Principles of personal data processing
1. Introductory Provisions
1.1) Company PKV BUILD s. r. o., ID: 281 49 785, registered office in Senožaty nr. 284, postal code 394 56, registered in the Commercial Register kept at the Regional Court in České Budějovice, section C, file no. 21506, contact person: Ing. Barbora Dudova, contact e-mail address: info@pkv.cz (hereinafter also referred to as “troupe“or”warden“), having regard to the necessity of fulfilling obligations in the field of personal data protection, arising in particular from Act No 101/2000 Coll., on the protection of personal data and amending certain laws, as amended, and Regulation No 2016/679 of the European Parliament and of the Council of the EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) sets out these principles for the processing of personal data relating to the processing of personal data of website users https://www.pkv.cz/ (hereinafter referred to as the “Website”).
To make your journey towards savings and a lower carbon footprint really comfortable, we are working on a website with cookies. By using the site, you agree to this. Learn what we use your personal information for and how we protect it from others.
1.2) With this document, the administrator provides website users with information about which personal data it processes, for what purpose and on what legal basis. Furthermore, information about the rights and obligations they have in relation to the processing of personal data. This document does not concern the possible processing of other personal data.
1.3) This document may be revised and updated as necessary.
1.4) The Controller processes personal data manually and automatically and keeps records of all activities in which personal data is processed.
2. Basic concepts
2.1) The Company is the controller of personal data as it determines the purposes and means of processing personal data; it processes personal data on its own or uses the services of other persons, i.e. processors for this purpose.
2.2) Personal data is any information about an identified or identifiable natural person (hereinafter referred to as'data subject“); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to a specific identifier, such as a name, identification number, location data, network identifier, or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
2.3) Processing of personal data is any operation or set of operations with personal data or sets of personal data that is carried out using or without the assistance of automated procedures, such as collection, recording, arrangement, structuring, storage, adaptation or alteration, discovery, access, use, disclosure by transmission, dissemination or any other disclosure, classification or combination, restriction, erasure or destruction.
2.4) The processor of personal data can be any natural or legal person or other entity that processes personal data for the controller.
3. Basic principles of processing
3.1) When processing personal data of the controller
(a) processes personal data in relation to data subjects correctly, lawfully and transparently,
(b) collects personal data only for certain, expressly expressed and legitimate purposes and does not process it further in a way that is incompatible with those purposes;
(c) processes only such personal data that are reasonable, relevant and limited to the extent necessary in relation to the purpose for which they are processed;
(d) processes only personal data that are accurate and, if necessary, updated; for this purpose, the controller shall take all reasonable steps to ensure that personal data which are inaccurate taking into account the purposes for which they are processed are deleted or corrected without delay;
(e) stores personal data in a form allowing identification of data subjects for a period not longer than is necessary for the purposes for which they are processed;
(f) processes personal data in a manner that ensures adequate security of personal data, including their protection by means of appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
3.2) The Administrator is responsible for compliance with all of the above principles and must be able to demonstrate compliance with these principles.
3.3) The controller is entitled to process personal data only on the basis of one of the legal processing grounds stipulated by the legislation. Only if no other legal reason for the processing is given, the controller must obtain the consent of the data subject.
3.4) The controller continuously updates the processed personal data, in particular if it detects the incorrectness of any of the processed personal data or receives information from the data subject about the change of any of the processed personal data.
4. Sending business messages (direct marketing)
4.1) The Administrator may send to the users of the website via electronic mail (e-mail) commercial messages with the offer of services.
4.2) In this context, the controller processes personal data: contact e-mail address for sending commercial communications.
4.3) The administrator is authorized to send commercial communications only on the basis of obtaining the consent of the user of the website. This consent is given by the user by filling out a web form. In this case, the legal basis for the processing of personal data is consent, which can be revoked by the user at any time. The controller is entitled to process personal data for these purposes until the data subject (user) withdraws his/her consent, but not later than for five (5) years from the date of granting such consent. Failure to provide such consent or its withdrawal has no effect on the possibility of providing services by the controller.
5. Use of cookies and other marketing
5.1) With the consent of the user of the website, the administrator places files on the computer of that person in order to send back data about the behavior of this user on the website (so-called cookies) and processes the data obtained in this way in order to configure the website according to the detected user behavior and to improve the services of the administrator. In this context, the Administrator may carry out additional marketing (in particular, the display of advertising on other websites). As part of further marketing, the administrator processes the following personal data: IP address.
5.2) Consent to the placement of cookies is considered, in particular, the settings of the user's computer or the software used in such a way that cookies can be stored on the computer. Before giving consent, or on the first visit to the website, the user is informed that this consent can be withdrawn at any time. The withdrawal of consent is also considered to be the setting of the user's computer or the software used in such a way that it no longer allows cookies to be stored on the computer, including the possible deletion of cookies already stored from the computer.
5.3) The legal basis for processing personal data when storing cookies is the consent of the data subject. Failure to provide such consent or its withdrawal has no effect on the possibility of providing the Administrator's services. This personal data is processed by the controller for the duration of the consent. The legal reason for further marketing is its necessity for the purposes of the legitimate interests of the controller, which is the implementation of marketing. The consent of the data subject to such processing is not required. However, the controller is obliged to terminate this processing if the data subject informs him that he does not agree with this processing.
6. Transfer of personal data to third parties
6.1) The Administrator uses professional and specialized services of other entities to achieve the purposes for which it processes personal data of website users. If these suppliers process personal data transmitted from the controller in the provision of these services, they have the status of personal data processors and process such personal data only within the framework of instructions from the controller and must not use them otherwise. These include, in particular, the following activities:
(a) distribution of commercial messages (direct marketing) — through Mailchimp.com
(b) manage measurement codes — via Google Tag Manager
(c) evaluation of marketing activities and monitoring of the technical functionality of the website — through Google Analytics,
(d) other marketing — through Google Ads and Sklik.
(e) stores personal data in a form allowing identification of data subjects for a period not longer than is necessary for the purposes for which they are processed;
(f) processes personal data in a manner that ensures adequate security of personal data, including their protection by means of appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
At the request of the data subject, the controller shall inform whether and to which subject his personal data has been provided and other related information.
6.2) Each such supplier is carefully selected by the controller and concludes with each of them a personal data processing contract, which sets out obligations for the protection and security of personal data, including the obligation to maintain confidentiality.
6.3) The controller is entitled to transfer personal data only to those persons who provide sufficient guarantees by introducing appropriate technical and organizational measures so that the processing meets all the requirements established by law and to ensure the protection of the rights of data subjects.
7. Method of processing and access to personal data
7.1) Personal data are processed through the information system of the controller, the security of which against the loss of personal data and against the access of unauthorized persons is regularly verified. Access to the system is restricted according to the set management roles. The security of transmission of personal data in electronic form to third parties is ensured through access to the information system of the controller protected by a secure password. The information system is standard, its supplier provides the usual guarantees of security, its functionality and security is regularly tested and maintained by an external supplier with which the controller has a contract for the processing of personal data.
7.2) The controller performs, in particular, the following technical and organizational measures in the processing of personal data:
(a) locking the premises of the controller where personal data are processed,
(b) processing of personal data only by the responsible persons,
(c) training of responsible persons on how to handle personal data.
7.3) The controller continuously updates the processed personal data, in particular in connection with changes that it detects from other persons or from publicly available sources.
7.4) If the controller has already achieved the purpose of processing the personal data and has no other reason for its processing, the controller will delete the personal data without the possibility of their recovery.
7.5) Access to the personal data of the controller is available only to persons who are necessarily required to achieve the purpose for which the personal data are processed.
7.6) Persons with access to personal data are appropriately trained in their protection and are obliged to observe confidentiality.
8. Rights of the data subject
8.1) The data subject has the following rights in relation to the protection of personal data:
(a) access to one's personal data, which includes in particular the right to obtain confirmation from the controller whether it is processing its personal data, information on the purposes of processing, categories of personal data, recipients to whom the personal data has been or will be disclosed, the planned processing time, the existence of the right to request from the controller rectification or erasure of personal data relating to the data subject or restriction of their processing, or to object to such processing;
(b) to rectify inaccurate personal data; however, the data subject is also obliged to notify changes to his/her personal data and to prove that such change has occurred. At the same time, he is obliged to provide cooperation if it is found that the personal data processed about him are not accurate,
(c) the right to erasure of personal data relating to him/her if the controller does not prove legitimate grounds for processing such personal data,
(d) to restrict the processing of personal data until the complaint is resolved, if it denies the accuracy of the personal data, the reasons for its processing or if it objects to its processing,
(e) the right to notice the correction, erasure or restriction of the processing of personal data, unless this proves impossible or requires unreasonable effort,
(f) the portability of data in a structured, commonly used and machine-readable format and the right to request the transfer of such data to another controller,
(g) object to the processing of his/her personal data on the grounds of a legitimate interest of the controller (e.g. for further marketing); in the event that the existence of a serious legitimate reason for the processing is not established that outweighs the interests or rights and freedoms of the data subject, the controller shall terminate the processing on the basis of the objection without undue delay;
(h) withdraw consent to the processing of personal data at any time if the controller processes it on the basis of his consent; however, this withdrawal of consent will not affect the lawfulness of the processing based on the consent granted prior to its withdrawal;
(i) contact the Office for Personal Data Protection (www.uoou.cz) with a complaint or complaint.
9. Effectiveness
9.1) These principles are effective from Mar 20, 2020
