Personal Data Processing and Cookies

Personal Data Processing

We protect your data. We consider privacy and personal data protection as a primary obligation.

We handle personal data solely in compliance with the valid legislation. We hereby introduce the principles that clarify what we do to ensure the confidentiality and security of the personal data processed and provide information on the rights relating to the personal data processing. This communication is aimed at providing information on the personal data we collect, how we handle such data, the sources from which we obtain such data and for what purposes we use them, to whom we are allowed to provide such data and where you can obtain information on the personal data we process.

Personal data administrator

Burza cenných papírů Praha, a. s. (Identification No. (IČ): 47115629; hereinafter the “BCPP”) is the administrator of the personal data that you provided to the BCPP or your personal data that the BCPP obtained (see the chapter Source of personal data below) to fulfil one purpose or several purposes. The BCPP as the administrator collects the data, disposes therewith and is liable for the due and legal processing of such data. You can exercise your rights with the administrator in the manner specified below.

You can contact the administrator or its data protection officer with queries concerning the personal data processing; the contact data of the administrator and the data protection officer are available at Contacts website.

Basic principles of personal data processing

We follow in particular the following principles when processing personal data:

• when processing personal data, we fulfil all obligations imposed by legal regulations;
• when processing personal data, we act fairly and transparently and exercise our best efforts to restrict 
• the purposes and extent of personal data processing to the necessary minimum; 
• we exercise our best efforts to ensure that the data subject’s rights and freedoms are not infringed and that 
• the data subject is protected against unauthorized interference with the client’s private and personal life;
• we provide information on the personal data processing before the commencement of the contractual relationship or before we provide the relevant service; and
• we have implemented the information security management system (hereinafter “ISMS”) pursuant to standard ČSN ISO/IEC series 27000 (“Information Technologies – Security Techniques – Information Security Management Systems”).

Scope of personal data processing

We only process such data that enable us to provide professional and comfort services to you and to fulfil our legal obligations and contractual undertakings and to protect our rightful interests. 

We collect in particular data concerning account owners in book-entered securities registers. Depending on the situation, we also process data on representatives, including members of statutory bodies and employees of the capital market participants, and other contractual partners. We process basic personal data, data on products and services that you use and how you use it, data from our communication and interaction as well as other data so that the scope of such data is reasonable, relevant and restricted to the necessary extent with regard to the purpose for which we collect and process your data. Our main purpose is to provide professional and comfort services to you but we must fulfil our legal obligations and we wish to protect our rightful interests; see below a complete list of the purposes for which we process your data, including a specification of the concrete data processed for the given purpose. 

Personal data we process:

• account owner’s identification data (in particular name, surname, title, date of birth, birth registration number or identification number (IČO)) that was provided by the BCPP participants when recording the account owner or any other person in the BCPP register; 
• account owner’s contact data (address);
• transaction data concerning in particular transfers of book-entered securities;
• data concerning the account owners identification saved and processed in structures necessary to exercise 
• the rights and fulfil the obligations arising:
  • from Act No. 256/2004, Coll., the Capital Market Trading Act (hereinafter the “Capital Market Trading Act”);
  • from Act No. 253/2008 Providing Certain Measures Against Legalizing Revenues from Criminal Activities and Terrorism Financing (hereinafter the “Anti-Money Laundering Act”);
  • on the basis of the obligations arising from the Commission Regulation (EC) No. 1287/2006 implementing Directive No. 2004/39/EC of the European Parliament and of the Council concerning registration duties of investment companies, trades reporting, market transparency, receipt of investment instruments for trading and specification of terms for the purposes of said directive;
• contact data of the contractual partner’s representative;
• other data (bank account number);
• authentication data for our website and data on the use of our website;
• information from external sources, in particular from publicly accessible registers, such as the Companies Register (in particular name, surname and address);
• records of the communication with clients; and
• contact data (in particular e-mail address and telephone number) of persons who agreed with the data processing.

Purposes and period of personal data processing

We process personal data to the necessary extent for the relevant legal purpose, for example to be able to provide the relevant service. The data is typically processed for the purposes of identification of the account owner in the extent of the mandatory account owner data pursuant to the Capital Market Trading Act or processing of identification data of the representatives of issuers and actual owners pursuant to the Anti-Money Laundering Act. We process certain data since it is necessary to protect the rights and interests of our company and of third parties protected by law or for the purposes of fulfilling the rights and obligations arising from agreements. The scope of processing is minimalized and we carefully assess the existence of the rightful interest. In other cases, we only process your data if you so agree. 

The purposes of processing include the following categories without the data subject’s consent:

• Fulfilment of the obligations set forth by law – personal data processing is necessary for such purposes due to the fact that such data processing is set forth by law or any other generally binding legal regulation (for example fulfilment of the obligation to act prudently, fulfilment of the notification duty vis-à-vis a supervisory body and public authorities, fulfilment of the obligations concerning enforcement of a resolution, fulfilment of the obligation of the client’s identification and inspection and other obligations in the field of prevention of money laundering and inspection and prevention of market abuse); such regulations include in particular the following:
  • European Central Securities Depositories Regulation (CSDR),
  • Act No. 256/2004, Coll., the Capital Market Trading Act;
  • Act No. 253/2008, Coll., Providing Certain Measures Against Legalizing Revenues from Criminal Activities and Terrorism Financing;
  • Act No. 164/2013, Coll., on International Cooperation in Tax Administration;
  • Act No. 563/1991, Coll., on Accounting;
  • Regulation No. 596/2014 on Market Abuse and Directive No. 2014/57/EU on Criminal Sanctions for Market Abuse;
  • Directive No. 2014/65/EC on Markets in Financial Instruments (MIFID II);
  • Agreement No. 72/2014, Collection of International Agreements, between the Czech Republic and 
  • the United States of America on Improving the Adherence to Tax Legislation on an International Scale on Improvement of Compliance with Tax Regulation in International Scope;
  • Commission Implementing Decision (EU) No. 2016/1250, on the Adequacy of the Protection Provided by the EU-U.S. Privacy Shield; and
  • Act No. 235/2004, Coll., on Value Added Tax.
The BCPP processes personal data for such purposes for the period set forth by the applicable legal regulations.
• Performance of contractual relationship – personal data processing is necessary for due fulfilment of the rights and obligations arising for the BCPP from the contractual relationship. The administrator processes personal data for such purpose throughout the contractual relationship, unless legal grounds exist to process personal data for a longer period of time.
• Administrator’s rightful interest – personal data processing is necessary for such purpose (such as physical protection of the BCPP’s premises, dispute resolution and protection and enforcement of  the rights of participants or issuers, management and collection of claims, analyses and assessment of possible risks, software testing, etc.) To the same extent as for the purposes of performance of a contractual relationship. The administrator processes personal data for such purpose throughout the contractual relationship and until the statute of limitations period arising from the fulfilment of rights and obligations expires on the basis of the relevant contractual relationship.

With the data subject’s consent:

• for other purposes (such as for the possibility to contact the client or for marketing purposes).

The data that you provide us with your consent is provided voluntarily. 

We request that you provide other data since the processing of such data is necessary for the performance of the agreement, for the fulfilment of our legal obligations or for the protection of our rightful interests. If you do not provide such data to us, we cannot provide you with the relevant product, service or any other performance for which we request your personal data. 

Source of personal data

Depending on the situation, we process data that we received from the BCPP participants, from subjects with which we have concluded an agreement, data that we received during the conclusion of the relevant contractual relationship and the subsequent realization of such relationship, data from publicly available sources and registers, lists and records (such as the Companies Register) and data from third parties, if a special regulation so sets forth. To fulfil a law or a contractual relationship, we may pass on data between us within the framework of our holding group PX (Centrální depozitář cenných papírů, a. s. and Burza cenných papírů Praha, a. s.).

Method of personal data processing

The BCPP processes personal data by automated means and manually.

Provision of personal data to third parties

In principle, we process personal data in our company. We only provide the data to a group company with the data subject’s consent or if it is set forth by law (for example the capital market regulator’s supervision). Where it is necessary to achieve any of the above-mentioned purposes, in particular if the relevant external subject achieved the necessary professional and expert level in the relevant area, your data may be processed by cooperating contractors.

• The BCPP passes personal data of account owners on state supervisory authorities, capital supervision regulator and on other persons to whom it is obliged to provide personal data on the basis of legal regulations, in particular state administrative authorities, courts, law enforcement authorities, supervisory bodies, executors, notaries (court commissioners), financial offices and similar authorities. We are obliged to provide your data to various state and international authorities under the conditions set forth by law.
• The BCPP processes personal data through its own employees as the personal data administrator or through its suppliers. The BCPP shall ensure technical, organizational and personnel measures that lead to a high level of protection and personal data security. If we authorize another person to perform certain activities that constitute a part of our services, the supplier may have access to the relevant personal data. 
• The supplier is entitled to handle personal data solely for the purposes and to the extent for which the BCPP has contractually been authorized. In such event, your consent is not required for the performance of the activities since such processing is allowed directly by a legal regulation. Where we use cloud storage sites, a high level of the data security is ensured.
  • Suppliers outside the PX group include in particular the following:
    • Centrální depozitář cenných papírů, a.s.,
    • IT services providers, including cloud storage sites;
    • subjects collecting our claims;
    • attorneys; and
    • press and postal services providers.

We process personal data transparently, fairly and in compliance with the law. You have the right to access your data, right to explanation as well as other rights if you believe that the processing is not correct. You can also file a complaint with the Personal Data Protection Office. You can exercise your rights in the relevant company from our group with which you have a relationship.

If you have any queries connected with personal data processing or if you wish to exercise your rights, you can contact the administrator’s data protection officer whose contact data is stated on Contacts website. You can also contact the administrator in writing at the address, which is also stated on Contacts website.

Right of access to personal data and right to be informed – You are entitled to access your personal data, in particular the information on the processing of your personal data. Such right does not apply to any data contained in the property account statement; such data is provided to account owners through the BCPP participants in compliance with the Capital Market Trading Act, without prejudice to third-party rights. For repeated requests, the BCPP and the participants may request reasonable compensation that must not exceed the costs necessary for the provision of the information. 

Right to personal data correction – If your personal data is incorrect or inaccurate you may request correction of such data. It is possible to request completion of incomplete data taking into account the purposes for which the data is processed. In compliance with the Capital Market Trading Act, such right does not apply to owners of unclassified accounts where the personal data is adjusted by the BCPP’s participant after the contractual relationship is concluded with the owner of an unclassified account. 

Right to removal – You are entitled that your personal data be removed if our processing is unauthorized.

Right to raise an objection – Should the BCPP breach its obligations concerning collecting or processing of personal data, you are entitled to request that the BCPP provides an explanation of such conduct, refrains from such conduct or remedies the relevant situation. You are also entitled to contact the Personal Data Protection Office with your initiatives.

Other rights – You have the right to restrict the processing and the right to data transferability under the conditions set forth by law.

Do you wish to restrict marketing?

If you gave us your consent for marketing or if you receive newsletters from us for any other rightful reasons, you may withdraw your consent at any time or you may unsubscribe our newsletters in the following manners: 

• the possibility to cancel the sending of our newsletters is incorporated directly in our newsletters;
• if you no longer wish that we call you, please inform us during a telephone conversation; or
• you can inform us at our registered office or in writing that you no longer wish to receive our newsletters.

If you wish to restrict or withdraw your consent with data processing and sharing for marketing purposes, please fill in this document and send it to us to info(a)pse.cz. You may also change the setting of your consent at some of our electronic portals.

We inform you that if you restrict marketing, we may contact you for the servicing purposes, and therefore we may use your contact data to send you servicing messages and for purposes other than marketing. 

Visitors of our website may withdraw their consent to processing of cookies in the manner stated further.

Cookies

This website uses cookies to enhance your comfort and to improve your browsing experience.

Cookies – what are they and why are they used?

Cookie is the information that is saved in the end user’s device as a small text file whenever the user visits a website. It is the information that is necessary for correct functioning of the website. Cookies are used by most websites. Cookies are used also for correct determination of the duration of the visit to the website. Cookies help you remember your activities and preferences for a certain period of time so that you need not enter them again when you return to the website or if you switch from a website to another website. The information is used to optimize the provided services through such website. For more information please go to www.allaboutcookies.org.

Users may decide whether to accept or refuse cookies. Such decision may be changed at any time in the browser setting. More information is stated below. The use of My Exchange service is conditional upon acceptance of cookies.

Consent to using cookies

By visiting and browsing this website, you agree with using cookies. You can remove cookies or refuse the use of cookies in advance in your browser setting. If you do so, there is a probability you need to manually modify several settings every time you visit the website and certain services or functions may not operate.

What types of cookies are used on the website? 

Functional cookies

Temporary cookies (session cookies) are used for the duration of a visit to the website. These cookies are needed to be able to use the personalized service zone of the website (My Exchange). They make it possible to process the registration and later on correctly assign it to the profile of the user when logging in. When a user leaves the website, session cookies are automatically deleted. 

Persistent cookies 

Persistent cookies are used, for example, to record page hits and user hits on websites. They are used to analyse data and may be retrieved by Prague Stock Exchange for statistics and reports. The evaluation is used for optimizing the content and to improve the functionality of the website (error correction). Google Analytics is used for the evaluation. The users' IP addresses are anonymized. Further details are available at support.google.com/analytics/answer/2763052

Further details such as types of cookies used, lifetime of cookies, etc. are available at developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Information about the web analytics service

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.  Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.  You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website.  By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. 

Administration of cookie settings

Users may change their acceptance or rejection of cookies at any time in their browser settings.

Deletion of cookies

You can delete cookies in your browser, usually in its history settings.

Blocking of cookies

You can block cookies from being placed on your computer. A few examples of this setting for the most popular browsers are given below. 

Internet Explorer

support.microsoft.com/cs-cz/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox 

Click on the menu button at the top and choose “Options”. After selecting “Privacy”, the submenu “History” opens a pull-down list with “Firefox will:”; here you select “Use custom settings for history” where you may then choose your individual preferences by clicking on “Accept Cookies”. 

Safari

support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Chrome 

support.google.com/accounts/answer/61416

Should you use other browsers on your end device, please read the details for the respective menu items (Help) for the browser. 

Google Analytics Opt-out Browser Add-on

If you want to prevent Google Analytics cookies, download and install the Browser-Add-on. 

Note

Prague Stock Exchange points out that this Cookie Policy is subject to change at any time and retains the right to make modifications.