Cleo Czech s.r.o.,Company Identification Number: 06244734, registered office: Pobřežní 667/78, Karlín, 186 00, Prague 8, incorporated in Section C, File 278791 of the Commercial Register held at the Municipal Court in Prague (hereafter simply referred to as the “company”, “our company“ or “we“), is aware of the importance of personal data protection and has therefore decided to adopt the following personal data protection principles (hereafter simply referred to as the “General Principles”).
The General Principles pertain to the processing of personal data in relation to our company’s clients and suppliers. The personal data protection principles are regulated in our company’s internal guidelines.
Our company processes data subjects’ personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC effective as of 25.5.2018 (hereafter simply referred to as the “GDPR”) and in compliance with Act no. 110/2019 Coll. on personal data processing, as amended (hereafter simply referred to as the “PDP Act“) and any other legal regulations regulating the area of personal data processing.
The sources of personal data
We predominantly acquire personal data directly from the data subjects, specifically from orders lodged by the data subjects, registration forms, email communication, telephone communication, websites, the contact forms on our website, social networks, business cards and so on. We also acquire personal data from publicly accessible registers, lists and records (for example the Commercial Code, the Register of Trades, the Land Registry, the public telephone book and so on).
The scope of the personal data processing
The personal data is processed at the extent to which the given data subject has supplied it to our company in association with the conclusion of any contractual or other legal relations or which our company has otherwise gathered and processed in line with the valid legal regulations or to fulfil our legal obligations.
The categories of personal data
Our company processes the following categories of personal data:
- address and identification data – especially: the name, surname, date of birth, personal identification number, permanent residence, Company Registration Number and Tax Identification Number;
- descriptive data – especially: bank details and payment details;
- contact data – especially: email addresses and telephone numbers;
- IP addresses;
- pictorial records;
- other information, if the data subject provides any.
The categories of data subjects
Our company processes personal data for the following types of data subjects:
- our company’s customers;
- potential customers;
- our company’s suppliers;
- potential suppliers;
- any other entities who have entered into contractual relations with our company.
The purpose of the personal data processing
Our company processes your personal data as a data subject so that we can provide you with the services that you have expressed an interest in and secure the safety of our services and as such, of course, also the safety of your personal data.
Our company may process your personal data for the following purposes:
- discussions on your intention to enter into contractual relations and the fulfilment of any contractual relations that have arisen between our company and you, especially on the basis of a contract, an order, registration and so on;
- improving the quality of the services we provide and developing new services, websites and so on. The development of new services and the improvement of our existing ones occurs on the basis of securing the needs and wishes of their users via telephone calls, website analyses, interest in certain services and texts, etc.;
- increasing the security of the provided services;
- our company’s justified interests, whereby our company can process some of the personal data of our past and current customers for the purposes of direct marketing;
- the performance of analyses and measurements, for example: visitor numbers, frequency, the number of viewed pages, the equipment you use to access our website and so on. We collect this information using anonymised data in order to be able to offer quality content that is relevant to our users and so that we can develop services that our customers are clearly interested in;
- the dissemination of notifications using electronic means (especially emails, SMS messages and telephone calls) in compliance with Act no. 480/2004 Coll. on some information company services;
- answering your queries, requests or other comments sent using the contact form;
- accounting and tax purposes in compliance with the appropriate legal regulations regulating accountancy and taxation;
- securing the protection of health and property;
- the fulfilment of other legal obligations, for example the provision of information to the authorities involved in any criminal proceedings and to other public sector authorities.
The method of processing and protecting the personal data
The processing of the data subjects’ personal data is either undertaken by individual authorised employees from our company at our company’s premises or by our processors using their own authorised employees at their premises. The processing takes place both electronically, i.e. using computer technology, and in documentary form, i.e. manually while adhering to all the security principles.
All of the personal data which our company provides is secured using the standard procedures and technologies, but for all that it is not objectively possible to guarantee 100% security of the data subject’s personal data. To this end, our company regularly inspects the security measures which are then regularly updated as needed.
The provision of data to third parties
Our company carefully selects the business partners, to whom it provides the data subjects’ personal data, in order to ensure that they are capable of technically and organisationally securing the personal data so that it cannot be subjected to any random access or abuse.
As part of the legal relations with our business partners, they are required, amongst other things, to maintain confidentiality and they may not used any of the provided data for any other purposes than those for which we have provided them access to the data and furthermore they must provide any other measures that are necessary to secure the data subjects’ personal data.
Some of the third parties that may gain access to the data subjects’ personal data depending on the nature of the services which the data subjects have used or are using include:
- entities that secure the technical operation of certain services for us or the operators of technology that we use for our services;
- entities that provide us with accounting or other economic services;
- entities that provide us with additional security and integrity for our services and websites and also regularly test said security;
- the providers of postal and communication services and electronic communication services;
- entities that we provide with data for the purpose of analysing the visitor numbers at our websites;
- the providers of payment services and payment processors for the purpose of securing and realising payment relations;
- our business partners or sponsors who contribute to the organisation of our events, conferences, seminars etc.;
- entities that secure the recovery of our company’s receivables for us;
- the operators of advertising systems in association with targeted advertising;
- the operators of technical solutions, which enable us to show you only relevant content and advertising;
- marketing and research agencies for the purpose of marketing processing or research and for offering business, services and products.
Under certain, precisely defined conditions, our company is also obliged to submit the data subjects’ personal data to, for example, the Police of the Czech Republic, the Tax Office, The Office for Personal Data Protection and to other public sector authorities on the basis of the valid legal regulations.
The period of the personal data processing
We process and store the data subjects’ personal data for the period that is essential to secure all the rights and obligations arising from the contract, i.e. at least throughout the period of the realisation of the data subjects’ orders and furthermore throughout the period in which our company is obliged in its capacity as the personal data administrator to store the personal data according to the generally binding legal regulations or throughout the period in which the data subjects have given us their consent to do so. In all other cases, the processing period will be based on the processing purpose or it has been set by the appropriate legal regulations.
We store the data subjects’ personal data that we process with their consent throughout the duration of the purpose for which the consent was given, unless the legal regulations state otherwise.
The rights of the data subjects
The data subjects may exercise the following rights in association with the processing of their personal data:
- the right to information pertaining to the data subject’s personal data being processed by our company and the purpose and nature of the personal data processing, including information on any personal data recipients;
- the right to access the data that the data subject has provided to our company, including on our website. If this right is exercised, the data subject will be informed as to whether and which personal data about them is being processed. Access will be provided to all the data along with information on its processing;
- the right to correct any personal data, if it is inaccurate or incorrect. Our company can only effectively handle the responses of its data subjects, if the data is up to date;
- the right to the explanation and deletion of any defective status (for example, the blocking, correction, supplementation or liquidation of the personal data), if the data subject is of the opinion that our company has processed the personal data in a manner that is at odds with the legal regulations;
- the right to the deletion of the personal data (the so-called right to be forgotten) or to the limited processing thereof, if it is no longer necessary for the stated purpose or if our company does not have any legal grounds to process the personal data, including cases where the data subject does not consent to any further processing. Once this right has been exercised, our company will ascertain whether any justified grounds exist for the further processing of the personal data and, if none exist, will either fully or partially delete the data subject’s personal data;
- the right to the portability of any automatically processed personal data acquired for another entity with the consent of the data subject, whereupon our company will transfer the data subject’s personal data in a regularly used format to the data subject in question or to another processor according to the data subject’s request;
- the right to lodge an objection against the processing of any personal data, including profiling, which we process on the grounds of our justified interests. Likewise, the data subject may also object to the processing in the situation where we have processed the data subject’s personal data for the purposes of direct marketing. In such a case, we will no longer process your personal data for this purpose;
- the right to withdraw the consent to process the personal data – if the data subject has provided us with consent to process their personal data for purposes that require consent, the data subject has the right to withdraw this consent at any time. Any processing of personal data that took place prior to the withdrawal of the consent is lawful. Our company will respond to any requests from a data subject pertaining to their rights without any undue delay within a deadline of 30 days from the receipt of the request. However, this deadline may be extended by another 30 days, if necessary. We will always inform the data subject of any such extension, including the reasons which have led to it;
- the right to contact the Office for Personal Data Protection in the case of a breach of your rights and to request the appropriate correction, which may, for example, involve the administrator refraining from any such conduct, the rectification of the occurred state of affairs and the provision of any apology. The supervisory body is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00, Prague 7, https://www.uoou.cz/.
If you are of the opinion that our company has processed your personal data in a manner that is at odds with your right to the protection of privacy or your personal life, you can request our company to provide an explanation and to rectify the given state of affairs.
You can exercise all of your rights using the contact information stated in these General Principles.
The transfer of personal data to third countries
Our company does not intend to transfer the data subjects’ personal data to any third countries. If any of the data subjects’ personal data is to be transferred to any third countries outside the EU, this will take place in compliance with the legislative requirements and the data subjects’ personal data will always be protected.
The contents of our website are protected by the appropriate provisions of the legal regulations which regulate the area of intellectual property. The use of our website’s contents in any form requires our express written consent.
Changes to the General Principles
We reserve the right to change these General Principles, if necessary, especially with regard to any developments in the domestic legal regulations, the decision-making practices of the Office for Personal Data Protection and any other recommendations and statements from other bodies involved in the area of personal data protection. We recommend that you should regularly read through these General Principles in order to ensure that you are currently informed with regard to how we are helping to protect your personal data that we process.
If you have any questions regarding personal data protection or the withdrawal of your consent for any further processing of your personal data, you can use the contact form that is available on our website or you can write to us at the address: Pobřežní 667/78, 186 00 Prague 8 or send an email to: firstname.lastname@example.org .
We would like to point out that we may ask you to provide us with some information during this process to enable us to verify your identity. This involves a preventative security measure in order to enable us to prevent any unauthorized individuals accessing your personal data.
These General Principles are effective as of 25.5.2018.