(EU) 2016/679 of 27 April 2016 on the Protection of Individuals with regard to the Processing of Personal Data and on the free movement of such data (hereinafter referred to as the "Company"), seeks to comply with applicable laws and regulations on the protection of personal data and the repeal of Directive 95/46 / EC (General Regulation on the protection of personal data) (hereinafter referred to as "GDPR").
This policy sets out the basic principles by which the Company processes the personal data of consumers, customers, suppliers, business partners, employees and other persons, and establishes responsibility for the processing of personal data.
These principles meet the Company's disclosure obligations to data subjects within the meaning of Article 13 of the GDPR.
2. Purposes of processing of personal data
We process personal data for the following purposes:
1) Performance of the contract - if you are our customer, we need to keep certain information for the performance of the contract.
2) Own Marketing-Own Marketing means that data is used for the Company's promotional activities toward existing customers, for searching for potential customers and other target groups.
3) Compliance with legal obligations - we keep certain data and documents because they require special legislation (tax laws, accounting laws, etc.).
4) Protection of legitimate interests - we also keep certain data and documents for cases of potential disputes for the purpose of our own defense and evidence in these disputes or for the enforcement and enforcement of our claims.
These purposes entitle us to process your personal data for a limited time without your consent if you are our customer or business partner.
If you have given us permission to process personal data for marketing purposes and you are not our customer or business partner, for example, if you have agreed to send us a commercial newsletter, we are authorized, based on your permission, to send you a commercial message directly to your contact data (direct marketing).
Therefore, we ask you to take the following guidelines so that you are familiar with the processing of your personal data and your rights resulting from such processing.
3. General principles of the processing of personal data
Legality, correctness and transparency
We process the personal data in relation to the data subject in a lawful, correct and transparent manner.
Limitation of purpose
We collect personal data only for specific, explicit and legitimate purposes and are not further processed in a way that is incompatible with these purposes.
We process personal data to an extent that is reasonable, only relevant and limited in relation to the purpose for which it is processed.
We process personal data accurately within objective objectives and update it if necessary. We have set up internal processes to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are corrected or deleted.
Reduced storage time
Personal data are kept for no longer than is necessary for the purposes for which they are processed. This period must take into account the possibility of ensuring that the Company's obligations under the law (eg compulsory archiving), legal relationships (eg, warranty period) and unlawful situations (such as compensation for damages) that may arise in relation to data subjects and these obligations of related claims .
Generally, we process personal data for 3 years from termination of performance of the agreement in order to resolve any claims for damages and claims for defective performance. During this time, we can also use personal data for direct marketing.
Integrity and confidentiality
Taking into account the state of the art and available security measures, implementation costs, and the likelihood and severity of privacy risks, we use appropriate technical and organizational measures to ensure reasonable security of personal data, including protection against unauthorized or unlawful processing, and accidental loss, destruction or damage.
These measures include both physical means of protecting the processed personal data and electronic security of electronically processed data.
The company, as a personal data controller, is responsible and must be able to demonstrate compliance with the above principles.
The greater the risk that the kind of processing performed by the Company may interfere with the interests or fundamental rights and freedoms of the data subject, the higher the measures leading to the transparency and security of the processing should be accepted.
4. Data protection during processing
In order to demonstrate compliance with these Principles, the Company should implement the protection of personal data in its processes and activities.
The company collects as little personal data as possible.
The company maintains the accuracy, integrity, confidentiality and relevance of personal data based on the purpose of the processing. To prevent the theft, abuse or misuse of personal data and to prevent the intrusion of personal data, adequate safeguards to protect personal data are used.
Whenever the Company uses a third party, vendor, or business partner to process personal data on its behalf, it always ensures that this processor provides sufficient security measures to protect personal data that are relevant to the risks involved. For this purpose, a questionnaire on the compliance of the processor with GDPR requirements can be used.
The Company undertakes to contract the supplier or business partner to provide the same level of data protection as the Company itself provides. The supplier or business partner must process personal data only for the purpose of fulfilling its contractual obligations to the Company or the Company's instructions and not for other purposes. If the Company processes personal data with independent third parties, the Company must conclude a personal data processing agreement or similar agreement with that supplier or business partner.
5. Your rights to your data
Right of access
The company offers you access to your personal data we process. This means that you can contact us and we will inform you about the personal data we have collected and processed and about the purposes for which such data are used.
Right to repair
You have the right to be inaccurate, incomplete, outdated or unnecessary personal data that we hold, corrected or added to you after you contact us. In some cases, when we use official data, we may ask you to contact the competent authority directly to request your data to be corrected in a proper official way that is necessary for such registers.
Right to be forgotten (right to be forgotten)
You can ask us to delete your personal information from our systems and records. We will comply with this request unless we have a valid reason to keep this information.
Right of objection
You may object to a particular use of your data if such data were processed for purposes other than necessary for the performance of our services or for compliance with statutory obligations. You may also object to any further processing of your personal data even after prior consent, You can revoke your previously granted consent at any time. If you object to the further processing of your personal information, this may result in a lesser use of our services.
Máte právo nám zakázat používání vašich osobních údajů pro účely přímého marketingu, průzkumu trhu a profilování.
Right to limit processing
You may ask us to restrict the processing of certain personal data. However, this may lead to narrowing the possibilities of using our websites and services.
Right to data portability
You have the right to obtain the personal data you have provided us in a structured and commonly used format. Please note that this applies only to data you have personally provided us directly, and we process them either with your consent or for the purpose of performing the contract.
5.7. How to Use these Rights
You have the right to request a copy of the information we have about you. If you would like a copy of some or all of your personal information, please send us an email or letter to the following addresses:
address: České Budějovice.
Right to file a complaint with the Office for Personal Data Protection
You have the right to file a complaint with the Office for Personal Data Protection, ID: : 70837627
with registered office Pplk. Sochora 27, 170 00 Praha 7 (www.uoou.cz), if you are not satisfied with the way we treat your data.
6. Changes to our privacy information