Personal data handling

1. General statement

1.1. Members of the ComGate group comply with their duties regarding processing of personal data provided to ComGate in order to comply with statutory and contractual obligations.

1.2. Personal data protection derives especially from the EU Regulation no. 2016/679/EU GDPR (General Data Protection Regulation).

1.3. Member companies of ComGate group act as personal data controllers, as long as they determine the purpose and means of personal data processing as per Article 4 paragraph 7 GDPR.

1.4. Member companies of ComGate group act as personal data processors if, in compliance with Article 4 paragraph 8 GDPR, they process personal data for a controller.

2. Personal data processing principles

2.1. When processing personal data, we comply with the highest standards of personal data protection, applying especially the following principles:

a) we always process personal data for a clearly and unambiguously defined purpose by defined means, in a defined manner and only for a period necessary to achieve the purpose of processing; therefore, we only process exact personal data in line with the defined purposes and only for a period necessary to fulfill such purposes;

b) personal data are always protected by state of the art measures; we always secure the highest achievable safety of the personal data preventing any unauthorized or random access to the personal data, their modification, destruction or loss, unauthorized transfers or other unauthorized processing or other misuse;

c) data subjects are informed of the processing of their personal data, as well as their right to receive full information about the circumstances of such processing and other related rights;

d) ComGate group has adopted appropriate technical and organizational measures to maintain level of security corresponding to all possible risks; all persons accessing client personal data are bound by the duty of confidentiality in respect of all information obtained in relation to the data processing.

3. Data processing information

3.1. General information regarding ComGate group entities:

a) ComGate, a.s., a company with Id. No.: 265 08 842, registered seat at Prague 7 – Holešovice, Jankovcova 1596/14a, registered in the commercial register maintained by the Municipal Court in Prague, section B, file 7523;

b) ComGate Payments, a.s., a company with Id. No.: 279 24 505, registered seat at Prague 7 – Holešovice, Jankovcova 1596/14a, registered in the commercial register maintained by the Municipal Court in Prague, section B, file 17614;

c) ComGate, s.r.o., a company with Id. No.: 44 465 009, registered seat in the Slovak Republic, Ivanka při Dunaji, Nádražná 1958, registered in the commercial register maintained by the District Court in Bratislava I., section Sro, file 55471/B;

d) ComGate Payments, s.r.o., a company with Id. No.: 36 797 472, registered seat in the Slovak Republic, Bratislava, Svetlá 1; registered in the commercial register maintained by the District Court in Bratislava I., section Sro, file 46691/B;

3.2. Data protection officer

ComGate group appointed, under Article 37 paragraph 2 GDPR, a common data protection officer for the entire group:

Name: Nikolaj Štáhlavský
Email: dpo@comgate.cz
Phone: + 420 228 224 267

3.3. ComGate group processes personal data for the following purposes:

a) compliance with statutory duties of personal data controller;

b) compliance with contractual duties for personal data provided by data subject;

c) compliance with contractual duties for personal data provided to ComGate group by personal data controllers;

d) defending rights and rightful interests of ComGate;

3.4. Scope of personal data processing:
ComGate group processes personal data within the scope necessary to achieve the above-specified purposes. Especially following personal data are processed:

a) name and surname;
b) address;
c) email address;
d) telephone number;
e) birth identification number;
f) recordings of voice telephone calls;
g) client ID documents information;

3.5. Method of personal data processing:
Processing of personal data by ComGate group includes both manual and automated processing in information systems of ComGate group.

Personal data are processed especially by employees of ComGate group and – if necessary – also by third parties. Before any personal data is transferred to any third party, such third party signs an agreement with data processing guarantees equal to the statutory duties of ComGate group.

3.6. Personal data recipients

Personal data are made accessible especially to ComGate group employees in relation to performance of their work duties requiring the use of personal data. Always, however, only within the necessary scope and while adhering to all security measures. Personal data may be disclosed only to third parties participating in the personal data processing or to third parties, to whom personal data may be disclosed based upon other legal grounds.

According to applicable law, ComGate group is entitled or obliged to transfer your personal data to:

a) competent state agencies, courts and law enforcement authorities in order to perform their duties and enforce decisions;

b) payment service providers, if necessary to prevent fraud in the field of payments, as well as to investigate and disclose fraud;

c) other parties within the scope prescribed by applicable law, for example to third parties charged with debt collection;

d) entities within groups connected to ComGate group within service outsourcing;

3.7. Transfer of personal data abroad

Personal data are processed in the territory of the Czech Republic and other states of the European Union, where entities from the ComGate group have their registered seats. Such countries share personal data protection standards equal to those applicable in the Czech Republic.

Entities participating in the personal data processing do not transfer client personal data outside the European Union.

3.8. Personal data processing period

Personal data are processed by ComGate group only for a period necessary in relation to the purpose of processing.

Period of personal data keeping is prescribed by the individual laws and regulations, based upon which ComGate group processes the data. If personal data are processed in order to comply with a contractual duty, it is necessary to keep the personal data for a period of 5 years from the expiration of the relevant agreement to protect the rights and rightful interests of ComGate group.

3.9. Data subject rights

Data subjects have, in compliance with the applicable GDPR articles, especially the following rights:

a) right to be informed about the data controller, processor and data protection officer;
b) right to be informed about the purpose of personal data processing;
c) right to access the personal data and know, whether personal data are processed or not;
d) right to complain;
e) right to have the personal data corrected;
f) right to have the personal data deleted (right to be forgotten);
g) right to withdraw personal data processing consent;
h) right to limit the processing;
i) right of personal data portability;
j) right to raise objections;
k) all other rights deriving from the Regulation;

4. Final statement

ComGate group acknowledges its responsibility for the protection of personal data it processes. In case of any questions or suggestions, data subjects should contact the data protection officer or management of the Company.