Who we are
The administrator of personal data entrusted to this website is:
Lusemburska 2434/17, Praha, 130 00, CZ
(hereinafter referred to as “administrator”)
What legislation governs personal data processing?
The field of personal data processing is governed by the following legislation:
- Regulation 2016/679 of the European Parliament and of the Council of 27th May 2016 on protection of individuals with regard to personal data processing and free movement of such data and repealing Directive 95/46/ES (hereinafter referred to as GDPR)
- Act No. 101/2000 Coll. on the Protection of Personal Data as amended (hereinafter referred to as APPD)
- Convention for the protection of human rights and fundamental freedoms (protection of the rights and freedoms of individuals, in particular the right for privacy, see Article 7)
- Resolution no. 2/1992 Coll. of ČNR proclaiming the Charter of Fundamental Rights and Freedoms as part of the constitutional order of the Czech Republic
- Individual areas are regulated by special laws / Labour Code, Accounting Act, VAT Act, etc.)
For the lawful processing of your personal data, at least one of the conditions listed in Article 6 of GDPR must be fulfilled. In case of a special category of personal data, at least one of the conditions listed in Article 9 of GDPR must be fulfilled. In both cases, the principles of personal data processing set out in Article 5 of GDPR must be respected.
You can find up-to-date information on personal data protection here: GDPR and APPD.
Definition of terms
A Cookie refers to a small amount of data that the web server sends to your browser, which then stores it on your computer, tablet, or other device that you use to access the website. With each subsequent visit to the same server, the browser sends the data back to the Web server.
Cookies are commonly used to distinguish individual users, save user preferences, etc. They are also used to let the server know what pages you already went through, so that it is for example able to return you to previous page. Cookies can also be set on the server side.
Cookies as such do not constitute an executable code and are not dangerous to your computer but may constitute a means of interfering with your privacy.
Supervisory authority concerned:
The supervisory authority concerned with personal data processing, because:
- the administrator or processor is established in the territory of the member states of this supervisory authority;
- data subjects residing in the member states of that supervisory authority are or are likely to be substantially affected by the processing, or
- a complaint has been lodged with it.
An independent public authority established by a member state pursuant to article 51 of GDPR.
Organizations and their subordinate entities subject to international law or other subjects established by or on the basis of an agreement between two or more countries.
Marking of stored personal data in order to limit their processing in the future.
Personal data security breach:
A security breach leading to accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to transferred, saved or otherwise processed personal data.
Any form of automated processing of personal data consisting in their use to evaluate certain personal aspects related to a natural person, in particular to analyse or estimate aspects related to his or her work performance, economic situation, personal preferences, interests, reliability, behaviour, place of residence or movement.
- Processing of personal data done in connection with activities of establishments in more than one member state of the administrator or processor in the Union, if that administrator or processor is established in more than one member state; or
- Processing of personal data taking place in connection with activities of a single establishment of the administrator or processor in the Union but which will or is likely to substantially affect data subjects in more than one member state.
A natural or legal person, public authority, agency or other body to whom personal data is provided, whether or not a third party. However, public authorities which may obtain personal data as part of a specific investigation in accordance with member state law shall not be considered as recipients> Indeed, the processing of such personal data by these authorities must comply with the applicable data protection rules for the purposes of processing.
The processing of personal data involves rendering it unable to be linked to a specific data subject without the use of additional information. This additional information must be kept separately and protected by technical and organizational measures to ensure that it cannot be linked to any identified or identifiable individual.
Relevant and reasonable objection:
An objection to the draft decision is necessary to evaluate whether there has been a violation of the GDPR or if the intended action by the data controller or data processor complies with the GDPR. This objection clearly highlights the significance of risks posed by the draft decision concerning the fundamental rights and freedoms of data subjects, and potentially impacts the free movement of personal data within the European Union.
Data subject consent:
Any free, specific, informed and unequivocal expression of will by which the data subject gives his or her consent to the processing of his or her data by declaration or other clear form of confirmation.
A data controller refers to a natural or legal person, public authority, agency, or any other body that independently or jointly with others determines the purposes and means of processing personal data. In cases where the purposes and means of processing are determined by Union law or the law of a member state, the relevant law may specify the data controller or establish specific criteria for its appointment.
A natural or legal person, public authority, agency or other body which is not a data subject, administrator, processor or person directly subject to the administrator or processor, authorized to process personal data.
Personal data related to physical or mental health of a natural person, including data on provision of health services indicating his or her state of health.
Processing of personal data refers to any operation or series of operations performed, with or without the aid of automated procedures, on personal data or personal data files. These operations include activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission by making available, sharing, or any other form of disclosure, sorting or combining, restriction, deletion, or destruction.
A natural or legal person, public authority, agency or other body that processes personal data for the administrator.
Processed data and legal reason for their processing
This website processes several categories of personal data.
Information you fill in the forms on this website.
Information from cookies that can be used for various purposes. In principle, they are divided into two groups. Those that are necessary to ensure that the website functions properly, and those that collect data for statistical evaluation or behaviour of visitors that we use to optimize the content on the site and to analyse its traffic.
We respect the principle of minimalism, therefore for each processing purpose we limit the scope of the data processed to only the data that is necessary for processing for that particular purpose .
Purposes and period of processing of personal data
The basic purposes of processing of your personal data entrusted to us through this website are as follows:
When you ask a question, make a suggestion, or file a complaint, we will use your personal data from the form only to respond to your inquiry. After we finish addressing your question or concern, we will delete your data within 60 days, unless we are required to keep it for legal protection. The question and answer can be anonymized, generalized and used in the FREQUENTLY ASKED QUESTIONS section.
Responding to your request. In this case, your personal data will be processed for the purpose of negotiations leading to entering the contract. If no contract is concluded, your personal data will be deleted within one year of the termination of the communication.
In some cases, we ask you to fill in your first and last name, although it would be possible to process your request just on the basis of the provided e-mail address. For example, to respond to a query. Providing your first and last name or your phone number will allow us to communicate with your more effectively, identify you when communicating (e.g. when we call you, we can verify whether it is really you – anyone can make a mistake when it comes to telephone numbers, including you as well as our employees), and thus prevent your data from reaching someone else and provide you with a better service. Filling in this data is voluntary and by doing so, you are telling us that you wish to communicate with us in a more effective way .
If you are or will become our customer, we are obliged to keep your billing information and keep accounting documents that contain them for 10 years. We are also entitled to inform you about news and services related to the product or products that we have supplied you with. You have the right to terminate the process of sending you this information at any time by sending a request to terminate this communication to firstname.lastname@example.org.
There is no automatic individual decision-making on the part of the administrator/processor within the meaning of Article 22 of GDPR or individual profiling.
Who else will have access to your personal data?
In addition to our employees, your personal data may be accessed by employees of companies that manage and develop the website for the administrator and provide technical support for its internal IT system.
With all such entities, the administrator concludes a contract for the processing of personal data within the meaning of Article 28 of GDPR.
The administrator does not intend to pass your personal data to a country outside the EU or an international organisation.
We respect the principle of transparency contained within GDPR with regards to processing personal data. In accordance with this principle, we are ready to provide you with information about what personal data we process and for what purposes.
Please note that we are obliged to properly verify the identity of the applicant or submitter and document this verification. If there is any doubt as to the identity of the data subject who makes a request for information on the processing of personal data, exercises any of data subject’s rights or gives the administrator a suggestion, we may ask the data subject to provide additional information necessary to confirm his or her identity.
Contact information for any questions, complaints or suggestions in connection with the processing of personal data:
Lusemburska 2434/17, Praha, 130 00, CZ
The company has not appointed a Data Protection Officer because it is not obliged to do so on the basis of the nature of its activities.
For more detailed information about GDPR and your rights, see www.uoou.cz.
Our supervisory authority with whom you can lodge a complaint if you are not satisfied with our approach to meeting your requests or how we treat your personal data, is:
Úřad pro ochranu osobních údajů ( Office for Personal Data Protection )
Pplk. Sochora 27
170 00 Prague 7