Last updated on 20th of April 2019
There are 3 essential underlying principles backing up all of our practices:
- You know about everything we collect. That’s because we use only direct methods (i.e. only online & phone communication and physical document exchange). Therefore we don’t use any cookies or web beacons, we don’t buy contact databases, or use any other implicit methods of collection.
- Every information we process is suited exclusively for the purpose of providing services you request.
- You can refuse to supply any kind of information. However, this might restrict our support options.
According to GDPR, personal data means any information relating to an identified or identifiable natural person, some of which we collect. To be specific, this information pertains data such as:
- Your identification: full name, date of birth, citizenship, family status
- Contact information: postal address, phone number, email address
- Employment details: previous employer, place of employment
- Migration: stays in other countries over 6 months in the last 3 years, previous Czech visas, planned arrival date
Or any information included in the documentation you pass on to us that we need to verify. If we process information from our communication, we process merely the information connected with your request/service.
Each service requires a different set of information, so we may not need all of the data we state in this policy.
We never process any sensitive personal data. According to GDPR, sensitive personal data are the ones concerning your health, sexual orientation, ethnic origin, union membership, biometric or genetic information (for identification purposes), political opinions, religious/philosophical beliefs.
Purposes of collection
All data we process is for reasons stated in legislative or effective government guidelines governing every aspect of our provided service, therefore not for any personal or business-related interest except for fulfilling direct will further specified in our Terms of Service.
Most used legislative:
- Law no. 326/1999 Sb. Law on Residence of Foreigners, which specifies details about expat stays in Czechia.
- Law no. 500/2004 Sb. Administrative Code, which defines the system of processing applications.
These laws dictate what documents/data at what point we need to be able to specify what types of visas/residencies are most suitable for you based on your eligibility, what we need to be able to provide you with services or how to answer your enquiries.
Effective government guidelines are used for the most particular details, such as what information should be stated on a certain power of attorney or notarization requirements.
Data storage & protection
Every process is as strong as its weakest link. In accordance with this philosophy, we have implemented measures to be prepared even for extreme cases such as damage or theft of our storage devices we’re using for online communication. That’s why we’re keeping a constantly updated backup at iCloud by Apple Inc. which preserves our ability to efficiently provide services. On the other hand, our email servers are hosted by Microsoft Corporation business service.
If we store your data after your service is completed, we do it solely to save your time with providing already the same information, filling up the same surveys (especially for application forms or powers of attorney), it’s not accessed otherwise. The data is stored for the duration of providing you with services and for up to six years after your last contact with us so that we would be able to react efficiently to your enquiries. To elaborate, six years are chosen as that’s when we are sure you won’t be requesting other services since it represents the longest period you may not need anything from us derived from the length of legally required residence period to gain eligibility for a permanent residence permit. This period can be shortened if you exercise your right to be forgotten. In that scenario, we delete all your personal data without further ado (unless you have an unpaid balance).
- In order to prevent random people from accessing your data, we are using the most advanced biometry protection of our devices on the market, Face ID.
- To safeguard the privacy of our clients even in unforeseeable circumstances, our devices can be erased on remote.
- Further extending privacy protection, our devices will erase themselves in case someone attempts a brute-force attack to access their storage (even offline).
Additionally, we keep records of physical documents you give us, they are always either in the immediate personal presence of one of our professionals or in a securely locked room.
All these measures are ensuring that only authorized personnel will access your data.
In our daily practice, we sometimes have to disclose certain data to third parties in order to provide services, always with your knowledge. You are of course free to choose which one we will use. We have added the full list of third parties below. Sometimes specific parties aren’t listed as we’re using different ones for each client based on his needs, but we will be happy to provide the information to each one upon request without further ado. We don’t transfer the data outside of Czechia.
- Czech public institutions to submit applications or perform administrative tasks, mostly:
- Department of Asylum and Migrant policy of the Ministry of Interior
- Embassies or consulates
- Trade License bureau
- Public health insurance company (VZP by default)
- Social Security Bureau
- Tax Administration
- Court translators for chosen documents that have to be submitted in a certain language (depending on the nature of translation).
- Notaries to certify copies or signatures.
- Our accountant at Expat Taxes to create a non-scheduled account closure or tax evidence.
- Parcel delivering services may transfer some physical documentation when we’re cooperating on remote.
We do not use any automated decision-making or profiling methods.