Common use of Information and Personal Data Processing Notice Clause in Contracts

Information and Personal Data Processing Notice. XIII.3.1. The Purpose of Processing Personal Data The Provider shall process the Recipient’s personal data for the following purposes: a) Execution of the contractual relationship This processing is essential for conclusion of a contract and performance of the contractual relationship with the Provider. For this purpose, the Recipient’s identification details, contact details and information relating to the subject-matter of the Agreement (e.g. identification of the service, the Subject, payment details etc.) will be processed to the necessary extent. A contractual relationship may also be established remotely using electronic signatures. In such cases, the Recipient’s identification data, contact data and information related to signature of the document are contained in the application for signature of documents provided by a third subject, in an SMS, email, on the signed electronic document and in the audit trace capturing information about the course of signature. b) Protection of the rights and legally protected interests of the Provider (legitimate interest) This processing is essential for the protection of the Provider’s rights, particularly within the terms of recovery of debts, settlement of all disputable administration, development of the provided services, in-house statistical research, analyses or assessments, in-house reporting or for in-house administrative purposes within the terms of the Raiffeisen Group. For this purpose, the Provider may also process the data ensuring the secure use of the offered services, and data for the purpose of risk management, fraud prevention and assessment etc. On the basis of its legitimate interest, the Provider also processes information about creditworthiness, i.e. the ability to pay off debts, payment discipline and the credibility of natural persons who are not consumers, using registries. For this purpose, the Provider also stores recordings of incoming and outgoing calls realised through the client centre. The Provider is also allowed, to a limited extent and on the basis of its legitimate interests, to process the Recipient’s personal data for the purpose of direct marketing (i.e. offering other similar products and services to its clients). In cases when the Recipient’s personal data is processed for the purpose of protection of the Provider’s legitimate interests, the Recipient is entitled to raise an objection against such processing. If the Recipient does so, the Provider will cease to process its personal data, unless it proves to the Recipient serious legitimate reasons for processing this data, which prevail over the interests or rights and freedoms of the Recipient, or for determining, performing or defending legal claims. c) Meeting of legal obligations The Provider shall collect and evaluate certain information and retain it for a determined period, as this is an obligation under applicable laws and regulations. For example, this concerns the processing of personal data for the purpose of preventing abuse of the financial system to legalise the proceeds of crime and the financing of terrorism and creation of conditions for revealing such actions according to Act No. 253/2008 Coll., on some measures against money laundering, during which time this concerns information about the sources and origin of income, capital relatedness, citizenship, place of residence and political exposure for example. Act No. 257/2016 Coll., on consumer loans introduces the obligation to process information about the solvency, payment discipline, and credibility of clients, as this information is necessary to assess the creditworthiness of the client. It may also include laws and regulations governing accounting, taxes and inspection activities. d) Processing subject to consent The Provider needs the Recipient’s consent for the processing of the personal data of the Recipient beyond the above framework. On the basis of the Recipient’s consent, the Provider and selected partner companies process the Recipient’s personal data for marketing purposes, mainly consisting of the offer of business and services provided by the Provider and selected partner companies, activities related to preparation of an offer, within the terms of which automated processing and profiling may take place with the goal of adapting the offer to the Recipient’s needs (the aforementioned may chiefly include assessment of data related to creation of an offer, the processing of information from the Recipient’s requirements and opinions and from monitoring of the Recipient’s behaviour within the terms of the used communication channels and services), development and improvement of the quality of the provided products and services and improvement of the customer experience. Such processing is subject to the Recipient’s consent, which is voluntary, and, if granted, may be withdrawn by the Recipient at any time. Withdrawal of consent means that the Provider will not be able to process the Recipient’s personal data for the purpose stated in the consent. Withdrawal has no effect on the contractual relationship between the Provider and the Recipient. The Provider may continue processing the Recipient’s personal data if it has a legal grounds for such processing. Withdrawal of consent does not affect the legality of processing based on consent granted before it was withdrawn.