csen

INFORMATION ON PERSONAL DATA PROCESSING for clients and suppliers

in accordance with the General Data Protection Regulation (GDPR)

The company provides information on the processing of personal data that the data subject has provided to the data controller in connection with the commencement of activities under the performance of a contractual relationship:

(1) Data Controller:

The Controllers or Processors of personal data are the companies within the PKF APOGEO group (PKF APOGEO, s.r.o., PKF APOGEO Esteem, a.s., PKF APOGEO Audit, s.r.o., PKF APOGEO Group, SE, PKF APOGEO Transactions, s.r.o., SMART Office & Companies s.r.o., PKF Family Office, s.r.o., PKF APOGEO Payroll, s.r.o., PKF APOGEO Tax, s.r.o., PKF APOGEO Accounting, s.r.o., PKF APOGEO Verifica, s.r.o. and PKF APOGEO Special Services, s.r.o.).

Contact person: Petr Rada
Phone: +420 601 156 078
E-mail: petr.rada@pkfapogeo.cz

(2) Purpose of Processing:

The Controller/Processor shall process the data subject’s personal data for the purposes of fulfilling the contractual relationship in the agreed area, including related activities.

(3) Legal Basis:

Consent of the data subject: for taking and using photographs on the company’s website or social media for promotional purposes, for making and keeping copies of documents, or for other marketing purposes.

Performance or conclusion of a contract: for the delivery of agreed services.

Legal obligation: (Act No. 89/2012 Coll., Civil Code; Act No. 499/2004 Coll., on Archiving and File Service; Act No. 455/1991 Coll., Trade Licensing Act; Act No. 563/1991 Coll., on Accounting; Act No. 235/2004 Coll., on Value Added Tax).

Legitimate interest: Personal data kept in internal systems may be retained for record-keeping, traceability, or defense of legal claims of the Controller/Processor. For the purpose of providing information related to the ordered service, e-mail may be used to send such messages.

(4) Processors of Personal Data:

Personal data may be provided by the Controller/Processor, in the course of contract performance, to external providers of accounting, payroll, tax, notarial, auditing, or legal services, whose specific categories shall be communicated to the data subjects upon request.

In accordance with recital (48) GDPR, Controllers that are part of a group of undertakings or institutions affiliated to a central body may have a legitimate interest in transferring personal data within the group of undertakings for internal administrative purposes.

(5) Other Recipients:

The Controller/Processor may, due to legitimate interest or contract performance, disclose provided personal data to contractual partners authorized by the Controller/Processor in the fields of IT services and technologies, marketing services, consulting services, certification services, whose specific categories shall be communicated to the data subjects upon request.

Due to the necessary transfer, backup, and archiving of electronic data, personal data may be provided outside the EU (verified cloud services with servers outside the EU).

(6) Other Third Parties:

The Controller/Processor provides personal data to competent public authorities or other entities authorized to process personal data for reasons of state supervision, prevention, investigation, detection, or prosecution of criminal offenses or execution of penalties, including protection against threats to public security and prevention thereof.

(7) Other Processing Purposes:

The Controller/Processor may also use the provided personal data for business and marketing purposes within the scope of legitimate interest or after obtaining consent.

(8) Retention Period of Personal Data:

The Controller/Processor retains personal data for the duration of the contractual relationship and further for the period required by law. An exception may be the retention of personal data for business and marketing purposes.

(9) Automated Processing of Personal Data:

The company does not carry out automated processing of personal data.

(10) Rights of the Data Subject:

Right of access: The data subject has the right to access their personal data; the controller is obliged to provide a copy of the processed personal data.

Right to rectification and supplementation: The data subject has the right to have inaccurate personal data concerning them rectified or supplemented without undue delay.

Right to erasure (“right to be forgotten”): The data subject has the right to request erasure of personal data without undue delay if:

  • the personal data are no longer necessary for the purposes for which they were processed,
  • the data subject withdraws consent to processing,
  • the data subject objects to processing,
  • the personal data were processed unlawfully,
  • further retention is not required by applicable legal regulations,
  • the processing is not for public interest in the area of public health, archiving, scientific or historical research, statistics,
  • the processing is not necessary for the exercise or defense of legal claims.

Right to restriction of processing: The data subject has the right, in justified cases, to restrict the processing of their personal data.

Right to data portability: The data subject has the right to obtain personal data concerning them in a structured, commonly used, and machine-readable format, and to transmit these data to another controller.

Right not to be subject to automated decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, unless necessary for contract performance.

Right to lodge a complaint: The data subject has the right to lodge a complaint with a supervisory authority, i.e., the Office for Personal Data Protection.

Right to object: The data subject has the right to object to the processing of personal data; in unjustified cases the controller must not continue to process these data. An objection may be raised at any time against processing for direct marketing purposes.

(11) Failure to Provide Personal Data:

The data subject must provide personal data for legal reasons or those specified in the business contract; otherwise, the performance of the business contract would be impossible.

(12) Other Provisions:

If the data subject does not grant the data controller consent to handle personal data or does not enter into a business relationship with the controller/processor, and there are no other grounds for processing, their personal data shall be shredded in written form and deleted in electronic form.

Other personal data not provided directly by the data subject may be obtained from publicly available sources.

Personal data processed by the PKF APOGEO Group in the position of Processor are processed in accordance with the GDPR based on the instructions of the individual Controllers and cannot be processed otherwise or outside the agreed activities without their authorization.

You will find us

  • Praha
    Rohanské nábřeží 671/15, Praha 8
  • Brno
    Pražákova 1008/69, Brno - Štýřice

PKF APOGEO

Stay in touch with us

info@pkfapogeo.cz

+420 267 997 700

PKF Family Office SMART Companies

Proudly part of the PKF global family

PKF APOGEO Group, SE is a member of PKF Global, a network of member firms of PKF International Limited, each of which is a separate and independent legal entity and bears no liability for the actions or inactions of individual members or correspondent firms.
“PKF" and the PKF logo are registered trademarks used by PKF International Limited and member firms of the PKF Global Network. They may not be used by anyone other than a duly licensed member firm of the Network.

© 2026 All rights reserved PKF APOGEO GROUP
Top Rating Created by

Contact us

By submitting, you agree to the .

Cookies

Our website uses cookies. This allows us to offer you a more efficient user experience. You agree to the storage of cookies by clicking on the 'I agree' box.
Refuse