Privacy Policy — Penne Czech s.r.o.

This Privacy Policy explains how Penne Czech s.r.o. processes personal data in connection with its services, in accordance with Regulation (EU) 2016/679 (the “GDPR”) and applicable Czech data protection law.

Data controller: Penne Czech s.r.o.
Školní 77, 377 01 Jindřichův Hradec I, Czech Republic
Company ID (IČO): 25190083 · VAT ID (DIČ): CZ25190083
Contact: info@penneczech.cz

1. Personal data we process

Identification and contact data — such as name, email address and phone number.
Bank account and transaction data — account identifiers, balances and transaction details retrieved via open banking, where you have connected an account.
Technical data — limited log and device information needed to operate and secure the services.

2. How we obtain financial data (open banking)

Financial account information is obtained only through a licensed Account Information Service Provider (AISP) under the PSD2 framework, and only after you have given explicit consent through your bank's secure authentication. We receive the data strictly for the scope and period you authorise, and consent can be withdrawn at any time.

3. Purposes and legal bases

Performance of a contract (Art. 6(1)(b)) — to provide and operate the services.
Legal obligation (Art. 6(1)(c)) — to comply with accounting, tax and AML requirements.
Consent (Art. 6(1)(a)) — for access to bank account information via open banking.
Legitimate interests (Art. 6(1)(f)) — to secure and improve the services.

4. Sharing of data

We share personal data only with processors acting on our behalf — including our open banking provider, hosting provider and accounting service — and with public authorities where required by law. We do not sell personal data.

5. International transfers

Personal data is processed within the European Union / European Economic Area. Should any transfer outside the EEA become necessary, it will be protected by appropriate safeguards as required by the GDPR.

6. Retention

Accounting and tax records are retained for the periods required by Czech law. Data processed on the basis of consent is deleted when consent is withdrawn or when it is no longer needed for the purpose for which it was collected.

7. Security

We apply appropriate technical and organisational measures, including encryption in transit and access controls, to protect personal data against unauthorised access, loss or misuse.

8. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, uoou.gov.cz).

9. Cookies

Our website uses only essential cookies necessary for its basic operation. No advertising or third-party tracking cookies are used.

10. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always published at this address, with the effective date shown above.

11. Contact

For any privacy-related request, contact us at info@penneczech.cz.