Information on the Processing of Personal Data

Dear Sir or Madam, 

The purpose of this document is to provide you, clients of ALD Automotive s.r.o., with information on the processing of your personal data and on your associated rights. We want you to know what personal data we collect, what we do with it and for what purposes we use it. The data we may acquire comes not only from you, our clients, but also from other sources. This document also explains to whom we may provide such data.

We process your personal data in a transparent, correct and lawful manner, always to the extent necessary for the given purpose. We securely store your personal data for the necessary length of time according to the deadlines stipulated by the laws and regulations. 

ALD applies strict rules specifying which employee or department can have access to your personal data and what personal data they may process. We never transfer your personal data outside the ALD group or KB Group, with the exception of cases where we have your consent, where we are obliged or authorised to do so by the law or our legitimate interest (such as in the case of suppliers or when requested by law enforcement authorities, etc.).

We process your personal data, for instance, in order to conclude a contract with you, provide you with our services and comply with our contractual obligations, or to communicate with you. In addition to this, we must also comply with the legal and regulatory requirements, particularly those stipulated by the Act on the Prevention of Money Laundering and Combating the Financing of Terrorism. We also take a cautious approach to risk management, thus protecting our legitimate interest. In other cases, particularly where data are processed for marketing purposes, we work with such data solely with your consent.  

This Information on the Processing of Personal Data is effective from 25 May 2018 and is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“Regulation” or “GDPR”)

We recommend that you read this information carefully. If anything is unclear, we will be happy to explain any of the terms or passages in this text. If you have any queries, please call 955 525 000, or email: osobniudaje@aldautomotive.com.

The protection of privacy and personal data is supervised by:
Office for Personal Data Protectionbased at Pplk. Sochora 27, 170 00 Prague 7, web: www.uoou.cz, tel.: 234 665 111

1. Who is the controller of your personal data?

The controller of your personal data is ALD Automotive s.r.o. (“ALD”).

Contact details of controller:
ALD Automotive s.r.o., ID No.: 61063916 with its registered office at U Stavoservisu 527/1, Malešice, 108 00 Prague 10, registered in the Commercial Register maintained by the Municipal Court in Prague, File Ref. C 43360, https://www.aldautomotive.cz, email.: osobniudaje@aldautomotive.com

Contact details of Data Protection Officer (DPO):
You may contact the DPO by email at osobni_udaje@kb.cz, by telephone from the Czech Republic at 800 521 521, from abroad at +420 955 559 550 or in writing at: 

Data Protection Officer / KB DPO
Na Příkopě 969/33
11407 Prague 1
Czech Republic

The controller collects and handles your data and is liable for ensuring that it is processed in a due and lawful manner. We use the data you have provided to us or we have obtained from you for one or more purposes. You may exercise your rights with the controller in the manner specified below. If you grant the Marketing Group consent, the data is shared throughout the KB Group (for more, see the section entitled “What consent do we have in ALD?”). 

The most common situations in which we obtain data about you are:

You arrange a product or service with us

If you arrange or show interest in a product or service with us, you provide us with Basic Data and the data needed to conclude a contract or arrange a service with us. 

You use our products or services

“Use of a product” includes, for example, using a vehicle on the basis of a leasing contract between you and ALD, using additional services relating to the use of a vehicle, and also using other services agreed with ALD. ALD administers the data you have provided to us and which is necessary to enable us to provide a product or service.

Communicate and deal with us

During your communication with us, whether you communicate electronically, in writing, by telephone or in person, we collect and manage the data from that communication here in ALD. This includes managing security camera recordings and cookie data. 

To whom do you provide your personal data?

We process your personal data solely within ALD. We transfer selected data outside ALD only with your permission (this permission may be granted through Marketing Consent), if required by the law or in the cases where data is shared for the purposes of the negotiation and performance of a contract. If necessary for any of the purposes specified above, particularly if an external entity in a given area possesses the necessary professionalism and expertise, your data is processed by partner distributors and suppliers. Some of our services are provided in collaboration with companies outside ALD. We are obliged to pass your data on to various state and international authorities, although always under the conditions stipulated by law.

 

2. What personal data do we process in ALD?

The term personal data means any information relating to an individual which can be used to identify that individual. We are open to you in ALD, and so it is important to us that you know how we process your personal data and the purposes for which we use it. The data we process includes: first name and surname, birth registration number (also trade name in the case of entrepreneurs, ID No. and registered address), date of birth, contact details, information on creditworthiness and credibility, socio-demographic data, information on the use of products and services, information from requests for products and services, and other interactions between you and us, geolocation data, information from the Internet browser and mobile applications you use, and data that we process in order to comply with our legal obligations or for the purpose of our legitimate interests. This is data that we acquire directly from you, from public sources (including information from the Internet that you publish about yourself), from surveys and user testing or from collaborating third parties. 

In the following sections we will explain what personal data is involved, including examples:

Data identifying a person

Identifying data is included in every contract that you conclude with us. These particularly include your academic title, first name, surname, birth registration number and date or place of birth (if you run your own business, such data may also include the ID No. and address of your business), numbers of identification documents and copies thereof that you provide, the identification data of the representative or contact person you specify, the identification data of bill payers and bank account and signature. This data is important to us, so that we can be sure that we are contacting the right person. 

Address and contact details

Your postal address, telephone number or email address are particularly essential to enable us to communicate with you

Descriptive data

Socio-demographic data

Descriptive data includes, for example, socio-demographic data. This is classic statistical data, such as your age, address, marital status (single, divorced, etc.), education, income, etc. You provide us with this data when arranging products or we derive this information from other data we possess about you. 

Financial circumstances

In order to give us an idea of your financial situation, we collect information that tells us about your financial circumstances. You tell us about your income and debts, such as other loans or leasing.

Tax residence and statutory requirements

As a leasing company, when providing certain services ALD is obliged to pass on certain information by law. One example is the law that orders us to collect investigated and verified data in connection with risk assessments from the perspective of preventing money laundering and the financing of terrorism.

Entrepreneurial characteristics of non-financial clients

To enable us to responsibly assist you in your entrepreneurial activities, we are interested in the environment and sector in which you do business. 

Data from public registries

Sometimes our own data is not sufficient. We therefor also use information from external sources. These are particularly publicly-available registers, such as the Commercial Register, trade register, debtors' register, professional registers and the register of invalid documents.

Data processed to service clients and from surveys

We consider marketing-related activities to be a suitable means of keeping you informed of new products or services and the benefits we prepare for you. The personal data we can process, such as Basic Data, are therefore used to take care of you as effectively as possible.

We are of course interested in your opinions and needs. For instance, when we are preparing a new product or service, we want to know your opinion of our existing products, services or advertisements. We therefore ask you, our clients, for your opinion in various surveys. These surveys provide us with average results for the entire group of respondents, not for particular individuals, but we also draw inspiration from specific comments. When developing new services, the situation is slightly different – besides asking respondents how they like the new proposed applications, we also conduct user tests with those applications. These tests enable us to determine not only whether our clients like an application, but also how user-friendly it is. 

Information from the Internet and network 

Information on the use of our electronic applications also includes geolocation data. This is data that precisely identifies the address point from where you access the application. We use the logs from the internet application to determine your position when you log in. We also use geolocation data when you visit our website, to able us to suggest a contact for a contractual partner near you based on your current position. All this information is only collected with your consent (see the section entitled “What consent do we have in ALD?”)

Telematics

If you order a service from us, information from the use of our vehicles may also include geolocation data determining the position of your vehicle when it is used. The terms for the management and processing of geolocation data are arranged in the agreement between you and ALD when you order this service.

Sensitive data

Sensitive data is special categories that include data on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, state of health, sexual orientation and criminal offences or lawful convictions. Sensitive data may also include genetic and biometric data. In the vast majority of cases, however, ALD does not collect or process this type of personal data at all. 

Data from communication and interaction with the client

Client consent

In ALD we process personal data on the basis of various types of consent. You grant us special consent for communication with you and for the processing of your personal data, such as for marketing purposes. For more information, see the section entitled “What consent do we have in ALD?”.

Claims and complaints

If you are not satisfied with something in connection with us, you can file a claim or complaint. We process information associated with the investigation of a complaint or claim so as to provide you with the most relevant response.

Electronic communication used for authentication and authorisation 

We also work with data on means of electronic communication, particularly for the purposes of authentication, i.e. to verify your identity, and authorisation. Examples of data that come into this category include a digital signature, certificate or the username with which you usually log into an application, or the serial number of your device (MAC address).

Debt recovery

If we somehow get into a situation where you are unable to fulfil your liabilities to us, we process information relating to the recovery of the debt. We determine your current address, contact details and any additional information from internal and external sources. We communicate with you by telephone, in writing, via electronic channels or other means of communication. We record and file all communication between you and ALD for the purposes of potential judicial disputes.

Camera recordings

We want you to feel safe with us, and so we monitor our branches as well as other ALD premises. We store recordings from these cameras for the necessary length of time.

Data associated with links to other entities

For the purposes of contractual negotiations, our legitimate interests or legal grounds, we make and store records on relationships, the family (such as for a guaranty relationship), as well as records of supplier and customer relationships. 

You know us, and so we are also interested in who you are – our client. This is why we try to find information about the links between you and other individuals. You might also be the representatives or statutory bodies of legal entities. We can note these links when providing services.

Data associated with links between subjects and products/services

Draft of vehicle leasing terms 

If you want us to provide leasing for a vehicle, we identify you as the applicant, as well as any co-applicants. We draw up a draft of the leasing terms, where we specify all the necessary parameters (type of vehicle, scope of services, amount of instalment repayments, etc.).

Client credit risk assessment 

A client credit risk assessment is an overall assessment of the financial and non-financial factors that affect your ability as the client to pay your liabilities. 

Information on creditworthiness and credibility 

If you request leasing or funding for a vehicle from us, in certain cases the law and our internal regulations oblige us to check your creditworthiness and credibility in the relevant registries. This information, together with the information stored in our systems (e.g. your transaction data), serves as the basis for calculating your creditworthiness, or your ability to pay your liabilities. 

Data processed on the basis of legal obligations and legitimate interests

Data about you that we process for the purpose of complying with our legal obligations 

Examples of the data we process due to legal obligations include resources and the origin of income, capital adequacy, nationality, place of residence, political affiliation, etc. 

Data about you that we process for the purpose of our legitimate interests 

Data about you that we process for the purpose of our legitimate interests are typically used to ensure the safe use of our products and services, to manage our risks, to assess credibility and solvency, to avoid and evaluate potential fraud, etc. 

 
3. From what sources is personal data obtained?

The data processed in ALD comes from various sources. It is most often provided by you, the client. In many cases we create data for further processing ourselves (ratios, analyses, reports, etc.). We also use other information that we obtain about the client during the course of our activities from public sources published in accordance with the law (e.g. public lists and registers, or other public information sources) or from collaborating third-parties.

We can also provide your personal data to third parties, or recipients, if the disclosure or provision of such data is agreed in a contract between ALD and you as the client, or you as the client have provided ALD with your consent to allow the disclosure or provision of such data.

In addition to the above, any other personal data may also be processed if you provided such data to us yourself, voluntarily. We reserve the right to destroy unsolicited personal data. We will inform the data subject if this is done.

 

4. What legal grounds do we have for the processing of your personal data?

We may process your personal data solely within the given scope, provided that at least one of the following conditions is met:

  • the processing is essential for contractual performance
  • the processing is essential for the fulfilment of ALD’s legal obligations
  • Personal data about you that we process for the purpose of complying with our legal obligations. This comprises data that we must primarily collect, assess and store for a designated length of time in order to comply with our legislative obligations. This includes our archiving obligation according to various laws regulating our area of business, the acquisition and assessment in order to meet our obligations relating to the prevention of money laundering and a number of other laws.
  • the processing is essential for the purposes of the legitimate interests we monitor as ALD, with the exception of cases where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject requiring that personal data be protected
  • you have granted us your consent to the processing of your personal data for one or more specific purposes (see section entitled “What consents do we have in ALD?”)

 

5. For what purposes do we process your personal data?

We process your data as necessary for the given purpose, e.g. to enable us to provide a particular service. This includes cases where we negotiate a new contract or fulfil an existing contract. This is particularly data that identify you as a person. 

A number of laws oblige us to process data. These include the Act on the Prevention of Money Laundering, which obliges us to request your identification data. We have to process a lot of data for archiving purposes. We process certain data because it is necessary to protect the rights and legally protected interests of ALD and of third parties. However, processing for this reason is limited; we carefully assess whether such legitimate interests exist.

In other cases we process your data solely with your consent.

In the following paragraphs we present some examples of the purposes for which data is processed in ALD in sample situations:

Provision of a product or service

Identification of the client

To enable us to conclude a contract and provide you with our services we need to know your Basic Data. When providing selected types of services, the Act on the Prevention of Money Laundering stipulates that we need to identify you. Identification is necessary if you want to exercise your rights in matters relating to the protection of personal data. For you to be able to use your products via applications and to communicate with us electronically, we administer your login details – particularly the username and password used to securely identify you.

Preparation of a contract at your request

We only collect and process the data needed to draft your contract. to enable us to conclude a contract with you, we need to know your name and contact details. Further data depends on the nature of the service to which the contract relates. For vehicle leasing, for example, we need to obtain data on your creditworthiness. Data provided before the contract is signed is solely used to draft the contract at your request. After the contract has been signed, we process data for the purposes of that contract; if the contract has not been signed, we process such data only in the event of an overlap by another purpose.

Use of products and services

We process your data when you select our products and use our services. This primarily comprises your Basic Data, data on products and services and geolocation data. We register, administer and store the most recent data. If you use our services via a mobile device, Internet application, or a telematics device (if requested), we collect data on your location. The electronic portals you access to use our products display basic information about you and your products and we administer this information to make it easier for you to use our products.

Maintaining communication with the client and improving client care

Customer relations management

We respect your needs and preferences. For this purpose, we strive to have a comprehensive overview of the services you use and your wishes. We resolve various matters relating to a particular product, particularly the establishment of that product, its settings, changes to the product, provision of information about the product and more. We also deal with your requirements, wishes and complaints at our branches, on our customer lines, website, mobile applications and in other ways. Besides our products and services, these requirements may also concern the exercising of our rights relating to the protection of personal data. We determine whether you are satisfied with ALD and whether you want to continue to support us. If you come to one of our branches, we want to identify you and offer you a suitable service. For these reasons we particularly process the relevant data on products and services, profile data and data you provide during your communication and interaction with us.

Sending service messages

When providing our services we send you messages that help you to use our product. We process your contact details for this purpose.

Convenience when using electronic channels

For this purpose we process information on the devices you use to access our services electronically, your settings preferences for services and the data you fill in on our website, as we want to make our website and applications user-friendly for you. We store data on your devices in the form of cookies. Cookies enable us to remember your choice of language; we also store the data you fill in on forms on our website in case you want to return to them later. You are informed separately on the use of cookies.

Risk management and protection of the assets of the client, ALD and third parties

Information for credit risk assessment

We make risk management decisions relating to vehicle leasing and products on the basis of a risk assessment, e.g. whether you will be able to pay the requisite instalments or the likelihood of any potential insurance claim. Under the law, we have to act with caution to enable us to provide you with our services, and so we also assess the risk involved in providing you with a service using your data; we also use credit registers and internal databases that include negative information. Our obligation to act with caution is also reflected in a number of other purposes in this category. 

Risk assessment to prevent money laundering

We analyse your identification data, data on the transactions you carry out, and other essential data stipulated by the Act on the Prevention of Money Laundering in order to prevent money laundering; some of this data is taken from our internal databases.

Resolution of disputes and litigation

If we are forced to recover our receivables through the courts, or if we are parties to judicial proceedings to which you are also a party, we use your Basic Data, data on products and services, data from communications and interaction between us and any other data as necessary to protect our rights. 

Improving client care

Customer relations management

We respect your needs and preferences. For this purpose, we strive to have a comprehensive overview of the services you use and your wishes. We resolve various matters relating to a particular product, particularly the establishment of that product, its settings, changes to the product, provision of information about the product and more. We also deal with your requirements, wishes and complaints at our branches, on our customer lines, website, mobile applications and in other ways. Besides our products and services, these requirements may also concern the exercising of our rights relating to the protection of personal data. We determine whether you are satisfied with ALD and whether you want to continue to support us. If you come to one of our branches, we want to identify you and offer you a suitable service. For these reasons we particularly process the relevant data on products and services, profile data and data you provide during your communication and interaction with us.

Ensuring the necessary internal operation of ALD, including communication in the KB Group

Sharing information in the KB Group

On the basis of legal grounds other than your consent, we transfer certain information within the KB Group, particularly for the purpose of risk management, or to gain information on the client’s tax residency.

Testing changes to software

In certain cases new software cannot be introduced without first effectively testing it on our clients’ data. Therefore, when necessary due to a lack of testing data, we use the data on you that is stored in the relevant software to test software, changes to software and to train our employees. However, for these purposes we generally use completely anonymised data, i.e. without our clients’ personal data.

Internal administration, reporting, information management, process optimisation, training

Our employees process your personal data to comply with their internal obligations within the framework of ALD. For instance, we implement a comprehensive approval and reporting system for individual business cases. Your Basic Data, profile data and data on products and services are used for the purposes of planning, assessment or to improve efficiency, such as to assess when clients usually use particular services. For these purposes data is aggregated (encapsulating a large sum of individual data) and the result is a general profile, an aggregate number that is no longer directly linked to a particular person. we process various reports in accordance with the law. We also report certain data to the KB Group, particularly Basic Data.

Statistical purposes

Your data is also used for statistical purposes. In this case, however, aggregated or fully anonymised data is primarily used. 

Marketing purposes

As part of our marketing, we send out commercial messages relating to our products and services in various forms, including paper correspondence, by telephone, SMS, email and internet, including client portals and mobile applications. Processing for marketing purposes enables us to get to know your preferences and to offer products for you. For this purpose we group and assess Basic Data, data on products and services and profile data. Based on the results of our analyses we are able to find the most suitable products for you. These activities help to ensure that we do not bother you with irrelevant offers. However, processing for the purposes of direct marketing is considered the same as processing on the basis of our legitimate interest (e.g. sending emails and SMS to clients).

ALD flags ALD or third-party commercial messages to make it clear that the message is a commercial message as defined by the applicable laws. Commercial messages sent by ALD always make it clear that they have been sent by ALD. We can send commercial messages either to your contact addresses on the basis of our legitimate interest, and only until you revoke your consent, or on the basis of your explicit consent to the processing of personal data for marketing and business purposes. Commercial messages sent by ALD also include a link to unsubscribe from such messages.

Compliance with legal obligations

Checks, prevention of money laundering and the financing of terrorism, embargos

We check your data to prevent any unlawful practices such as money laundering. We use your data profile from the risk assessment process to prevent money laundering.

Accountancy and taxes

We collect and process your identification and transaction data for the purpose of fulfilling our accounting and tax obligations to the regulatory and state authorities as stipulated by the Accountancy Act, the VAT Act and other accounting and tax laws, as well as for mandatory reporting to regulatory bodies. 

Security

For these purposes we protect both physical property, e.g. by placing cameras in our business premises, and also data. Camera systems are installed to protect people and property against unlawful infringements. We process camera recordings. We implement strict mechanisms to protect your data.

Contractual performance with a non-client contractual partner

In addition to the above cases, ALD also processes personal data relating to contractual arrangements with its business partners, e.g. private entrepreneurs – traders. For this purpose, ALD processes personal data to ensure contractual performance, to comply with its legal obligations or to protect its legitimate interest. The scope of personal data is always limited by the designated purposes and the aim is always the due performance of the contractual relationship between ALD and the contractual partner that is not a client of ALD.

 

6. What consent do we have in ALD?

This section describes consent used in ALD.

What does consent actually mean?

Consent is any free, specific, informed and clear expression of will, by which a data subject declares or otherwise clearly confirms his/her consent to the processing of his/her personal data. In general, consent in ALD may be classified as marketing consent and general consent. 

Consent is voluntary; you may deny it or revoke it at any time.

Denying or revoking consent has no impact on your contractual relationship with ALD. If you revoke your consent, we will assume that you no longer wish us to continue processing your data for the purpose of the consent that you have revoked.

Marketing consent

Marketing consent means consent to the processing of client data for marketing purposes, but also to improve care for our clients.

Group Marketing consent (“Marketing consent”)

If you have granted us your Marketing consent, that consent applies to the whole of the KB Group. In this case, all companies in the KB Group act as the joint controllers of your personal data. Those companies may therefore share and process the data specified in the consent for the purposes specified in the consent. 

You may grant your consent in person at a branch of Komerční banka, at a branch of another subsidiary company, when signing contractual documents for KB Group products mediated through selected third parties and through direct banking channels (Moje Banka, Mobile Banka).

When granting your consent, you cannot later choose which companies your consent will or will not be granted to. We must and will take any request to include only certain of the specified joint controllers to mean that you deny or revoke that Marketing consent. You may revoke your consent at any branch in the KB Group distribution network. If you revoke your consent in one of the companies in the KB Group, your consent will also be revoked for the other members of the KB Group, meaning that after that date none of them will be able to further process your personal data for the purposes specified in the Marketing consent. 

The KB Group processes all data to which the consent applies, and such data may be exchanged between the controllers. This means, for example, that if you have signed the Marketing consent, the information you provide about yourself to a KB bank advisor is also available to the other joint controllers, such as Modrá pyramida stavební spořitelna, a.s. This also means that we also share publicly available information about you amongst all the companies in the KB Group.

You grant your Marketing consent to the following companies, which we refer to as the “KB Group”:

KB Group

The “KB Group” includes the following companies:

  • Komerční banka, a.s., ID No.: 45317054
  • Modrá pyramida stavební spořitelna, a.s., ID No.: 60192852
  • Komerční pojišťovna, a.s., ID No.: 63998017
  • KB Penzijní společnost, a.s. , ID No.: 61860018
  • ESSOX s.r.o., ID No.: 26764652
  • ALD Automotive s. r. o., ID No.: 61063916
  • SG Equipment Finance Czech Republic s.r.o., ID No.: 61061344
  • Factoring KB, a.s., ID No.: 25148290.
     

The law defines the term controller of personal data as any subject that determines the purpose and means of processing personal data, and that collects, processes and stores data for the designated purpose. All the above companies act as so-called joint controllers of your personal data. Therefore, the data specified in the consent may be shared and processed for the purposes specified in the consent. 

How you can grant or deny Marketing consent

Marketing consent contains two boxes: “I consent” and “I do not consent” 

  • By checking the “I consent” box and signing the document you provide your consent to allow the KB Group to process your personal data for marketing purposes
  • By checking the “I do not consent” box and signing the document you state that you do not consent to allow your personal data to be processed for marketing purposes by the above companies to the extent defined by the document
  • Checking, overwriting or otherwise changing the Marketing consent form will be considered as a denial of consent (see the “I do not consent” variant)

You only need to grant Marketing consent to one company in the KB Group just once. It remains valid and effective for the duration of the last contractual relationship with at least one of the companies in the KB Group and for 1 further year, or until you revoke your consent.

If you grant Marketing consent, for instance, when negotiating a request for a product/service and then decide not to become our client (i.e. a contractual relationship is not established with a member of the KB Group), your consent will be valid for 1 year from when it is granted, unless you revoke it before that time. After your Marketing consent expires, your personal data will be deleted or processed solely to the extent and for the purposes for which consent is not required under the law.

Interaction with members of the KB Group

To avoid us contacting you more than once for the same reason, we record information about contact between you and us. This particularly includes data such as the date (and time) of the contact, the reason, and if the contact was initiated by you yourself or by us. This applies to contacts via all channels such as telephone, SMS, chat, post, email, data box, advisory site or via an electronic, web or other application. In the case of an offer we make, we always record your response – whether you liked the offer or not. We record your response to avoid offering you a product that did not appeal to you more than once.

 

7. How long do we store personal data?

We store your data for the necessary length of time; we generally archive data for 10 years, depending on the period stipulated by the law.

When handling your data, we follow the rule of data minimisation. This means that we implement strict archiving rules that ensure that we do not keep data for longer than we are entitled to.

In certain business relationships we have to take measures stipulated by the Act on the Prevention of Money Laundering. This Act obliges us to store the relevant data, particularly your identification and transaction data, for at least 10 years from the date of the transaction or end of our business relationship with you. This period is also stipulated by other laws. Under the Value Added Tax (VAT) Act we are obliged to store tax documents and records containing detailed information relating to the services we have provided or received, for 10 years from the end of the taxation period in which the service was provided or received. Generally, we are obliged to store most Basic Data and data on products and services on the basis of these laws.

Data that must be stored for a shorter period of time includes data that we would have to submit as proof in a judicial dispute, given the statutory limitation periods specified by the current Civil Code.

We store the data we process with your consent for the period for which you have granted that consent. If you have granted us consent to the processing and sharing of data in the KB Group for marketing purposes, we process your personal data for the duration of our contractual relationship and for a further 5 years from the end of that relationship. If you do not become our client, i.e. no contractual relationship is established, we process your data for just 1 year after you grant your consent. To rule out any doubt, we store your consent and any change or revocation of that consent on the basis of our legitimate interests for the entire duration of the consent and for a further 10 years after the expiry of that consent.

 

8. Who are the processors and recipients of your personal data?

The personal laws allow the controller to check how personal data is processed by the processor. A processor of personal data is any entity that processes personal data on the basis of a special law, permission or authorisation. In such cases your data are contractually and legally granted the same protection as they are by ALD. The most important processors used by ALD to process personal data include: 

  • providers of vehicle servicing services
  • providers of additional vehicle leasing services
  • service intermediaries, vehicle retailers (dealers)
  • IT service providers
  • providers of archiving services
  • debt recovery agencies
  • marketing agencies
  • providers of products, e.g. insurance
  • providers of print and postal services, including couriers
  • providers of legal, tax, audit and financial services and consultancy
  • entities collaborating with us in loyalty programmes, and
  • the KB group, under the terms specified in this document.

Credit registers

In order to protect rights relating to our assessment of your ability and willingness to fulfil your obligations arising from our services, ALD collects information about your creditworthiness, payment morale and credibility through credit registers on the basis of our legitimate interest; we may also process such data about you without your consent, particularly when negotiating a service. Data is processed, for example, from the databases of the Client Information Bank Register (CIBR), Client Information Non-Bank Register (CINBR) and the SOLUS association.

CIBR/CINBR

The CIBR is a system that collects information about bank clients’ creditworthiness, credibility and payment morale. The CIBR is operated by the joint stock company CBCB (Czech Banking Credit Bureau), whose webpage www.cbcb.cz provides all the necessary information about the register. Your consent is not required for the purposes of sharing data in the CIBR.

The CINBR is operated by the interest group CNCB – Czech Non-Banking Credit Bureau. Your consent is not required for the purposes of sharing data in the CINBR. As the CIBR and CINBR are two separate registers, information may be exchanged between them without your consent. 

(More in the Information Memorandum of the Client Information Bank Register [CIBR] and the Client Information Non-Bank Register [CINBR].)

SOLUS

Under the Consumer Protection Act your personal data may be filed in registers used to exchange information  on consumers’ identification details and on matters concerning their creditworthiness, payment morale and credibility. Your consent is not required for such information. ALD uses the registers of SOLUS, an interest association of legal entities.

(More in the INFORMATION on SOLUS registers, available at www.solus.cz)

On request without consent

Certain public authorities and other organisations are entitled to request information about you. These particularly include the Police of the Czech Republic, the courts, or other bodies of executive power. We only provide data if the law allows such data to be requested.

Other

Processors of customer (client) data in connection with financial products provided to ALD Automotive s.r.o. for Peugeot, Citroën and DS vehicles include ESSOX s.r.o., registered address: F. A. Gerstnera 52, 370 01 České Budějovice, ID No.: 26764652. The processors for Ford include FCE Credit, s.r.o., registered address: Prague 8, Karolinská 654/2, Prague 8, ID No.: 256 15 564.

 

9. Specifics in the processing of personal data for legal entities

When providing products and services to legal entities we also acquire and process data on the individuals authorised to represent ALD clients and other individuals whose personal data is processed in direction connection with their activities and which ALD is authorised to or must process for special purposes. These primarily include owners, true owners or persons providing collateral, as well as vehicle drivers, employees and other entities associated with such individuals. We obtain data primarily from clients and their representatives, from publically-available sources or from specialised third-party databases.

Such data comprises subjects’ identification data, address and contact details, their role and position in the firm, which ALD is entitled to process in connection with its activities and the provisioning of its services.

We acquire and process this data:

  • when providing products and services to clients to fulfil the legitimate interests of ALD; we process data for the duration of the product/service provided to a legal entity
  • when maintaining and developing relations with clients to fulfil the legitimate interests of ALD; we process data for the duration of the product/service provided to a legal entity
  • when protecting our legal rights to fulfil the legitimate interests of ALD; we process data for the duration of the product/service provided to a legal entity and subsequently for the designated length of time.

If you have granted your consent to the processing of your personal data for the marketing purposes of the KB Group, the above data may also be processed for these purposes.

 

10. What are your statutory rights in relation to the processing of your personal data?

We process your data in a transparent and correct manner and in accordance with the law and applicable legislation. You have the right to request that we provide information about your personal data that we process, the purpose and nature of data processing and recipients of personal data. If you find or suspect that your personal data is processed in contravention of your right to privacy and a personal life or in violation of the law, you are entitled to request that we provide an explanation or that ALD rectify the situation. If we breach our obligations, you also have the right to contact the Office for Personal Data Protection requesting that it arrange for the situation to be rectified. 

Your rights:

Right to access personal data

According to Art. 15 of the GDPR, as the data subject you have the right to access your personal data, which includes the right to obtain from ALD:

  • confirmation of whether it processes your personal data
  • information on the purposes of processing, the categories of personal data processed, the recipients to whom personal data has been or will be disclosed, the planned processing time, the existence of the right to request that the controller correct or delete your personal data or restrict the processing of such data or the right to file an objection against such processing, the right to file a complaint with the supervisory authority, the right to access all available information about sources of personal data, if such data is not acquired from the data subject, whether automated decision-making, including profiling, is used, and details of suitable guarantees when data is transferred outside the EU
  • on condition that the rights and freedoms of others and copies of personal data are not adversely affected.

Right to correct imprecise data

According to Art. 16 of the GDPR, as the data subject you have the right to correct imprecise personal data about you processed by ALD. As a customer of ALD, you are also obliged to notify us of any changes to your personal data, provide proof that such a change has occurred and cooperate if it is found that the personal data about you that we process is imprecise. ALD will correct such data as soon as is technically feasible. A request to have personal data corrected may be filed using the ALD contact details given below in this article, assuming that it is proven that such a request is justified.

Right to deletion

According to Art. 17 of the GDPR, as the data subject you have the right to have personal data relating to you deleted, if ALD is unable to prove that it has a legitimate reason for processing such data. ALD implements mechanisms to ensure that personal data is automatically anonymised or deleted if such data is no longer needed for the purpose for which they were processed. If you suspect that your personal data has not been deleted, you may contact us.

Right to restrict processing

According to Art. 18 of the GDPR, as the data subject you have the right to restrict the processing of your personal data until the matter is resolved, if you claim that your personal data is imprecise, is not processed for a legitimate reason or if you file an objection to the processing of such data, via the ALD contact details specified below.

Right to be notified of the correction, deletion or restrictions on the processing of your data

According to Art. 19 the GDPR as the data subject you have the right to be notified by ALD if it corrects, deletes or restricts the processing of your personal data. If your personal data is corrected or deleted, we will inform the individual recipients, with the exception of cases where this proves impossible or would require excessive effort. At your request we may provide information on such recipients.

Right to the portability of personal data

According to Art. 20 of GDPR, as the data subject you have the right to the portability of data relating to you and that has been provided to the controller, in a structured, commonly-used and machine-readable format, and the right to request that ALD transfer such data to another controller.

If, in connection with a contract for the provision of a service or on the basis of your consent, you provide personal data and such data is processed in an automated manner, you have the right to obtain such data from us in a structured, commonly used and machine-readable format. If technically feasible, your data may also be transferred to another controller specified by you, if a person representing that controller is properly specified and can be authorised.

If the exercising of this right could have an adverse impact on the fundamental rights and freedoms of third parties, we cannot accede to your request. Such a request may be filed using the ALD contact details given below in this article.

Right to file an objection against the processing of personal data

According to Art. 21 of GDPR, as the data subject you have the right to file an objection against the processing of your personal data on the basis of ALD’s legitimate interest, by sending your objection to the ALD contact details specified below, or contacting the company by telephone. After you file an objection we will immediately cease to process your personal data for these purposes.

If ALD is unable to prove that it has a legitimate reason for processing your data which outweighs your interests or rights and freedoms, ALD will immediately cease to process your personal data on the basis of your objection.

Right to revoke your consent to the processing of your personal data

You may revoke your consent to the processing of your personal data for business purposes at any time. Consent must be revoked by an explicit, clear and definite expression of intent, using the ALD contact details given below in this article. Consent to being contacted for marketing purposes via a specific electronic contact may be revoked at any time. The processing of cookie data may be restricted in your browser settings.

However, during the consent process you may also completely refuse to share your personal data. 

Automated individual decision-making, including profiling

As the data subject you have the right not to be the subject of any decision based solely on automated processing, including profiling, that would have legal consequences for you or would significantly affect you in a similar manner. ALD declares that it does not perform any automated decision-making without a human assessment of the legal consequences for data subjects.

Right to contact the Office for Personal Data Protection

If you are not satisfied with how your personal data is processed, you have the right to file a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, based at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz;

ALD treats all the above rights equally and strives to always satisfy your requirements. All rights may be exercised free of charge. ALD is granted a reasonable amount of time to process rights-related requests – generally 30 days. Any such request must contain basic identification data to enable us to locate all the data we process about you. If ALD does not receive the complete set of identification data, it cannot guarantee that it will be able to locate all the data about you processed in the information systems administered by ALD. If we are unable to locate your personal data in the ALD systems according to the identification data you have provided, you will also be informed of such in writing.

You will be informed when your request has been processed in an accompanying letter. You may exercise your rights either by writing to ALD, calling into one of its branches or by email.

During the exercising of selected rights it is possible that ALD will need your cooperation during the authentication process.

Rights may only be exercised in your own name or in the name of an entrusted representative in special cases.

If you have any questions, call the ALD Infoline on 955 525 000, visit www.aldautomotive.com or write to osobniudaje@aldautomotive.com.

 

11. Who are we?

ALD Automotive

ALD Automotive is the world's leading provider of operative leasing for passenger cars and light commercial vehicles up to 3.5t in weight. The company is part of the strong Société Générale financial group. In the Czech Republic, it is one of the biggest firms on the market in its field and manages over 20 000 vehicles. ALD Automotive specialises in leasing products for corporate clients regardless of the size of their fleet.

Our clients are private individuals and small traders, but especially firms and large international corporations, which the company also looks after on a global level. This is reflected in its wide range of products, which are customised to suit the individual needs of ALD Automotive’s clients.

One key product is Full-Service operative leasing, which has won awards many times in prestigious surveys such as Zlatá Koruna and Fleet Awards. The company’s other services and products provide ALD Automotive clients with the greatest possible convenience, including a pick-up service, assistance service in the event of a breakdown or accident, the ALD Car Monitor GPS vehicle movement monitoring system, our Fleet Monitor on-line reporting and our ALD Smart Car application.

ALD Automotive Group operates in 43 countries around the world and now manages almost 1 500 000 vehicles. Its head office for the Czech Republic is situated in Prague. ALD Automotive also caters to its clientele from its branches in Brno, Ostrava, České Budějovice and Plzeň.

Société Générale group

Since October 2001, Komerční banka has been an important part of the international retail banking group Société Générale, one of the biggest financial groups in Europe.

Société Générale has played a significant role in the economy for 150 years now. With more than 147 000 employees and operating in 67 countries, the SG group serves 31 million clients all over the world. The Société Générale group team offers consultancy and services for individual, corporate and institutional clients in three key areas:

  • retail banking in France with the Société Générale branch network, Crédit du Nord and Boursorama, which offer a comprehensive range of multi-channel financial services with a leading position in digital innovation
  • international retail banking, insurance and financial services to enterprises whose units operate in developing markets and create significant specialised deals
  • business and investment banking, private banking, asset management and securities services offering recognised expertise, first-class international ratings and integrated solutions.

 

12. Glossary of terms

Sensitive data
Data of a special nature, such as health-related information or biometric data enabling the identification of a person. 


Cookies
A short text file that the website you are visiting sends to your browser. It enables the website to record information about your visit, such as your preferred language and other settings. 
your next visit to the site may therefore be easier and more productive. Cookies are important. Browsing the web would be much more complicated without them.


GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation). 

Geolocation
Data on the geographical location of an electronic device connected to the Internet (either accurate or at the country level). 

Legitimate interest
The interest of the controller or a third party, such as in a situation where the data subject is a customer of the controller. 

Personal data
Information on a particular, identifiable person.

Product
Means any service provided by ALD, particularly Operative Vehicle Leasing, Full Service Vehicle Leasing, Fleet Management and other products and services offered by ALD.

Profiling
The automatic processing of your data, for instance to analyse or predict your behaviour in your personal or professional life, your economic situation and personal preferences.

Recipient
The person to whom data is transferred.

Service
Means any of the services we offer you, including our products, services offered online and support for those products and services.

Consent
Any free, specific, informed and clear expression of will, by which a data subject declares or otherwise clearly confirms his or her consent to the processing of their personal data

Controller
The entity that determines the purpose and means for the processing of personal data; the controller may contract a processor to process data.

Data subject
The person to whom personal data relate.

Purpose
The reason for which the controller uses your personal data. 

Basic Data
Data that include identifying and address information.  

Processing
Any operation or set of operations involving personal data that is performed with or without automated procedures such as collection, recording, arranging, structuring, storing, customising or altering, searching, viewing, using, transmitting, spreading or otherwise making available, sorting or combining, limiting, deleting or destroying

Processor
The person for whom the controller processes personal data. 

 

13. Applicable legislation
 

EU General Data Protection Regulation – GDPR

  • Regulation 216/679/EU
  • protection of personal data in the EU, effective from 25 May 2018

Accountancy Act

  • Act No. 563/1991 Coll., on Accountancy
  • processing of accounting data

Act on the Prevention of Money Laundering

  • Act No. 253/2008 Coll., on Certain Measures to Prevent Money Laundering and the Funding of Terrorism
  • client identification and checks

Consumer Protection Act

  • Act No. 634/1992 Coll., the Consumer Protection Act
  • protection of clients’ interests and rights 

Anti-Spam Act

  • Act No. 480/2004 Coll., on Certain Information Society Services
  • electronic commercial messages 

Civil Code

  • Act No. 89/2012 Coll., the Civil Code
  • protection of personal privacy

Income Tax Act

  • Act No. 586/1992 Coll., on Income Tax
  • processing of accounting data

Value Added Tax Act

  • Act No. 235/2004 Coll., on Value Added Tax
  • processing of accounting data

 

Download File