Skip to content

Personal data protection

Principles for working with your data

CzechInvest, Agency for Enterprise and Investment Promotion, with registered office
Štěpánská 15, 120 00 Prague 2, ID: 71377999 (hereinafter referred to as the “Controller”), as a personal data controller, hereby takes the liberty to inform the subjects with whom it comes into contact about the manner and scope of processing of personal data by the Controller, including the scope of data rights related to the processing of their personal data.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as GDPR) and in accordance with the relevant national data protection legislation. As a personal data controller, based on the obligation given by specific laws, it takes care of the right to protect the private and personal life of the subject when processing personal data.

Competence of the Data Controller and the resulting areas of purposes for processing personal data

On the basis of specific legal regulations, the controller processes personal data necessary to identify the subject and to fulfil the legal obligations set out in legal regulations within the areas falling within its competence, which are:

Legal titles of personal data processing

The controller primarily uses the legal titles to process personal data for the performance of a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority and for the performance of a task necessary for the performance of a contract. It may also use other legal titles, such as consent to the processing of personal data provided by the subject, to protect the vital interests of the subject and the legitimate interests of the Controller.

Categories of personal data:

The processing of personal data is carried out by the Controller. The processing is carried out by computer technology or manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data.

The administrator obtains personal data mainly from subjects, from basic registers, from public administration information systems and from freely accessible public registers.

The processing period of personal data is derived from the time limits specified in the relevant contracts, in the Agency’s Filing and Shredding Rules or in the relevant legal regulations. It is the time necessary to secure the rights and obligations arising from both the contractual relationship and the relevant legislation.

On the basis of the above, the personal data of the subject may only be transferred or disclosed to persons, authorities or institutions to whom such right derives from the above regulation, law or public interest. There is no automated decision-making in the processing of personal data.

The controller processes data with the consent of the subject, except in cases provided for by law where the processing of personal data does not require the consent of the subject.

Exercise of subject’s rights

The rights of the subject are set out in particular in III. chapter of the GDPR and § 81 and subsequently Act no. 89/2012 Coll. These are the following rights:

The above rights may be exercised by the subject, for example, by using the form set out in here .

The completed form can be delivered in the following ways:

The subject also has the right to address his/her complaint at any time to the supervisory authority, which is: the Office for Personal Data Protection (pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice).

Data Protection Officer (DPO)

In the event of a personal data breach, you may contact the Data Protection Officer of the Controller directly.

A request to exercise the rights of the subject can be submitted in the above manner or by directly contacting the Data Protection Officer (DPO): Andrea Ligačová(

This Personal Data Processing Declaration is publicly available on the Controller’s website and will be updated as necessary.