Privacy Policy

NEXT DUBAI s.r.o., with its registered office at Olbrachtova 1980/5, 140 00 Prague 4 – Krč, Company Registration No.: 231 82 211, registered in the Commercial Register of the Municipal Court in Prague, Section C, Insert 422833, as the data controller, hereby informs you, as a client or user of the website, about the collection of personal data and privacy principles described below.

In the following text, you will learn in particular:

• What personal data of yours we will process.

• For what purposes and in what manner we will process your personal data.

• To whom your personal data may be transferred.

• For how long we will process your personal data.

• What rights you have in relation to the protection of your personal data.

• The principles of personal data processing.

Should you need any part of this text explained, require advice, or wish to discuss the further processing of your personal data, you can contact us at any time at the email address info@nextdubai.cz.

Processing of Children’s Personal Data Our website is not intended for children under the age of 16. We do not process the personal data of children under 16 years of age.

Scope of Personal Data Processing NEXT DUBAI s.r.o. processes the following information about its clients:

• Identification and contact details – in particular, first name, surname, title, date of birth, permanent address or contact address, email, and telephone number.

• Contact details – permanent address or contact address, email, and telephone number.

• NEXT DUBAI s.r.o. does not process any special categories of personal data (so-called sensitive data) about its clients, and no automated decision-making or profiling takes place.

• Data required for the preparation of contractual documentation – national identification number (for self-employed individuals, also the business name, place of business, and ID number), citizenship, marital status, bank account number, type and number of identity document and its validity period, a copy of the identity document, and information on whether you are a politically exposed person or a person against whom the Czech Republic applies international sanctions.

• NEXT DUBAI s.r.o. does not process any special categories of personal data (so-called sensitive data) about its clients, and no automated decision-making or profiling takes place.

Purpose of Processing We use the data you provide to us for the following purposes:

• First name, surname, email, and telephone number are used for communication between the client, agent, call centre, and mortgage advisor, or for contacting you within the course of business and for follow-up contact, including evaluating the success of our service (feedback).

• First name, surname, permanent address, date of birth, and marital status are processed as identification data for the purpose of concluding brokerage agreements, viewing protocols, reservation agreements, notices, etc.

• First name, surname, permanent address, national identification number, and bank account number serve as a basis for preparing contractual documentation, e.g., Purchase Agreement, Proposal for Deposit in the Cadastre, Future Purchase Agreement, Agreement on the Transfer of Membership Share, Lease Agreement, etc.

• First name, surname, permanent address, national identification number, type and number of identity document and its validity period, a copy of the identity document, and information on whether you are a politically exposed person or a person against whom the Czech Republic applies international sanctions, are processed to fulfil the obligations of Act No. 253/2008 Coll., on Certain Measures against the Legalisation of Proceeds from Criminal Activity and Financing of Terrorism.

• In addition, we may use your first name, surname, and email address to send you commercial communications, i.e., to inform you about events, news, or services we provide that we believe may be of interest to you. You can refuse the processing of your personal data for the purpose of sending commercial communications at any time, and this will not affect our other mutual relations. Simply send us an email with the relevant request to the address from which you received the commercial communication.

Legality of Processing under Art. 6 GDPR The aforementioned personal data are processed under Article 6 of the regulation on the following bases:

• Point 1(b) processing is necessary for the performance of a contract to which the data subject (client) is a party, or in order to take steps at the request of the data subject prior to entering into a contract (e.g., Brokerage Agreement, Reservation Agreement, Purchase Agreement, etc.).

• Point 1(c) processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., Act No. 253/2008 Coll.).

• Point 1(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (e.g., sending marketing communications).

Who Has Access to Your Personal Data For the purposes stated above, we may transfer your personal data to our subcontractors for processing on our behalf. Personal data may be transferred to:

• cooperating real estate agents

• an external law firm

• cooperating mortgage advisors

• an external accountant

• processors who provide the Intermediary with server, web, cloud, or IT services, or who are its business partners

• a tax advisor and regulatory authorities

The controller also uses the following applications and systems from these entities, and their privacy policies are available at the respective links:

Google (including YouTube)

• Company: Google Ireland Limited

• Registration number: 368047

• Registered at: Gordon House, Barrow Street, Dublin 4, Irsko

• Privacy Policy: policies.google.com/privacy

• Privacy Policy for YouTube: support.google.com/youtube/answer/10364219

Facebook (including Instagramu)

• Company: Facebook Ireland Limited

• Registration number: 462932

• Registered at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Irsko

• Privacy Policy (Facebook): www.facebook.com/privacy/policy/

• Privacy Policy (Instagram): privacycenter.instagram.com/policy/

LinkedIn

• Registered at: Sunnyvale, 940 85 USA

• Privacy Policy: cz.linkedin.com/legal/privacy-policy

Ecomail.cz

• Registered at: Na Zderaze 15, 120 00 Praha 2

• Registration number: 02762943

• Privacy Policy: www.ecomail.cz/zasady-zpracovani-osobnich-udaju

Seznam.cz

• Company: Seznam.cz, a.s.

• Registered at: Radlická 3294/10, 150 00 Praha 5

• Registration number: 26168685

• Privacy Policy: o.seznam.cz/ochrana-udaju/

Data Transfer Outside the EU and EEA Your personal data will not be transferred to third parties from countries outside the EU and EEA.

Duration of Personal Data Processing We will process your personal data for the period during which we provide our services to you or fulfil our mutual contract, or for the period necessary to comply with archiving obligations under applicable legal regulations, such as the Accounting Act, the Archiving and Records Act, or the Value Added Tax Act, but for a maximum of 10 years from the termination of the provision of services or contractual performance.

Your Rights Arising from Personal Data Processing In relation to our processing of your personal data, you have the following rights:

• The right to be informed

• The right of access to personal data

• The right to rectification

• The right to erasure (‘the right to be forgotten’)

• The right to restriction of processing

• The right to object to processing

• The right to lodge a complaint regarding the processing of personal data

Your rights are explained below to give you a clearer idea of their content. You can exercise all your rights by contacting us at the email address info@nextdubai.cz. You can lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection (www.uoou.cz).

• The right to be informed means you have the right to be provided with clear, transparent, and easily understandable information about your rights and how we use your personal data. This right is fulfilled by this Privacy Policy.

• The right of access means you have the right to access your personal data (if we are processing it) and other personal information (similar to that listed above). This is so you are aware and can check that we are using your personal data in accordance with data protection law.

• The right to rectification means you are entitled to have your personal data corrected if it is inaccurate or incomplete.

• The right to erasure, also known as ‘the right to be forgotten’, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not an absolute right; we may still have the right or obligation to retain your personal data, for example, in cases where we have a legal duty to do so, or if we have another valid reason to retain it.

• The right to restriction of processing means you have the right to ‘block’ or suppress further use of your personal data on our part in certain situations. When processing is restricted, we can still store your data, but we cannot use it further. We keep lists of people who have asked for processing to be restricted to make sure the restriction is respected in the future.

• The right to object means you have the right to object to certain types of processing, including processing for direct marketing purposes.

Principles of Personal Data Processing We always process all personal data lawfully, fairly, transparently, and responsibly. Processing is purpose-limited, meaning we only process personal data for specified, explicit, and legitimate purposes, and personal data is not further processed in a manner that is incompatible with those purposes. Within the framework of data minimisation, we process adequate, relevant, and limited personal data to what is necessary in relation to the purpose for which the personal data is processed. We process accurate and up-to-date personal data – if personal data is inaccurate, we will ensure its correction or, where appropriate, erasure, for which we may require your necessary cooperation. We store personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed. We ensure that all our IT systems and other storage facilities where we store personal data are protected against unauthorised access to information (e.g., through firewalls, antivirus protection, strict password requirements, system logins, etc.). We ensure that all documents containing personal data are protected against unauthorised access. These documents are stored in lockable cabinets, in locked offices, or are secured by other similar security measures (electronic security systems, safes, etc.).