Through these Personal Data Protection Principles (hereinafter the “Principles”), we inform the data subjects, whose personal data we process, on all the processing activities and the principles for the protecting of the data subjects.
1. People Responsible
Personal Data Administrator:
Maur Legal s.r.o., ID 02877759, with registered office at Rybná 732/25, 110 00 Praha 1
Contacts for exercising your rights: Telephone: +420 775 387 744, E-mail: firstname.lastname@example.org
(hereinafter “us”,or “our”)
2. Basic terms
Regulation (EU) 2016/679 of the European Parliament and of the Council, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC effective from 25.5.2018.
Personal data pursuant Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as GDPR) is any information about an identified or identifiable natural person (ie about the data subject = you).
Special personal data:
Special personal data means an indication of racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the sole purpose of identifying a natural person and health or sexual life or sexual orientation of Individuals.
Subject of data = You:
The data subject is an identified or identifiable natural person, an identifiable natural person being a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific elements identifying physical, physiological, genetic, psychological, economic, cultural or social identity of that individual.
Processing of personal data:
The processing of personal data, within the meaning of Article 4 (2) of the GDPR, means any operation or set of operations with personal data or personal data files that is executed with or without the help of automated procedures such as collecting, recording, arranging, structuring, storing, or alteration, retrieval, inspection, use, disclosure by transmission, dissemination or any other disclosure, sorting or combining, restriction, deletion or destruction.
An administrator within the meaning of Article 4 (7) of the GDPR is a natural or legal person, a public authority, an agency or any other body which, alone or jointly with others, determines the purposes and means of processing personal data. We act as an administrator in relation to your personal data.
Processor within the meaning of Article 4 (8) of the GDPR is a natural or legal person, public authority, agency or other entity that processes personal data for the administrator.
The Supervisory Authority in the Czech Republic is the Office for the Protection of Personal Data (hereinafter referred to as "UOOU").
Risk processing means processing that is likely to pose a risk to the rights and freedoms of data subjects, processing is not occasional or involves the processing of special personal data or personal data relating to criminal convictions and offenses referred to in Article 10 of the GDPR.
Automated individual decision making incl. profiling:
Automated individual decision making incl. profiling is generally understood as any form of decision based on the automated processing of personal data, i.e. without human intervention, including, but not limited to, the assessment of certain personal aspects relating to the data subject, in particular for analysis or estimation, analysing or anticipating aspects relating to his / her work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location of the place where he / she is, or moving.
3. Category of subjects, processed personal data, purpose, legal basis and processing time
We process personal data for a clearly defined purpose:
|Categories of data subjects||The purpose of personal data processing||Legal basis and processed personal data||Processing period|
|Website Visitors||Statistics prior to data anonymization, displayed advertisements for our services or goods.||The legal basis is a legitimate interest in the sense of a) improving our services and focusing on what interests you; b) offer you similar services or goods that fit your needs based on access to our website.|
Identification data (name, surname), contact details (address, e-mail, telephone), IP address and cookies.
|Personal data may be processed for a period of time 6 months for this purpose.|
|Sending a response to the question of a website visitor.||The legal basis is the performance of a contract or your consent.|
Identification data (name, surname), contact details (address, e-mail, phone), IP address and cookies, query submitted through a form.
|For this purpose, personal data can be processed to address a query from the contact form, but no longer than 30 days, or the time your consent to the processing takes.|
|News Subscribers||Sending business messages through e-mail||The legal basis is the consent you give us when you subscribe to newsletters.|
Identification data (name and surname), contact details (e-mail).
|For this purpose, personal data may be processed until the withdrawal of consent.|
4. The duration of personal data processing
Personal data are kept only for the time necessary for the purpose of processing - see table above. After this time, personal data may be retained for the purposes of the State Statistical Service only, for scientific and archival purposes.
5. Recipients of personal data and transfer of personal data outside the European Union
In justified cases, we may also transfer your personal information to other entities (the "recipients").
Personal data may be transmitted to the following recipients:
- processors who process your personal information in accordance with our guidelines, particularly in the field of public contact, electronic data management or bookkeeping,
- public authorities and other entities, if required by applicable law,
- other entities in the event of an unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or security.
Most browsers are set to accept cookies. However, you have the option to set your browser to block cookies or to inform you of cookies. Without cookies, however, some services or features will not work properly.
Our websites use only first-party cookies, that is, cookies used only by our web sites (hereinafter referred to as first-party cookies) and "third-party" cookies (i.e. cookies from third-party websites). First-party cookies are used to store user preferences and data needed during your visit to the website (such as the content of your shopping basket). Third-party cookies are used to track user trends and behavioural patterns, ad targeting, with the help of third-parties – web statistics providers. Third-party cookies used to track trends and behavioural patterns are only used by our web site and web stats provider, they are not shared with any other third party.
7. Principles of processing personal data
We process your personal information in accordance with applicable law, especially with GDPR.
Data subject consent
We process personal data only in the manner and to the extent that you have given us consent if the consent is the title of processing.
Minimization and limitation of processing of personal data
We process personal data only to the extent that it is necessary for the purpose of its processing and for no longer than is necessary to achieve the purpose of its processing.
Accuracy of processed personal data
We process personal data with emphasis on their accuracy using available measures. And using reasonable resources, we process updated personal data.
Through this Policy and contact person, you have the opportunity to learn how we process your personal data, as well as its scope and content.
We process personal data only to the extent necessary for the fulfilment of the intended purpose and in accordance with that purpose.
We process personal data in a manner that ensures its proper security, including its protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.
8. Automated individual decision making and profiling
When processing personal data, there is no automated, individual decision-making, not even through profiling.
9. Your rights as a data subject
Right of access to personal data
You have the right to request from us access to personal data about your person. In particular, you have the right to receive a confirmation from us that personal data concerning you are or are not processed by us and to get further information on the processed data and the processing method within the meaning of the relevant GDPR provisions (purpose of processing, personal data category, the duration of the deposit, the existence of your right to request a correction, the deletion, the limitation of processing or the right to object, the source of personal data and the right to lodge complaints). If you ask for it, we will provide you with a copy of the personal data we process about you free of charge. In case of a repeated request, we may charge a reasonable fee for providing a copy corresponding to the administrative costs of processing.
To access your personal data, use your user account or contacts listed in this Policy.
The right to withdraw consent to the processing of personal data if processing takes place on the basis of consent
You have the right at any time to withdraw consent to the processing of personal data processed by us on the basis of such consent.
You can revoke your consent through your user account or contacts listed in this Policy.
Right of repair, restriction or deletion
If you find that personal data about you is inaccurate, you may require us to correct this information without undue delay. If this is appropriate in the light of the specific circumstances of the case, you may also request the addition of the information we have about you.
You may request correction, limitation of processing or deletion of data through your user account or contacts listed in this Policy.
Right to deletion of personal data
You have the right to request us to erase without undue delay the personal data processed by us that concern you in the following cases:
- if you revoke your consent to the processing of personal data, and there is no other legitimate reason for our processing to prevail over our right of cancellation;
- if you object to the processing of personal data (see below);
- your personal data is no longer needed for purposes for which we have collected or otherwise processed them;
- personal data has been unlawfully processed by us;
- personal data was gathered in connection with the provision of information society services to a person below the age of 18;
- personal data must be deleted to comply with a legal obligation laid down in European Union law or the Czech law applicable to us.
You may request a deletion in these cases through your user account or contacts listed in this Policy.
The right to request the deletion of personal data is not given in a situation where processing is necessary
- for the exercise of the right to freedom of expression and information;
- to meet our legal obligations;
- on grounds of public interest in the field of public health;
- for purposes of archiving in the public interest, for purposes of scientific or historical research or for statistical purposes, where the deletion of data is likely to make it impossible or seriously jeopardized to achieve the objectives of that processing;
- for the determination, exercise or defence of legal claims.
Whether the reasons of impossibility to use the right of cancellation exist, can be found through your user account or contacts listed in this Policy.
The right to limit the processing of personal data
You have the right to restrict the processing of your personal data in the following cases:
- You deny the accuracy of your personal data. In this case, the limitation is valid for the time required to verify the accuracy of personal data.
- Processing is illegal and you do not want to delete your personal data and instead you want to limit their use.
- We no longer need your personal data for the purposes for which we processed it, but you are required to identify, exercise or defend legal claims.
- You object to the processing (see below). In this case, the limitation applies for a period until it is verified that the legitimate reasons on our part outweigh your legitimate reasons.
At a time when we limit the processing of personal data, we may only process your personal data (with the exception of its storage) only with your consent or for the purpose of determining, enforcing or defending our legal rights, for the protection of the rights of another natural or legal person or for reasons of major public interest of the EU or some of its member state. As mentioned above, you can request processing restrictions through your user account or contacts listed in this Policy.
Right to object to processing
You have the right to object to the processing of your personal data in the following cases:
- In the case that personal data are processed because processing is necessary to fulfil a task carried out in the public interest or in the exercise of public authority to which we are entrusted or for the purposes of our legitimate interests and you object to the processing, we are not allowed to process the data unless we can demonstrate serious legitimate reasons for processing that outweigh your interests, rights and freedoms, or to determine, exercise or defend our legal rights.
- If personal data is processed for direct marketing purposes and you object to the processing, we will no longer process personal data for this purpose.
- If your personal data is processed for purposes of scientific or historical research or for statistical purposes, we will not process it further unless processing is necessary to fulfil a task carried out for reasons of public interest.
You can submit a complaint through your user account or contacts listed in this Policy.
Right to data portability
In the case that we process your personal data with your consent or because it is necessary to fulfil a contract between us, you have the right to obtain from us your personal data you have provided us in a structured , commonly used and machine-readable format, if personal data are processed by us this way. You have the right to pass this data to another data administrator or to require us to provide this information directly to another data administrator if this is technically feasible. You may obtain your personal information through your user account or contacts listed in this Policy.
The right not to be subject to any decision based exclusively on automated processing, including profiling
We do not use personal data for automated decision making.
The right to obtain information about a breach of security of your personal data
If it is likely that a breach of our security will be a high risk for your rights and freedoms, we will notify you of this violation without undue delay. If appropriate technical or organizational measures have been used to process your personal data, such as making the unauthorized person incomprehensible, or by additional measures to ensure that the high risk does not occur, we are not obliged to transmit the infringement information.
Right to file a complaint with the Supervisory Authority
If you believe that the processing of your personal data is in violation of the obligations set forth in the GDPR, you have the right to file a complaint with the Supervisory Authority. The Supervisory Authority in the Czech Republic is the Office for Personal Data Protection.