- what personal data we will process about you;
- for what purposes and how we will process your personal data and the legal basis for processing it;
- to whom your personal data may be transferred;
- for how long we will process your personal data and
- what rights you have in relation to the protection of your personal data
SCOPE OF PROCESSING OF PERSONAL DATA
1) If you only visit our website, we will process the following personal data:
2) In case you are our customers or suppliers, you may be asked to fill in your data, which we will further process, in particular the following personal data:
- name and surname, date of birth or ID number;
- representing the company (business name);
- address, phone number and email address;
- as a company representative;
- bank account number;
- such other personal data as may be necessary for the performance of our mutual obligation.
We collect this data when you access our website. Some cookies are necessary for the functioning of the website and these will always be active. We may only use other cookies that are not necessary for the functioning of the website provided that you give us your consent to use them through the settings in your web browser. If your web browser is set to accept third-party cookies, such setting is deemed to be consent to the use of such cookies.
In addition, our website may collect information including, for example, browser or operating system type, IP address, site visits, internet service provider and other information of a similar nature.
Information about browsers and how to set your cookie preferences can be found on the following websites:
A cookie management tool is also available at http://www.youronlinechoices.com/cz/.
PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
1) If you are a visitor to our website, we process your personal data in the form of cookies as described above for the legitimate interest of monitoring the use of our services and improving them. We will only process your personal data for the purposes set out above. The provision of the above data is not a requirement by us, however, without providing this data, some features of our website may be restricted. This personal data will not be used for the purpose of any solely automated decision making, including profiling based on such decision making.
2) If you are our customers or suppliers, we process your personal data mainly because they are needed for the purpose of fulfilling the contract or legal obligations (especially tax and accounting), or because of legitimate interest (which consists mainly in improving our services and contacting you with our offers). The purpose of processing is thus mainly to ensure the smooth implementation of our business relationship and further development of joint business cooperation. We may thus use your name, surname and e-mail address to send you business and marketing communications and invitations to events, trade fairs and workshops, i.e. to provide you with information that we believe would be of interest and benefit to you. We may also use your personal data for our internal purposes, in particular to monitor your satisfaction, to optimise and improve the quality of the products and services we provide, to develop new products and to reduce risks. The provision of personal data for the purposes of contract performance and for the fulfilment of a legal obligation is a requirement of ours, and failure to provide it may be grounds for not concluding a contract or for terminating business cooperation.
However, the processing of your personal data for the purpose of sending you commercial communications is not a contractual requirement of ours and you can refuse it at any time and it will not affect our other relationships. Simply send us an email with the relevant request to email@example.com or any other address from which you have received commercial communications from us. Your personal data will not be used for the purpose of any solely automated decision-making, including profiling.
WHO HAS ACCESS TO YOUR PERSONAL DATA
Your Personal Data may be processed by processors for us in the course of providing certain activities, or may be provided to recipients; in particular, the following entities:
- Entities that provide server, web, cloud or IT services to us;
- Entities that provide us with accounting services;
- Entities that provide us with legal services;
- Processors who provide us with other services - consultations, audits and other external services.
PERIOD OF PROCESSING OF PERSONAL DATA
We will process your personal data for as long as we provide you with our services or perform a mutual contract, for the duration of our legitimate interest or for the time necessary to comply with archiving and other obligations under applicable law, such as the Accounting Act, the Archiving Act, the Value Added Tax Act and others.
We will retain your personal data for as long as necessary to provide our services and complete the requested transactions or for other necessary purposes, such as to comply with our legal obligations, resolve disputes and legally enforce our agreements. These needs may vary for different types of data in the context of different situations and therefore the actual retention period may vary significantly. The criteria used to determine the retention period include:
- How long is personal data needed to provide services and to run our company? This includes activities such as maintaining and improving the performance of these services, keeping our systems secure and maintaining relevant business and financial records. This is a generally applicable rule of thumb and in most cases is the basis for determining how long data is retained.
- Do you provide us with your data with the expectation that we will keep it until you explicitly want it deleted? If yes, we will only delete it upon your explicit request.
- Have we established and communicated a specific retention period for a certain type of data? If so, we will certainly never exceed it.
- Have you consented to the extension of the retention period? If yes, we will retain the data in accordance with your consent.
- Are we subject to legal, contractual or similar obligations to retain data? Examples include laws governing mandatory data retention, government regulations to retain data related to investigations, or data that must be retained for litigation purposes.
In view of the above criteria, which may vary over time (in particular in the light of changes in legislation), we cannot set retention periods in general terms in this policy. However, we will always provide you with the exact period of processing of your personal data if you contact us (for example, by email at firstname.lastname@example.org).
YOUR RIGHTS ARISING FROM THE PROCESSING OF PERSONAL DATA
You have the following rights in relation to our processing of your personal data:
- the right of accessto personal data;
- the right to rectification;
- the right to erasure;
- the right to restriction of data processing;
- the right to data portability ;
- the right to object to processing;
- the right not to be the subject of a decision based solely on automated processing, including profiling;
- the right to lodge a complaint about the processing of personal data.
Your rights are explained below to give you a clearer idea of their content.
The right of access means that you can ask us at any time to confirm whether or not the personal data concerning you are being processed and, if so, for what purposes, to what extent, to whom they are disclosed, how long we will process them, whether you have the right to rectification, erasure, restriction of processing or to object, where we obtained the personal data and whether automated decision-making, including possible profiling, is involved in the processing of your personal data. You also have the right to obtain a copy of your personal data, the first provision of which is free of charge, and we may charge reasonable administrative costs for further provision.
The right to rectification means that you can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete.
The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are required to do so by law, or (v) you withdraw your consent to the processing of your personal data.
The right to restrict processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data other than by storing it and, where appropriate, using it only with your consent or for the establishment, exercise or defence of legal claims.
The right to data portability means that you have the right to obtain personal data relating to you which are processed by automated means and on the basis of consent or contract, in a structured, commonly used and machine-readable format, and to have those personal data transmitted directly to another controller;
The right to object means that you can object to the processing of your personal data that we process for direct marketing purposes or on the grounds of legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes; if you object to processing on legitimate interest grounds, this objection will be evaluated and we will then tell you whether we have complied with it and will no longer process your data, or that the objection was not justified and processing will continue. In any case, processing will be restricted until the objection is resolved.
The right not to be subject to a decision based solely on automated processing, including profiling, means that any decision of our company that has legal effects for you or that affects you in a similar way in a significant way will not be made by automated processing, including profiling. This does not apply if such processing is necessary for the conclusion or performance of a contract between you and our company or if you have given your explicit consent to this type of processing, or if such processing is permitted by a legal regulation applicable to our company.
If you have any comments or complaints regarding the protection of your personal data or if you have a question about the person responsible for data protection in our company or exercise any of your rights, please contact us using our email address email@example.com. We will respond to your questions or comments within one month. This deadline may be extended by a further two months if necessary and in view of the complexity and number of requests.
Our activities are also supervised by the Office for Personal Data Protection, to which you can file a complaint in case of dissatisfaction. You can find out more on its website(www.uoou.cz).
REPORTING SECURITY INCIDENTS
In this day and age of modern technology, there is a slight but nevertheless small risk that your personal data could be leaked, misused or lost. As part of our activities, we will do everything in our power to prevent such a security incident from occurring, in particular, we will regularly train all our employees who come into contact with your personal data on data protection, we will adopt and familiarise our employees with the internal company regulations governing the protection of your personal data and we will always use only the most appropriate technical solutions to secure our processing, such as data encryption, complex passwords and appropriate software.
However, if, despite our best efforts, a security incident should occur and this incident could pose a high risk to your rights and freedoms, we will immediately inform you of this fact by providing you with an email address and by posting such information on our website, including any necessary details.
CHANGES TO THE RULES