Czech Republic Tor generally for tax purposes (under the Act on Income Taxes and the Tax Code) and 45 years for pension purposes must be kept up to (under the Act on the Organization and Implementation of Social Security). If the personal data are needed for debt collection, they must be kept until the end of the first financial year following the financial year in which the debt was paid or obligation met (under the Accounting Act). Where accounting units use accounting records not only for the purpose pursuant to the Accounting Act, but also for other purposes, in particular for purposes relating to criminal proceedings, measures against money-laundering (keeping the records for 10 years), administrative proceedings, civil judicial proceedings, tax proceedings or special proceedings concerning the destruction of certain documents, or for the purposes of social security, general health insurance or copyright protection, after expiry of the storing periods above, the accounting units are obliged so proceed as to ensure compliance with the requirements ensuing from the use of accounting records for such other purposes; in cases in which the accounting units use their accounting records for such purposes, all the provisions of the Accounting Act similarly apply. As for the CCTV recordings, based on the opinions of the Office, the standard retention period recordings from CCTV, is 3 to 7 days in the Czech Republic. Any longer retention period must be justified by the circumstances of the particular case
(unless there are special rules stating otherwise, such as regulations for gambling). As for the traffic and location data, the data retention is regulated in the Czech Republic by the Act on Electronic Communications. Under Sec. 97(3) of the Act on Electronic Communications, a legal entity providing a public communications network or a publicly available electronic communications service is obliged to store traffic and location data for a period of 6 months and is obliged to disclose such data (including metadata) to the relevant authorities (e.g., police) on request (please note that this applies only to providers of services under the Act on Electronic Communications). 5.3. Data correction, completion, updation, or erasure of data No derivations from the GDPR. 5.4. Data protection and security practices and procedures No derivations from the GDPR. The Office publishes guidelines of the EDPB and also its own guidelines regarding selected security practices and procedures in the personal data protection area. 5.5. Disclosure, sharing, and transfer of data No derivations from the GDPR. 5.6. Cross-border transfer of data No derivations from the GDPR.
www.peterkapartners.com/
Made with FlippingBook - PDF hosting