Forvis Mazars Privacy Statement
Forvis Mazars Privacy Statement
General
Forvis Mazars in the Czech Republic takes the security of and our legal responsibilities around your personal data very seriously. This privacy statement sets out which personal data we collect from you through our interaction with you, how we process that personal data and provides information about your rights in relation to the processing of your personal data.
Data Controller
The data controller is each of the Czech member firms of Forvis Mazars [1], each of which is a separate and independent legal entity (for more information about the Czech member firms, click on www.forvismazars.com/cz. This privacy statement refers to them as “ Forvis Mazars in the Czech Republic”, “we”, “our”, “us”. This privacy statement applies to each of them separately.
[1] Forvis Mazars is an international, integrated and independent organisation, specialising in audit, accountancy, tax, legal and advisory services (for more information about Forvis Mazars, click www.forvismazars.com/cz).
Data Subjects
We may collect and process personal data from:
- our clients, suppliers, business contacts and potential clients (and/or from individuals associated with them);
- individuals whose personal data we obtain in connection with providing professional services to our clients (e.g. our client's employees, customers and suppliers, our clients' and employees' family members, government agency contact persons, other advisors to the data subject);
- our employees and job applicants; and
- the visitors to our website and social media.
What personal data do we process?
Depending on the nature of the services we provide, the legal obligations to which we are subject, our legitimate interests or the specific consent you grant us to that end, we may collect or obtain following categories of personal data:
- your name, age, date of birth, gender, language;
- your contact details (e.g. address, name, contact title, phone, email and other contact details);
- your business activities;
- your marital status and family information;
- employment and education details (e.g. the organisation you work for, your job title and your education details);
- Government identifiers (e.g. national ID number, passport number, ID-card);
- Payroll, income, tax and other financial information;
- Hobbies and social occupations;
- your IP address, browser type and language preference; your access times
- Posts on social media applications we use (Facebook, LinkedIn, blogs, forums,…).
For certain services or activities, and when required by law or with an individual's explicit consent, we may also collect special categories of personal data. Special categories include trade union membership.
How do we collect personal data?
We may collect or obtain personal data because you give it to us, because other people give that data to us (e.g. our clients about their employees, customers, clients and other data subjects whose personal data they collect; other advisors to the data subject; or government agencies), through your connection to our Wi-Fi network, through our website and social media tools, or because it is publicly available.
Use of personal data
Except for situations where we process your personal data based on your (explicit) consent, we may process your personal data for the purposes outlined below, because processing is necessary for (1) compliance with our legal and regulatory obligations, (2) the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, and/or (3) the purposes of our legitimate interests related to the delivery of our services or the operation of our business.
We use personal data for the following purposes:
- Contract entry and continuance : In order to commence and continue working with our clients, we are legally required to take certain steps (AML/CTF Act). We will have to process personal data about our clients, their ultimate beneficial owners and the client representatives.
- Providing professional services to our (potential) clients: We provide a diverse range of professional services (for information on our services, click on the following link: https://www.forvismazars.com/cz/Domovska-stranka/Nase-sluzby). We process personal data in order to deliver those services to our (potential) clients, which could be the data subject himself, the data subject’s employer or the data subject’s contracting party.
- Administering, managing and developing our businesses and services : We process personal data in order to run our business, including managing our relationship with our clients, meeting our own administrative, accounting and corporate obligations, maintaining and using our IT systems, developing our businesses and services, hosting events, managing our systems and applications.
- We also process personal data about our suppliers, subcontractors and individuals associated with our suppliers and subcontractors in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
- Recruitment and personnel administration : We collect personal data from job applicants in order to recruit new employees. We also collect personal data concerning our own personnel as part of the administration, management and promotion of our business activities.
- Security, quality and risk management : Personal data may be processed in the context of protecting our own and our client’s information and within the scope of internal quality and risk analysis.
- Direct marketing : we may process personal data for direct marketing purposes, including to promote and develop our services, to provide you with information that we think will be of interest to you, to send you invitations to our events. In all those cases we will give you the opportunity to opt-out of our direct-marketing activities. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by e-mailing us at gdpr@mazars.cz .
- Complying with any requirement of law, regulation or a professional body of which we are a member of : As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
- Protecting our rights and those of our clients.
Who do we disclose personal data to?
We may from time to time transfer or disclose your personal data to other entities of Forvis Mazars or to third parties for any of the purposes listed above, including to governmental and professional agencies and third parties who perform services on our behalf, such as web hosting providers, IT-providers.
When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use your data only in accordance with our instructions, and we do not authorise them to use or disclose personal data except as necessary to perform services on our behalf or to comply with applicable legal obligations.
We may also disclose your personal data to third parties where it is required to do so by law, a regulator or for the purposes of, or in connection with, any legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights.
We may share personal data with other Forvis Mazars member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving Forvis Mazars member firms in different countries). Our business contacts may be visible to all member firms of the Forvis Mazars organisation.
Due to the global nature of our operations, we may transfer your personal data outside the European Economic Area (EEA) to countries whose data protection laws may not be as extensive as those in the EU.
When we transfer data outside the EEA, we will only transfer such personal data (i) to a country which the European Commission considers to have adequate data protections laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected.
Should you make an enquiry through our website which concerns one of the Forvis Mazars member firms we will forward the request to them on your behalf.
We do not sell or rent your personal data for any purpose.
Data Subject Rights
Where we act as a Data Controller for your personal data, you may exercise a number of rights over your data including:
- Accessing the personal data we hold about you
- Asking us to correct any of your personal data we hold which are inaccurate
- Request to have your personal data deleted
- Withdraw consent to our processing of your personal data (provided that we process your personal data based on consent)
- Put in place restrictions on our processing of your personal data
- Objecting to our processing of your personal data
- Asking us to transfer your data to another controller (data portability)
We will handle all exercise of your data subject rights in accordance with the requirements of the applicable privacy regulation. Should you wish to exercise any of your data subject rights please contact us at gdpr@mazars.cz .
In order to prevent any unauthorized disclosure of your personal data, we must verify your identity. In case of doubt or ambiguity, we will first ask you for additional information (preferably a copy of your ID-card).
Should we receive a request from you to exercise data subject rights but we are only acting as a Data Processor within our relationship with our client, we will inform you accordingly and you should address your requests to our client.
Questions and complaints
Should you have any questions or complaints in relation to this privacy statement or the way we collect and process your personal data, please contact us at: gdpr@mazars.cz .
Duration of Processing
We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the purpose of which it was collected; (ii) any retention period that is required by law; or (iii) the end of the liability period in which litigation or investigations might arise in respect of our services.
After the applicable retention period(s) have expired, personal data will be deleted or anonymized.
Data Security
We ensure appropriate technological and organisational controls are in place to protect your personal data from loss, misuse, alteration or unintentional destruction, such as the use of anti-virus, firewalls, secure servers, hard disk encryption software, password protection, physical access controls, two-factor authentication, intrusion and anomaly detection,...
Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data. They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion.
Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, (sub) processors and suppliers.
Regular monitoring and testing of our security defences is carried out to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us and through this website are protected using encryption technologies to ensure they remain secure.
Children and our website
Forvis Mazars in the Czech Republic understands the importance of protecting children's privacy, especially in an online environment. Our sites are not intentionally designed for or directed at children. It is our policy never to knowingly collect or maintain information about anyone under the age of 16 through our websites. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our website. Please ask them to review this information before you communicate with us.
Cookies
Navigation on our website may result in cookies being sent to your computer. Cookies are small text files that are placed on your computer by the websites that you visit.
Changes to this privacy statement
This privacy statement is applicable as from June 2018. We may amend it from time to time. Any changes will be published on this page and we recommend you check here regularly to ensure you remain in agreement with our data processing activities.