CBCB’s Banking Register of Client Information
The Banking Register of Client Information (hereinafter just BRCI) is an information database containing information on credit obligations and unauthorised debit balances on current accounts of individuals–citizens and individuals–entrepreneurs, and it allows the banks participating in this project to exchange information. The register’s information basis is comprised of positive and negative credit information on the creditworthiness and trustworthiness of clients. The register was put into operation in June 2002.
The register is operated by CBCB – Czech Banking Credit Bureau, a.s., having its registered office at Na vít?zné pláni 1719/4, 140 00 Prague 4, tel. +420 277 778 600. A Client Centre operates within CBCB at the same address. It provides bank clients with information about the Banking Register, issues to the clients upon their request extracts from the register containing information which the Banking Register maintains in relation to that client, and resolves any client claims concerning false or incorrect data in the register. Fees charged for extracts from the register are specified in the Client Centre’s price list. A current list of members and additional information about the register can be obtained at the website: http://www.cbcb.cz or at the email address: klient@cbcb.cz.
LLCB’s Non-banking Register of Client Information
The Non-banking Register of Client Information (hereinafter just NRCI) is an information database containing information on credit obligations of individuals–citizens and individuals–entrepreneurs, and it allows, on the basis of an approval obtained from a client, to exchange information between entities participating in this project. The register’s information basis is comprised of positive and negative credit information on the creditworthiness and trustworthiness of clients. The register was put into operation in June 2005.
The register is operated by a special interest association of legal entities, LLCB – Leasing and loan credit bureau, z.s.p.o., having its registered office at Na Vít?zné pláni 1719/4, 140 00 Prague 4, tel. +420 277 778 650. A Client Centre operates within LLCB at the same address. It provides the clients of those companies participating in the exchange of information in the Non-banking Register with information about the register, issues extracts from the register to those clients upon their request, and resolves any client claims concerning false or incorrect data in the register. Fees charged for extracts from the register are specified in the Client Centre’s price list. A current list of members and additional information about the register can be obtained at the website: www.llcb.cz or at the email address: klient@llcb.cz.
As from 1 January 2006, the mutual exchange of information began between CBCB’s Banking Register of Client Information (BRCI) and LLCB’s Non-banking Register of Client Information (NRCI). On the basis of approvals obtained from clients, the banks participating in the BRCI project and leasing and instalment finance companies participating in the NRCI project can exchange information concerning their credit clients.
Information Memorandum regarding Banking and Non-banking Registers for Bank Clients
Central Credit Register of the Czech National Bank (CCR)
Central Credit Register (CCR) is an information system containing data on credit obligations and unauthorised debit balances on current accounts of individuals–entrepreneurs and legal entities and allows immediate exchange of this positive as well as negative information between banks in accordance with the Act on Banks. The full operation of the Central Credit Register was launched on 1 November 2002.
CCR participants include all banks, foreign bank branches operating in the Czech Republic, as well as other entities where so required by a special law. All banks are required to update the information in the CCR database on a monthly basis. Each of the CCR participants has access to the information in the system, as does the Czech National Bank as the CCR operator.
CCR is owned and operated by the Czech National Bank. It also provides clients, i.e. legal entities and individuals–entrepreneurs, with extracts from CCR at CNB branches because, in accordance with statutory rules, the client is entitled to acquaint himself or herself with the information that is maintained in relation to him or her in the CCR database. CNB is responsible for the technical aspects of preparing an extract and distributing it to those who request it. Any claims as to discrepancies between the factual contents of an extract and the actual facts should be submitted by the claimant directly to the CCR participant (bank) which provided the particular information on the client to CCR and which is responsible for the factual accuracy of the data stored in the database.
More information about the register can be obtained on the CNB’s website at: http://www.cnb.cz/cs/dohled_financni_trh/centralni_registr_uveru/
SOLUS Database
SOLUS database is an external information database containing information on clients who are consumers (Solus IND) as well as on clients who are entrepreneurs and legal entities (Solus I?) and who have given their consent to the inclusion of information in relation to them into the database and who fail to fulfil their obligations to any members of the association. The database only contains information of a negative nature. The database was put into operation in June 1999.
The database is operated by SOLUS – an association for the protection of leasing and consumer credit, having its registered office at Antala Staška 510/38, 140 00 Prague 4 - Kr?, tel. +420 840 140 120. A Client Centre operates within SOLUS at the same address. It provides the clients of those companies participating in the mutual exchange of information in the Solus database with information about the database, issues extracts from the database to those clients upon their request, and resolves any client claims concerning false or incorrect data maintained in the database. A current list of members and additional information about the database can be obtained at the website: http://www.solus.cz or at the email address: info@solus.cz.
In addition to the standard extracts provided by the Client Centre, Solus also offers through the firm Media Support s.r.o. the “SMS extract” service which enables consumers easily and quickly to obtain information about their current obligations past due (debts) maintained by the SOLUS Association and which may affect their ability to receive additional loans, including mortgages, personal loans, credit cards, and credit, leasing or other services, from member companies of the SOLUS Association. Fees charged for this service are specified in the Client Centre’s price list. More detailed information is available at the SOLUS Association’s website: http://www.solus.cz/sms-vypis/
Information Regarding Personal Data Processing pursuant to Section 11 of Act No. 101/2000 Coll., on Personal Data Protection (“APDP”)
Extent and purpose of processing personal data
UniCredit Bank Czech Republic, a.s. (hereinafter just the “Bank”) processes its clients’ personal data to an extent corresponding to the information provided by the client in connection with the provision of individual banking products, for the purpose of dealing with the client about a contract, and for providing banking services pursuant to its banking licence. Unless the clients provide explicit written disapproval, the Bank also processes the clients’ personal data to the extent provided by law when offering the clients products and services. To an extent that is in accordance with the law or the client’s respective consent, the Bank processes personal data relating to the clients’ creditworthiness and trustworthiness that is obtained from the client, interbank or other credit registers, and other sources.
Personal data processing period
The Bank is obliged under Section 16 of Act No. 253/2008 Coll., on Certain Measures against the Legalisation of Proceeds from Criminal Activity and Financing of Terrorism, and the provisions of Section 21, paragraph 2 of Act No. 21/1992 Coll., on Banks, as subsequently amended (the Banking Act) to keep the clients’ personal data and information and documents for a period of 10 years after executing a transaction or terminating a business relationship with the client.
Method of processing personal data
The Bank processes the clients’ personal data automatically as well as manually in compliance with all security policies for the administration and processing of personal data and does so on its own or through processing companies with which the Bank has entered into contracts for processing of personal data in accordance with Section 6 of the APDP. All locations at which personal data is processed by the Bank or the Bank’s processing companies are registered as personal data processing sites at the Office for Personal Data Protection. Personal data shall not be transferred to countries having regulations for handling personal data inferior to those in the Czech Republic without the client’s express consent.
Voluntary nature of providing personal data, consequences of refusal
The provision of personal data by the client is voluntary. However, the provision of certain personal data, to the extent in which the Bank is obliged to ascertain, process and keep the clients’ personal data under the law, is a condition for providing services on the part of the Bank. This obligatory data includes: all names and last names, birth number (if none assigned, then date of birth), place of birth, gender, permanent or other residential address, and citizenship. If the client is a self-employed individual, then his or her business name with its differentiating addendum or other designation, the place of business and identification number, and the type and number, state, issuing authority (if relevant) and period of validity of an identification document are also required.
The provision of additional personal data depends solely on the will of the client, and the Bank does not require the submission of such information for the provision of banking services. By the client’s allowing the recording of other personal data into a contract that he or she concludes with the Bank, such action will be regarded as express conferment of agreement with the processing of such personal data by the Bank for the entire duration of the contractual relationships.
To whom personal data may be made available
The clients’ personal data may be made accessible to the Bank’s employees, persons co-operating with the Bank in fulfilment of its obligations (including execution of rights and responsibilities ensuing from the contracts concluded with the client), persons entitled under other legal regulations (for example, supervisory bodies, including those in the countries of the registered offices incorporated in UniCredit Group), entities included in UniCredit Group and persons or entities maintaining the interbank information systems in the countries of the registered offices of the Bank’s shareholders, and other companies processing personal data, as well as their employees, if relevant, and especially for purposes of fulfilling the contract with the client and, as the case may be, for ensuring protection of the Bank and UniCredit Group against risks, rendering of accounts, auditing and internal controlling. This information may also be disclosed to other persons and entities subject to special consent from the client. Some of the clients’ personal data (bank account information, identification information of the account holders, and matters evidencing the clients’ creditworthiness and trustworthiness) also may be made available to other banks or branches of foreign banks in keeping with the Bank’s responsibility to proceed prudently in performing its activities, and that even through a legal entity that is not a bank (Section 38a, paragraph 1 of the Banking Act).
Access of the subject of the data to information
The Bank is obliged to inform the client in writing, at his or her request, to what extent and for what purpose the client’s personal data is processed, who will process the personal data and by what means, and to whom the personal data may be made accessible. The precise extent of information is defined in Section 12, paragraph 2 of the APDP. For so providing information, the Bank is entitled to require compensation that is reasonable but that does not exceed the costs of providing such information.
Protection of the rights of the subject of the data
A client who believes that the processing of his or her personal data performed by the Bank, or by the specific processing company engaged by the Bank, is inconsistent with the protection of the client or with the law, and especially if the personal data is inaccurate in consideration of the purpose of its processing, may request that the Bank or the specific processing company explain and remedy such situation. In particular, this may include blocking, correcting, amending or deleting the personal data. If the client’s request is legitimate, the Bank or the specific processing company shall remedy the defective situation without delay. At the same time, the client is entitled to contact the Office for Personal Data Protection directly. If the client incurs damage, other than injury to property, due to personal data processing, the procedure for making claims under the Civil Code shall apply.
RSS