This Data Protection Policy was issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (also referred to as “GDPR”) and Act 110/2000 Coll., on Personal Data Protection and on Amendments to Certain Acts.
1. Who we are and our contact details
Pursuant to Art. 4 (7) of GDPR, České překlady s.r.o., with registered office at Spálená 108/51, 110 00 Praha 1, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 132135 acts as the data controller.
2. Definition of personal data
Personal data means any information relating to an identified or an identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data also includes identifiers stored in cookies which will be installed – subject to your consent – into your web browser when you visit our website.
3. Which data we process
We process personal data that you provide in connection with the use of our services or which are publicly accessible. This especially includes your first name, last name, e-mail address, correspondence address, billing address, phone number, bank card number, your company name (name, registered office, company ID, VAT number) and your job title.
The list above is not exhaustive and additional data may be provided by you in the course of our negotiations and cooperation, which will be handled in the same way.
4. Why we process personal data
We process personal data especially to be able to fulfil what we have committed to. If we are unable to process data, we will lose the ability to provide you with the services you have ordered from us. Also, we will be unable to share with you any information that we think might be of interest to you.
The legitimate reasons for processing personal data include:
- Performance of a contract between you and us according to Art. 6 (1) (b) of GDPR;
- Our legitimate interest in direct marketing communication (especially the distribution of a newsletter) under Art. 6 (1) (f) of GDPR, based on a conscious relationship between you as a customer and us as the controller.
The purpose of processing personal data for the performance of a contract is:
- Processing your purchase orders and executing the rights and responsibilities arising from the contractual relationship (when you order our services, we ask you to provide data necessary for the successful execution of the order – it is not possible to enter into a contractual relationship without you providing the data).
The purpose of processing personal data based on a legitimate interest is:
- Faster customer support for your queries or complaints;
- Distribution of business communication (especially our regular newsletter) and related marketing activities.
5. How we process personal data
We process your data with utmost care and with emphasis on their security. Exactly like you, we want to make sure that your data is kept secure from any breach. We protect the data in accordance with GDPR and Act 101/2000 Coll. on Personal Data Protection, and declare that we have taken all reasonable technical and organizational measures to safeguard the data. We also carefully select only third party suppliers (i.e. data processors) who are able to provide such technical and organizational measures to protect your personal data.
When processing your personal data, we follow the following main principles:
- Your data is processed solely by our trained staff, who are bound by confidentiality and privacy rules;
- The only third parties with which we share your data are the data processors listed below;
- We process your data for the time necessary to exercise the rights and responsibilities arising from the contractual relationships and the exercise of the claims arising from these contractual relationships.
6. Who has access to personal data
First of all it is us, České překlady s.r.o., with registered office at Spálená 108/51, 110 00 Praha 1, and our staff. Also, some of your personal data are shared with data processors, but only to an extent necessary for the fulfilment of our obligations.
These are the following data processors:
- salesforce.com by EMEA Limited – customer and project management system
- Finance Accounting s.r.o. – provider of account services
- GoPay (GOPAY s.r.o.) – payment gateway used for online payments
- EVO Payments International s.r.o. – bank card payment terminal
- Postal and carrier service providers, especially Česká pošta s.p., DHL Česká republika, and other providers of your choice
Direct marketing data processors:
- Google, Inc.
- Seznam.cz, a.s.
- Facebook Ireland Ltd.
- LinkedIn Corporation
We are also required to disclose your personal data to the minimum necessary extent for the purpose of criminal investigation and prosecution. If this is the case, we will have to share your personal data with the authority concerned.
7. How you can handle your personal data
As a data subject, you have the right to decide about the purpose for which your personal data is used to the extent defined by GDPR. You may apply the rights below (i) in person at our registered office, (ii) electronically via email at office@@ceskepreklady.cz, or (iii) in writing at the address of our registered office.
Under the applicable law, you have the following rights relating to the processing of your personal data:
- Right of access – you have the right to request a confirmation from us as to what personal data we process, and you have the right to obtain the information about such processing as stated in Article 15 of GDPR.
- Right to rectification and amendment – if you find out that of your personal data processed by us is inaccurate, you have the right to claim the rectification or amendment of such data;
- Right to erasure – if the terms of Article 17 of GDPR are fulfilled, you have the right to obtain the erasure of your personal data, especially if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if the personal data have been processed unlawfully;
- Right to data portability – if the processing is based on consent or a contract and is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. If technically feasible, we may, upon your request, transmit your personal data to another controller;
- Right to restriction of processing – under Article 18 of GDPR, you have the right to obtain from the controller restriction of processing, especially if you contest the accuracy of the personal data – we will restrict the processing to the period of the verification of the data accuracy – or if you raise an objection – we will restrict the processing until it is verified whether our legitimate grounds override those of you as the data subject. During the period of such restriction, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of our legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest.
- Right to object – if personal data are processed for purposes of our legitimate interests or the legitimate interests of third parties and if your interests or fundamental rights and freedoms requiring personal data protection override our legitimate interests or the legitimate interests of third parties, you have the right to object to such processing. If this is the case, we will no longer process the personal data, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time;
- Right to complain with the Office for Personal Data Protection – if you believe that the processing of your personal data constitutes violation of the applicable legislation, you can file a complaint with one of the competent supervisory authorities. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, phone: + 420 234 665 111, www.uoou.cz.
For more details about your other rights, see the full text of GDPR.
This Policy takes effect on 25 May 2018.