Privacy Policy

of SWORP a. s.

This is a translated verison of the legal document in Czech. In case of any discrepancies or differences between the translated version of this privacy policy and the original Czech version, the Czech version shall prevail and be considered the correct and legally binding version.

Company Registration Number (IČO): 17216621

Registered Office: Hybernská 1007/20, Nové Město, 110 00 Praha 1

Registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 27355

Contact Email: [email protected]

Contact Phone: 228 229 645

Website:  https://www.sworp.com/ (hereinafter referred to as the “Website“)

(hereinafter referred to as the “Controller“)

Within its activities, the Controller manages and processes personal data of the subjects listed below. These Personal Data Processing Principles (hereinafter referred to as the “Principles“) inform data subjects about the circumstances of processing their personal data and about the rights they have in relation to this processing.

1. DATA SUBJECTS, PURPOSES, SCOPE, PERIOD, AND LEGAL BASIS OF PROCESSING

A. CUSTOMERS – INDIVIDUALS

The Controller processes personal data of customers – natural persons for the following purposes, scope, legal basis, and periods:

  1. Purpose: Provision of services to customers in accordance with the Sworp Rent application service agreement (application provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, delivery address, optionally billing address, bank account number and payment details, addresses of properties uploaded in the Sworp Rent application, optionally identification number (IČO), tax identification number (DIČ), and registered office.
    Legal Basis: Necessity for the performance of a contract.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Management of user accounts in the Sworp Rent application.
    Scope of Data: Name, surname, email address, phone number, delivery address, optionally billing address, bank account number and payment details, addresses of properties uploaded in the Sworp Rent application, profile photo, optionally identification number (IČO), tax identification number (DIČ), and registered office.
    Legal Basis: Consent.
    Period: From registration until the customer deletes their account or until the Controller deletes the account due to customer inactivity (no earlier than 2 years after the customer’s last login to their account).
  1. Purpose: Provision of services within the SWORP Places project (creation of a user account, service provision, and handling of complaints).
    Scope of Data: Name, surname, email address, phone number, date of birth, permanent address, and, where applicable, company ID (IČO), tax ID (DIČ), and registered office, addresses of properties uploaded to the SWORP Rent application, as well as any other personal data the customer provides to the Controller.
    Period: For the period necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Provision of services within the Sworp Academy project (contract conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, date of birth, permanent address, identity card number or other identification document, optionally identification number (IČO), tax identification number (DIČ), and registered office, optionally other personal data provided by the customer to the Controller.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Provision of services within the Sworp House project (lease agreement conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, date of birth, permanent address, identity card number or other identification document, bank account number, billing details, signature, optionally identification number (IČO), tax identification number (DIČ), and registered office, optionally other personal data provided by the customer to the Controller.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Provision of services within the Sworp Manager project (contract conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, date of birth, permanent address, identity card number or other identification document, addresses of the data subject’s properties, profile photo, bank account number, billing details, messages in the connected email inbox, attachments, and login details to the email inbox, optionally identification number (IČO), tax identification number (DIČ), and registered office, optionally other personal data provided by the customer to the Controller.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Accounting and tax purposes and fulfillment of archival obligations.
    Scope of Data: Name, surname, address, optionally identification number (IČO), tax identification number (DIČ), and registered office.
    Legal Basis: Necessity for compliance with legal obligations imposed on the Controller by law.
    Period: For the duration necessary up to 10 years, unless legal regulations specify longer periods.
  1. Purpose: Enforcement of Controller’s legal claims.
    Scope of Data: Name, surname, address, optionally identification number (IČO), tax identification number (DIČ), and registered office.
    Legal Basis: Legitimate interest.
    Period: For the duration of limitation periods.
  1. Purpose: Sending commercial communications for marketing purposes.
    Scope of Data: Name, surname, and email address.
    Legal Basis: Consent.
    Period: For as long as necessary and appropriate, but no longer than until the consent is revoked.
  1. Purpose: Sending unsolicited commercial communications.
    Scope of Data: Name, surname, and email address.
    Legal Basis: Legitimate interest (direct marketing).
    Period: For as long as necessary and appropriate.

B. CONTACT PERSONS OF CUSTOMERS – LEGAL ENTITIES

The Controller processes personal data of contact persons of customers – legal entities (especially members of their statutory bodies or other persons authorized to act on behalf of the Controller) for the following purposes, scope, legal basis, and periods:

  1. Purpose: Provision of services to customers in accordance with the Sworp Rent application service agreement (application provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, signature.
    Legal Basis: Necessity for the performance of a contract.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Management of user accounts in the Sworp Rent application.
    Scope of Data: Name, surname, email address, phone number, profile photo.
    Legal Basis: Consent.
    Period: From registration until the customer deletes their account or until the Controller deletes the account due to customer inactivity (no earlier than 2 years after the customer’s last login to their account).
  1. Purpose: Provision of services within the Sworp Academy project (contract conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number.
    Legal Basis: Necessity for the performance of a contract.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Provision of services within the Sworp House project (lease agreement conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, signature.
    Legal Basis: Necessity for the performance of a contract.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Provision of services within the Sworp Manager project (contract conclusion, service provision, handling of complaints).
    Scope of Data: Name, surname, email address, phone number, profile photo, messages in the connected email inbox, attachments, and login details to the email inbox, optionally other personal data provided by the data subject to the Controller.
    Period: For the duration necessary to fulfill the contract and for the duration of limitation periods.
  1. Purpose: Enforcement of Controller’s legal claims.
    Scope of Data: Name, surname, signature.
    Legal Basis: Legitimate interest.
    Period: For the duration of limitation periods.
  1. Purpose: Sending commercial communications for marketing purposes.
    Scope of Data: Name, surname, and email address.
    Legal Basis: Consent.
    Period: For as long as necessary and appropriate, but no longer than until the consent is revoked.
  1. Purpose: Sending unsolicited commercial communications.
    Scope of Data: Name, surname, and email address.
    Legal Basis: Legitimate interest (direct marketing).
    Period: For as long as necessary and appropriate.

C. INDIVIDUALS – TENANTS RECORDED IN THE PROPERTY PORTFOLIOS BY USERS OF THE SWORP RENT APPLICATION

The Controller, as the processor of personal data, processes the personal data of tenants of properties listed in the portfolios of users of the Sworp Rent application for the following purposes, scope, legal basis, and periods:

  1. Purpose: Provision of services and fulfillment of the purpose of the Sworp Rent application for users.
    Scope of Data: Name, surname, date of birth, email address, phone number, residential address, permanent address, ID card number or other identification document, records in the connected email inbox, records of phone calls from the connected phone number, optionally company ID number (IČO) and registered office address, and other personal data uploaded by the Sworp Rent user about the tenant into the application.
    Legal Basis: Necessity for the performance of the online service agreement, which involves the user.
    Period: For the duration of the Sworp Rent application service agreement.

D. WEBSITE VISITORS

The Controller processes cookies in relation to website visitors. More information about the processing of cookies on the website can be found here1.

E. PERSONS CONTACTING THE CONTROLLER

The Controller processes the personal data of individuals who contact the Controller via email or phone for the following purposes, scope, legal basis, and periods:

  1. Purpose: Responding to the inquiries of the contacting person.
    Scope of Data: Name, surname, email address, phone number.
    Legal Basis: Legitimate interest in providing a response.
    Period: For the period necessary to respond to the inquiry.

2. VOLUNTARINESS OF PROVIDING DATA

The data subject provides their personal data to the Controller voluntarily. Failure to provide personal data may affect the Controller’s ability to enter into a contract or provide the data subject with performance that relies on the necessary knowledge of information about the data subject, including personal data.

3. RIGHT TO WITHDRAW CONSENT

If the processing of personal data is based on the data subject’s consent, the data subject can withdraw their consent to the processing at any time by sending an electronic message to [email protected] or through the link provided in the commercial communication. Withdrawing consent does not affect the processing of personal data by the Controller based on other legal grounds, particularly for contract performance, service provision, or processing that was based on consent up to the point of its withdrawal.

4. PERSONAL DATA PROCESSORS

Personal data processors include:

Please note that due to the changing nature of service providers, it is not possible to list all current and future processors of personal data by name. Therefore, the above list of processors may change over time.

The Controller transfers personal data to a third country (outside the EU). The Controller does not transfer personal data to an international organization.

Recipients of personal data may also include relevant public authorities.

6. METHOD OF PROCESSING PERSONAL DATA

The Controller and, where applicable, its processors process personal data manually (in electronic form) and electronically using automated means.

7. RIGHTS OF DATA SUBJECTS

The data subject has the following rights:

a) Right to Access Personal Data

The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. any available information as to the source of the personal data, if they are not collected from the data subject.

The data subject also has the right to request from the Controller a copy of the personal data undergoing processing, provided this does not adversely affect the rights and freedoms of others. For additional copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, the information will be provided in a commonly used electronic form unless the data subject requests otherwise.

b) Right to Rectification

The data subject has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

c) Right to Erasure (“Right to be Forgotten”)

The data subject has the right to obtain from the Controller the erasure of personal data concerning them without undue delay, and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. The data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  3. The data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  4. The personal data have been unlawfully processed;
  5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  6. The personal data have been collected in relation to the offer of information society services based on the consent given by a child.

d) Right to Restriction of Processing

The data subject has the right to obtain from the Controller restriction of processing where one of the following applies:

  1. The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
  2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.

e) Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where:

  1. The processing is based on consent or on a contract to which the data subject is a party; and
  2. The processing is carried out by automated means.

In exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right to data portability must not adversely affect the rights and freedoms of others.

f) Right to Object

The data subject has the right to object to the processing of personal data concerning them. If the data subject objects to processing for direct marketing purposes or profiling, the personal data will no longer be processed for such purposes.

The objection will be evaluated, and subsequently, the Controller will inform the data subject whether the objection has been upheld and the data will no longer be processed or if the objection has been rejected and the processing will continue. During the period of resolving the objection, the processing will be restricted.

g) Right Not to Be Subject to Automated Decision-Making, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling (i.e., any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the data subject), which produces legal effects concerning them or similarly significantly affects them. This right does not apply if the automated decision is necessary for entering into, or performance of, a contract between the data subject and the Controller, or is based on the explicit consent of the data subject. In such cases, the data subject has the right to obtain human intervention on the part of the Controller, to express their point of view, and to contest the automated decision.

h) Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with a supervisory authority concerning the processing of their personal data by the Controller. For the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.

8. Final Provisions

The Controller has not appointed a Data Protection Officer.

The Controller is entitled to unilaterally change these personal data protection and processing principles.

These personal data protection and processing principles are effective from May 1, 2024.

This is a translated verison of the legal document in Czech. In case of any discrepancies or differences between the translated version of this privacy policy and the original Czech version, the Czech version shall prevail and be considered the correct and legally binding version.


  1. Cookies Settings ↩︎