Information on the processing of personal data and related rights pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “Regulation”).

(hereinafter referred to as the “Privacy Policy” or the “Policy“)

1. Who are these policies intended for?

These Policies are intended for all existing, potential, and, for a certain period, former clients (hereinafter referred to as “Client”) of the DHS Estate Group in the Czech Republic, meaning those who

  1. who have concluded or intend to conclude an agreement with any of the companies belonging to the DHS Estate Group in the Czech Republic (hereinafter referred to as the “DHS Estate Group“), whose list is provided in Article 2 below (hereinafter referred to as the “DHS Estate Company or Companies“);
    1. Reservation agreement, preliminary purchase agreement, or purchase agreement whose subject is the transfer of ownership of real estate (hereinafter referred to as “Property“) from one of the DHS Estate Companies to the Client (hereinafter referred to as the “Purchase Agreement“);
    2. Accommodation Agreement (temporary lease) or rental agreement for properties owned by any of the DHS Estate Companies, either directly or through the reservation system used by the DHS Estate Group or an Intermediary as defined in Article 3(c) below (hereinafter referred to as the “Accommodation Agreement“);

(hereinafter jointly referred to as the “Contract or Contracts“)

  1. who visit the websites of any of the DHS Estate Companies, such as https://dhsestate.cz/, https://salethrabetice.cz/kontakty/, or https://lukahrabetice.cz/kontakty/ or their landing pages (hereinafter referred to as the “Websites“) and who send a message, leave their contact details, or arrange a viewing via the contact form on the website (hereinafter referred to as the “Message“).

2. Who is the controller of your personal data and how can you contact them?

The DHS Estate Company with which you have concluded or are concluding the Agreement, or are negotiating its conclusion, and/or to which you have sent or are sending a Message, or whose Website you have visited (hereinafter referred to as the “Contractual Partner“), together with the other DHS Estate Companies, are always joint controllers of your personal data within the meaning of Article 26 of the Regulation.

The DHS Estate Companies are: DHS Estate a.s., Company ID: 09344969, Šalet Hrabě, s.r.o., Company ID: 04028724, and Luka Hrabě, s.r.o., Company ID: 21539731, all with registered office at Střížkovská 630/114, 180 00 Prague 8 – Střížkov, as well as any future DHS Estate Companies, which will always be listed on the DHS Estate a.s. Website (hereinafter referred to as the “Joint Controllers“).

The Joint Controllers have agreed, among other things, that the information obligation under Articles 13 and 14 of the Regulation, which can be fulfilled according to Section 8 of Act No. 110/2019 Coll., on the Processing of Personal Data, by publishing in a manner allowing remote access (i.e., in cases of processing for the purpose of fulfilling a legal obligation or public task, and also in relation to electronically sent Messages or visits to the Website), shall be fulfilled by the Joint Controllers through publication on the Website. During pre-contractual negotiations and when concluding the Contract itself, this obligation shall be fulfilled directly by the DHS Estate Company that is the contractual partner.

Regarding personal data, you may primarily contact the Joint Controllers and exercise all the rights listed below in writing at the registered office address of DHS Estate, a.s., or by sending an email to recepce@DHSestate.cz. Changes to your personal data can also be reported at these addresses. However, according to Article 23(3) of the Regulation, the rights may be exercised with respect to each of the Joint Controllers individually or collectively.

3. What personal data do we collect and process about you?

We process primarily your identification, address, and contact details, and depending on the type of Agreement, also data such as place and duration of stay, information about your bank accounts and creditworthiness, source of assets, your payment details, information about your family situation, and housing preferences,

  1. which are stated in the Message, in the Purchase Agreements, and in related documents, such as documents concerning client changes, technical acceptance reports, or property handover protocols, in Accommodation Agreements and related registration forms or accommodation vouchers;
  2. which you provide to any of the Joint Controllers or Recipients referred to in Article 5 below during the negotiation, conclusion, and performance of Agreements and the provision of related services, for example, in connection with payments under the Agreements, processing client changes, or reservations;
  3. which are provided to us about you by operators of travel portals, as independent controllers, such as Booking.com B.V., operator of www.booking.com, Airbnb Ireland UC, a private unlimited company operating www.airbnb.cz, or ONLINE HOLDING s.r.o., operator of portals like www.hotel.cz, www.spa.cz, and others, with whom you arrange the transfer (hereinafter referred to as the “Intermediaries“);
  4. which we are required to collect, verify, and store, for example, in AML documentation, in the house or registration book, and/or to provide to other entities in connection with the conclusion and performance of Agreements based on legal regulations, particularly Act No. 253/2008 Coll., on Certain Measures Against Money Laundering and Terrorist Financing (hereinafter referred to as the “AML Act”), Act No. 565/1990 Coll., on Local Fees (hereinafter referred to as the “Local Fees Act”), Act No. 326/1999 Coll., on the Residence of Foreign Nationals (hereinafter referred to as the “Residence of Foreign Nationals Act”), and other laws in the field of accounting and taxation (e.g., on agreements to perform work, accounting, etc.) (hereinafter referred to as the “Statutory Data”).

We also process your personal data obtained during your visits to the Website through cookies. Using necessary technical or functional cookies, for which your consent is not required, we primarily collect your IP address and associated purely operational data necessary for the Website’s functionality and user settings (hereinafter referred to as “Technical Cookie Data“).
If you give consent via the cookie banner to the use of non-technical cookies, especially analytical, advertising, or marketing cookies, pursuant to Act No. 127/2005 Coll., on electronic communications (hereinafter referred to as “Consent to Use Non-Technical Cookies“), we process, in addition to your IP address, also your unique ID, data about your behavior on the Website, user preferences, etc. (hereinafter referred to as “Non-Technical Cookie Data“).

We primarily obtain your personal data directly from you, as well as from other Joint Controllers, from Intermediaries, possibly through other controllers as described in Article 5 below, or from public registers (e.g., the real estate cadastre or commercial register).

4. For what purpose and on what legal basis do we process your personal data?

We process your personal data for the purpose of:

  1. Conclusion and performance of Agreements; the legal basis is the performance of a contract to which the data subject is a party, or the taking of steps at the request of the data subject prior to entering into a contract (also applicable to Messages) pursuant to Article 6(1)(b) of the Regulation;
  2. Fulfillment of obligations related to the conclusion and performance of Agreements imposed by legal regulations, particularly archiving obligations (under accounting law, VAT law, etc.), the obligation to report the stay of foreigners under the Act on the Residence of Foreigners, registration obligations under the Local Fees Act, and the obligation to identify or verify Clients under the AML Act. The legal basis is the fulfillment of a legal obligation applicable to the Joint Controllers pursuant to Article 6(1)(c) of the Regulation;
  3. legitimate interests of the Joint Controllers, which include, in particular:
    1. Transfer of personal data within the DHS Estate Group for its internal administrative purposes, particularly for processing by selected employees within the DHS Estate Group, or by processors or other controllers duly authorized within the DHS Estate Group;
    2. Protection of the legal claims of the Joint Controllers and primarily the Contractual Partner in potential disputes related to the Agreements or the processing of personal data, etc.;
    3. Performance of the loan agreement in relation to the financing bank, particularly demonstrating the commercialization of the DHS Estate Company’s project by submitting selected Agreements to the bank financing the respective project;
    4. Sending commercial communications regarding existing or upcoming projects of the DHS Estate Group to Clients for the purpose of direct marketing;
    5. Conducting campaigns on the Website for the purpose of online marketing;
    6. Use of the necessary contact details of Clients who acquire ownership of Properties under the Agreements, especially units defined within a building managed by a homeowners’ association, of which the Contractual Partner is the first chairman, until their registration in the real estate cadastre, for the purpose of convening meetings of the owners’ assembly;
    7. In the case of mortgage financing for the purchase of the Property, the transfer of necessary personal data of Clients to the designated mortgage financing intermediary for the purpose of optimizing the processing of financing for the purchase based on the Agreements;
    8. Use of Technical Cookie Data to ensure the proper functioning of the Website and to maintain basic user preferences;
    9. In the event of giving Consent to the use of non-technical cookies:
      a) analysis and optimization of the Website and campaigns conducted on it, and
      b) creation of user profiles of Clients for displaying personalized advertising of goods and services of the DHS Estate Group (direct marketing).

The legal basis is the fulfillment of the legitimate interests of the Joint Controllers pursuant to Article 6(1)(f) of the Regulation.

This concerns the processing of data necessary for the conclusion and performance of Agreements, compliance with legal obligations, and the legitimate interests of the Joint Controllers. Providing the data is therefore a mandatory contractual and legal requirement, without which the Agreements cannot be concluded or performed, legal obligations fulfilled, or the legitimate interests of the Joint Controllers met.

You may object to the processing based on legitimate interests at any time. In the event of an objection to processing for the purposes of direct marketing pursuant to Article 4(c) points (iv), (v), and (vii)(b) above, the Joint Controllers will cease processing for this purpose without further delay.

  1. In the event you give Consent to the use of non-technical cookies, the Non-Technical Cookie Data may also be used to obtain and create user profiles of Clients by entities providing services such as analytics or marketing in relation to the Website, for example Google Analytics or Facebook (hereinafter referred to as the “Providers“), who subsequently use this data to deliver personalized advertising of goods and services either their own, their clients’, or on their platforms. The legal basis for this is consent under Article 6(1)(a) of the Regulation. Specific Providers are listed in the information within the relevant cookie banner.Your consent is voluntary and may be withdrawn at any time on the relevant Website via the cookie banner available in the cookies section, or by any of the methods and contact addresses listed in Article 2.2 above. Withdrawal of consent becomes effective upon receipt by the first of the Joint Controllers. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. After the consent expires, your personal data collected for this purpose will be deleted and destroyed, unless there is another lawful basis for further processing.

If we intend or need to process your personal data for a different purpose, we will promptly provide you with prior information about this other purpose and related details.

5. To whom may the Joint Controllers disclose your personal data?

The Joint Controllers may disclose your personal data to the following recipients:

  1. To selected processors involved in the performance of Agreements or providing related services to the Joint Controllers, processing your personal data based on instructions from the Joint Controllers, in particular the operator of the DHS Estate Group reservation system, PREVIO s.r.o., Company ID: 25975234;
  2. To other controllers for the purpose of providing a specific service agreed with the Joint Controllers, e.g., general contractors, project managers, technical supervisors, intermediaries for client changes, banks financing DHS Estate Group projects, mortgage financing intermediaries in case of mortgage financing of the Property purchase, legal representatives, accountants, tax advisors, and other advisors of the Joint Controllers;
  3. In fulfilling legal obligations, especially to public authorities or municipal offices acting within delegated powers (hereinafter referred to as “Recipients”).

Personal data is not disclosed to third parties from countries outside the EU and EEA.

6. How Long Do We Process Your Personal Data?

We process your personal data collected for the purpose of entering into and fulfilling Contracts until all obligations have been met and all claims arising from any such Contracts and any related proceedings have been satisfied.

Data processed on the basis of legal obligations are retained for the statutory retention periods specified by the relevant legislation — e.g., 10 years under the AML Act, 6 years under the Local Fees Act and the Act on the Residence of Foreign Nationals, and 10, 5, or other years as applicable in the accounting and tax domains.

If, based on your inquiry (initiated in any manner, including via a Message), no Agreement is concluded, we will cease processing your personal data no later than within 1 month. Exceptions include:
basic data retained for the purpose of protecting legal claims, as outlined in Article 4(c)(ii) above,
contact details used for sending commercial communications or for online marketing as per Article 4(c)(iv) and (v) above.

If your objection to the processing of personal data based on the legitimate interests of the Joint Controllers is upheld, the relevant processing will be terminated no later than 3 months from the date of notification of the objection being upheld.

We process data from non-essential cookies for the duration of your consent given via the cookie banner. We will ask for your renewed consent regularly after 6 months from its rejection or withdrawal, or whenever there is a significant change in cookie settings.

For the purpose of protecting the legal claims of the Joint Controllers in the event of disputes arising from Contracts with Clients or in connection with the processing of personal data, the Joint Controllers will retain the necessary data for no longer than one year after the expiration of all limitation periods arising from the Contracts, pre-contractual negotiations, or related to the processing carried out.

7. How do we process your personal data?

We process personal data both manually and automatically using modern technologies. No automated decision-making or profiling takes place during the processing of personal data.

8. What rights do you have regarding the processing of your personal data?

In connection with the processing of your personal data, you have the following rights:

  1. Right of Access: You have the right to obtain confirmation as to whether personal data concerning you are being processed or not, and if so, the right to access such data, the right to receive related information about the data and its processing, and about all your related rights. You have the right to obtain a copy of the processed personal data, the first copy free of charge, and any subsequent copies may be subject to a reasonable administrative fee.
  2. Right to Rectification: You have the right to request the Joint Controllers to correct or complete your personal data if you consider them inaccurate or incomplete.
  3. Right to Restriction of Processing: During the resolution of disputes concerning your data (e.g., regarding accuracy, based on an objection, or a request for restriction or provision to protect your legal claims), you have the right to restrict the processing of your personal data to storage only. Further processing is only possible with your consent or for the purpose of establishing, exercising, or defending legal claims, protecting the rights of others, or for reasons of public interest.
  4. Right to Erasure: You have the right to request that the Joint Controllers delete your personal data in cases stipulated by the Regulation, for example, if the purpose of processing no longer exists, the data are no longer necessary for the intended purposes, you withdraw your consent if processing is based on it and there is no other legal ground for processing, you successfully object to the processing, the processing is unlawful, or the Joint Controllers are required to delete the data by law.
  5. Right to Object: If the Joint Controllers process your personal data based on their legitimate interests (for example, direct marketing, protection of their property, or defense of their legal claims) after prior notice, you have the right to object. Upon objection, the Joint Controllers will cease processing your data unless they demonstrate compelling legitimate grounds for the processing that override your interests, rights, or freedoms. In case of objection to processing for direct marketing purposes, the processing will stop immediately without further ado.
  6. Right to Data Portability: If the personal data was collected from you by the Joint Controllers for the purpose of fulfilling a Contract or based on your consent, and is processed automatically, you have the right to receive a copy of such data in a structured, commonly used, and machine-readable format, and, where technically feasible, the right to have those data transmitted directly to another controller.
  7. You also have the right to lodge a complaint with the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz.