Personal data processing principles

Below you will find the personal data processing policy that you provide to us as the controller if you visit our website available at https://czechbuddy.cz/, if you are our customers or if you are interested in our products or services.

We process personal data in accordance with valid and effective legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation („GDPR„) and in accordance with Act No. 110/2019 Coll., on the processing of personal data.

The purpose of this document is to inform you about how your personal data will be handled and to inform you about your rights.

THE CONTENTS OF THIS DOCUMENT:

1. Personal data controller – our identification and contact details
2. Source of personal data – where we will access your personal data

• Categories of personal data and the requirement to provide them – which personal data we process about you, whether you are obliged to provide them and the consequences of not providing them

1. Purposes and duration of processing – for what purposes and for how long we process your personal data and what entitles us to do so
2. Automated decision-making, including profiling – whether automated individual decision-making, including profiling, takes place on our part
3. Cookies – which cookies we use

• Recipients of personal data – to whom we disclose your personal data
• Transfer of personal data to a third country or international organisation – whether your personal data will be transferred to a country outside the European Union

1. Personal data security – what technical and organisational measures we have taken to secure your personal data
2. Your rights – what are your rights in relation to the processing of personal data
3. Final Provisions – Effectiveness of this document and the possibility of amending it

1. PERSONAL DATA CONTROLLER

The data controller is:

Šárka Melicharová

Registered in the Trade Register

ID: 17140919

DIC: CZ976119/0131

Headquarters: Rýdlova 867/23, Říčany, 251 01, Czech Republic

Phone number: +420 792 374 708

E-mail: info@czechbuddy.cz

1. SOURCE OF PERSONAL DATA

We process personal data that we obtain directly from you. We obtain your personal data by filling in and submitting a form on our website. We may also obtain your personal data in other ways – for example, by you providing it to us by email, telephone, during a video call, via social media or in a face-to-face meeting.

• CATEGORIES OF PERSONAL DATA AND THE REQUIREMENT TO PROVIDE THEM

1. In particular, we process the following common personal data about you to the extent necessary: name and surname, registration number, VAT number, residential address, registered office address, payment details, telephone number, e-mail address, identifier of other forms of distance communication, IP address, information about the products or services you have ordered, as well as information that you provide to us in the course of our cooperation (data relating to your marital status, personal and property status, etc.). If you provide us with a reference and at the same time provide us with a photograph or video recording of yourself, we also process personal data about you consisting of the photograph or video recording provided.

2. The provision of the categories of ordinary personal data referred to in the first sentence of the preceding paragraph is necessary for mutual communication or for the conclusion and performance of a contract; in the absence of such provision, it will not be possible to communicate with each other or to conclude and perform a contract. In cases where the processing of personal data is based on your consent, it is entirely up to your decision whether or not to provide us with your personal data.

3. We only process special categories of personal data (sensitive data) about you if you voluntarily disclose this data to us in the course of our cooperation and only with your consent. We do not require this personal data from you and have no interest in processing it. It is therefore up to you whether you choose to provide us with this data. This includes personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation.

1. PURPOSES AND DURATION OF PROCESSING

1. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF CONCLUDING AND FULFILLING A CONTRACT

1. We process your personal data for the purposes of concluding a contract and fulfilling the contract concluded between us (mutual communication before and after the conclusion of the contract, delivery of the ordered product or service, making payment). For this purpose, we process your ordinary personal data referred to in Article III(1) above as well as the special categories of personal data (sensitive data) referred to in Article III(3) above.

2. The legal title (authorisation) for the processing of personal data is the performance of a contract concluded between us and the implementation of measures taken prior to the conclusion of the contract at your request.

3. For this purpose, we process your personal data for the duration of the contractual relationship between us and, after the end of the contractual relationship, we further process some of your personal data for the purpose of fulfilling our legal obligations or for legitimate interest purposes (see points B to D below).

1. PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF COMPLIANCE WITH LEGAL OBLIGATIONS

1. We also process personal data for the purpose of fulfilling legal obligations to which we are subject (e.g. legal obligations in the field of taxation). For this purpose, we process the following personal data: your name and surname, ID number, VAT number, home address, registered office address, payment details and information about the products or services you have ordered.

2. The legal title (authorisation) for the processing of personal data is therefore the fulfilment of a legal obligation to which we are subject.

3. For this purpose, we process your personal data for the period of time specified by generally binding legal regulations.

1. PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

1. We also process your personal data for direct marketing purposes (sending commercial communications, newsletters, etc.). For this purpose, we process the following personal data: name and surname, residential address, registered office address, telephone number, e-mail address and information about the products or services you have ordered.

2. If you are our customer, our legitimate interest is the legal title (justification) for such processing of personal data, as we reasonably assume that you are interested in our information and news.

3. You can stop receiving commercial communications at any time by simply clicking on the relevant link in each email sent. Otherwise, we will process your personal data for this purpose for a period of 5 years from your last order for our products or services.

1. PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF PROTECTING RIGHTS AND ENFORCING CLAIMS

1. We also process personal data for the purpose of protecting our rights and enforcing legal claims (in particular, from contracts concluded or damages caused). For this purpose, we process your personal data from concluded contracts and our communications with each other.  

2. The legal title (authorisation) for the processing of personal data is our legitimate interest.

3. For this purpose, we process your personal data for the duration of the contractual relationship and for 5 years after its termination, or for 5 years after our last contact if no contract has been concluded.

1. PROCESSING OF PERSONAL DATA ON THE BASIS OF YOUR CONSENT

1. If you are not our customer, we will only send you commercial communications, newsletters, etc. based on your consent. We will also only send you information about third party products or services on the basis of your consent. We also need your consent to process your personal data for the purpose of publishing your testimonial on our website or social media.

2. Before you give your consent, we will inform you which personal data we will process on the basis of your consent and to which specific purpose of processing your consent will apply.

3. You can withdraw your consent at any time, e.g. by clicking on the relevant link in each email sent. However, if we also process your personal data on the basis of other legal titles listed under A to D above, we will continue to process it on the basis of this respective title after you have withdrawn your consent.

1. AUTOMATED DECISION-MAKING, INCLUDING PROFILING

We do not engage in automated individual decision-making, including profiling, within the meaning of Article 22 of the GDPR. We carry out such processing on the basis of your explicit consent. 

1. COOKIES

1. We use cookies and other related technologies when using the website. Cookies are small content files that are used to store and receive identifiers and other information about the devices from which you access our website.

2. We use technical and functional cookies, analytical cookies and marketing cookies. Technical and functional cookies ensure the correct functioning of our website and make it easier to visit (you do not have to enter the same information repeatedly when you visit our website). These cookies may be placed without your consent. We use analytics cookies to analyse data in order to improve our products and services. Marketing cookies are used to track the preferences of website users in order to target advertising. We only use analytical and marketing cookies in conjunction with third party tools with your prior consent.

3. You can refuse the use of cookies in your browser settings or you can set the use of only certain cookies.  

• RECIPIENTS OF PERSONAL DATA

1. If we share your personal data with another person, we take care to ensure that it is protected.

2. For some processing operations, we use the services or applications of others who have access to your personal data for this reason and who contractually guarantee the protection of your personal data.

3. Specifically, the following:

1. webhosting and domain: cz, ID 09675957
2. mailing: ecomail operated by ECOMAIL.CZ, s.r.o., s.r.o., ID 02762943;
3. Invoicing system Fakturoid operated by Fakturoid s.r.o., ID 04656679;
4. payment gateway: the Comgate payment gateway operated by Comgate a.s., ID 27924505;
5. e-commerce platform: SimpleShop operated by Redbit s.r.o., ID 24197190;
6. Taxes and accounting: Helena Melicharová, ID

4. Your personal data will also be disclosed to the relevant administrative authorities or courts in order to comply with our legal obligation or to protect our rights and legitimate interests.

5. Should we use other applications or services from other parties in the future, we will take care in selecting them to maintain our standard of security and processing of personal data.

• TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

All processing of personal data will be carried out within the European Union.

1. SECURITY OF PERSONAL DATA

1. As the controller, we have taken all technical and organisational measures to secure your personal data so that it cannot be accidentally or unlawfully accessed, altered, destroyed or lost, or otherwise misused. The technical and organisational measures taken are appropriate to the level of risk to the rights and freedoms of natural persons, the nature, scope and purposes of the processing of personal data.

2. In particular, we have taken the following technical and organizational measures to secure your personal data:

1. Protecting access to the computing technology used to process personal data with individual strong passwords and protecting these passwords from disclosure;
2. protection of this computing technology by antivirus programs;
3. Protection of portable computing or portable data storage (monitoring, data encryption, etc.);
4. locking documents with personal data;
5. entrusting access to personal data only to authorised persons who are bound by the obligation of confidentiality of your personal data and the security measures taken.

3. The technical and organisational measures in place are regularly tested and their effectiveness in ensuring the security of personal data processing is assessed and evaluated.

1. YOUR RIGHTS

1. You have the following rights in relation to the processing of personal data:

1. Right of access to personal data (Article 15 GDPR)

You have the right to be informed whether or not your personal data is being processed and, if it is, you have the right to access your personal data and to receive details of the processing of your personal data.

1. Right to rectification or completion of personal data (Article 16 GDPR)

You have the right to request that we correct inaccurate personal data concerning you and, taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

1. Right to erasure of personal data (Article 17 GDPR)

You have the right to request that we delete personal data relating to you, and if one of the grounds set out in Article 17 of the GDPR applies, we are obliged to delete your personal data on the basis of your request.

1. Right to restriction of processing of personal data (Article 18 GDPR)

If the conditions set out in Article 18 GDPR are met, you have the right to have us restrict the processing of your personal data.

1. Right to data portability (Article 20 GDPR)

Where the processing of your personal data is carried out by automated means and is based on consent or contract, you have the right to obtain the personal data relating to you in a structured, commonly used and machine-readable format and to transmit it to another controller. Where technically feasible, you also have the right to request that we transfer your personal data to another controller ourselves.

1. Right to object to the processing of personal data (Article 21 GDPR)

For reasons relating to your particular situation, you have the right to object at any time to the processing of personal data concerning you where the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of our legitimate interests or those of a third party. In this case, we may only further process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of our legal claims.

If we process your personal data for direct marketing purposes, including profiling, you have the right to object at any time to the processing of personal data concerning you for this marketing, in which case we will no longer process your personal data for these purposes.

1. Right to withdraw consent to the processing of personal data

If personal data is processed on the basis of your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing based on the consent previously given.

1. Right to lodge a complaint with the Office for Personal Data Protection

If you believe that your right to personal data protection has been violated, you have the right to file a complaint with the Office for Personal Data Protection (www.uoou.cz).

2. You can exercise your rights with us by using the contacts listed above (postal or e-mail address). We may contact you before processing your request in order to verify your identity in a reasonable manner.

3. More information about your rights is available on the website of the Office for Personal Data Protection (www.uoou.cz/6-prava-subjektu-udaj/d-27276).

1. FINAL PROVISIONS

1. We are entitled to change this personal data processing policy to the extent appropriate. The current version can be found on our website listed above.

2. This personal data processing policy will take effect on 17 September 2024.