PRINCIPLES OF PERSONAL DATA PROTECTION



Dear Sir/Madam,

We would like to inform you of the principles and procedures for the processing of personal data within the Roger a.s. Payment institution, which is in accordance with Regulation (EU) 2016/679 of the European Parliament and the EU Council on 27 April 2016 (hereinafter referred to as “GDPR”) for the protection of natural persons with regard to the processing of personal data and the free movement of such data, and the repealing of Directive 95/46/EC. (en lo sucesivo "GDPR").

The terms “contract on the assignment of receivables”, “investor” and “client” used in this agreement are specified in the General Terms and Conditions of the payment institution Rodger a.s.



BASIC INFORMATION ON THE PROCESSING OF PERSONAL DATA

Identification and contact details of the administrator: Payment institution Roger a.s., Company ID No. 01729462, with its registered office at Kopečná 231/10, Staré Brno, 602 00 Brno, a company registered in the Commercial Register held at the Regional Court in Brno, Section B, insert 7900 (hereinafter also referred to as “Roger”). Contact e-mail: info@rogeras.com.

Data Protection Officer: Roger has not appointed a Data Protection Officer.

Transmission of personal data to a third country or international organization: Roger Roger does not transmit personal data to a third country or international organizations.

Automated individual decision-making: Due to the fact that Roger is an obliged person within the meaning of Act No. 253/2008 Coll., for certain measures against the legalization of proceeds from crime and the financing of terrorism, as amended, and is obliged to fulfill the obligations hereunder, Roger performs checks of data subjects according to the law through automated individual decision-making.

Information concerning the nature of the data provision: In the event that personal data is processed for the performance of a contract or legal obligation, the provision of data is a legal requirement. If personal data is processed on the basis of the data subject’s consent, the provision of data is a contractual requirement.

Supervisory authority: The supervisory authority is the Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Praha 7, e-mail: posta@uoou.cz, Phone no.: ++420 234 665 125.



FURTHER INFORMATION ON THE PROCESSING OF PERSONAL DATA

Purpose of processing: In order to perform a contract or fulfill legal obligations, Roger processes in particular: the academic title, name, surname, date of birth, place and country of birth, birth registration number, identity card number, address of permanent residence, delivery address or other contact address, sex, nationality, telephone number, email address, bank account number.

Roger Roger also processes data obtained from data subjects who visit the www.roger.cz website: IP address and cookies.

In the event that Roger intends to process personal data other than that specified in this article, or for other purposes, it may do so only on the basis of valid consent to the processing of the personal data. Consent to the processing of the personal data shall be granted by the data subject separately.

Duration of data processing: Roger holds the personal data of data subjects for the duration of the contractual relationship and subsequently for a maximum of 10 years after termination of the contractual relationship. Personal data processed to meet the obligations arising from special legal regulations shall be processed by Roger for the period prescribed by these laws. In the event that Roger uses personal data to protect its legitimate interests, Roger processes this data for the time necessary to exercise these rights.



PERSONAL DATA RECIPIENTS


Personal data will not be passed on to any third party, with the exception of clients and investors who together fulfill an agreement on the assignment of receivables.

Roger passes on personal data processed for the fulfillment of the obligations under special laws and regulations to the state administration or other competent authorities only in cases where the law requires.

The processors of personal data are:

Cooperation area

Identification of the processor

Cloud services

Master Internet, s.r.o., Company Reg. No. 26277557, with its registered office at Jiráskova 225/21, Veveří, 602 00 Brno

Legal services

Šetina, Komendová & Partners s.r.o., law office, Company Reg. No. 06204872, with its registered office at Purkyňova 649/127, Medlánky, 612 00 Brno



Personal data may be processed for Roger by processors solely on the basis of a contract for the personal data processing, i.e. with guarantees of organizational and technical security of the data with a definition of the purpose of the processing, whereby the processors may not use the data for any other purpose.



RIGHTS OF DATA SUBJECTS

The data subject has:

  1. The right to access personal data

    The data subject has the right to obtain confirmation from Roger whether the personal data concerning them is processed or not and, if so, they have the right to access this personal data as well as the following information: a) the purpose of the processing; (b) the categories of personal data concerned; c) the recipients, to whom the personal data has been or will be made available; d) the planned time period for which the personal data will be stored; e) the existence of the right to request from the administrator the correction or deletion of personal data or restrictions on their processing, or to object to such processing; f) the right to submit a complaint to the Supervisory Authority; g) all available information on the personal data source, if not obtained from the data subjects; h) the fact that automated decision making is taking place, including profiling. The data subject also has the right to obtain a copy of the processed personal data.

  2. The right to correct the personal data

    The data subject shall have the right to inaccurate personal data concerning them to be corrected by Roger or incomplete personal data to be supplemented without undue delay.

  3. The right to delete personal data

    The data subject shall have the right to personal data concerning them to be deleted by Roger without undue delay in the event that: a) the personal data is no longer required for the purposes for which it was collected or otherwise processed; b) the data subject withdraws their consent on the basis of which the data was processed and there is no further legal reason for its processing; c) the data subject objects to the processing and there are no overriding legitimate reasons for its processing; d) the personal data has been processed unlawfully; e) the personal data must be deleted in order to comply with a legal obligation laid down in EU or Czech law; f) the personal data was gathered in connection with an offer of the provision of information society services.

    The right to delete shall not apply in the event that processing is necessary to fulfill legal obligations, to determine, to exercise or to defend legal claims and other cases stated in the GDPR.

  4. The right to limit processing

    The data subject shall have the right to processing by Roger to be limited in any of the following cases: a) the data subject denies the accuracy of the personal data, i.e. for the time necessary for Roger to verify the accuracy of the personal data; b) the processing is unlawful and the data subject refuses the deletion of personal data and instead requests restrictions on its use; c) Roger no longer needs the personal data for the purposes of processing, but the data subject requires it for identification, exercise or defense of legal claims; d) the data subject has raised an objection to its processing until it has been ascertained whether Roger’s justified reasons outweigh the justified reasons of the data subject.

  5. The right to object to processing

    The data subject shall have the right, due to reasons relating to their specific situation, to object at any time to the processing of personal data relating to them and which Roger processes because of its legitimate interest. In such a case, Roger shall no longer process personal data unless it can prove that there are serious legitimate reasons for its processing, which outweigh the interests or rights and freedoms of the data subject or for the determination, exercise or defense of legal claims.

  6. The right to data portability

    The data subject has the right to the personal data relating to them, provided to Roger, in a structured, commonly used and machine-readable format, and the right to transmit this data to another administrator without hindrance from Roger, who has been provided with the personal data, in a case where: a) the processing is based on consent and b) the processing is carried out automatically.

    While exercising its right to data portability, the data subject shall have the right to have their personal data transmitted directly by one administrator to another administrator if technically feasible.

  7. The right to submit a complaint to the Supervisory Authority

    In the event that the data subject believes that Roger does not process their personal data legally, they shall have the right to submit a complaint to the Supervisory Authority. The Supervisory Authority is the Office for Personal Data Protection with registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: posta@uoou.cz, phone no.: +420 234 665 125.

  8. the right to information concerning the correction or deletion of personal data or the limitation of processing

    Roger is required to notify individual recipients, to whom personal data has been made available, of any correction or deletion of the personal data or processing restrictions, except when this proves to be impossible or requires unreasonable effort. If requested by the data subject, Roger shall inform the data subject of these recipients.

  9. The right to be informed in the event of a personal data breach

    In the likely event that a certain case of breach of personal data will result in a high risk to the rights and freedoms of individuals, Roger shall report this violation without undue delay to the data subject.

  10. The right to withdraw consent to the processing of personal data

    In the event that Roger processes any of the personal data on the basis of consent, the data subject shall have the right to withdraw their consent to the processing of personal data at any time in writing, by sending a disagreement with the processing of personal data to the email address info@rogeras.com.



    COOKIE FILES

    In the event that Roger processes any of the personal data on the basis of consent, the data subject shall have the right to withdraw their consent to the processing of personal data at any time in writing, by sending a disagreement with the processing of personal data to the email address

    The website www.roger.cz automatically identifies the user’s IP address. The IP address is the number automatically assigned to the user’s computer when connected to the Internet. All of this information is recorded in the activity file by the server, which allows subsequent data processing.

    The purpose of using cookies: Roger uses cookies and related technologies for several purposes, including:

    • Login and verification. Once a data subject uses a personal account to log in, an encrypted cookie will be stored on their device, making it possible to navigate between pages without having to repeatedly log in. The user can also save their login information so they do not need to log in every time they return to www.roger.com.

    Third-party cookies may also be located on www.roger.com. This may be, for example, because Roger has commissioned a third party e.g. to analyze the site. Roger uses the following service providers:

    • Google Analytics Service - Google

    • Hojtar Service - Hotjar

    • Facebook Pixel Service - Facebook

    Cookie settings: : Most web browsers accept cookies automatically. However, they provide controls that allow them to be blocked or removed. Users of www.roger.com are therefore authorized to set up their browser so that cookies on their computers are avoided, however the Roger web interface may then not operate properly. Guidelines for blocking or deleting cookies in browsers can usually be found within the browser help documentation.



    FINAL PROVISIONS

    This Personal Data Protection Policy will be updated by Roger were necessary. The current version of the Personal Data Protection Policy will always be available at www.roger.com. In the event of a significant change in the way personal data is handled in this Personal Data Protection Policy, Roger shall inform the data subjects by visibly displaying a notice before implementing these changes. Roger recommends that the Personal Data Protection Policy be reviewed regularly.