Skip to content
Contact us

A. Data Controller 

SustainaVision Advisory s.r.o. (hereinafter referred to as the Company), located at Těšnov 1059/1, Nové Město, 110 00 Prague 1, Company ID: 21316465, registered in the Commercial Register maintained by the Municipal Court in Prague, is the data controller under the General Data Protection Regulation (GDPR) (2016/679). 

The Company treats all processed personal data as strictly confidential and handles it in accordance with applicable and effective generally binding legal regulations in the field of personal data protection. 

The Privacy Policy informs data subjects primarily about the legal basis and purposes of personal data processing, the legitimate interests of the data controller in processing personal data, the categories of processed personal data, the retention period, and the possibilities and ways in which data subjects can exercise their rights to personal data protection. 

B. Legal Basis and Purposes of Personal Data Processing, Legitimate Interests of the Controller

The Company processes personal data mainly:

  1. When providing services based on contracts concluded with the Company’s clients (including related communication with clients and third parties); 
  2. When communicating with job applicants at the Company; 
  3. Within employment relationships; 
  4. When fulfilling contractual legal relationships with the Company’s suppliers; 
  5. When fulfilling the Company’s legal obligations; 
  6. When protecting the Company’s legitimate interests; 
  7. When sending general legal and other similar information and communications to the Company’s clients or to persons who have requested or consented to such communications from the Company; 
  8. In any communication of the data subject with the Company outside the above-mentioned scope (1-7).

The legitimate interests of the Company as the data controller are primarily the interest in the proper and secure operation of the Company, in fulfilling concluded contracts (including ensuring adequate and up-to-date legal information for its clients), and the interest in the possibility of legitimate and effective enforcement of claims arising from these contracts. 

C. Categories of Processed Personal Data 

The Company processes mainly the following categories of personal data: 

  1. Identification data – name, surname, title, date of birth, personal identification number, Company ID, tax identification number, etc.; 
  2. Contact details – address, phone number, email address, etc.; 
  3. Financial data – bank account number; 
  4. Data on the relationship of the data subject to the Company; 
  5. Data necessary for the fulfillment of the Company’s employer’s record-keeping and reporting obligations; 
  6. Data on the qualifications and work experiences of the data subject as a job applicant at the Company; 
  7. Data provided by the Company’s clients within the fulfillment of a service provision contract; 
  8. Any other personal data provided to the Company by the data subject that is not categorically defined above. 

D. Data Retention Period 

Personal data will be processed by the Company for the necessary period, at least for the duration of the contract with the data subject or the duration of the contractual legal relationship in connection with which the personal data of the data subject are processed. The data will be processed longer if required by law or justified by the need or potential for complete settlement of claims arising from the contractual legal relationship concluded between the Company as the data controller and the data subject or a third party if the personal data of the data subject are processed in this context. 

E. Recipients of Personal Data

With exceptions under Article 4(9) of the GDPR, recipients of personal data may include:

  1. Public authorities or entities entrusted with performing tasks in the public interest; 
  2. The Company’s suppliers in the areas of information systems, accounting, tax, and other services related to providing advisory services (e.g., CRM, CDE, etc.); 
  3. The Company’s contractual partners to the extent of the personal data of the data subject necessary for sharing or transferring with the recipient based on the employment or functional role of the data subject in the Company; 
  4. Other recipients as needed and instructed by the data subject/client. 

F. Personal Data Security

The Company ensures the security of the personal data it obtains in its activities. Organizational and technical measures have been taken to adequately protect these personal data in both electronic and physical form from accidental or unlawful destruction, loss, alteration, or unauthorized access. 

G. Rights of the Data Subject

Data protection regulations grant data subjects the following rights: 

  1. Right of access to personal data – the data subject has the right to obtain information from the controller (SustainaVision Advisory s.r.o.) about whether it processes their personal data, and if so, what data and how it is processed; 
  2. Right to rectification/completion of personal data – the data subject has the right to have the controller (SustainaVision Advisory s.r.o.) correct inaccurate personal data concerning them without undue delay; incomplete personal data may be supplemented by the data subject at any time; 
  3. Right to erasure of personal data (“right to be forgotten”) – the data subject has the right to have the controller (SustainaVision Advisory s.r.o.) destroy personal data it processes concerning the data subject if certain conditions are met and the data subject requests it; 
  4. Right to restriction of personal data processing – the data subject has the right to have the controller (SustainaVision Advisory s.r.o.) restrict the processing of their personal data in certain cases; 
  5. Right to object to personal data processing – the data subject has the right to object at any time to processing based on the legitimate interests of the controller (SustainaVision Advisory s.r.o.), a third party, or necessary for performing a task carried out in the public interest or in the exercise of official authority; 
  6. Right to data portability – the data subject has the right to obtain from the controller (SustainaVision Advisory s.r.o.) personal data they have provided to the controller in a commonly used and machine-readable format; these data can be subsequently transferred to another controller; if technically possible, the data subject has the right to request that the controllers transfer the personal data between each other; 
  7. Right to withdraw consent to personal data processing – if the controller (SustainaVision Advisory s.r.o.) processes personal data based on the data subject’s consent, the data subject has the right to withdraw this consent at any time. 

H. Complaint 

A data subject who is dissatisfied with the processing of their personal data by the controller (SustainaVision Advisory s.r.o.) can file a complaint: 

  1. To the controller (SustainaVision Advisory s.r.o.) in writing at the address Těšnov 1059/1, Nové Město, 110 00 Prague 1, or by email at; or 
  2. To the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.