Privacy Policy (GDPR)
In accordance with Regulation of the European Parliament and Council /EU/ No. 2016/679 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data /hereinafter referred to as the "regulation"/ and Act No. 110/2019 Coll., on the processing personal data in the valid version /hereinafter referred to as "the law"/ was accepted by the business company Hospodska Špork s.r.o., ID: 07525982, with registered office at Hybernská 1034/5, Nové Město, 110 00 Prague 1, registered in the commercial register maintained by the Municipal Court in Prague, section C , insert 302503 in connection with the operation of the website www.cervenyjelen.cz , these principles of personal data protection.
"Personal data" for the purposes of this document means any information relating to an identified or identifiable natural person to whom the personal data relates. This is considered determined or determinable if a natural person can be directly or indirectly identified, especially on the basis of a number, code or one or more elements specific to his physical, physiological, psychological, economic, cultural or social identity. These policies apply to all relationships between the administrator and data subjects, which for the purposes of these policies are understood in particular as customers, potential customers, suppliers, potential suppliers of the administrator and job seekers with the administrator.
Personal data collected by the administrator
As part of its activity, the administrator collects the following personal data for this purpose:
-
Product distribution
As part of this activity, the administrator processes the personal data of its customers in the scope of e-mail address, first name, last name, delivery address, billing address, etc. nickname. This is information that is communicated to the administrator by the customer. The information is used for the purpose of using the Checklistuj.cz portal and for the purpose of fulfilling legal obligations in connection with business activity. This information may also be used for the purpose of fulfilling the concluded contract and in the legitimate interest of the administrator. -
Delivery of services by external suppliers
As part of its activity, the administrator also uses the services of external suppliers - natural persons. In this context, the administrator processes the personal data of its external suppliers if this is necessary to enable the performance of the supplier's activities. This is in particular the name, surname, date of birth, address or registered office, telephone number, e-mail address, bank account number, possibly identification number, tax identification number and signature. The information is obtained directly from the data subject and is processed to the extent necessary for the purpose of fulfilling the contract concluded between the supplier and the administrator and also for the purpose of fulfilling legal obligations in connection with business activities, i.e. in particular for the purpose of invoicing, accounting, levy of taxes, fees. -
Recruiting new employees and potential suppliers
As part of this activity, the administrator processes the personal data of job seekers and potential new suppliers, to the extent that the data subjects themselves provide them to the administrator, when the administrator processes this data on the basis of its legitimate interest. -
Other activities
As part of its business activity, the administrator may also process other personal data that the data subject himself communicates to him. However, processing can only take place if there is a legal basis for it and to the extent necessary to fulfill the purpose for which the personal data was provided by the entity.
Processors
The administrator is not authorized to use personal data for a purpose other than that for which these personal data were collected without the express consent of the data subject.
The administrator does not sell or rent personal data to third parties, or otherwise provide it to any third parties, unless otherwise specified below in this policy.
As part of its business activity, the administrator cooperates with third parties - external service providers for the purpose of using the necessary software equipment, ensuring the fulfillment of legal obligations - especially accounting, for the purpose of product development, product sales and marketing. The administrator is ready to provide a list of external service providers at the request of the data subject.
All processors provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing of personal data meets the requirements of applicable legislation and to ensure the protection of the rights of data subjects. The processor may also involve another processor in the processing, but only on the condition that the latter complies with the same measures for the protection of personal data to which it has committed itself in the contract with the controller.
Rights of data subjects
Data subjects have the following rights in relation to processing:
-
Right of access: the data subject can at any time request the controller for information about the processing of personal data concerning his person. In such a case, the administrator is obliged to provide this information to the data subject without delay;
-
The right to file a complaint: the data subject may file a complaint with the supervisory authority for an alleged violation of applicable legal regulations, whereby the supervisory authority is understood as the Office for the Protection of Personal Data, Plk. Sochora 27, 170 00 Prague 7 / www.uoou.cz /;
-
Right to rectification: the data subject may request the rectification of inaccurate data concerning his person;
-
Right to erasure: the data subject has the right to have the controller erase personal data concerning him without delay, if these personal data are no longer necessary for the purposes for which they were collected and processed, if an objection to the processing has been raised and if there are no no overriding reasons for processing; if personal data were processed unlawfully or if they must be deleted to fulfill the administrator's legal obligation established by applicable legal regulations;
-
The right to limit processing: in the event that the data subject denies the accuracy of the processed data, the controller is obliged to limit the processing of the personal data in question for the time necessary for the controller to verify the accuracy of the personal data;
-
Right to information: The data subject has the right to be informed of any corrections or deletions of personal data or restrictions on processing carried out by the administrator and which concern him;
-
The right to object: the data subject has the right to object at any time to the processing of personal data concerning him/her that is processed due to the necessity to fulfill a task carried out in the public interest or due to the necessity of the processing for the legitimate interest of the controller;
-
The right to portability: the data subject has the right to obtain the personal data concerning him and which he has provided to this administrator in a structured, commonly used and machine-readable format and to transfer these to another administrator without the current administrator preventing him from doing so.
If personal data is processed on the basis of the data subject's consent, the data subject is entitled to revoke the consent at any time.
Upon request, the administrator of the data subject will provide information on the measures taken necessary to fulfill the rights of the data subjects.
The data subject can exercise their rights in writing by sending a request to the address of the controller's registered office, i.e. Hospodska Špork s.r.o., Hybernská 1034/5, Nové Město, Prague 1, ZIP code 110 00 or via the e-mail address: cervenyjelen@cervenyjelen.cz
Secrecy
The administrator is aware of the confidentiality of processed personal data. The administrator is obliged to maintain the confidentiality of all processed personal data. The administrator is not authorized to make personal data available to any third party, unless otherwise stipulated in these policies.
The administrator is authorized to process personal data only through employees, who will oblige them to confidentiality at least to the same extent as this obligation is stipulated by these principles and applicable legislation.
Technical and organizational measures
During the processing, the administrator always ensures that there is no harm to the rights of natural persons in connection with the processing of personal data. The controller has taken appropriate technical and organizational measures to ensure an adequate level of personal data security, taking into account the state of the art, implementation costs, nature, scope, context and purposes of processing.
If it is likely that a certain case of breach of personal data security will result in a high risk for the rights of freedom of natural persons, the administrator will notify the data subject of this breach without undue delay, but at the latest within 72 hours. At the same time, the administrator shall also notify the supervisory authority of such a violation.
When processing personal data by the administrator, there is no automated decision-making, including profiling.
Processing time
The processing time depends on the category of personal data, as well as on the purpose for which the personal data is processed. However, it always applies that personal data is processed only for the necessary time.
-
personal data related to the performance of the contract will be kept for the period when the contract is effective. Part of the personal data may be kept for up to another 3 years after the termination of the contract or for 3 years after the end of the warranty period of the subject of the contract due to the administrator's legitimate interest so that the administrator is able to bear the burden of proof in the event of a potential lawsuit;
-
personal data related to the use of the user account in the online store will be processed for as long as the user account is active, i.e. until the user account, including its contents, is deleted either by the data subject or the administrator. Part of the personal data may be kept for up to another 3 years due to the administrator's legitimate interest so that the administrator is able to bear the burden of proof in the event of a potential legal dispute;
-
personal data processed on the basis of consent to the processing of personal data will be processed by the administrator until the data subject revokes the consent, or until the consent ceases to be effective, or until the purpose of the processing ceases;
-
personal data of potential employees, customers and suppliers will be kept for a maximum period of 3 months from the date on which negotiations on the establishment of possible cooperation are terminated. During this time, the administrator is entitled to contact the entities with a possible new offer;
-
personal data that are processed by the administrator for the purpose of fulfilling legal obligations, i.e. especially for the purpose of keeping accounts, levying taxes and fees, etc. will be deleted within the time limits set by applicable legal regulations and internal regulations of the administrator.
Policy update
The administrator reserves the right to change this privacy policy. The change will be made by publication on the website of the administrator company and is effective within 30 days from the date of publication. In addition, the administrator undertakes to send all registered customers, suppliers and employees a new updated privacy policy without delay after it is accepted by the administrator.