We handle personal data exclusively in accordance with applicable legislation, in particular Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter referred to as "GDPR"). This Policy describes the principles we follow, what personal data we collect and why, the purposes for which we use it, to whom we may disclose it, where and how you can obtain information about your personal data that we process, and what your rights are in relation to data protection.
The data controller in the Czech Republic is Digilive s.r.o., with registered office in Kunovice, V Humnech 1590, 68604 Kunovice, IČ: 27686728, DIČ: CZ27686728. In this Policy, the Controller is also referred to as "Controller" or "we".
We only process personal data that you provide to us in connection with the offer and sale of our goods or services or the use of our other services (e.g. website, Weblantis service/application). This most often includes the following data:
First name, surname, title, birth number or date of birth, permanent address, type and number of identity card (ID card, passport number or other similar document), country or, where applicable, issuing authority and period of validity, signature - in the case of a natural person who is an entrepreneur, also tax identification number and ID number. These are therefore all personal data that allow us to uniquely and unmistakably identify you.
contact address, telephone number, e-mail address and other similar information. This is the personal data that enables us to contact you.
Personal data that we may process on the basis of your consent and which we need in order to offer you the services of our partners in the field of financing intermediation, insurance, etc.
Data about what goods or services we have provided or negotiated with you to provide (e.g. records of telephone calls, records of other communications, data about the goods in respect of which we have concluded or negotiated a purchase contract with you), data obtained in connection with your visit to our website - IP address, cookies or other online identifier (see Article 10.)
In some cases we process your personal data on the basis of your consent, in other cases we do not
need your consent to process. This is generally the case if the processing is necessary for the
performance of our contractual or legal obligations or to ensure the protection of our rights and
legitimate interests.
We may therefore process your data on the basis of the following titles:
(i)
the consent you have given us for this purpose, usually by filling in a contact form, a telephone call
to our operators or otherwise
(ii) the performance of contractual obligations arising for us from
contracts or other agreements entered into with you
(iii) compliance with legal obligations imposed
on us by specific legislation
(iv) ensuring the protection of our rights and legitimate interests
The main pieces of legislation that impose obligations on us that require us to process your
personal data:
- Act No. 89/2012 Coll., Civil Code, as amended;
- Act No. 563/1991 Coll., on
Accounting, as amended;
- Act No. 235/2004 Coll., on value added tax, as amended;
- Act No
634/1992 Coll., on Consumer Protection, as amended;
- Act No. 253/2008 Coll., on certain measures
against the legalization of the proceeds of crime and the financing of terrorism, as amended; (this Act
imposes in some cases the obligation to carry out identification and control of clients)
The
legitimate interests of the Controller in processing your personal data:
- Preparation of a business
case - collection and processing of personal data that is necessary and necessary for the proposal of
the terms and conditions of the transaction;
- managing relationships with customers and potential
customers to provide you with all information and services related to the purchase of our goods or
services or to resolve your requests, wishes and complaints, etc;
- product and service simulations
to help you choose the most suitable product, for example, in the context of providing additional
services or servicing;
- sending you messages, notifications and confirmations to help you complete
your business case;
- direct marketing (including but not limited to offering relevant services and
products to existing customers);
- the transfer of personal data for internal administrative purposes
(including the processing of personal data of customers or employees), reporting and the creation of
analytical models based on aggregated and anonymised personal data;
- Prevention and detection of
fraudulent behaviour, prevention of non-compliance with legislation; prevention of money laundering,
terrorist financing, embargoes;
- processing of CCTV footage for the purpose of eliminating
violations and protecting persons and property;
- testing of software changes;
- research and
development of products/services and market analysis;
- analysis of your data and data about goods
and services in order to set appropriate parameters for the offer of the store;
- processing analyses
over aggregated (anonymised) data for historical, statistical and scientific purposes ensuring network
and information security (i.e. the ability of a network or information system to withstand random events
and unlawful or malicious acts) to prevent unauthorised access, the spread of malicious code and to
prevent attacks and damage to computer and electronic communications systems.
We process personal data manually and by automated electronic systems (e.g. using software or
applications). In order to protect personal data, we have set up technical, organisational and personnel
security measures, the effectiveness of which we regularly and systematically check. We do not carry out
processing of personal data that would lead to automated decision-making.
Your personal data may be processed by the Controller or by our external collaborators and
processors.
We carefully select the entities that cooperate with us on the basis of guarantees that
ensure the technical and organisational protection of the personal data transmitted to us. The
processing of personal data may only be carried out for us by processors and only on the basis of a data
processing contract.
In this sense, the controller may provide your personal data to the following
recipients for legitimate purposes:
- external collaborators and suppliers for the purpose of
fulfilling the contract,
- persons who provide us with the technical operation of a particular
service or operators of the technologies we use for our services;
- to marketing and research
agencies for the purpose of marketing processing or surveys and to offer business, services and products
of selected business partners;
- to advertising system operators in connection with targeted
advertising;
- operators of technical solutions that enable us to show you only content and
advertising that is relevant to you;
- payroll processors;
- recruitment agencies, training course
providers and incentive programmes;
- providers of services necessary for the performance of our
activities (administrative activities, training activities, archiving, legal advice, etc.);
-
providers of postal, communication and electronic communications services;
- security agencies for
the protection of persons and property;
- collection agencies and law firms for the purpose of debt
recovery;
- bailiffs for the purpose of pursuing related claims;
- the regulator and
administrative authorities for the purpose of supervision under specific legislation.
Your personal data is not transferred to third countries outside the EU.
We keep your personal data only for the necessary period of time and archive it in accordance with
the statutory time limits imposed by law. In the case of data on transactions and customers, this is for
a period of 10 years from the conclusion of the contract with you. We process personal data for the
duration of the legal title that allows us to process your personal data. If the title for processing
your personal data is our legitimate interest and there has been no transaction between us, we process
your personal data for a period of 5 years from the date of acquisition. Once the lawful reason is lost,
we delete the relevant personal data. We only retain personal data that we process with your consent for
the duration of the purpose for which the consent was given. In the case of processing personal data for
the purpose of sending commercial communications, we process the personal data until the request to stop
sending commercial communications is made (but for a maximum of 10 years from the last active contact
from your side) and for a further 12 months from the withdrawal of consent in case we need to prove that
the commercial communications were sent legitimately.
We process your personal data transparently, fairly and in accordance with legal requirements. At the same time, you have the right to contact us at any time to obtain information about the processing of your personal data or to exercise the rights listed below that are related to personal data.
You have the right to ask us to tell you whether we are processing your personal data and, if so,
you have the right to receive that personal data and information about the processing from us. The first
copy of the personal data we process will be provided free of charge and we may charge you a reasonable
fee for further copies, the amount of which will be proportionate to the administrative costs involved
in processing your request.
If you believe that the personal data we process about you is inaccurate or incomplete, you have the right to ask us to update or complete it.
You have the right to request the erasure of your personal data if:
- they are no longer
necessary for the purpose for which they were processed,
- you have withdrawn your consent to their
processing,
- they have been unlawfully processed,
- you object to the processing and there are no
overriding reasons for the processing,
- the data must be erased in order to comply with a legal
obligation under EU law or a legal order to which we are subject,
- it was collected in connection
with the offering of information society services. This does not apply if the processing of your data is
necessary
- for the exercise of the right to freedom of expression and information,
- to comply
with a legal obligation that requires processing,
- for archiving purposes in the public
interest,
- for the establishment, exercise or defence of legal claims..,
You have the right to request restriction of processing if
- you contest the accuracy of your
personal data; or
- the processing is unlawful, but you refuse to erase such personal data and only
want to restrict the processing of your data, or
- We no longer need your data for the purposes of
processing, but you ask us to provide it for the establishment, exercise or defence of legal claims;
or
- you have objected to the processing and it is not clear that our legitimate interests outweigh
your legitimate interests.
In the case of automated processing of personal data that is based on a contract or consent that
you have given us, you have the right to so-called portability of this data, which will be provided to
you in a structured, commonly used and machine-readable format.
You can object at any time to the processing of personal data that we carry out on the grounds of legitimate interest, including profiling. Similarly, you can object to processing where we process your personal data for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.
If you have given us consent to process your personal data for purposes that require consent, you have the right to withdraw that consent at any time. The processing of personal data that occurred prior to the withdrawal of consent is lawful.
You have the right to lodge a complaint with the supervisory authority (the Office for Personal Data Protection) if you believe that the processing of your personal data has violated the data protection rules.
Any requests regarding the protection and processing of your personal data can be sent to us using the contact form here. We will respond to your requests concerning the exercise of your rights without undue delay within 30 days of receipt of the request. However, the deadline can be extended by a further two months if necessary. We will always inform you of any such extension, including the reasons for it. We will communicate in the way you prefer (e-mail, letter).
This section of the Policy applies to the processing of personal data of our employees and job applicants in our company. The data listed in section 2. Contacts, 5. Handling of personal data, 6. Recipients and processors of personal data and 9. Your rights in relation to data protection apply mutatis mutandis.
We collect and handle the personal data that we strictly need to carry out our activities as an employer. In particular, we process the following personal data relating to an employee or job applicant:
Name and surname, date and place of birth, birth number,
address of permanent or temporary residence, delivery or other contact address, telephone number, e-mail address,
Photograph, bank account number, ID card number, driving licence number, passport number (for
foreigners), information on education and previous experience, title, health insurance information,
marital status, number of children, information on criminal activity,
name, surname, date of birth or birth number of spouse, address of his/her permanent residence,
name and address of his/her employer; name and surname of child, his/her birth number.
Some of the data listed above are considered to be special categories of personal data. A special
category of personal data is considered to be data that are considered sensitive to the data subject and
are afforded enhanced protection in processing. The lawfulness of their processing is based on the
General Regulation for the field of employment law and the performance of the employer's activities,
therefore the data subject's consent is not required. Special categories of personal data include health
data, as well as, for example, photographs, copies of identity cards or passports, genetic and biometric
data, information on the data subject's criminal activities.
The lawfulness of the processing of personal data is based on the following titles:
- Consent of
the data subject
- Performance of a contract,
- Protection of the employer's rights and legitimate
interests
- Compliance with legal and regulatory obligations.
The lawfulness of processing
special categories of personal data (so-called sensitive data) is based on the following titles:
-
Consent of the data subject,
- Fulfilling the obligations and exercising the special rights of the
Controller in the field of labour law,
- Establishment, exercise or defence of legal claims.
As a
rule, one title applies for each processing purpose, although for some purposes of processing personal
data the titles may be cumulative.
The processing of personal data for the purpose of carrying out the employer's activities is
carried out on the basis of the performance of a contract. The performance of these activities includes
the processing of personal data in order to:
- selection procedures,
- the performance of an
employment contract (including the performance of specified duties) under the Labour Code
- personnel
and payroll,
- management, planning and organisation of work,
- equality and diversity in the
workplace, health and safety at work,
- protection of the employer's property,
- enjoyment of
rights and benefits associated with employment,
- termination of employment.
Processing of
personal data for the purpose of carrying out the employer's activities for the purpose of fulfilling
legal and regulatory obligations and fulfilling the obligations and special rights of the Controller in
the field of labour law. The performance of these activities includes the processing of personal data
for the purposes of:
- tax purposes, i.e. calculation of monthly tax advances, declaration of income
tax payer under the Income Tax Act,
- pension, sickness and health insurance under the Pension
Insurance Act, the Sickness Insurance Act and the Public Health Insurance Act,
- verification of
international sanctions lists according to the Act on the Implementation of International Sanctions.
Processing
on the basis of the legitimate interest of the Administrator. In this case, we process personal data of
employees and job applicants for the following purposes:
- Protection and exercise of our rights and
legal claims, protection of intellectual property rights, trade secrets, protection of our good name and
reputation,
- ensuring the prevention and detection of crime,
- ensuring the health and safety of
employees and job applicants,
- the transfer of employees' personal data for internal administrative
purposes.
The processing of personal data for purposes other than those set out in Article 10.2.1 Processing
of personal data without the need for the data subject's consent is only possible with the consent of
the data subject. The provision of such consent is voluntary, but in some cases may be a prerequisite
for the exercise of a right. The employee or job applicant has the right to refuse or withdraw consent
at any time in writing. Withdrawal of consent does not affect the lawfulness of processing based on
consent given before its withdrawal. With the consent of a job applicant who is unsuccessful in a
particular selection procedure, we will retain his/her personal data for the purpose of offering him/her
participation in another selection procedure.
We pay particular attention to the retention of personal data of job applicants and employees or
former employees, also in view of the fact that certain legal provisions stipulate a minimum retention
period for personal data. Therefore, we carefully evaluate which documents and data need to be retained
and which can be disposed of without undue delay after the end of the employment relationship.
We process and store the personal data of the job applicant for the duration of the selection
procedure, but no longer than 6 months after the job applicant has provided it. If the applicant's
consent is given, we also retain the personal data for the purpose of offering participation in another
selection procedure, for a period of 5 years after the provision of such personal data. Otherwise, we
will securely delete or destroy the job seeker's personal data.
We process and store an employee's personal data for at least the duration of the employment
relationship. After the termination of the employment relationship, we keep a personal file with the
personal data of former employees for a further 10 years in order to effectively defend our rights and
interests, if necessary. For specific documents containing personal data, as mentioned above, specific
regulations provide for a different minimum retention period. These include, in particular, copies of
record sheets (retention period of 3 years), accounting documents (retention period of 5 years), records
of social security contributions and contributions to state employment policy (retention period of 10
years), payroll records or accounting records of data required for pension insurance purposes (retention
period of 50 years). Records of the result of a search of a person on international sanctions lists
shall be kept for 10 years.
The data that we process is mainly obtained from the subject of that personal data. However, we may
also obtain personal data from other sources to verify that the data we hold is complete and true. We
process personal data that is communicated to us mainly during the selection process and the conclusion
of an employment contract (or agreements for work performed outside the employment relationship) and
during the duration of the contract, either directly by the job applicant or through a cooperating
recruitment agency. References about a job applicant may also be provided by a current or former
employer with the applicant's consent. We also obtain the personal data of the job seeker from publicly
available social media profiles, possibly from publicly available registers of records (e.g. commercial
register, trade register).
When an employer carries out its activities, in particular when assessing a suitable candidate for a job, profiling is used, which means the automated processing of personal data in order to predict the behaviour of a specific person on the basis of a profile made up of his or her qualities, characteristics or preferences. In particular, profiling is necessary in order to recruit the candidate who best matches our needs and requirements. We do not carry out processing of personal data that would lead to automated decision-making.
In the context of improving our customer service and ensuring the full functionality of our
website, certain data and other information is collected and recorded (other information does not
constitute personal data). This data and other information is used to evaluate user activity on the
website for statistical purposes. All personal data is processed in its anonymised form. We use Google
Analytics to process the data for statistical purposes; this ensures the monitoring of the data relating
to the products offered on the Controller's website, in order to optimally tailor them to customers. In
order to provide you with the most user-friendly website possible, we also use the services of Google
Czech Republic, s.r.o., based in Prague 5, Smíchov, Stroupežnického 3191/17, Postcode 150 00 ("tracking
technologies"). Tracking technologies help us to understand how you use the services on our website so
that we can make them intuitively easy to use. They also allow us to see what goods and services you are
most interested in so that we can more easily offer them to you. When you visit our website, we collect,
aggregate and evaluate the necessary data through measurement codes installed on our website ("tools").
The Tools connect our website to your web browser, which sends the following information about your use
of our website:
- Request (this is the filename for the client request expressed by you), e.g.
www.vzorek.cz/index.html;
- Browser type / browser version (e.g. Internet Explorer, Chrome, Firefox);
-
Browser language (e.g. English);
- Operating system used (e.g. Windows XP, Windows 10, iOS);
-
Internal resolution of the browser window;
- Screen resolution;
- JavaScript activation;
- Java
on/off;
- Cookies yes/no;
- Color depth;
- Referrer URL (label for the URL from which the web
page was visited);
- IP address of the user.
- Time stamp relating to the date and time when the
website was accessed;
- Number of clicks;
In addition, information may also be collected from the
content of completed/incomplete forms (text fields that need to be filled in, such as login name and
password. In these cases, information is collected on whether the form has been 'filled in' or 'not
filled in').
Beyond the scope of the Czech legal regulations, we offer users of our website the possibility to disable the storage of their anonymous user data so that it can no longer be collected in the future. Our website provides an appropriate number of cookies to block webtracking (one cookie for each consent). These cookies will block webtracking for a specific tracking service in the future. This prohibition will remain in force until you delete these cookies, but no longer than 1 year, at which point you will be asked again to allow or refuse the collection of cookies. For more information on cookies, see section 11.6 Cookies.
Through the use of conversion cookies on our website, orders and registrations made after clicking on an advertisement on a third-party website or following a link through our link placed on a third-party website are tracked. The purpose of this tracking is to maximise the personalisation of advertisements to our customers. In addition, links are linked, evaluated and used for billing purposes. Conversion cookies do not contain personal data and therefore cannot be used to personally identify the customer. The third-party website provider only receives data on the total number of users who have clicked on an advertisement or purchased its product.
The IP address is transmitted whenever a request is sent to the web server so that it knows where
to send the response. Each customer receives a dynamic IP address from their Internet Service Provider
("ISP") at the time they connect to the Internet. For this reason, the ISP can identify the specific
customer to whom it has assigned the IP address. Based on the storage of the IP address on our server,
it is possible for us to determine the identity of the user connected to the Internet through additional
information obtained from the ISP. For this reason, we do not permanently store an IP address that could
be used to identify a specific user. The IP address is only used for the purpose of identifying
individual logins to our website and also as a means of defending against cyber attacks.
Every time you visit our website, the Administrator sends your web browser information about your
user data, which is stored in log files, called server log files. The data transmissions that are stored
in this way contain the following data: the date and time of the visit to the website, the URL of the
website visited, the IP address, the original URL (so-called referrer) from which you came to our
website, the amount of data transmitted and the user agent information sent by your web browser
(possibly also the type and version of the browser and the operating system used). The evaluation of the
log data files serves to make it easier for us to find errors and to be able to eliminate them as
quickly as possible. In addition, it allows us to manage server capacity and further improve our
offer.
We use so-called cookies within the website. Cookies are small text files containing short data
that can be stored on your computer when you visit our website. Cookies can only contain information
that we send to your computer and therefore do not retrieve your personal data. At the same time, the
use of cookies does not result in the linking of other data unless you have expressly consented to this.
Consent to the use of cookies is not a prerequisite for visiting our website. However, we would like to
point out that the use of the Garage function and personalized commercial offers can only be provided if
you allow cookies. Cookies can be stored on your computer for varying lengths of time. Some cookies are
limited by the duration of the session (so-called session or "session cookies"). This means that they
only exist while the web browser is running and are automatically deleted when the browser is closed.
Other cookies are persistent (so-called "persistent cookies"). These cookies remain in the web browser
after it has been closed until a specified date, or until they are manually deleted by the user. These
cookies can be used to identify the user's computer when the web browser is restarted and the internet
is browsed again. In any case, cookies do not affect the technical use of your computer and do not
contain viruses. We use the following cookies on our website1:
- Cookies required for the operation
of the website, which are necessary to ensure the full functionality of the use of our website,
so-called technical cookies;
- cookies that are not strictly necessary for the functioning of the
website, but whose use improves the user experience and makes browsing the website easier. These cookies
are used to improve our product offerings (e.g. load limitation, Weblantis login functionality;
-
ever cookie (to distinguish between existing and new customers).
The storage of cookies can
generally be disabled in the settings of the web browser (it is also possible to disable the possible
use of third-party cookies). However, if the user does so, some functions of the website may be
unavailable or the refusal of cookies may have the effect of reducing the user experience.
The provision of personal data is voluntary. However, to the extent that we are obliged to collect,
process and store our clients' personal data (see paragraph 3.1 Identification data), the provision of
certain personal data is a condition for the sale of goods or the provision of our services. The
provision of the remaining personal data is dependent only on your will, the sale of goods or the
provision of services by us is not conditional on this. The processing of your personal data, often only
in anonymised form, without us being able to identify you as a specific user at all, enables us to
continuously improve our services and develop new services. If you do not give us your consent, if your
consent is required for processing, or if you subsequently withdraw it, we may not be able to continue
to provide you with some of our services or we may not be able to provide them to you in full or in
quality.
We are entitled to make changes to this Policy from time to time. All changes and the latest version of the Policy will be available on this page.
This Policy applies in the relevant countries in which the Administrator operates. The approach to data protection may vary slightly from country to country, in which case local annexes are also part of this Policy. This ensures compliance with data protection requirements regardless of where you operate.