Personal Data Processing Principles
Cash Collectors Servicing s.r.o., with its registered office at Na Florenci 1332/23, Nové Město, 110 00 Prague 1, Company ID: 28893042, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 151498 (“the Company” or “we”), treats all processed personal data as strictly confidential and handles them in accordance with applicable data protection laws. The security of your personal data is a priority for the Company.
The Company is, within the meaning of the General Data Protection Regulation (EU) 2016/679 (GDPR), the controller of your personal data, i.e., it collects, stores, and uses (otherwise processes) your personal data for the performance of its business activities (the specific purposes for which personal data are processed are defined below), which consist mainly of the management and collection of receivables.
These Personal Data Processing Principles apply to:
(i) the processing of personal data by the Company during your use of the website www.cashcollectors.cz (“Website”),
(ii) the processing of personal data by the Company during communication with you via email or telephone,
(iii) the processing of personal data by the Company during the course of business relationships with clients and suppliers,
(iv) the processing of personal data in the fulfillment of the Company’s legal obligations,
(v) the processing of personal data necessary for the purposes of protecting the legitimate interests of the Company.
The Personal Data Processing Principles describe the purposes and methods of personal data processing, inform about the categories of processed personal data, their possible recipients, retention periods, and your rights in relation to data protection.
Purposes of Personal Data Processing
Your personal data may be processed by the Company for the following purposes:
- Performance of a contract, including its negotiation – contracts for the management and collection of receivables or fulfillment of specific client requests, i.e., the actual performance of the Company’s main activity; relationships with business partners or suppliers of products and services; recruitment activities – hiring employees and cooperating persons;
- Fulfillment of legal obligations – especially obligations under accounting and tax legislation, i.e., providing personal data to tax authorities or other public authorities in accordance with applicable laws; including email communication, contact lists, and provided services;
- Sending commercial communications and offering services – the Company may send commercial communications or newsletters and offer services via email;
- Protection of the Company’s legitimate interests – protection of the rights and legally protected interests of the Company, such as identification of persons at the Company’s reception, client identification under Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime, as amended, protection of the network against harmful conduct, or protection against misuse of the Website;
- Protection of the legitimate interests of third parties (especially clients) – in accordance with the Code of Ethics of the Association of Collection Agencies and other applicable regulations, especially for the purpose of debt collection;
- Handling requests (mainly from debtors) submitted via electronic forms.
Processed Personal Data
The Company is entitled to process the following personal data depending on the purpose of processing:
| Data Subject Information | Purposes of Processing |
|---|---|
| Name and surname | Performance of contract, Fulfillment of legal obligations, Sending commercial communications and offers, Protection of legitimate interests of controllers, Handling requests via electronic forms |
| Contact address | Performance of contract, Fulfillment of legal obligations, Sending commercial communications and offers, Protection of legitimate interests of controllers, Handling requests via electronic forms |
| Performance of contract, Fulfillment of legal obligations, Sending commercial communications and offers, Protection of legitimate interests of controllers, Handling requests via electronic forms | |
| Phone number | Performance of contract, Fulfillment of legal obligations, Sending commercial communications and offers, Protection of legitimate interests of the Company and third parties, Handling requests via electronic forms |
| Account number and other transaction data | Performance of contract, Fulfillment of legal obligations, Protection of legitimate interests of the controller |
| Company ID, VAT number | Performance of contract, Fulfillment of legal obligations, Protection of legitimate interests of the controller |
| Birth number | Performance of contract, Fulfillment of legal obligations |
| Date of birth | Performance of contract, Fulfillment of legal obligations |
| Data relating to the debtor and related to debt collection | Protection of legitimate interests of third parties |
| Any other information relating to the client or third parties | Performance of contract, Fulfillment of legal obligations, Protection of legitimate interests of third parties |
Personal data are processed by the Company both manually and automatically/electronically. The Company is entitled to collect, store, and use certain information by automated means, e.g., statistical information whenever you visit the Web Portal.
Sources of Debtor Personal Data
Creditor
If the creditor instructs the Company to collect a receivable and for this purpose provides the Company with the debtor’s personal data, the Company is, from the GDPR perspective, a processor of such personal data and acts according to the creditor’s instructions.
Assignment of Receivable
According to Section 1879 of the Civil Code (Act No. 89/2012 Coll.), the creditor may assign the entire receivable or part thereof to another person (assignee) without the debtor’s consent. If the receivable is assigned to the Company as the new creditor, the Company becomes the controller of the personal data with all rights and obligations. Assignment of a receivable is the realization of the creditor’s legitimate interest and does not require the debtor’s consent to personal data processing under the GDPR.
Public Registers
- ARES
- VAT register
- Trade Licensing Register
- Public Register and Collection of Deeds
- Commercial Register
- Register of Insolvencies
- Insolvency Register
- Register of Trust Funds
- Register of Beneficial Owners
- Land Register
- Bank Debtor Registers
- Non-bank Debtor Registers
Use of data from public sources is possible only if the purposes of their publication are compatible with the purposes for which the data are to be used. The Company has conducted a compatibility test with a positive result.
GEPARD Application
The GEPARD Application (“Application”) allows obtaining personal data from open sources. The operator of the Application, SOLIDIS s.r.o., ensures compliance with GDPR and other applicable data protection legislation. The Application is used to obtain debtor contact details and, if necessary, those of related persons, only if the Company does not have up-to-date contact details or if previous contact attempts have failed.
Methods of Contacting Debtors
To contact a debtor, the Company may use all contact personal data for which it has a legal basis, including (i) standard postal services, (ii) electronic means (e.g., SMS, email), and (iii) digital services to which the debtor has registered (e.g., WhatsApp).
Processing Personal Data of Persons Close to Debtors
If it is not possible to obtain the debtor’s contact details, the Company may seek contact details of a person close to the debtor to achieve the purpose of debt collection and protection of the data subject from over-indebtedness. If the Company obtains only the necessary personal data of such a person (usually name, surname, phone, address), this person may be contacted by a trained employee in accordance with the Company’s internal regulations.
A balancing test has confirmed that the Company’s interest in processing personal data of persons close to debtors outweighs the data subjects’ interest in privacy (and may even benefit the data subject).
Processing of Personal Data Based on Consent
If you give the Company consent to process personal data for the purpose of sending personalized marketing communications (which may include profiling) or for contacting you with offers via email or phone, you acknowledge that providing this consent is voluntary and may be withdrawn at any time in writing to the Company’s address or via the link in the commercial communication email. Consent is valid until withdrawn. Not providing consent does not affect contract performance.
Personal Data of Third Parties
Personal data of third parties, such as employees and customers of the Company’s clients or suppliers and other individuals involved in cooperation with the Company, or other data received from a client or supplier in connection with a contract, will be processed in accordance with applicable data protection laws. These personal data will be used for contract fulfillment and retained for the duration of the contractual relationship and as required by law.
Recipients of Personal Data
The Company discloses your personal data only to authorized employees, cooperating persons, or individual processors contractually engaged by the Company, or to other controllers, always only to the extent necessary and based on a legal basis.
The Company is authorized or obliged by law to provide certain personal data to law enforcement or other public authorities.
Retention Period of Personal Data
Your personal data are processed and stored for the period necessary to ensure all rights and obligations arising from the relevant contractual relationship and for the period required by law or for which you have given consent. Otherwise, the period is determined by the purpose of processing or by data protection laws.
| Purpose of Processing | Retention Period |
|---|---|
| Performance of contract | For the duration of the contractual relationship and for 10 years after its termination |
| Fulfillment of legal obligations | For the period specified by the relevant law |
| Sending commercial communications and offers | For the duration of consent or until consent is withdrawn, or as required by special legal regulations* |
| Protection of legitimate interests of controllers | For a maximum of 3 years from the start of processing, unless otherwise required by law, or longer if justified by a specific case |
| Protection of legitimate interests of third parties | For the duration of debt collection or other legitimate interest and for 5 years after its conclusion |
| Handling requests via electronic forms | For the period necessary to process the request |
*The Company is entitled to process your email address under Section 7(3) of Act No. 480/2004 Coll., on certain information society services, for sending commercial communications regarding its own services and products unless you have refused such communications.
Data Subject Right
The data subject has rights under the law, which may be exercised at any time: (i) right of access, (ii) right to rectification, (iii) right to erasure, (iv) right to restriction of processing, (v) right to data portability, (vi) right to object, and (vii) right to contact the supervisory authority (in the Czech Republic, the Office for Personal Data Protection, www.uoou.cz).
- Right of access: You have the right to know whether the Company processes your personal data and, if so, to access them.
- Right to rectification: If you believe the Company processes inaccurate or incomplete data about you, you may request correction or completion.
- Right to erasure: You may request erasure if (i) data are no longer needed, (ii) processing is unlawful, (iii) you object and there are no overriding legitimate grounds, or (iv) there is no legal obligation to process.
- Right to object: You may object to processing for public interest or legitimate interest purposes. If the Company does not demonstrate compelling legitimate grounds, processing will be stopped.
- Right to restriction: You may request restriction if you contest accuracy, processing is unlawful, you need data for legal claims, or pending an objection.
- Right to data portability: You may request transfer of your data to a third party if processed electronically based on contract or consent.
In the case of repeated or manifestly unfounded requests, the Company may charge a reasonable fee or refuse to act.
Further information is provided by the Data Protection Officer (FairData Professionals a.s., Na Florenci 1332/23, Nové Město, 110 00 Prague 1, Company ID: 06149961) at dpo@cashcollectors.cz. To exercise your rights, contact the Company in writing at its registered office or by email at dpo@cashcollectors.cz.
The Company reserves the right to reasonably verify the identity of the data subject exercising these rights.
Supervision of privacy and personal data protection in the Czech Republic is carried out by the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, tel.: 234 665 111, web: www.uoou.cz.
These Personal Data Processing Principles are effective from 25 May 2018 and will be regularly updated. The current version is always available at https://cashcollectors.cz/privacy-policy-2/.
Date of last update: July 2023
