General Data Protection Principles

General Data Protection Principles

 

 

1.        General Provisions

CTP Group, composed of regional offices listed at https://ctp.eu/en/contact/ and the companies under or affiliated with them (“CTP Group” or “we“), is committed to protecting and respecting your privacy and the personal data you entrust to us. The current list of all companies belonging to the CTP Group that handle your personal data can be found at CTP Group Companies.

These General Data Protection Principles (“Principles“) serve as the fundamental guidelines we follow in protecting personal data and provide you with an overview of how we collect, use, store, and protect your personal data. These Principles generally apply to all situations where we may come into contact with your personal data and also serve as a gateway to information on the processing of personal data by the CTP Group in specific common situations.

2.        Basic Principles of Personal Data Protection

When processing your personal data, we fully comply with and respect the legal regulations related to personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as Act No. 110/2019 Coll., on the Processing of Personal Data, as amended.

Transparency
We value the trust you place in us, which is why we act transparently and clearly in all procedures related to your personal data. Our principles are easily accessible and understandable.

Protection First

The protection of your personal data is our highest priority. We use the latest technologies and procedures to ensure that your personal data remains secure from any unauthorized access.

Trust and Respect

We respect your personal space and your right to privacy. We process your personal data only for clearly defined purposes and always in accordance with legal regulations.

Responsibility
We take full responsibility for every activity related to your personal data and ensure that we only process the information that is necessary. We follow strict rules and standards to manage your personal data with the utmost care.

Your Decisions

We respect your right to manage your personal data. We enable you to actively control the handling of your personal data, and all your requests and inquiries are handled with due seriousness and respect.

3.        Guide to Personal Data Protection Principles

  • For the most common situations where CTP Group companies act as controllers of your personal data, we have prepared detailed data protection policies that will provide you with information about the specific application of the above-mentioned principles:
  • For business partners, primarily our tenants or suppliers – see link;
  • For visitors and other persons present on our premises in connection with the use of camera systems and visitor identification – see link;
  • For employees – see link; and
  • For job applicants within the recruitment process – see link.

4.        Data Controllers

When we come into contact with your personal data, we act either as the data controller or data processor. In such cases, the controller of your personal data is always at least one of the companies of the CTP Group. The specific data controller is usually detailed in the data protection policies for specific situations. If no specific data protection policy applies to your situation or the controller is not specified, then the controller is the CTP Group company to which you provided the personal data or which collected your personal data. The current list of all companies acting as data controllers, including their contact details, can be found atCTP Group Companies (“Controllers” or individual companies as “Controller“).

For personal data provided or collected through our websites www.ctp.eu (“Websites“), the data controller is CTP Invest, spol. s r.o., located at CTPark Humpolec 1571, 396 01 Humpolec, Czech Republic, Company ID: 261 66 453, registered in the Commercial Register maintained by the Regional Court in České Budějovice, file no. C 15647.

5.        What Personal Data Do We Collect and How?

Identification and Contact Information

The personal data we use to communicate with you and for your identification and verification primarily includes your first name, last name, permanent address, delivery address, date of birth, email address, phone number, and data mailbox identifier or other communication platform identifier. These details are necessary to ensure the security and accuracy of our communication with you and the effective delivery of our services. In addition to directly receiving the data from you, we may regularly update your personal data from publicly available sources (especially the Commercial Register, Trade Register, ARES, Insolvency Register, and business partners’ websites) to ensure that we process only accurate and up-to-date data.

Payment Information

The payment information we process includes your bank account number, details of the bank managing your payment account, as well as BIC, SWIFT, and IBAN codes. This information, provided to us as part of a business or employment relationship, is important for the safe and accurate execution of financial transactions between us and you.

Legal Claims Information

Data identifying claims between you and us include information about your claims and any potential claims we have against you. This data pertains to your contractual or other relationships with us and serves to effectively resolve potential disputes and ensure fair fulfillment of our obligations to you.

Data Collected from Users of Our Websites through Cookies

As part of providing access to the Websites, we use cookies. When you visit our Websites, we collect your personal data through cookies via your web browser. We collect and use data about your device (such as device type, operating system, browser used, connection provider), data about your use of the Websites or application (such as the date, time, and duration of your visit, browsing history of the Websites), video player cookies, and analytical cookies.

Data Processed in Connection with the Operation of Camera Systems

When operating camera systems, video recordings are created, often leading to the processing of personal data visible in those recordings. This data includes, in particular, your appearance and other visually recognizable characteristics that enable identification.

Data Related to Marketing Activities

If you wish to subscribe to our newsletter, you will be asked to provide personal data, including your name, surname, email address, and optionally, your phone number. In addition to contact details, we may also process your responses or feedback regarding the newsletters we send you.

If you give us your consent, we may also process other personal data for marketing purposes of the CTP Group, such as recording, publishing, and storing photos or videos capturing you at events organized by us.

Other Data

Other personal data not mentioned above that Controllers process and through which you can be directly or indirectly identified, such as data about the products, services, and other deliverables provided to you by the Controllers (e.g., identification of the purchased property, rental spaces, etc.), and other personal data whose processing is necessary to protect the legitimate interests of the Controllers in this context.

6.        What Do We Use Your Personal Data For and What Is the Legal Basis for Its Processing?

Business relation

(more information here)

Communication. If you are our existing or potential business partner, we use your personal data for communication regarding our business matters. This includes communication with you and your employees, handling issues, ensuring security in our premises, protecting the property of our tenants and suppliers, and mitigating damages. The processing of your personal data is based on the performance of a contract according to Article 6(1)(b) of the GDPR. Without this data, we would not be able to communicate with you or fulfill our contractual obligations.

Fulfilling Contractual Obligations. Personal data is processed for the purpose of fulfilling the contract you have entered into with us as a business partner. It is also used to address any claims regarding goods and services you provide to us and to maintain records of our suppliers. Personal data is retained for the duration of the contractual relationship between you and us. Providing personal data is a necessary condition for concluding, maintaining, and fulfilling the contract. Without this data, the contract could not be concluded, maintained, or fulfilled.

Determining, Exercising, and Defending Legal Claims. After the end of our contractual relationship, we may continue to process personal data necessary to protect our rights and for potential defense of our legal claims, including the enforcement of unpaid amounts. Personal data that is no longer needed or for which there is no legal basis for retention is irreversibly anonymized or securely destroyed. In the event of disputes where we need to defend, act, or even assert claims against you or third parties, we may retain personal data we deem reasonably necessary for processing for these subsequent purposes for as long as such a claim can be asserted.

Recruitment of Employees

(more information here)

Recruitment Process. We process your personal data for the purposes of recruiting and hiring employees. This data is used to identify and evaluate candidates for potential job positions within the CTP Group. Personal data is also necessary for concluding an employment contract with you and continues to be processed for the duration of the recruitment process. For this purpose, your personal data may be shared with a specific company within the CTP Group that is offering the job vacancy.

Recruitment Program. We may retain your personal data for future employment opportunities within the CTP Group. In such a case, we will request your consent either before or after submitting an official job application, allowing you to become part of our recruitment program. This program enables you to receive additional job offers within the CTP Group and is entirely voluntary. If you give us your consent, we may process your personal data for the purpose of contacting you about suitable job opportunities within the CTP Group.

Employment Relationship

(more information here)

Management of Employment. We process your personal data primarily for managing our employees and their work activities. This includes evaluations, career development, management of salaries, rewards, bonuses, and other paid amounts, and their review. It also involves managing vacations, decisions on promotions, transfers to other positions, relocations, internships, disciplinary measures, termination of employment, payment of taxes and mandatory contributions, ensuring medical examinations related to work performance, ensuring health and safety at work, maintaining records (including records of sick leave, work injuries, and occupational diseases), fulfilling reporting obligations to state authorities, and assessing reports based on whistleblower protection laws. We also conduct audits and comply with the requirements of supervisory bodies or other public authorities.

Websites

(more information here)

Functioning of the Websites. The placement of certain cookies is necessary for the proper functioning of the Websites. The Websites cannot function correctly on your browser without the essential cookies. Their use is considered the performance of a contract under Article 6(1)(b) of the GDPR, and without them, you cannot use the Websites.

Analysis and Preferences. P If you provide us with your consent, we may use your personal data to remember your chosen settings and customize your interface, such as regional settings (preference purpose), or to analyze how you use our Websites or applications (analytical purpose).

Marketing Activities

Consent for Marketing Communication. Based on your consent, we may send you our newsletter and other related information about the activities of the CTP Group. This information may include details about our services and products, special offers, and events organized by us or other entities within the CTP Group. You can subscribe to the newsletter through an online form available on the Websites.

Consent for Photograph and Audiovisual Recording. With your consent, we may process additional personal data for the marketing purposes of the CTP Group. This includes recording, publishing, and storing photographs or videos that capture you and were taken at events organized by us. These data may be used for market research, product and service promotion, sending offers and personalized business information, event organization and promotion, and other marketing activities of the CTP Group.

 

The Controllers process your personal data for the purposes described above. The legal basis for processing personal data includes:

  1. a) to fulfill our obligations to which we are committed (performance of a contract, Article 6(1)(b) GDPR);
  2. b) to pursue our business interests (legitimate interest, Article 6(1)(f) GDPR), for example, building and coordinating a relationship with you;
  3. c) to comply with legal regulations (Article 6(1)(c) GDPR);
  4. d) with your consent (Article 6(1)(a) GDPR and Article 9 for special categories of data). When we ask for your consent, we will provide you with information about what personal data we process and how you can withdraw your consent.

7.        With Whom Do We Share Your Personal Data?

We disclose your personal data internally within the CTP Group, as well as to the following entities, for the purposes described above.

Business Partners

We may cooperate with, for example, a payment service provider to enable faster and more efficient payments for our services. These business partners will process and manage your personal data in accordance with applicable legal regulations and our contractual terms.

Service Providers

Our service providers include:

  • Providers of IT, marketing, or administrative services, such as ETTEA Group s.r.o., Enerfis s.r.o., TMF Czech, a.s., Management Data Praha spol. s.r.o., Google LLC, IMPER CZ, s.r.o., and security agencies in our buildings.
  • Providers of professional consulting services, such as external auditors, consultants, tax advisors, and legal representatives, who are bound by confidentiality obligations in order to protect our legitimate interests.

Other Parties

If required by law or necessary to protect our operations, we may disclose your personal data to third parties. This may include cases of legal proceedings or enforcement of court or official decisions. These entities may also request your personal data for the purpose of enforcing legal obligations, ensuring national security, combating terrorism, and other aspects related to public safety, all in accordance with legal regulations.

We may disclose your personal data to a third party in the event of a merger, transfer, acquisition, sale, or in the case of insolvency proceedings. In addition to the methods of data disclosure described in these Principles, we may also share information about you with third parties based on your separate consent or at your request.

We have entered into data processing agreements with data processors (except in cases where such an agreement is not mandatory, for example, when transferring personal data to public authorities). These agreements ensure at least the same level of personal data protection as these Principles.

8.        How Do We Secure Your Personal Data?

We have implemented and maintain appropriate technical and organizational measures, internal controls, and information security processes in accordance with legal requirements and industry standards that are appropriate to the potential risks to you as a data subject.

We also take into account the state of technological development to protect your personal data from accidental loss, destruction, alteration, unauthorized disclosure, or access. Such measures may include, among others, adopting reasonable steps to ensure accountability of relevant employees who have access to your data, employee training, regular data backups, data recovery procedures, incident management, software protection of devices where personal data is stored, and other similar operations.

9.        Where Do We Send Your Personal Data?

The processing of your personal data may involve the transfer, storage, and processing of your personal data within your country of residence and potentially outside of it, in accordance with these Principles. Your personal data will be transferred within the CTP Group, which primarily consists of companies based in the European Economic Area, as well as a company based in the Republic of Serbia.

In accordance with applicable legal regulations, we will take appropriate measures to ensure that your personal data remains protected when transferred to another country. These measures include the use of standard contractual clauses to secure the transfer of personal data outside the European Economic Area. If you would like to request further information or obtain a copy of the standard contractual clauses, please contact us as instructed in the “11. Contact Us” section below.

10.   How Long Do We Retain Your Personal Data?

With Your Consent

If we process your personal data based on your consent, it will only be used for the duration of the consent you have given us. Giving consent is entirely voluntary. Regardless of the originally set duration of the consent, you have the right to withdraw it at any time. If consent is withdrawn, we will cease using your personal data for that specific purpose.

Currently, we request consent for the following purposes:

  • Participation in the recruitment program – Your consent lasts for 2 years from the time it is given,
  • Taking photographs or audiovisual recordings – Your consent lasts for 3 years from the time it is given,
  • Receiving marketing communications – Your consent lasts for 3 years from subscription, and
  • Using cookies and other forms of user tracking – Your consent lasts for 12 months.

After the expiration of any of the above consents, we will ask for its renewal.

Our Contractual Obligations

If we process your personal data to fulfill our contractual obligations or if it is necessary to exercise our rights and obligations arising from a contract, this data will be retained for the duration of the contract and generally for a maximum of three years after its termination or expiration. In certain cases, this period may be extended up to ten years.

Our Legal Obligations

If we process your personal data to comply with our legal obligations, we do so for the period specified by applicable legal regulations. In particular, in accordance with tax regulations, we retain this data for ten years from the issuance of the relevant invoices and transaction documents. For employees, certain documents are kept for pension insurance purposes for up to thirty years by law.

Our Legitimate Interests

If the processing of your personal data is necessary for our other legitimate legal or business purposes (such as keeping financial records or completing ongoing business transactions), we may retain this data for a longer period until the relevant purpose is fulfilled. This situation may occur, for example, when we actively assert our rights; in such a case, we retain the data until our rights are defended.

11.   Contact Us

If you would like to correct your data, submit a request, or ask us a question, you can contact us.

The easiest way to do this is via the email address privacy@ctp.eu.

Alternatively, you can contact us at the address of the relevant controller from the list of Controllers of your personal data available at CTP Group Companies or at the following general address:

CTP Invest, spol. s.r.o.

Data Controller

Národní 135/14

110 00 Prague 1

Czech Republic

If your requests are clearly unfounded or unreasonable given the related administrative costs, we may charge a reasonable fee.

12.   What Are Your Rights and How Can You Exercise Them?

When you exercise your rights, we will respond to your request within 30 days. In the case of more complex requests, we may extend this period, but we will inform you in any case.

In connection with your personal data, you have the following rights:

Access to Your Personal Data

You have the right to know whether we use your data. If you ask us, we will tell you whether we use your data or not. If we do, you may also request information on how we use your data and obtain a copy of the data we use.

Withdrawal of Consent

You have the right to withdraw your consent if you have previously given consent for the processing of your personal data. Withdrawal of consent does not mean that previous use of your personal data before the withdrawal was unlawful, but we will no longer use your personal data for the purposes for which you have withdrawn consent.

Verification of Personal Data and Request for Change or Correction

You have the right to verify the accuracy of your personal data and request us to update or correct any inaccuracies we currently use.

Erasure of Personal Data

In certain situations, you have the right to request the deletion of your personal data that we hold. This right applies, for example, when you withdraw your consent, or when the data is no longer needed for the purpose for which it was used. We strive to delete your data whenever we no longer need it. However, a request to delete your personal data may lead to the loss of access to our services. Personal data we are legally required to retain will not be removed.

Restriction of Personal Data Processing

In certain situations, you have the right to restrict our processing of your personal data. This right applies, for example, when you dispute the accuracy of personal data or when you consider our use of your data to be unlawful.

Request and Transfer of Personal Data

Under certain circumstances, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and if technically feasible, you have the right to transfer it seamlessly to another controller.

Objection to the Processing of Your Personal Data

You have the right, for reasons related to your specific situation, to object to the processing of your personal data, which is based on our legitimate interests, including direct marketing communications, including profiling. If you object to the processing of your personal data, we will not use your data until we decide on the legitimacy of your objection.

Filing a Complaint

If you disagree with the processing of personal data or the protection of your personal data, you can file a complaint with the supervisory authority in the EU Member State where the data controller is located. Filing a complaint does not prevent you from asserting any claims governed by national laws

  • Czech Republic: Office for Personal Data Protection, address: Pplk. Sochora 27, 170 00 Prague 7; website: uoou.cz.
  • Austria: Austrian Data Protection Authority (Österreichische Datenschutzbehörde), address: Barichgasse 40-42, 1030 Vienna, Austria, http://www.data-protection-authority.gv.at/.
  • Bulgaria: Commission for Personal Data Protection (Комисия за защита на личните данни), address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria, http://www.cpdp.bg/.
  • Germany: Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit), address: Husarenstraße 30, 53117 Bonn, Germany, http://www.bfdi.bund.de/EN/Home/home_node.html.
  • Hungary: Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság), address: Falk Miksa utca 9-11, H-1055 Budapest, Hungary, http://www.naih.hu/about-the-authority.
  • Poland: Office of the President for Personal Data Protection (Urzad Ochrony Danych Osobowych), address: Stawki 2, 00-193 Warsaw, Poland, http://uodo.gov.pl/en.
  • Serbia: Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti), address: Bulevar kralja Aleksandra 15, 11000 Belgrade, Serbia, http://www.poverenik.rs/.
  • Slovakia: Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky), address: Hraničná 12, 820 07 Bratislava, Slovakia, https://dataprotection.gov.sk/en/.
  • Romania: National Supervisory Authority for Personal Data Processing (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal), address: B-dul Magheru 28-30, sector 1, 010336 Bucharest, Romania, http://www.dataprotection.ro/.
  • Netherlands: Dutch Data Protection Authority (Autoriteit Persoonsgegevens), address: Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands, http://autoriteitpersoonsgegevens.nl/.

13.   Additional Information

No Fully Automated Decision-Making

We do not make any decisions based solely on automated processing, including profiling. Instead, we always involve human oversight in decision-making.

 

Sign up to our newsletter

    Stay up to date with CTP’s latest developments, industry insights, and exclusive offers by signing up for our newsletter. Join our community and be part of the future of industrial real estate.

    Property finder

    Featured properties View All Properties

    Arrow CTP NV €16.34 CTP Icon FIND PROPERTYCircle Arrow CTP AR Is Out

    Commercial Contact

    Ivan Pastier

    Park Address

    Bratislava

    Opletalova 87, 841 07 Bratislava - Devínska Nová Ves Slovakia

    Get Offer

      Requirements