Privacy Policy

1. Zásady používání internetových stránek a ochrana osobních údajů poskytovaných pro používání internetových stránek společnosti EOS KSI Česká republika, s.r.o. („Společnost“)

Níže vás Společnost informuje o způsobu, jakým jsou shromažďovány, používány a chráněny informace, které můžete Společnosti při používání jejích internetových stránek nebo jejich prostřednictvím poskytnout. Před vyplněním jakýchkoli informací v rámci tohoto webu si, prosím, níže uvedené informace pečlivě prostudujte.

Přesnost údajů

Přes veškeré pokusy o zajištění korektnosti, aktuálnosti a přesnosti informací uvedených na internetových stránkách Společnosti nemůže Společnost ani společnosti tvořící s ní koncern zaručit korektnost, přesnost a aktuálnost žádné z informací. Za žádných okolností nebude Společnost nebo její partneři zodpovědní za přímé nebo nepřímé škody nebo následky používání nebo spoléhání se na informace uvedené na internetových stránkách Společnosti.

1. Commissioner for Personal Data Protection

The Privacy Policy applies to data processed by the Company as a controller of personal data. Commissioners of the Society for Personal Data Protection can be contacted by email at

2. Scope

This privacy policy applies to the collection of personal data on our website and the subsequent processing of these data by us.

This privacy policy further serves towards provision of information pursuant to Articles 13 and 14 of the GDPR for data processing outside the scope of collection via this website. As such we will provide you with separate privacy policies for specific data processing activities on a case-by-case basis.

3. Privacy policies of the other companies of EOS Group

This privacy policy does not apply to data processed by the other companies of EOS Group. This is also the case if these other companies of EOS Group along with their contacts are named on our website and/or their services are shown on our website.

The other companies of EOS Group will provide you with separate privacy policies for specific data processing activities on a case-by-case basis.

4. Collection and storage of personal data and nature and purpose of their processing

a. When you visit the website

When you retrieve our website the browser used on your device automatically sends information to our website’s server. This information is temporarily saved in a log file. The following information is collected without your intervention and saved until it is automatically deleted after three (3) days:

  • IP address of retrieving computer,
  • date and time of access,
  • name and URL of retrieved file,
  •  website from which access occurred (referrer URL),
  • website retrieved from our website,
  • your computer’s browser and possibly operating system as well as name of your access provider.

The aforementioned data are processed by us for the following purposes:

  • to ensure trouble-free connection establishment to the website,
  • to ensure comfortable use of our website,
  • to analyse the system security and stability, and
  • for other administrative purposes.

The legal basis for processing of the data is Art. 6(1) Sent. 1 (f) of the GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about you.
Beyond that we use cookies and analysis services when you visit our website. More detailed information about this can be found in sections 4 and 5 of this privacy policy.

b. When you contact us by email
You can contact us with questions of any kind via the provided email address(es).
If you do so the personal data transmitted via the email are saved. The legal basis for data processing for the purpose of making contact is Art. 6(1)(f) of the GDPR. If contact is made for the purpose of concluding a contract an additional legal basis for processing is Art. (6)(1)(b) of the GDPR.

We delete the personal data collected by us after processing your enquiry provided we are not legally entitled or obligated to process it further.

5. Passing on of data

We only pass your personal data on to other companies of EOS Group or other third parties (recipients) if:

  • you have provided your explicit consent for one or more specific purposes pursuant to Art. 6(1) Sent. 1 (a) of the GDPR,
  • disclosure pursuant to Art. 6(1) Sent. 1 (f) of the GDPR is necessary for the assertion, exercising or defence of legal claims and there is no reason to assume that you have a primary protection-worthy interest in not having your data disclosed,
  • for the case that there is a legal obligation for disclosure pursuant to Art. 6(1) Sent. 1 (c) of the GDPR and
  • it is legally permissible and necessary for fulfilment of contractual obligations pursuant to Art. 6(1) Sent. 1 (b) of the GDPR.
  • we have the data processed on our behalf in compliance with Art. 28 of the GDPR.

Transmission of your personal data for purposes other than those listed above does not occur.

6. Cookies

Like most websites, we use cookies when you access and browse our website in order to make your visit as comfortable and effective as possible. Cookies are small files that are created by the website and are automatically stored in the browser of your device (laptop, tablet, smartphone, or similar). Cookies do not harm your device and do not contain any viruses, Trojans, or other malicious software. Information yielded in connection with the specific device used is stored in the cookie. However, this does not mean that we directly receive knowledge of your identity through this. 

Use of cookies serves, for one thing, to make use of our offering more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our website. Likewise, to optimize the user-friendliness, we also use temporary cookies, which are saved on your device for a specific defined period of time. If you visit our website again to use our services, it will automatically be recognized that you already visited us and the entries and settings you made will automatically be recognized so that you do not have to enter them again.
Cookies are divided up into the four categories of “Necessary,” “Statistics,” “Comfort,” and “Marketing.” 
Necessary cookies are required for the operation and the basic functions of our website. They enable the security-relevant functioning of this website. 

Statistical cookies are used for improving our offering and ensuring a needs-based design and the continuous optimization of our website. For this, we collect anonymized data for statistics and analytics, for example, to determine site traffic, page view statistics, user behavior, and to adapt and improve our content and the website experience. 

Comfort cookies are used for facilitating the use of our website. If you visit this website again to use our service, it will automatically be recognized that you were on our website and the entries and settings you made will automatically be recognized so that you do not have to enter them again. For example, through this, you will not have to reenter your user data every time, but rather you can access the data already entered when you visit the website again.

We use marketing cookies so that we can provide you with relevant and interest-based content when you visit our website.

The data processed through necessary cookies are for the stated purposes for safeguarding our legitimate interests pursuant to Article 6 para. 1 sent. 1 lit. f of the GDPR, such as the proper functioning of the site. 
The data collected and processed through comfort, statistical and marketing cookies is done under your given consent, in accordance with Article 6 para. 1 sent. 1 lit. a of the GDPR for the purposes of  serving personalized content, for statistical purposes that aim to improve the user experience and marketing purposes. For these you can change/withdraw your consent, by clicking on the Change Cookies settings on the bottom of the website.

Cookie Management

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notification message always appears before a new cookie is placed. Each browser differs depending on how it manages cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. Follow the links below depending on the browser you are using:

Complete deactivation of cookies, however, may lead to you not being able to use all of the features of our website.

We use the following cookies:


Name Java Session Cookie
Provider Owner of this website
Purpose This cookie is used by the application server. It is essential for proper
working of the application software. It stores no personal data. 
Cookie Name jsessionid
Cookie Duration Session cookie - deleted after you quit your browser.


Name cookieconsent_status
Provider Owner of this website
Purpose Necessary cookie to save that the cookie banner was confirmed.
Cookie Name cookieconsent_status
Cookie Duration 60 days


Provider Owner of this website
Purpose We use this cookie to serve personalized content. 
Cookie Name VISITOR
Cookie Duration Session cookie - deleted after you quit your browser.


Name NEW_Visitor
Provider Owner of this website
Purpose We use this cookie to serve personalized content.
Cookie Name new_visitor
Cookie Duration 1 day


Name nmstat
Provider Siteimprove GmbH
Purpose This cookie is used to help record the visitor’s use of the website.
It is used to collect statistics about site usage such as when the visitor last visited the site.
This information is then used to improve the user experience on the website.
This Siteimprove Analytics cookie contains a randomly generated ID used to recognize the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics.
Cookie Name nmstat
Cookie Duration Persistent – expires after 400 days


Name siteimproveses
Provider Siteimprove GmbH
Purpose This cookie is used purely to track the sequence of pages a visitor looks at during a visit to the site.
This information can be used to create User Journeys and enable visitors to find relevant information more quickly.
Cookie Name siteimproveses
Cookie Duration Session cookie - deleted after you quit your browser.

7. Analysis tools

Usage Siteimprove Analytics

This website uses Siteimprove Analytics, a web analytics service provided by Siteimprove. Siteimprove Analytics uses „cookies“, which are text files placed on your computer, to help EOS Holding GmbH (EOS) analyze how visitors use the site. The information generated by the cookies about the visitors’ use of the website will be stored and processed by Siteimprove on servers in Denmark.

IP addresses are anonymized irreversibly before data is made available in the Siteimprove Analytics or Intelligence Suite for EOS.

8. Social Media

1. Shariff solution
We use Shariff buttons from social networks Facebook, Twitter, Google+, LinkedIn, Xing on our website. The buttons are simple HTML links. The procedure we use is within the framework of the Shariff solution. With the Shariff solution a script retrieves the number of times, e.g., the share button on a page has been clicked on: for this the script contacts the social network via the programming interfaces and retrieves the numbers. None of your personal data are transmitted in the process. Rather than your IP address, only our server address is transmitted to Facebook, Google and Twitter. You only become directly connected to Facebook, Google or Twitter if you perform an action. Before that the social networks cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to the networks. If you click on a link, the obligation to provide information about data collection and processing no longer rests with us, but rather with the operator of the social network.

9. Data subject rights

You have the right:

  • pursuant to Art. 15 of the GDPR to request information about your personal data processed by us, in particular about the purposes for processing, the personal data category, the categories of the recipients to whom your data have been or will be disclosed, the planned retention duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us and the existence of automated decision-making including profiling and if applicable meaningful information about their details;
  • pursuant to Art. 16 of the GDPR to demand the immediate rectification of incorrect or completion of the personal data saved by us about you;
  • pursuant to Art. 17 of the GDPR to demand the erasure of the personal data saved by us about you as long as processing is not necessary for exercising of the right to freedom of expression and information, for fulfilment of a legal obligation, for reasons of public interest or for assertion, exercising or defence of legal claims;
  • pursuant to Art. 18 of the GDPR to demand the restriction of processing of your personal data as long as the accuracy of the data is questioned by you and processing is unlawful, but you reject their erasure and we no longer need the data, but you require them for assertion, exercising or defence of legal claims or you have filed an objection to the processing in accordance with Art. 21 of the GDPR;
  • pursuant to Art. 20 of the GDPR to demand receipt in a structured, standard and machine-readable format of your personal data which you provided to us or transmission to another responsible party;
  • pursuant to Art. 7(3) of the GDPR to withdraw the consent you previously granted us at any time. This has the consequence that we may not continue the data processing upon which this consent was based in the future and
  • pursuant to Art. 77 of the GDPR to file a complaint with a supervisory authority. Usually you can contact the supervisory authority in your usual place of residence or workplace or our headquarters.

10. Right to object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1) Sent. 1 (f) of the GDPR you have the right pursuant to Art. 21 of the GDPR to object to the processing of your personal data as long as there are reasons arising from your particular situation for this or the objection is directed to direct advertising. In the latter case you have a general objection right which will be implemented by us without statement of any particular situation.
If you would like to make use of your right to withdraw or reject you only need to send an email to

11. Data security

Within the website visit we use the widespread SSL (secure socket layer) method in conjunction with the highest level of encryption supported by your browser. In general this is 256-bit encryption. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology instead. You can recognise that an individual webpage in our internet presence is being transmitted in encrypted form by the closed key or padlock icon in the bottom status bar of your browser.

We also take suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are being improved continuously according to technological developments.

12. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and was last updated in June 2020.
It may be necessary to change this privacy policy due to improvements in our website and the offerings via our website or due to changed legal or official requirements. The current privacy policy can be retrieved from our website at and printed out at any time.

Personal Data Protection at EOS KSI Czech Republic, s.r.o. (“Company”)

The Company handles personal data in accordance with the applicable legal regulations exclusively. The information below will guide you with the principles governing the Company's personal data protection. 

As the Company primarily provides its customers with debt collection services for their debtors, the Company comes into contact with the personal data of debtors - natural persons ("data subjects") handed over by the customers as the processors of personal data. The principles of processing of personal data are bindingly regulated between each customer and the Company under an agreement on the processing of personal data. During the processing itself, the Company always follows the instructions of individual customers, as personal data managers, in such cases.

In other cases - especially as regards the recovery of claims of the Company, if it is expressly agreed with another administrator or as a result of the circumstances of processing - the Company acts as the controller of the personal data of the data subjects, i.e. in particular decides on the purpose and means of processing the relevant personal data.

Special cases of personal data processing by the Company involving the personal data of job seekers in the Company or about cooperation with the Company, employees of the Company and external associates of the Company are governed by separate principles for processing of personal data. 

These terms and conditions set out the rights and obligations of the Company when it is in the position of a personal data controller in relation to data subjects. If the Company is solely a personal data processor, the processing of personal data is subject to the rights and obligations set out in the privacy policy of the respective customer, creditor and you may contact your creditor directly in such an event. In such a case, the Company acts only as the contact point of the customer - administrator - in connection with the personal data that the customer has handed over to the Company.

Information about the administrator / processor of personal data:

Company details:    EOS KSI Czech Republic, s.r.o.
ICQ:                     251 17 483
Registered office:    Praha 4, Novodvorská 994/138, PSČ 142 00
Entry in the
commercial register:    Municipal Court of Prague, Department C, entry 51150

Contact person:
Jiří Kašpar Macek
tel.:    + 420 241 081 213 (weekdays 9:00 a.m. – 4:00 p.m.)

2. Purposes of processing of personal data

If the Company acts as a personal data controller (i.e. the Company is the creditor of the claim to which your personal data relates), the purpose of the processing is given by (i) the recovery of claims, (ii) the performance of the Company's obligations under agreements entered into or special legal provisions or (iii) by ensuring the protection of the rights and the legitimate interests of the Company and / or third parties.

On the basis of the above, the Company will generally not need the consent of the data subject to process such personal data. The consent of the data subject will be required by the Company if part of the processing of personal data is, in particular, a summary solution of multiple debtors (data subjects) that do not have the same creditor.

For the sake of completeness, the Company states that if the Company acts as a processor of personal data, it derives the purpose of processing personal data from that designated by the processor (i.e. the creditor of the claim) and which is always included in the relevant processing agreement. As a rule, in these cases, the processing of personal data is the purpose of recovering claims.

3. Legal basis for processing personal data

The legal basis for processing your personal data is Article 6(1)a) [your consent], (b) [performance of the agreement or negotiation before its conclusion] or (f) [legitimate interests of the Company] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation). The legal basis for processing your personal data (identification, contact and credit rating data) also follows from the below laws: 

(a)  Act No. 634/1992 Coll., on Consumer Protection (this act regulates credit registers);

(b)  Act No. 257/2016 Coll., on Consumer Credit (this act regulates the rights and obligations in the provision and mediation of consumer credit);

(c) Act No. 253/2008 Coll., on Certain Measures against the Legalisation of Proceeds from Crimes (this act imposes an obligation to carry out the identification and control of certain persons);

(d)   Act No. 69/2006 Coll., on the Implementation of International Sanctions (this act imposes an obligation to verify that certain persons are not subject to international sanctions); or

(e)  Act No. 499/2004 Coll., on Archiving and Filing Service (this act imposes the obligation to store and archive certain documents).

In some cases, the Company processes your personal data to ensure the protection of both its own and third-party rights and legitimate interests. Such processing is authorised by the Company without your consent; however, the scope of the grounds for the Company to legitimise this type of processing is limited. The Company always carefully reviews the existence of a legitimate interest.

Examples of processing personal data as a legitimate interest:

(a) Preparation of documentation relating to the processing of your personal data that is necessary and essential for the creation of such documentation;
(b) Management of relationships with debtors and clients of the Company - performing all legal actions and deeds relating to the management of your debt or solving your claims, wishes, complaints, etc.;
(c) Reporting, notification and confirmation used to manage your debt;
(d) Reporting and generating analytical models based on aggregated and anonymised personal data and sharing with parent companies (EOS Holding GmbH and EOS International Beteiligungs-Verwaltungsgesellschaft mbH)
(e) Analysing your data for:

(i) Setting appropriate parameters for instalments and other agreements;
(ii) Assessing your credit rating;
(iii) Prevention and detection of fraud, prevention of non-compliance;
(iv) Prevention of money laundering, terrorist financing, compliance with embargoes;
(v) Compliance with the Company's statutory obligations vis-à-vis public authorities, in particular regulators;
(vi) Testing changes to the Company's software; or
(vii) Processing analyses of aggregated (and anonymised) data for historical and statistical purposes.


The Company, as a process, processes the following categories of personal data:

Identification data - name, surname, title, birth number or date of birth, permanent address, ID number (identity card, passport number or similar document), signature - business entity's physical identification number and company ID. 

Contact details - primarily contact address, telephone number, e-mail address and similar information. 

Credit rating (ability to pay back) and reputational data - personal data necessary for the Company to, in particular, provide or broker a consumer loan without undue legal or material risk or to effectively exercise or defend its rights and obligations. The nature and extent of this personal data depends on the nature of the situation for which the processing of such personal data is required.

Data on your debt, number of transactions, insolvency proceedings and communication with the Company - data on your debts recovered by the Company and related communication (e.g. actual and historical statements of debt recovered, telephone call records, records of other communications), data on the number of enforcement proceedings or insolvency proceedings) against you.

Special categories of personal data - healthcare data is processed only in specific situations, and only with your consent.

As a processor, the Company always processes your personal data that is transmitted to it by the processor (i.e. the creditor of the claim).

Personal data available to the Company is processed and stored within the Company. If the processing of your personal data is based on your consent or legitimate interest of the Company, personal data may also be processed by some of the Company's suppliers. Suppliers who cooperate with the Company are carefully selected, in particular, on the basis of safeguards to ensure the technical and organisational protection of personal data transmitted to us. Personal data may only be processed for the Company by the processors under an agreement on the processing of personal data. The Company may, in the above sense, provide personal data to the following beneficiaries for legitimate purposes:

(a) to companies operating within the Company's group (EOS Holding GmbH (Reg. HRB 124966) and EOS International Beteiligungs-Verwaltungsgesellschaft mbH (HRB 37437));

(b) suppliers for performing the agreement and protect the rights and legitimate interests of the Company or of a third party;

(c) providers of postal and communications and electronic communications services;

(d) non-bank registers in order to comply with the responsible lending obligation;

(e) law firms for the purpose of recovering claims under credit agreements;

(f) executors and auctioneers for the purpose of applying the related claims; or

(g) to the regulator to oversee the Company's activities.

The Company is authorised to hand over your personal data in legitimate cases to processing outside of the Czech Republic. However, the transfer of personal data always takes place in accordance with the legal requirements and the protection of your personal data is ensured in any event. In particular, this may be the case where, in view of the debtor's domicile and the relevant European legislation, the claim is to be enforced in the country in which the debtor is domiciled.

Your personal data will only be retained by the Company for the necessary period of time and will be archived in accordance with statutory deadlines imposed by law.

The Company processes personal data as (i) the processor for as long as the processing agreement with the relevant administrator permits; or (ii) the processor for the duration of the contractual relationship, the existence of a debt or other legal reason that allows the Company to process personal data. The Company has strict internal rules that verify the lawfulness of the possession of personal data; the Company shall not archive personal data for longer than authorised.

Once the legitimate reason for processing personal data no longer applies, the Company shall immediately erase it.

Personal data processed by the Company with your consent shall only remain for the duration of the purpose for which consent was granted.

The company processes your personal data the transparently, correctly and in compliance with all applicable legal regulations.

At the same time, however, you have the right to contact the Company at any time to obtain information about the procedure of processing your personal data or for the purpose of exercising the rights listed below that are related to personal data.

Right to access personal data – You have the right to request information about the personal data that the Company processes about you.

Right to correction of personal data – If you believe that the personal data processed by the Company is inaccurate or incomplete, you have the right to request it being updated or supplemented.

Right to the deletion of personal data (right to “be forgotten”) – You have the right to request the deletion of your personal data if (i) it is not necessary for the purpose for which it was processed, (ii) you have withdrawn consent to its processing, (iii) was processed unlawfully, (iv) must be erased to comply with a legal obligation, or (v) has been collected in connection with the provision of information company services.

Right to limit the processing of personal data – You have the right to request restrictions to processing if (i) you refute the accuracy of your personal data, (ii) the processing of your personal data is unlawful but you refuse to erase such personal data, (iii) you request that the Company can process your selected personal data, or (iv) you have objected to the processing and it is unclear whether the Company's legitimate interest in doing so (for example, in connection with the asserting of a claim in court with which the Company has processed your personal data) it shall take precedence over your legitimate interests.

Right to data portability – In the case of automated processing of personal data under an agreement or consent that you have granted to the Company, you are entitled to the so-called portability of this data, which will be provided to you in a structured, commonly used and machine-readable format.

Right to object to the processing of personal data – You may at any time object to the processing of the personal data, including profiling, which the Company processes for legitimate interest.

Right to withdraw consent to the processing of personal data – If you have given the Company permission to process your personal data for purposes requiring consent, you have the right to revoke your consent at any time. The processing of personal data that occurred prior to the withdrawal of consent or which occurs after withdrawal of consent is lawful, unless the Company has another reason for processing such personal data.

Exercising your rights at the Company

To exercise your above rights, you may contact the Company in writing, by e-mail or by telephone (see above). We will respond to your requests regarding the exercising of your rights without undue delay, but no later than within 30 days of receipt of your request. However, the Company will be able to extend the deadline by another two months, if necessary. The Company shall always inform you of such an extension, including the Company's reasons for doing so. The Company shall conduct its communication in the way started at your end unless you specify another preferred way.

Right to file a complaint with the supervisory authority

If you believe that your privacy has been violated by the Company, you have the right to file a complaint with the supervisory authority, the Personal Data Protection Authority (address: Pplk. Sochora 27, 170 00 Prague 7, tel: +420 234 665 111).