Homepage › Personal data protection
The purpose of this website is to inform you about the processing of your personal data in Komerční banka, and about your rights relating to your personal data. We want you to know what kind of personal data we collect, what we do with it, and what we use it for. You can also find information on the sources we obtain this data from, as well as learning who we can provide this data to.
We always process your personal data transparently, fairly and lawfully, and to the extent required for a given purpose. We securely retain your personal data for the period that is strictly necessary, in compliance with the time limits defined by legislation and other regulations. If the bank has a legitimate interest, we can decide for ourselves how long we will retain your data. We only process the personal data of persons aged under 18 if a child’s legal representative is acting on the child’s behalf.
We recommend that you familiarise yourself with the information contained in document Information about processing of personal data you will find below.
The purpose of this document is to inform you about the processing of your personal data in Komerční banka, a.s. and about your rights relating to your personal data. We want you to know what kind of personal data we collect, what we do with it, and what we use it for. You can also find information on the sources we obtain this data from, as well as learning who we can provide this data to.
We always process your personal data transparently, fairly and lawfully, and to the extent required for a given purpose. We securely retain your personal data for the period that is strictly necessary, in compliance with the time limits defined by legislation and other regulations. If the bank has a legitimate interest, we can decide for ourselves how long we will retain your data. We only process the personal data of persons aged under 18 if a child’s legal representative is acting on the child’s behalf.
We recommend that you familiarise yourself with the information contained in this document. In addition to the above, we try to ensure that this document is as up to date as possible, and if there are any changes in how your personal data is processed and retained, they will be incorporated into this document as soon as possible.
If you do not agree with how your personal data is processed in Komerční banka, a.s. you can exercise your rights and contact the authority that oversees your privacy and protects your personal data:
Office for Personal Data Protection
address: Hraničná 12, 820 07 Bratislava 27
tel.: + 421 232 313 214, + 421 232 313 211
website: https://www.dataprotection.gov.sk/
or
Office for Personal Data Protection
address: Pplk. Sochora 27, 170 00 Praha 7
tel.: +420 234 665 111
website: www.uoou.cz
The controller of your personal data is Komerční banka, a.s. (“KB” or “Komerční banka”).
Contact information (in Slovakia):
Komerční banka, a. s., branch of foreign banky
Hodžovo námestie 1A
P.O.BOX 137
810 00 Bratislava
Slovak Republic
Contact information for the Data Protection Officer (DPO):
You can contact the DPO by e-mail osobne_udaje@koba.sk or by writing to the following address:
KB collects and uses your personal data, and it is responsible for ensuring that your data is processed correctly and lawfully. You can also assert your rights regarding Komerční banka as the controller of your personal data, as explained below.
We can only process your personal data within a specific scope, and provided that at least one of the following conditions is satisfied:
When providing products and services to legal persons, we also obtain and process personal data on natural persons who are authorised to represent the bank’s clients, as well as on other natural persons whose personal data is processed in direct connection with conducting of their activities, and which the bank must process or is entitled to process for its own purposes.
This primarily concerns the registered owners and beneficial owners, persons authorised to view or dispose of funds on clients’ accounts (including holders of business payment cards), persons providing collateral, and other natural persons connected with these subjects. We obtain personal data primarily from our clients or their representatives, from publicly accessible sources, and also from specialised databases maintained by third parties.
This involves mostly basic and descriptive subjects’ data, i.e. their identification and contact data, their role and position in a company, their area of interest, scans of documents, information on links with other subjects, and information required by the legislation, especially the laws on money laundering, taxation and the provision of payment and investment services, and any other regulations the bank has to comply with when conducting its business.
We acquire and process mostly the following personal data:
You can find more detailed information regarding the purpose of processing your data in the following chapter.
If there is more than one reason for the processing of your personal data, we always do so only to the extent required for a given purpose. The main aim of this processing is to enable us to provide you our services and customer care associated with delivery of our products and services that you actively use or consider to use.
We set out the main categories of our purposes below.
As part of discussing a product or service, we will process the data you provide through these channels to facilitate your interest in the product or service, and we will contact you as part of discussing the product or service.
If you decide that the product or service you discussed with us is suitable for you, we are obliged to ascertain your personal identification data and collect and retain any other data needed to draw up the relevant contract for the product or service. For credit and investment products, we will require a larger set of data from you, and shall be the subject of further processing.
So that we can ensure the quality of the products and services you use, we are obliged to retain, update and process the relevant data. Based on our legitimate interest we are also obliged to provide you with this information through the channels you have selected for these products and services, i.e. at our point of sale and through our direct banking channels. If you also decide to use direct banking channels for servicing these products and services, we collect information on your IP address, etc. We record and evaluate this data so that we can minimise any risks related to the misuse of these direct channels.
If necessary, we will inform you – via SMS, e-mail, messages in our direct channels or another standard way – of any events concerning your products and services together with change of your banking advisor, etc.
In this case, the legal basis for processing your personal data is the fulfillment of controller’s legitimate interests. To safeguard our legal claims, we will continue to retain this personal data after the product or service has ended – for more details see How long do we retain your data?
We also process your personal data, including your communications history and information about products and services, to the extent required for any legal claims or potential legal claims against you, especially on the basis of your contractual relationship with us. We also use third parties for debt recovery.
The legal basis for presented processing is the protection of our legitimate interests.
We also use your personal data to check for and prevent any potentially unethical or fraudulent conduct. We are bound by the legislation that stipulate the obligation to act with due professional care in matters concerning the prevention, detection and investigation of such conduct. To this end we also collect your personal data and data on the products and services you use. We can then create indicators based on this data that help prevent potential fraud and allow for better protection of your money. This may involve for instance information on the theft of your ID card or credit card, or data on the country where you normally use your direct banking channels.
The legal basis for such processing is compliance with our legal obligation as the controller.
We also collect and process your personal data to comply with our legal obligations as the controller with regard to the state and the regulatory authorities. We are obliged to do so by the Accounting Act, the VAT Act and many other regulations, including the laws derived from the agreement on implementation of the US Foreign Account Tax Compliance Act (FATCA). We also transfer all of this mandatory information within KB’s Financial Group.
We process and transfer this data to comply with our legal obligation as the controller, and in our legitimate interest.
The legislation also obliges us to check compliance with the Capital Market Undertakings Act and prevent its abuse, which could harm our other clients or our KB Group. We process your personal data for this reason too.
The legal basis for above mentioned processing is the compliance with our legal obligations as the controller and our legitimate interest.
In compliance with the regulatory requirements, we also collect and retain records of all communications with you concerning investment products (e.g. recordings of telephone calls, minutes from meetings, e-mail communication, Skype calls and messages, etc.). In line with the regulatory requirements for reporting your transactions, we collect data on your instructions and your transactions with investment instruments.
The legal basis for such processing is compliance with our legal obligation as the controller.
Our employees may process your personal data for the company’s internal needs, e.g. for reporting on the efficiency of our services.
The legal basis for such processing is our legitimate interest.
To minimise risk, the bank keeps records of persons who have provided false information, experienced difficulties paying their debts, etc.
The legal basis for such processing is compliance with our legal obligation as the controller, and also our legitimate interest.
Your personal data and information on selected products and services are being used for regulatory reporting. Based upon this data we conduct our internal reporting, and at the same time we are obliged to transfer information on certain products and services to the regulator.
The basis for such processing is compliance with our legal obligation as the controller.
If you have problems repaying any loans we have provided, our primary objective is to resolve these problems with you efficiently and to our mutual satisfaction. Sometimes, it might not be possible to resolve aforementioned problems amicably. In these situations we have to use the personal data we have recorded on you, and in some cases we may also use data, especially contact data, from publicly accessible sources such as social networks, etc., so that we can contact you. Under certain circumstances (you fail to respond, you are unreachable, you have no interest in resolving the situation, etc.) we may have to transfer your debts to a company that specialises in debt recovery. In such cases we will provide the relevant personal data to the company, together with any other relevant data concerning the debt in question. We also transfer this data if we decide to assign the debt.
The basis for processing and transferring the relevant data is our legitimate interest.
As part of marketing as a legitimate interest, we carry out basic analyses of your data concerning your use of our products and services. At the same time this legitimate interest allows us to segment our clients in order to choose the most important form of servicing and offer suitable products and services, and it also allows us to find out clients’ opinions. You may object to marketing as a legitimate interest.
Data retention periods differ depending on particular purpose for which we are processing personal data. Set data retention period for particular purpose respects storage limitation principle, that ensures processing of data only for the time that is necessary for the purposes for which the data are processed. There are two main reasons why we process and retain your data, and related to these reasons are the time limits for which we need to retain your data:
We keep your personal data for the period of time set out by relevant applicable laws and KB’s Code of File Cabinet and KB’s File Cabinet Plan, respectively for the time period for which you gave us your consent.
Regulácia ochrany osobných údajov umožňuje, aby prevádzkovateľ poveril spracúvaním osobných údajov sprostredkovateľa. Sprostredkovateľom je každý subjekt, ktorý na základe zvláštneho zákona alebo poverenia, resp. splnomocnenia prevádzkovateľom, spracúva osobné údaje v mene prevádzkovateľa. V týchto prípadoch je zmluvne, ako aj predpismi garantovaná rovnaká ochrana vašich údajov ako zo strany spoločnosti Komerční banka. Medzi najvýznamnejších sprostredkovateľov, ktorých spoločnosť Komerční banka využíva na spracúvanie osobných údajov, patria:
Under international agreements such as FATCA, etc., we are obliged to provide data on our clients to the Financial Administration of the Slovak Republic. For more information on these agreements, please visit e.g. https://www.financnasprava.sk.
A range of public authorities may request information on our clients. They include the law enforcement authorities, the courts, the court executors, the Czech National Bank, the Slovak National Bank or health insurance companies. However, we only provide this data in situations where we are legally obliged to do so.
In Komerční banka we always try to be as transparent as possible, which is why we think it’s important that you know how we process your personal data. Komerční banka is processing the following basic categories of data.
In case of legal persons this includes mainly basic identification data such as the business name, company number, tax registration number, etc.; in case of natural persons it is the subject’s name, surname, birth registration number, date of birth, type and number of identity card.
This includes all of the subject’s addresses – e.g. permanent place of residence, correspondence addresses, and for entrepreneurs their company’s address, and the subject’s contact data, e.g. telephone numbers, e-mail addresses, social network addresses, data boxes, etc.
This includes mostly information required by relevant laws for the purpose of risk assessment of money laundering and financing of terrorism, e.g. whether the particular natural person is a politically exposed person or not.
This includes data on your tax residence, i.e. where you are obliged to pay tax.
This includes information on suppliers and customers, the client’s business strategy, information on any group of connected clients, information on the market environment and situation in the sector, business risks, etc.
This includes the personal data of debtors and co-debtors, information on the parameters of a credit transaction, the identification and value of collateral, etc.
This includes the personal data of the holders and managers, contract numbers, the level of investment, the order book, information on transactions, etc.
This includes the personal data of the holders and managers, contract numbers, payment card numbers including security data, information on transactions, the sales channels used, etc.
This includes sanctions lists for persons linked with terrorism as well as lists for persons on international watch lists who are subject to international sanctions, the insolvency register, the bankruptcy register, the central debt collection register, registers of invalid and stolen documents, the register of groups of connected clients, information from the land register, etc.
This includes the IP address, cookies, the identification of the device used, information on web browsers, your profile on social networks, etc.
This includes data on electronic communication means that are mainly used for authentication, i.e. to verify your identity. Data that comes under this category includes your digital signature, your digital certificate, or the user name you ordinarily use to log into applications, or your device’s serial and manufacturing numbers (MAC address), etc.
This includes identification data from communication channels or logs from monitoring banking applications.
This includes mostly information on business relations e.g. between supplier and customer, etc.
This is a special type of data that includes information on your race, ethnicity, trade union membership, any health problems, and sexual orientation. It also includes data related to genetic and biometric information. Komerční banka does not collect this data.
You have the right to ask us for information on your personal data that we process, the purpose and nature of processing your personal data, and the recipients of personal data.
If you discover or believe that our processing your personal data is contrary to the protection of your personal and private life, or in violation of the legislation, you are entitled to ask us for an explanation, or to ask Komerční banka to remedy the undesirable situation.
If we are in breach of our obligations, you also have the right to ask the Office for Personal Data Protection to take remedial measures.
A list of your rights:
Komerční banka treats all of the above rights in the same way, and always tries to satisfy your requirements.
Komerční banka has a period of 30 days to process your request.
You will be informed by a cover letter when Komerční banka has finished processing your request. You can exercise your rights by a letter addressed to Komerční banka and sent by the Post, personally at our point of sale or by e-mail.
When exercising above mentioned rights, Komerční banka may need your cooperation to identify you. You can exercise your rights on your own behalf or on behalf of someone you represent on the basis of power of attorney or other form of authorisation.
If you have any questions, please call Komerční banka’s Infoline on 0800 118 100,go to www.koba.sk/osobneudaje or write to us at osobne_udaje@koba.sk.
Alternatively, please contact our Data Protection Officer (DPO), who is responsible for supervising the processing of personal data in Komerční banka.
You can contact the DPO by e-mail osobne_udaje@koba.sk or by writing to the following address:
Office of the Data Protection Officer
Hodžovo námestie 1A
P.O.BOX 137
810 00 Bratislava
Slovak Republic
Komerční banka is the parent company of KB’s Financial Group, and it is a member of the Société Générale international financial group.
In Slovakia, Komerční banka, a. s. serves corporate clients through a branch, Komerční banka, a.s., pobočka zahraničnej banky, as well as through the other daughter companies of the KB’s Group (SGEF, ALD, ESSOX).
KB ranks among the leading banking institutions in the Czech Republic, as well as in Central and Eastern Europe. It is a universal bank providing a wide range of services in retail, corporate and investment banking. Member companies of KB’s Financial Group provide additional specialised financial services such as pension schemes and building society schemes, leasing, factoring, consumer lending and insurance. These are available through KB’s branch network, its direct banking channels and its subsidiaries’ own sales networks.
Czech subsidiaries | Address | Company No |
---|---|---|
Modrá pyramida stavební spořitelna, a.s. | Bělehradská 128/222,120 21 Prague 2 | 60192852 |
Komerční pojišťovna, a.s. | Karolinská 1/650, 186 00 Prague 8 | 63998017 |
KB Penzijní společnost, a.s. | náměstí Junkových 2772/1, Stodůlky, 155 00 Prague 5 | 61860018 |
SG Equipment Finance Czech Republic s.r.o. | náměstí Junkových 2772/1, Stodůlky, 155 00 Prague 5 | 61061344 |
ESSOX s.r.o. | F. A. Gerstnera č.ev. 52, České Budějovice 7, 370 01 České Budějovice | 26764652 |
Factoring KB, a.s. | náměstí Junkových 2772/1, Stodůlky, 155 00 Prague 5 | 25148290 |
Protos, uzavřený investiční fond, a.s. | Dlouhá 713/34, Staré Město, 110 00 Prague 1 | 27919871 |
KB Real Estate, s.r.o. | Václavské náměstí 796/42, Nové Město, 110 00 Prague 1 | 24794015 |
VN 42, s.r.o. | Václavské náměstí 796/42, Nové Město, 110 00 Prague 1 | 02022818 |
STD2, s.r.o. | Václavské náměstí 796/42, Nové Město, 110 00 Prague 1 | 27629317 |
Subsidiaries in other countries | ||
Bastion European Investments S.A. | Rue Des Colonies, 11 1000 Brusel, Belgium | BE0877.881.474 |
Since October 2001 Komerční banka has been part of Société Générale’s international retail banking group. Société Générale is one of the largest financial services groups in Europe.
Société Générale has been playing a vital role in the economy for the last 150 years. It operates in 67 countries with over 147 000 employees. The Société Générale Group serves 31 million clients throughout the world, and its teams offer advice and services to individual, corporate and institutional customers in three core businesses:
We conduct the processing of your personal data in accordance with the relevant applicable laws, in particular with the Personal Data Protection Act, Act on Banks, AML Act.
The most important generally binding legal regulations in the field of / or in close connection with the personal data protection in the Slovak republic:
FATCA | Notification of Ministry of Foreign and European Affairs of the Slovak Republic No. 48/2016 Coll., on conclusion of the Agreement between the United States of America and the Slovak Republic to Improve International Tax Compliance and to Implement FATCA on July 31 2015, Act No. 442/2012 Coll. on International cooperation in Tax Administration, Act No. 359/2015 Coll. on Automatic Exchange of Information about Financial Accounts for Tax Administration Purposes | obligation of the bank in regard of the control of compliance with tax liabilities |
MiFID | Directive 2014/65/EU of the European Parliament and of the Council on markets in financial instruments | common regime for investment services within the EU |
Market Abuse Regulation | Regulation (EU) 596/2014 of the European Parliament and of the Council on the market abuse and Directive 2014/57/EU of the European Parliament and of the Council on criminal sanctions for market abuse | market manipulation |
Civil Code | Act No. 40/1964 Coll. – the Civil Code, as amended | protection of privacy |
GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data | protection of personal data within the EU, valid from May 25 2018 |
Act on Banks | Act No. 483/2001 Coll. on Banks, as amended | banking operation |
VAT Act and Tax Administration Act | Act No. 222/2004 Coll. on Value Added Tax and Act No. 563/2009 Coll. on the Tax Administration (Tax Code), as amended | processing of tax data |
Act on International cooperation in Tax Administration | Act No. 442/2012 Coll. on International cooperation in Tax Administration, as amended | international exchange of information in the tax area |
Personal Data | Act No. 18/2018 Coll. on Personal Data Protection Act, as amended | protection of personal data |
Protection Act | Protection Act, as amended | |
Accounting Act | Act No. 431/2002 Coll. on Accounting | processing of the accounting data |
AML Act | Act No. 297/2008 Coll. on Anti-Money Laundering and Anti-Terrorist Financing, as amended | identification and control of clients |
Payment Services Act | Act No. 492/2009 Coll. on Payment Services, as amended | protection of data from users of payment services |
This web section aims to provide employees, job seekers and external partners of the Komerční banka corporate group in the Czech and Slovak Republics with information on personal data processing and the related rights. You will learn what personal data we collect, how we manage them, from what sources we obtain them, for what purposes we use them and to whom we may provide them.
The information on personal data processing will be regularly updated.
The Office of the Data Protection Officer KB
Hodžovo námestie 1A
P.O.BOX 137
810 00 Bratislava
Slovak Republic
Telephone: in SR: 0800 118 100, from abroad +421 259 277 505
E-mail: osobne_udaje@koba.sk
The Office for Personal Data Protection of the Slovak Republic: https://dataprotection.gov.sk/uoou/en.
The Office for Personal Data Protection of the Czech Republic: https://www.uoou.cz/en/
In SR
0800 118 100
From abroad
+420 955 524 505
BIC / SWIFT code:
KOMBSKBAXXX
(KOMBSKBA)
© 2020 Komerční banka – Société Générale Group