Instruction on the Register FO, the Register IČ and the Positive Register

I. INTRODUCTION

The individual members of the association SOLUS, interest association of legal entities, ID No. 693 46 925 (hereinafter also “SOLUS” or “the association SOLUS”) have a common interest in participating in The Register of natural persons of the association SOLUS (also referred to as the “Register FO”), The Register of Legal entities and Entrepreneurs (also referred to as the “Register IČ”), The Positive Register of the association SOLUS (also referred to as the “Positive Register”), or The Register of Creditworthiness of the association SOLUS (also referred to as the Register of Creditworthiness) in which data on clients of individual member companies of the association SOLUS are processed, both for natural persons (entrepreneurs and non-entrepreneurs) and legal entities. The primary purpose of the Register FO, the Register IČ, Positive Register and the Register of Creditworthiness is to inform members of SOLUS about consumer (entrepreneur) identification data and about matters that relate to creditworthiness, payment morale and credibility.

Data from other types of contractual relationships are recorded in the Register of Third Parties of the association SOLUS, for which there is separate Instruction on the Register of Third Parties.

The Register FO, the Register IČ and the Positive Register are, within the meaning of Section 20z of the Act no. 634/1992 Coll., On Consumer Protection, as amended, databases containing data of consumers and, where appropriate, other entities, on matters of their creditworthiness and credibility.

The Register of Creditworthiness is, within the meaning of Section 88 of the Act no. 257/2016 Coll., on Consumer Credit, a database used for mutual information of credit providers on debt data that indicate the consumer´s creditworthiness. The legal basis for the processing of clients’ personal data in the Register of Creditworthiness is (i) fulfilment of legal obligations of creditors in case that a consumer credit is provided to a natural person, (ii) the legitimate interests of creditors in case that a non-consumer credit is provided to a natural person, in particular the interest to provide credit products only to creditworthy and trustworthy clients, (iii) legal authorization for the processing of social security number in case it is necessary for the enforcement of private law claims or for the prevention of emergence of unpaid debts.

II. THE SCOPE OF PROCESSED PERSONAL DATA IN THE REGISTER FO AND THE REGISTER IČ

Within the Register FO and the Register IČ are besides identification data information (name, surname, personal identification number or identification number and address) processed the data on the extent and nature of breach of the contractual obligation by the client, the result of which is the existence of a financial claim in delay of at least two instalments in the amount of at least 500 CZK or the existence of any financial claim in the amount of at least 500 CZK of the member company for the client for more than 30 days after maturity, the nature of the obligation from which that obligation arises and the subsequent payment discipline of the client. The Register FO and the Register IČ are therefore so-called negative registers.

Therefore, personal data of the client who did not violate the contractual obligations towards the member company are not processed within the Register FO and the Register IČ. Within the Register FO and the Register IČ, there are processed no so-called special categories of personal data within the meaning of Article 9 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR“), for example, data concerning health.

A sum of the above mentioned data from all member companies (resp. those member companies against which the client has committed a breach of contractual obligation) together with other publicly available data about the client obtained for the relevant purposes (especially the data of the client contained in the Insolvency register, maintained pursuant to Act No. 182/2006 Coll., Insolvency law) and data on statistical evaluations of creditworthiness and credibility of the client create so-called Information file of the Register FO resp. Information file of the Register IČ.

Data on natural persons are processed in the Register FO, data on natural persons – entrepreneurs and legal entities are processed in the Register IČ.

III. THE SCOPE OF PROCESSED PERSONAL DATA IN THE POSITIVE REGISTER AND THE REGISTER OF CREDITWORTHINESS

Within the Positive Register and The Register of Creditworthiness, besides the identification data (name, surname, date, place and country of birth, gender, nationality, birth registration number, ID number, addresses and information about identity documents), the following data on clients are processed:

Data indicating that a contract negotiations have been initiated with the client [or applicant as regards to guarantors, co-applicants or legal guardians], and whether there has come to a conclusion of Contract between the client [or the applicant as regards to the guarantor, co-applicant or legal guardian] and member company or not, whereby the Contract, in case that several contracts were concluded between the client and the member company, means all such contracts;
Data indicating financial liabilities that arose, arise or may arise to the client in respect of the member company in connection with the Contract or which were negotiated with the client and data about the fulfilment of such obligations on client’s part;
Data indicating the securing of the obligations of the client under the Contract, in particular the type of collateral;
Any other information that indicates the creditworthiness, credibility and payment morale of the client (in particular, the extent and nature of any breach of a contractual obligation resulting in the existence of a due amount after the maturity, any eventual changes in the obligation or Contract, early repayment of the debt etc.);
Data indicating whether inquiries were made requesting information about the creditworthiness and credibility of the client by members of SOLUS.

The so-called special categories of personal data within the meaning of Article 9 of the GDPR are not processed in the Positive Register nor the Register of Creditworthiness (e.g. data concerning health etc.).

The sum of the above mentioned data from all member companies (resp. from those member companies with which the client entered the contract negotiations) together with other publicly available personal data about the client obtained for the relevant purposes (especially the personal data of the client contained in the Insolvency register maintained pursuant to Act No. 182/2006 Coll., Insolvency law) and data on statistical evaluations of creditworthiness and credibility of the client create so-called Information file of the Positive Register or Information file of the Register of Creditworthiness.

IV. IDENTIFICATION OF ENTITIES OR PERSONS WHO MAY HAVE ACCESS TO PERSONAL DATA PROCESSED IN THE REGISTER FO, REGISTER IČ, POSITIVE REGISTER AND THE REGISTER OF CREDITWORTHINESS

Data Controller of the Register FO, Registry IČ,Positive Register and the Register of Creditworthiness: association SOLUS, interest association of legal entities, ID No. 693 46 925, with registered office at Prague 4 – Krč, Antala Staška 510/38, Post Code 140 00.

The association SOLUS has the status of the controller of personal data according to GDPR in relation to clients of individual members of the association SOLUS – natural persons.

Data processor of the Register FO, Register IČ, Positive Register and the Register of Creditworthiness: Společnost pro informační databáze, a.s., ID No. 261 18 513, with registered office at Prague 4 – Krč, Antala Staška 510/38, Post Code 140 00, (hereinafter also “SID”). Based on the written contract between the administrator and the users of the SOLUS registers, the SID will provide services related to the mutual information of creditors about the creditworthiness, credibility and payment morale of their clients and / or service seekers.

SID has the status of the processor of personal data according to GDPR in relation to the clients of individual members of the association SOLUS – natural persons.

User of the Register FO: individual members of the association SOLUS who have concluded a contract with SOLUS and SID on the processing of data within the FO Register.

The individual member companies of the association SOLUS, using the services of the Register FO, have the status of the controller of personal data according to GDPR in relation to their clients – natural persons.

User of the Register IČ: individual members of the association SOLUS who have concluded a contract with the SOLUS and SID on the processing of data within the Register IČ.

The individual member companies of the association SOLUS, using the services of the Register IČ, have the status of the controller of personal data according to GDPR in relation to their clients – natural persons.

User of the Positive Register: individual members of the association SOLUS who have concluded a contract with SOLUS and SID on the processing of data within the Positive Register.

The individual member companies of the association SOLUS, using the Positive Register services, have the status of the controller of personal data according to GDPR in relation to their clients – natural persons.

User of the Register of Creditworthiness: individual members of the association SOLUS who have concluded a contract with SOLUS and SID on the processing of data within the Register of Creditworthiness.

The individual member companies of the association SOLUS, using the Register of Creditworthiness services, have the status of the controller of personal data according to GDPR in relation to their clients – natural persons.

The current list of SOLUS members is available on the website of SOLUS: www.solus.cz.

Other entity involved in the processing of data: the processor (SID), in order to ensure the maximal security of the processed data, may use services of another person in processing (so called technical processor) on the basis of a written contract between the processor and the technical processor. The technical processor processes the data contained in the relevant register, while the client’s personal data being encrypted. The technical processor does not have the key to decrypt the encrypted data and therefore will not have access to the names, surnames, and birth numbers of clients and / or applicants.

At the date of publication of this document, i.e. 21st September 2023, the technical processor of the Register FO, the Register IČ, the Positive Register and the Register of Creditworthiness is Global Payments Europe, s.r.o., ID No. 270 88 936, with registered office at Prague 10, Strašnice, V Olšinách 80/626, ZIP 100 00.

V. DESCRIPTION OF FUNCTIONING OF THE REGISTER FO, REGISTER IČ, POSITIVE REGISTER AND THE REGISTER OF CREDITWORTHINESS

The Register FO, Register IČ, Positive Register and the Register of Creditworthiness are common databases of data created on the basis of information provided by members of SOLUS about their client portfolio and, in case of Positive Register, about their potential clients requesting their service.

The information (data) contained in the Register FO, the Register IČ and the Positive Register are regularly updated (at least once a month) by the users of the SOLUS registers and they are kept for the mutual information of the individual members of the association SOLUS.

Information (data) on contractual relationships with clients is provided by individual members of the association SOLUS to SID, which further processes these data (itself or through the so-called technical processor).

SID will make the information thus processed (data) available, in case of Register FO,Register IČ and the Register of Creditworthiness in the form of reports upon request to individual members of SOLUS using the Register FO, the Register IČ, the Positive Register or the Register of Creditworthiness, solely for the purpose of preventing fraudulent behaviour and assessing ability and willingness of the consumer (entrepreneur) to fulfil his contractual obligations (assessment of creditworthiness, payment discipline and credibility).

The importing of personal data into the Positive Register of SOLUS by one of the creditor entities does not automatically mean that this data will be freely accessible to other members of the association SOLUS – other members of SOLUS will need the demonstrable consent of the relevant client to ask for the data contained in the Positive Register of SOLUS.

In the Register FO and in the Register IČ, the data are processed for the period of the client’s delay with the payment of his / her obligations and 3 years after the end of the delay; in the case of electronic communications services and energy supply services for the period of the client’s delay with the payment of his / her obligations and one year after the end of the delay.

The personal data indicating that the loan was approved or withdrawn will be processed in the Positive Register for the duration of the contract and 3 years after its termination; in the case of electronic communications services and energy supply services for the duration of the contract and one year after its termination. If the time of the duration of the contract exceeds 10 years, individual payment history data older than 10 years will be liquidated. If the application for a loan has been revoked or refused, the Positive Register stores personal data for a maximum of three months.

In the Register of Creditworthiness, data are processed for the period of the client’s delay with the payment of his/her obligations and 3 years after the end of the delay. The personal data indicating that the loan was approved or withdrawn will be processed in the Positive Register for the duration of the contract and 3 years after its termination. If the time of the duration of the contract exceeds 10 years, individual payment history data older than 10 years will be liquidated. If the application for a loan has been revoked or refused, the Register of Creditworthiness stores personal data for a maximum of three months.

VI. DECLARATION ON SAFETY OF PROCESSED DATA

The high level of security of processed data (including communication), which is ensured within all SOLUS registers, prevents unauthorized or accidental access to information (data) contained in any of Registers of SOLUS, their modification, destruction or loss, unauthorized transmissions, their unauthorized processing, as well as other misuse of the processed information.

Basic safety features:

Encrypted communication;
Use of certificates for user identification;
Access only from allowed IP addresses;
Encryption of personal data;
Separation of the processor (knows the encryption key, is able to make online queries only) and the technical processor (performs data processing without the knowledge of the encryption key).

The use of modern technologies regarding the operation of the system and the security of the transfer and storage of data of SOLUS members client’s and contractually defined relationships and guarantees minimize the risk of misuse of information.

VII. INSTRUCTION ON RIGHTS OF THE DATA SUBJECT (NATURAL PERSONS)

If you find or believe that any SOLUS member, SOLUS, SID, or other entities involved in the processing of data in any Register of SOLUS (i.e. the relevant controllers or processors) processes your personal data that is inconsistent with the protection of your privacy or contrary to law, especially if your personal data is inaccurate, you may:

Request an explanation from the relevant controller or processor;
Require from the controller or processor concerned to resolve the situation, in particular you may request the correction or completion of your personal data (if necessary, temporary blocking or disposing of the data will be made upon your request).

If your request is found to be legitimate, the relevant entities are required to immediately remove the defective condition. If your request to correct inaccurate or incorrect data contained in the register is not resolved immediately, the operator will block the data in question until the request is resolved. The operator blocks it in such a way that it is temporarily prevented to provide the data from the register that has been affected by the consumer’s request. Instead of such data, the seller or operator maintaining the register will provide information that the data is blocked.

If the data kept in the register is subject of a dispute between you and the member company, where such a dispute is subject of a court, administrative or arbitration proceeding in which no final judgment has yet been given on the merits or an out-of-court settlement of the consumer dispute, the member company is obliged to note this fact in the register on your request.

If the relevant controller or processor does not comply with your request or if you believe that processing of your personal data is not lawful, you have the right to contact the Office for personal data protection (www.uoou.cz) with a request for remedy.

You can expressly in writing disagree with SOLUS processing your personal data in the Positive Register. In such a case, the operator will remove all records relating to your person from the register without undue delay and take steps to prevent further records relating to your person from being entered.

VIII. CUSTOMER SERVICE

Information about the association SOLUS: www.solus.cz or telephone line 222 368 707, which is charged as a fixed line call within your tariff. The operation of this line is on working days (from Monday to Friday) from 8:00 a.m. to 16:30 p.m. This telephone line is operated by Společnost pro informační databáze, a.s.

Customer Service of the association SOLUS provides its clients with the following services:

makes responses to client’s requests for a statement of processed personal data (also contains information about the personal data source),
makes responses to requests for SIN code for SMS Statement – Mobile Statement,
receives and handles any complaints or comments from clients regarding inaccurate data processed in the SOLUS registers as well as statements of disagreement with processing in the Positive Register.

SOLUS has appointed a Data Protection Officer, who is available at poverenec@solus.cz or in writing at the address of the Association.

IX. NOTICE

IMPORTANT: DATA FROM OTHER TYPES OF CONTRACTUAL RELATIONSHIPS ARE RECORDED IN THE REGISTER OF THIRD PARTIES OF THE ASSOCIATION SOLUS, FOR WHICH THERE IS SEPARATE INSTRUCTION ON THE REGISTER OF THIRD PARTIES.

Instruction on SOLUS registers in PDF.

Cookie	Délka	Popis
cookielawinfo-checkbox-advertisement	1 rok	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 měsíců	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 měsíců	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 měsíců	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 měsíců	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 měsíců	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
qtrans_front_language	1 rok	This cookie is set by qTranslate WordPress plugin. The cookie is used to manage the preferred language of the visitor.
viewed_cookie_policy	11 měsíců	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Délka	Popis
_ga	2 roky	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 den	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.