47115629; hereinafter the “BCPP”) is the administrator of the personal data that you provided to the BCPP or your personal data that the BCPP obtained (see the chapter Source of personal data below) to fulfil one purpose or several purposes. The BCPP as the administrator collects the data, disposes therewith and is liable for the due and legal processing of such data. You can exercise your rights with the administrator in the manner specified below.
You can contact the administrator or its data protection officer with queries concerning the personal data processing; the contact data of the administrator and the data protection officer are available at Contacts website.
Basic principles of personal data processing
We follow in particular the following principles when processing personal data:
- when processing personal data, we fulfil all obligations imposed by legal regulations;
- when processing personal data, we act fairly and transparently and exercise our best efforts to restrict
- the purposes and extent of personal data processing to the necessary minimum;
- we exercise our best efforts to ensure that the data subject’s rights and freedoms are not infringed and that
- the data subject is protected against unauthorized interference with the client’s private and personal life;
- we provide information on the personal data processing before the commencement of the contractual relationship or before we provide the relevant service; and
- we have implemented the information security management system (hereinafter “ISMS”) pursuant to standard ČSN ISO/IEC series 27000 (“Information Technologies – Security Techniques – Information Security Management Systems”).
Scope of personal data processing
We only process such data that enable us to provide professional and comfort services to you and to fulfil our legal obligations and contractual undertakings and to protect our rightful interests.
We collect in particular data concerning account owners in book-entered securities registers. Depending on the situation, we also process data on representatives, including members of statutory bodies and employees of the capital market participants, and other contractual partners. We process basic personal data, data on products and services that you use and how you use it, data from our communication and interaction as well as other data so that the scope of such data is reasonable, relevant and restricted to the necessary extent with regard to the purpose for which we collect and process your data. Our main purpose is to provide professional and comfort services to you but we must fulfil our legal obligations and we wish to protect our rightful interests; see below a complete list of the purposes for which we process your data, including a specification of the concrete data processed for the given purpose.
Personal data we process:
- account owner’s identification data (in particular name, surname, title, date of birth, birth registration number or identification number (IČO)) that was provided by the BCPP participants when recording the account owner or any other person in the BCPP register;
- account owner’s contact data (address);
- transaction data concerning in particular transfers of book-entered securities;
- data concerning the account owners identification saved and processed in structures necessary to exercise
- the rights and fulfil the obligations arising:
- from Act No. 256/2004, Coll., the Capital Market Trading Act (hereinafter the “Capital Market Trading Act”);
- from Act No. 253/2008 Providing Certain Measures Against Legalizing Revenues from Criminal Activities and Terrorism Financing (hereinafter the “Anti-Money Laundering Act”);
- on the basis of the obligations arising from the Commission Regulation (EC) No. 1287/2006 implementing Directive No. 2004/39/EC of the European Parliament and of the Council concerning registration duties of investment companies, trades reporting, market transparency, receipt of investment instruments for trading and specification of terms for the purposes of said directive;
- contact data of the contractual partner’s representative;
- other data (bank account number);
- authentication data for our website and data on the use of our website;
- information from external sources, in particular from publicly accessible registers, such as the Companies Register (in particular name, surname and address);
- records of the communication with clients; and
- contact data (in particular e-mail address and telephone number) of persons who agreed with the data processing.
Purposes and period of personal data processing
We process personal data to the necessary extent for the relevant legal purpose, for example to be able to provide the relevant service. The data is typically processed for the purposes of identification of the account owner in the extent of the mandatory account owner data pursuant to the Capital Market Trading Act or processing of identification data of the representatives of issuers and actual owners pursuant to the Anti-Money Laundering Act. We process certain data since it is necessary to protect the rights and interests of our company and of third parties protected by law or for the purposes of fulfilling the rights and obligations arising from agreements. The scope of processing is minimalized and we carefully assess the existence of the rightful interest. In other cases, we only process your data if you so agree.
The purposes of processing include the following categories without the data subject’s consent:
- Fulfilment of the obligations set forth by law – personal data processing is necessary for such purposes due to the fact that such data processing is set forth by law or any other generally binding legal regulation (for example fulfilment of the obligation to act prudently, fulfilment of the notification duty vis-à-vis a supervisory body and public authorities, fulfilment of the obligations concerning enforcement of a resolution, fulfilment of the obligation of the client’s identification and inspection and other obligations in the field of prevention of money laundering and inspection and prevention of market abuse); such regulations include in particular the following:
- European Central Securities Depositories Regulation (CSDR),
- Act No. 256/2004, Coll., the Capital Market Trading Act;
- Act No. 253/2008, Coll., Providing Certain Measures Against Legalizing Revenues from Criminal Activities and Terrorism Financing;
- Act No. 164/2013, Coll., on International Cooperation in Tax Administration;
- Act No. 563/1991, Coll., on Accounting;
- Regulation No. 596/2014 on Market Abuse and Directive No. 2014/57/EU on Criminal Sanctions for Market Abuse;
- Directive No. 2014/65/EC on Markets in Financial Instruments (MIFID II);
- Agreement No. 72/2014, Collection of International Agreements, between the Czech Republic and
- the United States of America on Improving the Adherence to Tax Legislation on an International Scale on Improvement of Compliance with Tax Regulation in International Scope;
- Commission Implementing Decision (EU) No. 2016/1250, on the Adequacy of the Protection Provided by the EU-U.S. Privacy Shield; and
- Act No. 235/2004, Coll., on Value Added Tax.
- The BCPP processes personal data for such purposes for the period set forth by the applicable legal regulations.
- Performance of contractual relationship – personal data processing is necessary for due fulfilment of the rights and obligations arising for the BCPP from the contractual relationship. The administrator processes personal data for such purpose throughout the contractual relationship, unless legal grounds exist to process personal data for a longer period of time.
- Administrator’s rightful interest – personal data processing is necessary for such purpose (such as physical protection of the BCPP’s premises, dispute resolution and protection and enforcement of the rights of participants or issuers, management and collection of claims, analyses and assessment of possible risks, software testing, etc.) To the same extent as for the purposes of performance of a contractual relationship. The administrator processes personal data for such purpose throughout the contractual relationship and until the statute of limitations period arising from the fulfilment of rights and obligations expires on the basis of the relevant contractual relationship.
With the data subject’s consent:
- for other purposes (such as for the possibility to contact the client or for marketing purposes).
The data that you provide us with your consent is provided voluntarily.
We request that you provide other data since the processing of such data is necessary for the performance of the agreement, for the fulfilment of our legal obligations or for the protection of our rightful interests. If you do not provide such data to us, we cannot provide you with the relevant product, service or any other performance for which we request your personal data.
Source of personal data
Depending on the situation, we process data that we received from the BCPP participants, from subjects with which we have concluded an agreement, data that we received during the conclusion of the relevant contractual relationship and the subsequent realization of such relationship, data from publicly available sources and registers, lists and records (such as the Companies Register) and data from third parties, if a special regulation so sets forth. To fulfil a law or a contractual relationship, we may pass on data between us within the framework of our holding group PX (Centrální depozitář cenných papírů, a. s. and Burza cenných papírů Praha, a. s.).
Method of personal data processing
The BCPP processes personal data by automated means and manually.
Provision of personal data to third parties
In principle, we process personal data in our company. We only provide the data to a group company with the data subject’s consent or if it is set forth by law (for example the capital market regulator’s supervision). Where it is necessary to achieve any of the above-mentioned purposes, in particular if the relevant external subject achieved the necessary professional and expert level in the relevant area, your data may be processed by cooperating contractors.
- The BCPP passes personal data of account owners on state supervisory authorities, capital supervision regulator and on other persons to whom it is obliged to provide personal data on the basis of legal regulations, in particular state administrative authorities, courts, law enforcement authorities, supervisory bodies, executors, notaries (court commissioners), financial offices and similar authorities. We are obliged to provide your data to various state and international authorities under the conditions set forth by law.
- The BCPP processes personal data through its own employees as the personal data administrator or through its suppliers. The BCPP shall ensure technical, organizational and personnel measures that lead to a high level of protection and personal data security. If we authorize another person to perform certain activities that constitute a part of our services, the supplier may have access to the relevant personal data.
- The supplier is entitled to handle personal data solely for the purposes and to the extent for which the BCPP has contractually been authorized. In such event, your consent is not required for the performance of the activities since such processing is allowed directly by a legal regulation. Where we use cloud storage sites, a high level of the data security is ensured.
- Suppliers outside the PX group include in particular the following:
- IT services providers, including cloud storage sites;
- subjects collecting our claims;
- attorneys; and
- press and postal services providers.
- Suppliers outside the PX group include in particular the following:
- In the field of registration of book-entered securities, data is provided for processing to third parties, for whose purposes book-entered investment instruments are registered, in particular issuers of book-entered securities, including foreign issuers, other central depositories such as Euroclear and Clearstream and custodians. In the case of foreign registering subjects, personal data is provided to the extent set forth by local legislation.
Data subject’s rights
We process personal data transparently, fairly and in compliance with the law. You have the right to access your data, right to explanation as well as other rights if you believe that the processing is not correct. You can also file a complaint with the Personal Data Protection Office. You can exercise your rights in the relevant company from our group with which you have a relationship.
If you have any queries connected with personal data processing or if you wish to exercise your rights, you can contact the administrator’s data protection officer whose contact data is stated on Contacts website. You can also contact the administrator in writing at the address, which is also stated on Contacts website.
Right of access to personal data and right to be informed – You are entitled to access your personal data, in particular the information on the processing of your personal data. Such right does not apply to any data contained in the property account statement; such data is provided to account owners through the BCPP participants in compliance with the Capital Market Trading Act, without prejudice to third-party rights. For repeated requests, the BCPP and the participants may request reasonable compensation that must not exceed the costs necessary for the provision of the information.
Right to personal data correction – If your personal data is incorrect or inaccurate you may request correction of such data. It is possible to request completion of incomplete data taking into account the purposes for which the data is processed. In compliance with the Capital Market Trading Act, such right does not apply to owners of unclassified accounts where the personal data is adjusted by the BCPP’s participant after the contractual relationship is concluded with the owner of an unclassified account.
Right to removal – You are entitled that your personal data be removed if our processing is unauthorized.
Right to raise an objection – Should the BCPP breach its obligations concerning collecting or processing of personal data, you are entitled to request that the BCPP provides an explanation of such conduct, refrains from such conduct or remedies the relevant situation. You are also entitled to contact the Personal Data Protection Office with your initiatives.
Other rights – You have the right to restrict the processing and the right to data transferability under the conditions set forth by law.
Do you wish to restrict marketing?
If you gave us your consent for marketing or if you receive newsletters from us for any other rightful reasons, you may withdraw your consent at any time or you may unsubscribe our newsletters in the following manners:
- the possibility to cancel the sending of our newsletters is incorporated directly in our newsletters;
- if you no longer wish that we call you, please inform us during a telephone conversation; or
- you can inform us at our registered office or in writing that you no longer wish to receive our newsletters.
If you wish to restrict or withdraw your consent with data processing and sharing for marketing purposes, please fill in this document and send it to us to firstname.lastname@example.org. You may also change the setting of your consent at some of our electronic portals.
We inform you that if you restrict marketing, we may contact you for the servicing purposes, and therefore we may use your contact data to send you servicing messages and for purposes other than marketing.
Visitors of our website may withdraw their consent to processing of cookies in the manner stated further.
Cookies – what are they and why are they used?
Cookie is the information that is saved in the end user’s device as a small text file whenever the user visits a website. It is the information that is necessary for correct functioning of the website. Cookies are used by most websites. Cookies are used also for correct determination of the duration of the visit to the website. Cookies help you remember your activities and preferences for a certain period of time so that you need not enter them again when you return to the website or if you switch from a website to another website. The information is used to optimize the provided services through such website. For more information please go to www.allaboutcookies.org.
Consent to using cookies
What types of cookies are used on the website?
Temporary cookies (session cookies) are used for the duration of a visit to the website. These cookies are needed to be able to use the personalized service zone of the website (My Exchange). They make it possible to process the registration and later on correctly assign it to the profile of the user when logging in. When a user leaves the website, session cookies are automatically deleted.
Persistent cookies are used, for example, to record page hits and user hits on websites. They are used to analyse data and may be retrieved by Prague Stock Exchange for statistics and reports. The evaluation is used for optimizing the content and to improve the functionality of the website (error correction). Google Analytics is used for the evaluation. The users' IP addresses are anonymized. Further details are available at support.google.com/analytics/answer/2763052
Further details such as types of cookies used, lifetime of cookies, etc. are available at developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Information about the web analytics service
Administration of cookie settings
Users may change their acceptance or rejection of cookies at any time in their browser settings.
Deletion of cookies
You can delete cookies in your browser, usually in its history settings.
Blocking of cookies
You can block cookies from being placed on your computer. A few examples of this setting for the most popular browsers are given below.
Click on the menu button at the top and choose “Options”. After selecting “Privacy”, the submenu “History” opens a pull-down list with “Firefox will:”; here you select “Use custom settings for history” where you may then choose your individual preferences by clicking on “Accept Cookies”.
Should you use other browsers on your end device, please read the details for the respective menu items (Help) for the browser.
Google Analytics Opt-out Browser Add-on
If you want to prevent Google Analytics cookies, download and install the Browser-Add-on.