GDPR NOTIFICATION

This document describes how Syndre Valuation S.R.L. (the Controller). uses the personal data that they receive about you and personal data derived or used during real estate activity or in the course of any other activity within which you have encountered the Controller. This notification is in accordance with the General Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), under which you have the right to be informed of the data that different processors have and process with respect to you and your rights in relation to these data.

PERSONAL DATA PROCESSING

  1. The personal data that are being processed are the following:

  2. Identification information (Name, surname);

  3. Contact information (e-mail address, postal address, phone number),

  4. Information on your utilization of our products and services, including information in your requests for products and services;

  5. Information from our personal, telephone and electronic communication with you;

  6. Information from internet browser that you use or mobile applications;

  7. Financial standing and credibility,

  8. Data about real estate valuation,

  9. as well as any information which the Controller processes in relation to the contract fulfilment, legal obligation and for the purposes of the Controller’s legitimate interest. (the Personal Data).

SOURCES OF THE PERSONAL DATA

 The Personal Data are being obtained directly from you, creditors cooperating with Controller, bailiffs and other third parties.

PURPOSE OF PROCESSING

The Controller processes the Personal Data for the purpose of offering the real estate valuation products and services of the Controller and its affiliated and cooperating persons/entities.

HOW ARE THE PERSONAL DATA PROCESSED?

The processing of your Personal Data may be manual but also automated. However, none of the collected Personal Data are used for automated decision-making. Your Personal Data are being processed mainly by the designated employees of the Controller, but also by third parties being the processors with whom the Controller has conclude the data processing agreement which contains all necessary guarantees for the Personal Data processing.

WHAT ARE THE LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA?

Legal grounds for processing of the Personal Data is set by Article 6(1) of GDPR pursuant to which the processing is lawful, if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

WILL WE TRANSFER PERSONAL DATA TO THE THIRD COUNTRY OR INTERNATIONAL ORGANISATION?

We will not transfer any Personal Data to the countries outside the European Union nor European Economic Area, neither to any international organisation.

If the case, any transfer of Personal Data to third countries or to international organizations will be conditional on the provision of appropriate safeguards in accordance with the Regulation and the assumption in writing of these guarantees, unless the transfer falls within one of the cases of derogation for specific situations provided in the Regulation.

RIGHTS RELATING TO THE PROCESSING OF THE PERSONAL DATA

The Controller ensures that your Personal Data are processed in secure and accurate manner. You may exercise all the rights described in this clause with the Controller.

How can you exercise your rights?

You may exercise each individual right via sending an email to eva.heringova@aps-holding.com or by calling to +420 225 375 505 eventually by sending a written request to the address of the Controller.

A statement or information on measures adopted shall be provided to you by the Controller as soon as possible, but not later than within 1 month from receipt of the request. The Controller is entitled to extend this period by 2 months taking into account complexity of the issue and number of requests submitted. The Controller will inform you on such an extension.

Right to be informed - at least about:

  1. the identity and the contact details of the Controller and of the Controller's representative;

  2. the contact details of the DPO;

  3. the purposes of the processing of the Personal Data as well as the legal basis for the processing;

  4. the legitimate interests pursued by the Controller or by a third party, if applicable;

  5. the recipients or categories of recipients of the Personal Data;

  6. if applicable, the fact that the Controller intends to transfer Personal Data to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.

Right of access

You may request access to your Personal Data and obtain information what Personal Data concerning your person are being processed, and access the following information:

  1. the purposes of the processing;

  2. the categories of Personal Data concerned;

  3. the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;

  4. the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine such period;

  5. the existence of the right to request from the Controller rectification or erasure of the Personal Data or restriction of processing of the Personal Data concerning you or to object to such processing;

  6. the right to lodge a complaint with a supervisory authority;

  7. where the Personal Data are not collected from you, any available information as to their source; and

  8. the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The Controller shall provide a copy of the Personal Data undergoing processing. For any further requested copies, the Controller may charge a reasonable fee based on administrative costs. The DPO or other authorized person may decide that you should be asked to cover the costs or that your request can be rejected. Where the request is made by the electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.

Right to rectification

  1. You have the right to request the Controller to rectify your inaccurate Personal Data.

  2. You have also right to have your incomplete Personal Data completed, including by means of providing a supplementary statement. While executing this right, the purposes of the processing must be taken into account and the DPO shall decide whether it is appropriate or not.

Right to erasure

You have the right to ask the Controller to erasure your Personal Data. The Controller shall have the obligation to erase your Personal Data where one of the following grounds applies:

  1. the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  2. you object to the processing and there are no overriding legitimate grounds for the processing;

  3. you revoke the consent and there is no other reason for the processing;

  4. the Personal Data have been unlawfully processed;

  5. the Personal Data have to be erased for compliance with a legal obligation in an European Union or Member State law to which the Controller is subject.

Right to erasure shall not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to restrict the processing where one of the following applies:

  1. you contest the accuracy of the Personal Data, for a period enabling the Controller to verify the accuracy of the Personal Data;

  2. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its processing instead;

  3. the Controller no longer needs the Personal Data for the purposes of the processing, but you require it for establishment, exercise or defence of legal claims;

  4. you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of yours.

Right to object

You have the right to object, on grounds relating to the particular situation, at any time to processing of your Personal Data, including profiling.

The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Local Data Protection Authority), of the alleged infringement if you consider that the processing of the Personal Data infringes your rights.

RIGHT TO PORTABILITY

In relation to the Personal Data that you have provided to the Controller and that is subject to automatized processing, you have the right to receive it in a structured, commonly used and machine-readable format and the right to transmit this Personal Data to another controller without hindrance from the Controller.

HOW YOU MAY CONTACT US?

In case of any questions regarding processing of your Personal Data you may contact directly our DPO on contact details set out in clause 7 or you may contact us also in writing, via e-mail or telephone on below contact details:

Address: Syndre Valuation S.R.L., Bucuresti, Calea Floreasca 246C, etaj 12, Sky Tower Building, sector 1

E-mail: eva.heringova@aps-holding.com

Telephone: +420 225 375 505

GENERAL INFORMATION

The Controller may change, amend, repeal or replace this notification any time if necessary while the updated Notification must be published at least [30] days before its effect.

 The list of affiliated and cooperating persons/entities of the Controller:

List of 3rd party data processors can be provided on