Privacy Policy

These personal data protection policies (hereinafter referred to as"Principles") inform you about how Lusq, s.r.o. with registered office at Plzeňská 3350/18, 150 00 Prague 1, IČ 089 677 84, registered in the commercial register maintained by the Municipal Court in Prague under sp. stamp C 328205 (hereinafter"Lush" or"Company") obtains, stores and further processes your personal data in connection with your client or other relationship with the Company.

General conditions

  1. The aim of these Principles of personal data processing according to Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter„GDPR“) is to provide information about what personal data the Company, as a personal data administrator, processes about natural persons when providing its services and for what purposes and for how long the Company processes this personal data in accordance with applicable legal regulations, to whom and for what reason it can pass it on , and also inform about what rights natural persons have in connection with the processing of their personal data and how they can exercise them.
  2. These Principles relate to the processing of data of our clients, i.e. you, if you are a natural person and/or your employees or members of bodies, if you are a legal entity, or visitors to the website, always to the extent of personal data corresponding to your position against Lusq. All the services we provide are intended for you as our Client, who acts as part of his business or other business activity and/or in the performance of his profession for his employer, who is our client (hereinafter"Client" or"Vy").
  3. This Policy is effective from March 26, 2020 and is issued in accordance with the GDPR in order to ensure the Company's information obligation as a controller pursuant to Article 13 of the GDPR.

Personal data manager

  1. The administrator of your personal data is the Company, whose current contact details are available at

Commissioner for the protection of personal data

  1. The company is not obliged to appoint a personal data protection officer. A personal data protection officer has not been appointed in the company.
  2. You can contact Lusq as the administrator of personal data directly at the address
     Lusq s.r.o.
     Plzeňská 3350/18
     150 00 Prague

Categories of personal data processed by Lusq

  1. Personal data is any information that relates to a natural person, i.e. you, which the Company is able to identify. In connection with the provision of services, the following categories of personal data may be processed by the Company.
  2. Basic identification data refers to such data that are or in certain cases may be necessary for concluding a contract with you and in particular the following personal data:
    • academic title;
    • name and surname;
    • birthdate;
    • address of residence / registered office;
    • Your job title (if you are ordering our services/goods as a company representative);
    • Your position as a body of a company that is our client;
    • ID number, VAT number;
    • signature.
  3. The following personal data are contact details:
    • name and surname;
    • e-mail;
    • telephone number;
    • mailing address.
  4. Payment data refers to the following personal data:
    • bank account number details
    • data on payments made
    • tax documents
  5. Personal data processed in connection with the provision of Lusq services is such data as is necessary for the provision of legal services, which may include a wide range of personal data that you provide to us for the purpose of protecting your interests, as well as data that we process on the basis of of our obligations in accordance with Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from criminal activity and the financing of terrorism, as amended, when the following personal data may be concerned in particular:
    • name and surname;
    • personal data related to the customer's identity cards (passport, identity card and similar), when the number of such identity card is processed, the authority that issued it and its validity
    • birthdate;
    • identification number;
    • birth surname;
    • data on the amount of income;
    • declaration of origin of income;
    • data on family circumstances;
    • Your position as a body of the company that is our client.
  6. Records of e-mail and written communication are mainly personal data contained in e-mail and written communication with you.

The purpose, time and legal reason for the processing of personal data

  1. Processing due to the fulfillment of the contract, fulfillment of legal obligations and due to the legitimate interests of the Company
    1. Processing of personal data in the fulfillment of contractual obligations
      In order for the Company to provide its services to you, it needs to know your personal data, which it must process further. We process your personal data mainly for the purpose of concluding and fulfilling a contract for the mediation and purchase of an investment property, which is concluded between you and the Company, when the legal title of the processing is therefore the fulfillment of the contract. For these purposes, personal data is processed in the scope of Basic personal identification data, as defined in Article 4.1 of these Principles. We obtain personal data processed in this way from you directly when concluding a contract and at the same time before concluding this contract, during negotiations on the content of the contract, and further during the provision of our services. These personal data are processed by the Company only for the duration of the existence of the contractual relationship between you and the Company and further for a period of three years from the termination of the provision of legal services between you and the Company, or for the period for which the Company imposes legal regulations.
    2. Processing of personal data in fulfillment of a legal obligation
      When providing services, the Company is obliged to fulfill the obligations arising from the following legal regulations, namely Act No. 563/1991 Coll., on accounting (hereinafter"Zoo"); Act No. 586/1992 Coll., on income taxes (hereinafter"ZDP") and Act No. 235/2004 Coll., on value added tax (hereinafter"ZDPH"), Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from criminal activity (hereinafter„AML“). Some personal data may be listed on accounting documents (that is, on invoices or other documents). The following laws: AML Act, ZoÚ, ZDP or ZDPH require the Company to keep these documents for up to 10 years. If the Company has a legal obligation to archive these documents, your personal data listed on the relevant document is stored together with them.
    3. Processing of personal data based on legitimate interest
      In the event that you are late with payment, do not fulfill your obligation or we do not receive payment from you at all, or we incur other damage or harm from your side, we may also process personal data on the basis of a legitimate interest consisting in the recovery of our claims and/or the determination , protection and enforcement of the Company's legal claims. For this purpose, we can store your personal data for the period of limitation according to the registration no. 89/2012 Coll., Civil Code. The company is authorized to process your e-mail address in the sense of § 7, paragraph 3 of Act No. 480/2004 Coll., on certain information society services, for the purpose of disseminating business communications relating to our services and products, in the event that you have not rejected such submission.
    4. Processing of personal data based on your consent
      The Company generally processes your personal data in cases where it is required by law, when data processing is necessary for the fulfillment of the contract or when it is done on the basis of the legitimate interest of the Company. We only exceptionally process personal data based on your consent, in accordance with the purpose and for the period specified in this consent.

To which third parties we transfer personal data

  1. The company uses the professional and specialized services of other entities in fulfilling its obligations and obligations from the contracts. If these suppliers process personal data provided by the Company, they have the status of personal data processors and process personal data only within the framework of instructions from the Company and may not use it otherwise. These are in particular:
    • Collaborating attorneys;
    • external providers of accounting and tax services;
    • external providers of IT system management services, computer networks and hardware,
    • cookies that we process when you visit our website, for more information about which cookies and how we process them, please visit the section Cookies on our website
  2. We have concluded personal data processing contracts with the processors of personal data according to the previous paragraph, which guarantee at least the same level of protection of your personal data as this Personal Data Protection Policy.
  3. As part of the fulfillment of its legal obligations, the company transfers your personal data to administrative bodies and authorities established by applicable legislation.

Security of personal data

  1. The company has implemented and maintains the necessary adequate technical and organizational measures, internal controls and information security processes in accordance with the best care of users and with regard to their rights, corresponding to the possible imminent risk to data subjects. At the same time, it takes into account the state of technological development in order to protect personal data from accidental loss, destruction, changes, unauthorized disclosure or access. These measures may include, but are not limited to, taking reasonable steps to ensure the accountability of employees who have access to sensitive data and documents, employee training, regular backups, procedures for data recovery and incident management, software protection of devices on which personal data is stored, and others .
  2. The Company's employees are bound by a duty of confidentiality regarding all facts concerning you, even after the end of the employment relationship. A signed confidentiality statement is part of the Company employee's employment contract.

Your rights to personal data

  1. If you exercise any of your rights under this Article 8 or under applicable legal regulations, we will inform about the action taken or the erasure of your personal data or the restriction of processing in accordance with your request of each recipient to whom this data was provided under Article 6 of this Policy, if such communication will be possible and/or will not require unreasonable effort.
  2. If you wish to exercise these rights and/or obtain relevant information, you can contact us via e-mail or in writing at the address of the Company's registered office.
  3. If you exercise your rights, we may ask you to provide some of the identifying information that you have provided to us. The provision of such data is necessary to verify whether the relevant request was actually sent by you. We will respond to you within one month of receiving your request, however we reserve the right to extend this period by two months.

Right of access to personal data

  1. According to Article 15 of the GDPR, you have the right to access your personal data, which includes the right to obtain from the Company:
    • confirmation whether it processes his personal data,
    • information about the purposes of processing, categories of personal data concerned, about recipients to whom personal data have been or will be made available, planned time of processing, about the existence of the right to request from the Company the correction or deletion of personal data relating to your personal data or the restriction of their processing or to object to this processing, the right to file a complaint with a supervisory authority, about all available information about the source of personal data, if not obtained from the data subject, the fact that automated decision-making takes place, including profiling, about appropriate safeguards when transferring data outside the EU, in the event that they are not the rights and freedoms of other persons as well as a copy of personal data are adversely affected. In the event of a repeated request, the Company will be entitled to charge a reasonable fee for a copy of personal data.

The right to correct inaccurate data

  1. According to Article 16 GDPR, you have the right to correct inaccurate personal data that the Company processes about you. The user is also obliged to report changes to his personal data and to document that such a change has occurred. At the same time, he is obliged to cooperate with the Company if it is found that the personal data it processes about him is not accurate. We will carry out the repair without unnecessary delay, but always taking into account the given technical possibilities.

The right to erasure of personal data

  1. According to Article 17 of the GDPR, you have the right to delete personal data concerning you, if the Company does not demonstrate legitimate reasons for the processing of this personal data. The company has set up mechanisms to ensure automatic anonymization or deletion of personal data in the event that they are no longer needed for the purpose for which they were processed.

Right to restriction of processing

  1. According to Article 18 of the GDPR, the data subject will have the right to limit processing until the resolution of the complaint, if he denies the accuracy of personal data, the reasons for their processing or if he objects to their processing.

The right to portability of personal data

  1. According to Article 20 of the GDPR, you have the right to the portability of data that concern you and that you, as the controller, have provided to us in a structured, commonly used and machine-readable format. At the same time, you have the right to ask us to transfer this data to another administrator.
  2. If the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be granted.

The right to object to the processing of personal data

  1. According to Article 21 GDPR, you have the right to object to the processing of your personal data by the Company.
  2. In the event that the Company does not prove that there is a serious legitimate reason for the processing that outweighs the interests or rights and freedoms of the data subject, the Company will terminate the processing based on the objection without undue delay.

The right to withdraw consent to the processing of personal data

  1. If you give the Company consent to the processing of personal data, it can be revoked at any time. The appeal must be made explicit, understandable and a certain expression of will, either in writing to the address of the Company's registered office or via the e-mail address

The right to contact the Office for Personal Data Protection

  1. You have the right to file a complaint regarding our processing of your personal data with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7. Website of the office:

Update to the Privacy Policy

  1. We hereby notify you that we may modify or update this Privacy Policy. Any changes to this Policy will become effective upon their publication on the Company's website.