ASPEKT s.r.o., identification number (IČ): 63218810, with registered office at Dobrovského 2366, 580 01 Havlíčkův Brod, registered in the Commercial Register maintained by the County Court in Hradec Králové, Section C, File No. 7760, is a leading real estate agency providing full service in the sale, acquisition and lease of niche residential and commercial properties in attractive locations. We have been offering our services to clients for 25 years. We represent only the highest quality properties and offer merticulous, prompt and professional service, and therefore we pay attention to the quality of concluded contracts.
The objective of this DATA PROCESSING POLICY issued by ASPEKT s.r.o., is to provide Clients with information as to what personal data ASPEKT s.r.o., as a Controller, processes in regard to its Clients – natural persons in the provision of services consisting in brokering the sale or acquisition of real estate properties, lease of real estate properties, real estate management, and other services, and in regard to visits to websites operated by ASPEKT s.r.o., and in regard to contacts with potential Clients, for what purposes and for what duration of time ASPEKT s.r.o. processes such personal data in accordance with the valid legal regulations, to whom and on what grounds it may disclose or tranfer such data, as well as information on what rights natural persons have in connection with the processing of their personal data.
This Policy pertains to the processing of the personal data of the Clients of ASPEKT s.r.o. and also, in a corresponding manner, of their representatives or contact persons, potential Clients or persons interested in the services of ASPEKT s.r.o., and visitors to websites operated by ASPEKT s.r.o., this being, in each case, within the scope of personal data corresponding to their relationship with ASPEKT s.r.o.
Personal Data (hereinafter „Data“) = any information relating to an identified or identifiable natural person; an identifiable natural person i sone who can be identified, directly or indirectly, in particular by reference to an identifiee, or to one or more factors specific to such person’s physical, physiological, genetic, mental, economic, cultural or social identity. This means that personal data also include data such as e-mail, address, telephone number, user name, profile photos, personal preferences, user-generated content, information pertaining to physical characteristics. They may also include unique numerical identification data such as the IP address of the user’s computer ort he MAC address of a device and cookie files.
Data Subject = a natural person to whom personal data pertain. Natural persons are also considered to include persons doing business on the basis of a trade licensing or other authorization.
Controller = the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller ort he specific criteria for its nomination may be provided for by Union or Member State law.
Processor/Recipient = a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Processing of Personal Data = any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data Breach = a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Consent of the Data Subject = any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Office = the Office for Personal Data Protection, with registered office at Pplk. Sochora 29, Praha 7, PSČ 170 00, www.uoou.cz
GDPR = Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Client = a natural person or legal person who has been reached out to by, or who has reach out to, ASPEKT s.r.o. for the purpose of the sending of an offer of services, requesting services, entering into an agreement, or who has already entered into such an agreement.
Data Privacy Officer („DPO“) = a data protection officer – the person responsible within ASPEKT s.r.o. for the processing of personal data
with registered office at Dobrovského 2366, 580 01 Havlíčkův Brod
identification number (IČ): 63218810
(hereinafter „ASPEKT s.r.o.“ or the „Controller“)
as the Controller, is aware of the legal obligations pertaining to the processing of the Data of its Clients and the liability imposed upon it in this regard by the legal regulations of the Czech Republic and of the EU. This regulation provides the basic Framework for the manner and conditions of handling Clients‘ Data, of how to proceed in processing Data, and who to turn to in the performance of obligations arising under the Personal Data Protection Act (Act No. 101/2000 Coll.), the Information Society Services Act (Act No. 480/2004 Coll.), the GDPR, and this Data Processing Policy.
Data Privacy Officer
Dobrovského 2366, 580 01 Havlíčkův Brod
identification number (IČ): 63218810
The basic legal Framework for the processing of personal data consists of the GDPR, the Personal Data Protection Act, the Information Society Services Act, and other related legal regulations.
The fundamental principle of Data processing is for it to be processed lawfully, fairly and in a transparent manner in relation to the data subject. Data are collecter for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is possible.
Data must be adequate, relevant and limited to what is necessary in relation to the purposes for ehich they are processed; accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organizational measures, in order to safeguard the rights and freedoms of the data subject. Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
As a Controller, we take appropriate measures in order to provide data subjects with all information pertaining to the acquisition, processing, erasure and security of personal data in a concise, transparent, comprehensible and easily accessible manner, using clear and simple language. We must fulfill these obligations, as the Controller, and we do so, among other things, through this Data Processing Policy.
ASPEKT s.r.o. can collect or acquire Date through our websites, forms, electronic or telephone contact, personal meeting or otherwise. At times, Data will be provided to ASPEKT s.r.o. by the Client directly, such as when contacting us by telephone, by e-mail or in person, at times we collect them as a Controller, such as through the use of cookie files, in order to ascertain how you use our websites, or we obtain them from other persons, e.g. from associated parties – real estate agents.
Automated decision-making, including profiling – may be used by the Controller in sending or displaying personalized messages or content. This is a specific method, which is any formo f automated processing of Data consisting of the use thereof personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behavior, location, health, reliability, or movements. That means that the Controller can collect Data in various situations. The Controller can centralize and analyze such data in order to be able to assess and estimate the Client’s personal preferences and interests. On the basis of such an analysis, the Controller then sends or displays messages or content adapted to the interests and needs of the Client. If certain conditions are fulfilled, the Client has the right to object to the use of the Data for the purposes of profiling.
The Controller can share the Client’s Data in order to fulfill its legal obligations, to improve its services, o rif it receives the Client’s consent to such sharing.
Data can be processed in the Controller’s name only by trustworthy external processors/recipients. the Controller only provides such information to these external processors/recipients that they need in order to provide the service, and requires that they not use the Data for any other purpose. The Controller make severy effort to ensure that all of the thirs parties that it works with will store the Data in a duly secure manner. Services that require the processing of Data are provided to the Controller by, for example, contracted real estate agents, external IT service suppliers, such as providers of platforms with hosting services, administration and support of our databases, as well as of our software and applications that may contain Data (these services may sometimes include access to Data with the goal of performing the reqiured tasks), as well as owners of real estate properties, developers, persons conducting monitoring of social media, identity administration, evaluations and reviews, customer relationship management, web analysis and search engines, tools for the processing of content generated by the user, advertising, marketing and digital agencies for social media that supply advertising, marketing services and campaigns, analzyze their efectiveness and administer contacts with the Client.
The Controller is obligated to disclose Data to third parties i fit has such an obligation for the purpose of fulfilling a statutory obligation, or for the protection of the rights, property, interests or safety of the Controller, its Clients, employees, external agents.
The Controller can also disclose Data i fit has the Client’s consent to do so o rif the law allows it to do so. The Controller does not offer or sell Data. Collected Data will not be shared with any third party, with the exception of the above.
The Data that we collect in regard to the Client are stored and processed only within the territory of the EU, or within the territory of states that have undertaken to comply with EU standards for the processing and security of personal data (USA). Outside of the EU, personal data are processed or stored only with processors/recipients who are certified according to the EU – U.S.Privacy Shiel – these being Google LLC and Dropbox, Inc.
The Client’s Data are stored for as long as this is necessary in order to fulfill the purpose for which the Controller received the same, in order to comply with the Client’s needs, or in order to full its legal obligations.
In order to determine the duration of Data storage, the following criteria shall apply:
The Controller may store some Data in order to fulfill its legal obligations, and to be able to duly protect its legitimate interests, or for statistical purposes or historical research purposes.
If the purpose of the storage of Data has been fulfilled and the duration of their storage has elapsed, the Data are erased from the Controller’s systems and records or anonymized, so that the identification of the Client is no longer possible.
The Controller makes every effort to duly protext the Data, from the moment of their acquisition until the moment of their erasure, pseudonymization or anonymization. The Controller stores and processes Data in a secured manner in accordance with the level of standards within the given sector and has taken all reasonable security measures, though the use of conscientiously adjusted internal processes and security policies, so that no misuse of Data or unauthorized acess to Data can occur. The Controller has contractually ensured that every authorized and trustworthy processor handles Data in this same manner.
As follows from the technical nature of the functioning of data transimission on the Internet, the Controller cannot ensure the security of the Client’s Data being transmitted to the Controller’s websites. Therefore, the securing of any information transmitted in such manner is beyond the Controller’s technical capabilities.
This Data Processing Policy is effective from 1 July 2021 and has been issued in accordance with the GDPR.