Privacy Policy

RyeBase s.r.o. · Company ID 295 97 781 · effective from 1 June 2026

This policy describes how RyeBase s.r.o. processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll., on personal data processing. It applies to clients and their representatives, visitors to the premises and the website, addressees of items and other persons with whom we come into contact.

1.Controller

The controller is RyeBase s.r.o., Company ID 295 97 781, with its registered office at Kaprova 42/14, Staré Město, 110 00 Prague 1, registered with the Municipal Court in Prague, File No. C 449174 (the „Controller“ or „RyeBase“). For data-protection matters, contact us at office@ryebase.com or at the place of business Žitná 18, Prague 2.

2.What data we process

Category of data subjects	Data processed
Clients and their representatives, contact persons	identification and contact data (name, position, e-mail, phone), contract data, billing and payment data; for the provision of a registered office also data required by AML regulations
Beneficial owners of clients	data necessary under AML regulations (name, date of birth, citizenship, status)
Addressees of postal items	data stated on items delivered to the Building's address
Visitors and guests	name, possibly company, time of visit (reception records)
Users of the access system	chip identifier and access records, if the system is maintained
Visitors to www.ryebase.com	data from the inquiry form and technical data (cookies — see Art. 8)

We obtain data from you, from persons representing you, and from public sources (Commercial Register, register of beneficial owners, sanctions lists) to the extent necessary for the stated purposes.

3.Purposes and legal bases of processing

Purpose	Legal basis (Art. 6 GDPR)
Conclusion and performance of the office house / sublease services contract, communication, mail management	performance of a contract — Art. 6(1)(b)
Fulfilment of AML/CFT obligations (client identification and control, retention, reporting obligation)	legal obligation — Art. 6(1)(c) in conjunction with Act No. 253/2008 Coll.
Bookkeeping and fulfilment of tax obligations	legal obligation — Art. 6(1)(c)
Protection of the Building's property and safety, records of entries and visits, protection of legal claims	legitimate interest — Art. 6(1)(f)
Sending commercial communications and the newsletter	consent — Art. 6(1)(a), or legitimate interest for own clients

4.Retention period

We retain personal data only for the period necessary to fulfil the purpose, or for the period stipulated by law: data and documents under AML regulations 10 years from the end of the business relationship; VAT tax documents 10 years, other accounting documents 5 years; contract and contact data for the duration of the relationship and subsequently for the limitation periods; access-system data generally for a maximum of 6 months; data processed on the basis of consent until its withdrawal. Details are governed by our internal data retention and disposal directive.

5.Recipients and processors

We may transfer personal data to: service providers who process data for us on the basis of a processing agreement under Art. 28 GDPR (in particular IT and cloud providers, an accounting and tax firm); public authorities to the extent of legal obligations (in particular the Financial Analytical Office, the tax administration, courts and bodies active in criminal proceedings); and, to the necessary extent, to the landlord or owner of the Building (a list of companies with a registered office in the Building under the superior lease). We have agreements with processors ensuring data protection.

6.Transfers outside the EU and automated decision-making

As a rule, we do not transfer personal data to countries outside the European Economic Area; if this occurs (e.g. with cloud services), only under the conditions of Chapter V GDPR (an adequacy decision or standard contractual clauses). We do not carry out automated decision-making or profiling with legal effects for data subjects.

7.Your rights

You have the right of access to the data, rectification, erasure, restriction of processing, portability, to object to processing based on legitimate interest, and to withdraw consent granted at any time. You can exercise your rights at office@ryebase.com; we will handle them without undue delay, no later than within one month.
Restriction for AML data: for data whose retention is required by law (in particular AML regulations), a request for erasure cannot be granted for the period stipulated by law (Art. 17(3)(b) GDPR). To the extent of the confidentiality obligation under the AML Act, we also cannot provide you with information on processing related to the fulfilment of the reporting obligation.
You have the right to lodge a complaint with the supervisory authority: the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

8.Cookies

The website www.ryebase.com may use necessary cookies for its operation and — only with your consent — analytics or marketing cookies. You can change your cookie settings at any time via the consent bar on the website or in your browser settings. Details are set out in the Cookie Policy.

9.Changes to this policy

We may update this policy; the current version is always available at www.ryebase.com with the date of effect stated. We will notify you of material changes in an appropriate manner.

RyeBase s.r.o., Company ID 295 97 781 · Kaprova 42/14, 110 00 Prague 1 · place of business Žitná 18, Prague 2 · office@ryebase.com · www.ryebase.com