Privacy Policy

I. 1. Fundamental provisions

  1. Pursuant to Art. 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the role of the controller shall be performed by the Provider (hereinafter the “Controller”).

  2. The Controller’s contact details are available on its website.

  3. Personal data mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  4. The Controller has not appointed any data protection officer.

I. 2. Sources and categories of the processed personal data

  1. The Controller processes personal data provided to it by the User, or personal data acquired by the Controller when fulfilling the Order.

  2. The Controller processes identification and contact data and the data necessary to perform under the Agreement.

  3. Categories of personal data:

    1. Basic personal identification data including address

  • Name and surname

  • Trade name

  • Identification No. (IČO), Tax ID (DIČ)

  • Address of permanent residence

  • Address of the registered office or the place of business

    1. 2. Contact details

  • Contact phone number

  • Contact email

  • Social media addresses

    1. 3. Data processed based on a consent

Processing of such data is not necessary for the performance of the Agreement or for compliance with a legal obligation or for the protection of the Controller’s legitimate interests; however, their processing allows the Controller to improve its services and/or inform the User of its offers. Such data may be processed only subject to and for the duration of a consent. They include in particular:

  • Data obtained through marketing surveys (User’s data are processed based on a consent with processing for marketing and business purposes);

  • Data on the use of services, products, benefits and bonuses (User’s data are processed based on a consent with processing for marketing and business purposes);

  • Contact details concerning persons other than the User (process based on a consent with solicited marketing)

I. 3. Purpose and legal ground for personal data processing

1. Processing necessary for the performance of the Agreement or for compliance with a legal obligation or for the protection of the Controller’s legitimate interests.

Provision of personal data necessary for the performance of the Agreement, for compliance with a legal obligation or for the protection of the Controller’s legitimate interests is mandatory. Non-provision of personal data for these purposes would prevent provision of the services. No consent is needed for processing of personal data for these purposes. Processing necessary for the performance of the Agreement and for compliance with a legal obligation cannot be refused.

The following elementary purposes are included in particular:

  • Service billing (performance of the Agreement);

  • Compliance with statutory tax obligations (compliance with a legal obligation);

  • Recovery of receivables from the User, and other customer disputes (legitimate interest);

  • Register of debtors (legitimate interest).

Personal data for these purposes are processed in an extent necessary for the respective performance and for periods necessary for their completion or stipulated directly by legal provisions. Afterwards the personal data shall be erased or rendered anonymous. Basic time limits for processing personal data are stated below.

For Users whose obligations towards the Controller have been discharged, the Controller may process their basic personal, identification, contact and service data in the customer database for the period of five years from the end date of their contractual relationship.

2. Processing of data of Users consenting to processing for marketing and business purposes.

For Users who gave their consent, the Controller shall process data for marketing and business purposes, in particular for direct marketing (especially for distribution of commercial communications and newsletters).

Subject to consent for marketing and business purposes, the Controller shall process the User’s personal data for the purpose of offering other products or services or third parties, and for the purpose of approaching the User via telephone, in writing, through any means of internet publicity, and/or via electronic means of communication, using the User’s contact details.

Provision of consent for marketing and business purposes is voluntary and may be withdrawn by the User at any time. Such consent shall remain valid for the period for which the Controller is authorized to keep the data or until withdrawn by the User.

Processing for marketing and business purposes subject to consent may cover all categories of data indicated in Art. II(3) hereof for the duration of the consent.

I. 4. Data keeping period

  1. The Controller shall keep personal data:

  • For a period necessary for the performance of rights and obligations arising from the contractual relationship between User and the Controller and necessary for making claims thereunder (for five years from the end date of the contractual relationship);

  • Until the consent with personal data processing for marketing purposes is withdrawn, in any case no longer than five years, if the data are processed subject to consent.

  1. The Controller shall erase the personal data after the data keeping period has elapsed.

I. 5. Rights of the User

Subject to conditions stipulated by GDPR, the User has the following rights:

1. Right of access to personal data

Pursuant to Art. 15 of the Regulation, the data subject shall have the right to access to the personal data, which includes the right to obtain from the Controller the following information:

  • Confirmation as to whether or not personal data concerning him or her are being processed;

  • Information about the purpose of processing; the categories of personal data concerned; the recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be processed; the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; appropriate safeguards relating to data transfer outside the EU;

  • The right to obtain a copy of personal data, provided that this does not adversely affect the rights and freedoms of others.

The right to obtain confirmation as to whether or not personal data are being processed and to obtain information may be raised by email.

2. Right to rectification of inaccurate data

Pursuant to Art. 16 of the Regulation, the data subject shall have the right to obtain from the Controller the rectification of inaccurate personal data concerning him or her. The data subject shall be at the same time obliged to provide cooperation to the Controller if the personal data concerning him or her that are being processed is found to be inaccurate.

3. Right to erasure

Pursuant to Art. 17 of the Regulation, the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her, unless the Controller proves legitimate grounds for their processing.

4. Right to restriction of processing

Pursuant to Art. 18 of the Regulation, pending the resolution of the data subject’s contest, the data subject shall have the right to obtain from the Controller restriction of processing, where the accuracy of data or grounds for their processing are contested by the data subject or the data subject has objected to processing.

5. Right to notification regarding rectification or erasure of personal data or restriction of processing

Pursuant to Art. 19 of the Regulation, the Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

7. Right to object to processing of personal data

Pursuant to Art. 21 of the Regulation, the data subject shall have the right to object to processing of personal data concerning him or her on the grounds of the Controller’s legitimate interests.

8. Right to withdraw consent with processing of personal data

The consent with processing of personal data for marketing and business purposes can be withdrawn at any time. The withdrawal shall be made through an explicit, comprehensible and definite expression of will sent by email.

9. Automated decision-making including profiling

No automated decision-making exists on the part of the Controller to the effect of Art. 22 of GDPR.

10. Right to approach the Office for Personal Data Protection

The data subject shall have the right to approach the Office for Personal Data Protection (www.uoou.cz).

I. 6. Conditions of personal data security

  1. The Controller declares to have implemented any and all appropriate technical and organizational measures to ensure security of personal data.

  2. The Controller has implemented technical measures to ensure security of data storages and storages of personal data in hard copy, especially https web encryption, web access rights segmentation, and encrypted backup.

  3. The Controller declares that only persons authorized by it have access to personal data.

FOLLOW US

Linkedin Twitter Facebook Reddit

MORE INDEX INFORMATION

LEGAL