Rules of Processing Personal Data
PLEASE KINDLY READ THESE RULES OF PROCESSING PERSONAL DATA ISSUED AND APPLIED BY FIFTYFIVE s.r.o. (hereinafter these rules also referred to as the “55 Data Protection Rules”).
1. Personal Data
1.1 Personal data means any data relating to an identified or identifiable, directly or indirectly, natural person, or any personal data as set forth under applicable laws, and as collected or processed by the Company identified in Section 2.1 below (further also referred to as the “Data”).
2. Application of the 55 Data Introductory Provisions
2.1. The 55 Data Protection Rules have been issued by FIFTYFIVE s.r.o., a Czech business corporation with limited liability, with its registered office at Uruguayská 78/12, Vinohrady, Praha 2, 120 00, and with its operating office at Jana Masaryka 43, Vinohrady, Praha 2, 120 00, as entered in the Commercial Register maintained by the Městský soud v Praze (in English: Municipal Court in Prague), File Ref. C117464, ID 27591123 (further also referred to as “we” or the “Company”).
2.2. The 55 Data Protection Rules apply to the Company´s collecting and processing of individuals´ Data, including but not limited to Data of people interested in the Company´s services, and those to whom the Company is providing its services or has worked for in the past (further also referred to as “you” or the “User”).
2.3. The below identification of the scope of use of your Data is related to the services the Company provides, i.e. real estate and intermediation services, with focus on intermediation of leases to expats and students, collection of rent and service payments for landlords, administrative services related to leases, facility management (including building facility management for co-owner associations, apartment management for individual or corporate owners), or management of its own properties.
2.4. The 55 Data Protection Rules are applied for your protection, as well as that of the legal interests of the Company.
3. How Does the Company Receives the Data
3.1. The Data are primarily provided to the Company by you or by an entity or individual with whom you have typically entered or shall enter into a contractual relationship or of whom you are a partner, member or director.
3.2. Further to specify the sources defined in Section 3.1 above, it is set forth that due to its facility management operations, the Company receives Data from third parties, including co-owner associations and its statutory bodies, regarding its members.
3.3. Data may be provided to us in electronic format or hard copy and are typically processed in electronic format, including inserted in our databases of contractual partners, for payment collection and evidentiary purposes for our satisfaction of the contractual obligations the Company has.
4. Securing of the Data
4.1. The Company protects the electronic Data under a sophisticated digital security system. The Company periodically reviews the data security and shall adjust is for your Data´s protection, if needed.
4.2. The devices on which the Data is processed by the Company are secured by password (with access of one individual only and changed at least once every 6 months), anti-virus software and emails (enclosures) sent by the company and containing Data are protected by coding or other measures as approved under the data protection laws, if any. Data stored on cloud or are protected under the sophisticated data protection system of the providers of such storage.
4.3. The Data received in other than electronic format, e.g., in hard copy, are archived for the necessary time period in the Company´s offices at Jana Masaryka 43, Vinohrady, Praha 2, 120 00. The main entrance to the building (courtyard) is closed, the entrance to the office is secured by double locked doors and the files are locked, with access by the office manager.
4.4. The management of some of our services is done through a platform run by FLATSWIRE (further the “Platform Manager”), which may process your Data, but is restricted from using the Data for other purposes than the administration thereof for the Company. The Platform Manager secures the Data by the highest security system as well.
4.5. Protection of Data from abuse. The Company protects your Data from abuse by third parties through technology. The Company controls and optimizes the technical security solutions, and, in the event of a suspected breach of security, or in the event of an established breach of security, informs the competent authorities and / or you, in accordance with its legal obligations. Please take care to protect the Data you enter such as your user name and password and use an appropriate and secure email account.
4.6. Suspected abuse of the Data.
4.6.1. If you suspect that your Data has been or could be abused, please contact the Company by email at the email set forth in the concluding provision of the 55 Data Protection Rules.
4.6.2. If the Company suspects that there has been a breach of Data security, the Company will inform you as required by the Regulation and / or the Act.
4.6.3. If the Company suspects there has been a breach of Data security, and when required by the Regulation and / or the Act, the Company shall inform the supervisory authority of the breach without any unnecessary delay, except where it is unlikely that the breach could result in a risk to the rights and freedoms of natural persons. Where the breach could result in a high risk to the rights and freedoms of natural persons, the Company shall also inform you without any unnecessary delay.
5. Applicable Laws and Regulations
5.1. In order to process the Data, the Company shall act in compliance with EU Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Data and on the free movement of such Data, and the repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”) and the Personal Data Protection Act No. 101/2000 Coll., as amended (and the regulation that may replace it in connection with the direct implementation of the Regulation in the Czech law as at 25 May 2018, (hereinafter also referred to as the “Act”), or subsequent laws, and other legally binding regulations. In the event of any discrepancy, relevant laws and regulations shall take precedence over the 55 Data Protection Rules.
5.2. For the purpose of dealing with the Data, the Company acts usually as the Data processor, and sometimes as the Data controller, as applicable.
6. Relationship between the 55 Data Protection Rules and Other Contracts
6.1. The 55 Data Protection Rules are used for the protection of Data, but they do not replace the business terms of a main contract, including lease, between you and the Company. However, if conditions of a contract between you and the Company contradict mandatory provisions of Data protection laws, the Data protection laws shall prevail.
6.2. When entering into a new contract with the Company, or prolong a contract, you shall be asked to expressly acknowledge to have read to the 55 Data Protection Rules. In the event you have any questions, you shall always be welcome to refer them to us on the Data contact email identified in the concluding section of the 55 Data Protection Rules.
7. Legal Purposes of Processing the Data
7.1. In principle, the Company only collects and processes Data as necessary to enter into a contract, satisfy the contractual obligations to you and/or another party to the contract (especially a lease, facility management or other contractual relationship), as well as to protect the legitimate interests of the Company to the extent allowed by the applicable laws. For such collection and processing of Data, your express consent is not necessary. However, the 55 Data Protection Rules do apply in such cases.
7.2. Your express consent to processing of certain Data is only required when none of the above purposes is satisfied or in other instances as set forth by the applicable law. In such event, we shall always ask for your consent prior to processing your personal Data, with these 55 Data Protection Rules applying unless set forth otherwise in your express consent. Such consent can be revoked at any time, as defined by applicable laws and in point 12.3. of the 55 Data Protection Rules.
7.3. The Company minimizes the processing of the Data to the satisfaction of its contractual obligations to you and the other individuals or entities, with whom it negotiates and to whom it provides its services.
7.4. Your technical Data, e.g. IP of your computer, mobile phone etc., may be technically registered, but is not stored or processed by our company.
7.5. In the event wi-fi is provided in any of the apartments we services, you are the sole person liable to providing the password to the wife to any individuals who may visit you, and you shall provide the identification of such individuals to the Company or public authority, including identification of the times they may have been connected to the wife network, to satisfy the legal requirements related to digital security.
8. Scope of Data Processed
8.1. As identified in Section 7.1 above, the Company processes the Data necessary for the satisfaction of the contractual obligations to the partners, including yourself, and the smooth provision of such services to the mutual benefit of its parties.
Therefore, the following Data will typically be processed:
Your name and surname;
Email address (any wording);
Data of birth;
Address in the Czech Republic;
Dates of lease, if any;
Number of your valid ID as provided to us for inspection;
Basis dates related to the negotiation of the contract (e.g. first contact, properties visited/reviewed);
Data related to payment of rent and service charges;
Foreign account number to which we shall return unused funds;
IP addresses (for the duration of max 1 day);
Type of browser;
This list of the Data is not exhaustive and it may be updated.
8.2. Other use of the Data must be based on your specific content provided under the application laws and the 55 Data Protection Rules.
9. Period of Processing the Data
9.1. To the extent that the Data is not necessary to meet contractual obligations towards you or legal obligations during or after the termination of the contractual relationship with you, the Data is deleted immediately the immediate use.
9.2. The Company collects and processes the Data only for the period necessary, typically for the duration of the main contract between the User and a third party or the User and the Company (typically a lease), the User´s ownership of an apartment, the duration of a User´s payment of service charges, as well as the satisfaction and clearance of any obligations of the parties of the main contract after the termination of such contract.
9.3. The Company will maintain and archive the Data for the duration of the obligation to archive the Data.
10. Transfer of Data Abroad
10.1. The Data will be processed in the Czech Republic.
10.2. The Data related to you may be provided to your contractual partner abroad (typically landlord or tenant), for the contractual relationship between you and him/her, but not for processing as defined by the Regulation.
11. Recipient of the Data; Providing the Data to Third Parties
11.1. The recipient of the Data shall be the Company, or the company via the intermediary as set forth hereunder (typically a landlord or a co-owner association).
11.2. The Data related to you may be provided to your contractual partner (typically landlord or tenant), for the contractual relationship between you and him/her.
11.3. The Data may be accessed by the entity for whom we are processing the Data (typically, the co-owner association).
11.4. The Data may be accessed and processed by the Platform Manager with its seat in France, with Regulation and French legislation applying the such processing, with mandatory provisions of the Czech law applying as well.
11.5. From time to time, the Data may be accessed by our technical support, who shall not use the Data in any way other than for purely technical purposes and as set forth under the order of the Company, and contract between the Company and provider of the technical support.
11.6. The Company shall enter into Data processing contracts as applicable.
12. Your Specific Rights to the Data
12.1. If stipulated by the Regulation or the Act with respect to the Data, you have the right to obtain the confirmation whether the Data has been processed, and, if it has, you have the right to access the Data unless it is excluded by the Regulation or the Act. We will provide you a copy of the Data in machine-readable format and in an appropriate interface on request.
12.2. Overview of your basic rights with respect to the Data:
If the Regulation or the Act stipulates so as permitted by law in relation to processing, you have the following rights with respect to the Data:
(a) Where you have given legal consent as required by law to have your Data processed, you have the right to withdraw the consent at any time;
(b) The right to change i.e. correct/rectify the entered Data or add to the Data;
(c) The right to request a restriction on the processing of the Data with your consent forming the legal basis for its processing;
(d) The right to object against or to lodge a complaint about its processing;
(e) The right to request the transfer of the Data;
(f) The right to access the Data;
(g) The right to be informed about a breach of Data security;
(h) The right to have the Data erased (“the right to be forgotten”);
(i) Other rights as set forth by legal regulations for controllers and processors, if any.
For the avoidance of doubt, you have the above rights with respect to the Data where your identity has been established or to other Data if stipulated by the Regulation or the Act for any such other Data.
12.3. Withdrawal of prior informed consent. If you gave your separate consent to the use of the Data, you can withdraw this consent at the e-mail provided herein or in writing by registered mail, directed to the address of our operating office. On receipt of the request, the Company will stop processing such Data.
The withdrawal of the consent shall be without prejudice to the legality of the Data processing which was carried out and used prior to the withdrawal. Withdrawal of your consent shall also be without prejudice to the processing of the Data undertaken by the Company on legal grounds other than the consent, typically the contractual obligations or for other reasons as set forth under the applicable laws.
12.4. Termination of the contract with the Company and termination of other legal relationships. In the event you terminate the contractual relationship with the Company (or end the negotiation, sell the apartment, terminate a lease administered by the Company etc.), the Data will only be processed to the minimum extent and for the period necessary for the safeguarding of the Company´s legal interests (i.e. for defending a claim, provide information to the other contractual parties under a contract managed by the Company).
12.5. Changes, correction/rectification and addition of the Data. Some Data are allocated to the device which you use to communicate with us or to connect to wi-fi, without the Company being involved or processing the Data further; such Data will typically be kept for the day and then automatically deleted.
You can change the Data and should change the Data you provide to us to, at any time, reflect the reality and provide satisfactory mean of identifying you as a contractual partner, for the satisfaction of our service to you and other contractual partners.
Information about credit or debit cards, i.e. the method of payment for the services, and / or third party payments administered by us directly or through the Platform Manager, will only be provided to us anonymized as to the card; however the payments shall be accompanied by the identification of the payee (contract) under the Data provided to you in connection with the payments. Those Data shall be used for verification and administration of the payments.
12.6. Right to restrict Data processing. The Company respects your right as set forth by the law with respect to the Data to request the restriction of the Data processing and the Company’s legal obligation to comply with any such request. Please send any such requests to the email address provided at the end of the 55 Data Protection Rules.
12.7. Objections and complaints. You have the right to object to or to file a complaint against Data processing as set out by the relevant laws and regulations. In cases stipulated by laws and regulations, you also have the right to lodge a complaint with the supervisory authority; this is the Office for Personal Data Protection in Prague, with its registered seat at Pplk. Sochora 27, PC 170 00, Prague, www-ouou.cz. .
12.8. Right to the transfer of the Data. As set out by laws and regulations with respect to the Data, you have the right to the transfer of the Data, i.e. provision of the Data to a third party. Please note that deleted Data may not be transferred. The transferability of the Data shall be provided by access to an interface where you shall be able to download the relevant Data in a standard, machine-readable format.
12.9. Right of access to the Data. On request, the Company shall provide you information about what Data is has collected on you; please send your request therefore at the email address set forth in the concluding provision of the 55 Data Protection Rules.
12.10. Deletion (the right to be forgotten). In the event you have consented with processing the Data in an express consent, or in other cases stipulated by the law, you can ask for your Data to be deleted and forgotten by the Company upon sending a request directly to the email in the concluding provision of the 55 Data Protection Rules. This applies primarily to the Data which is no longer necessary in relation to the purposes for which it was collected or otherwise processed. In case of Data processed based on an explicit consent, there are no other legal grounds for further processing when you withdraw your consent, there are no other legal grounds for further processing when you object to the Data processing or when the Data has been processed illegally or the deletion is requested in compliance with a law or regulation. Unless a law or regulation stipulates otherwise, the deletion will be made to the extent that your further identification is not necessary and the rights of third parties are not violated.
13. Your Data shall not be used for the purposes of the Company marketing communications without your explicit consent. Disclosure of the Data to third parties. The Data is not collected to be transferred to third parties to be able to send informational or other communications.
14. In addition, external technicians may have access to the Data as processors who provide certain technical services, server repairs, and ensure security of the Data storage and other information, as well as any public authorities with a legal right to access such Data, or a lawyer in the event of a dispute.
15. Limited Rights to Anonymous Data Requiring Further Identification
15.1. If certain information (Data) is collected and does not enable us to identify the User, without further inquiry as to his or her identity, the Company shall not request more information to verify your identification related to such Data. Therefore, unless the Act or the Regulation stipulate otherwise, the provisions of the Regulation regarding the right of access to Data, right of rectification and deletion of Data, right of restriction of processing, as well as reporting requirements with respect to rectification or deletion of Data or restriction of processing, and right of portability of Data shall not apply to such Data.
16. Changes to the 55 Data Protection Rules
16.1. The Company may change these 55 Data Protection Rules from time to time. Upon making these changes, the Company shall publish a new wording of the 55 Data Protection Rules at http://www.student-room-flat.com .
17. Language of 55 Data Protection Rules
17.1. The 55 Data Protection Rules are in English language, with Czech language version to be made available to Czech language speakers.
18. Communication with the Company
18.1 Unless stipulated otherwise elsewhere in the 55 Data Protection Rules, the User’s communication with the Company shall be effected by email, at firstname.lastname@example.org
Date of Last Update: 28 November 2018