Protection of personal data
1. Introductory Provisions
Principles of personal data processing for customers and employees of Vím o svem s.r.o. and users of the Stavario application according to Regulation of the European Parliament and of the EU Council 2016/679 issued by the company Vím o vesm s.r.o., IČO: 06935338, VAT number: CZ06935338 with registered office at Smetanova 1249/6, 419 01 Duchcov (hereinafter referred to as the company). The company is the controller of personal data according to Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The aim is to provide information about what personal data the company processes about data subjects when delivering and providing services, selling goods, when visiting websites operated by the company, as well as the Stavario online application operated by the company and contacts with existing and potential customers, for what purposes and how long the company processes this personal data in accordance with the applicable legal regulations, to whom and for what reason it can pass it on. Furthermore, to inform about what rights belong to the subjects of personal data in connection with the processing of their personal data. This always happens only to the extent given by the specific service or purpose of processing.
These principles are issued in accordance with Regulation of the European Parliament and of the EU Council 2016/679 of 27 of April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data) (hereinafter referred to as the Regulation or GDPR).
This document will be updated regularly. You can always find the valid version at https://www.stavario.com/cs/obchodni-podminky/ochrana-osobnich-udaju, previous versions are available on request from the company at the contacts listed in this policy,
You can be absolutely sure that we handle your personal data with due care and in accordance with applicable legal regulations. We always respect the highest standards when processing them. The company has the strictest rules stipulating which employee can have access to your personal data and which data, including how they can process it. In principle, we do not transfer your personal data outside the company, except in cases where we have your consent, we are required to do so or we are authorized to do so by a legal regulation or our legitimate interest (for example, in the case of suppliers, an external accounting company or a lawyer or in the case of requests from public authorities, that is, for example, law enforcement agencies, etc.).
2. Categories of personal data
Personal data is any information that relates to a natural person that the company is able to identify. In connection with the provision of services and the sale of goods, the company may process personal data. However, we only process such data in order to provide you with professional services and to fulfill our contractual obligations in relation to you and to comply with our legal obligations and protect our legitimate interests. We collect data mainly about our clients - customers, including potential clients who are interested in our services or whom we have approached with our offer. Depending on the nature of the situation, we process data on, for example, representatives, including members of statutory bodies and employees.
1) Basic personal identification data and address data
Such data are necessary for the conclusion and performance of the contract. These are in particular:
- name and surname
- business name
- ID VAT
- permanent address
- address of registered office or place of business
- billing address
- mailing address
- bank connection
- birthdate
- image of your signature (biometric signature)
From technical data, we include your IP address as identification data.
Identification data is a mandatory part of every contract you enter into with the company. We use and process identification data to the extent prescribed by legal regulations, in particular Acts No. 89/2012 Coll., Civil Code, No. 634/1992 Coll., on consumer protection, No. 235/2004 Coll., on tax from of added values, No. 563/1991 Coll., on accounting. Furthermore, we use the data for the purpose of achieving the purpose of the contract and managing your account, i.e. to fulfill your contracts with the company. Without providing this data, we cannot fulfill our obligations under the given contracts.
2) Contact details
The data is needed to contact the data subject. These are in particular:
- name and surname
- telephone number
- mailing address
- the address of your profile on social networks
Please note that the main communication channel is email or contact via social networks and/or a phone call, when communication with you and therefore the use of personal data will occur when communicating by email or by phone.
3) Data on purchased goods, services received, use of services and payment ethics
- the type and specifications of the service or goods provided
- volume of services provided and their price
- information on payment morale
4) Data from communication and interaction between you and the company
This data is generated during communication related to the provision of services between companies. These are records of personal communication with the customer, written and electronic communication with the customer. This data also includes data from the use of our website and application. Thanks to your preferences, the company can improve the quality of its services and offer you products that are tailored to you (personalization).
5) Data processed on the basis of consent to the processing of personal data
Processing on the basis of consent to the processing of personal data is not absolutely necessary for the fulfillment of the contract or legal obligations or the protection of the legitimate interests of the company, but their processing will enable the company to improve the services provided and possibly inform customers about offers that are suitable for them. Personal data is only processed if consent is granted and may be processed for the period of validity of this consent. After withdrawal of consent, this data can only be kept to fulfill other purposes (e.g. in the case of a biometric signature to fulfill a legitimate interest in the case of a concluded contract). These are in particular:
- use of contact data for marketing (processing based on consent to the processing of personal data for marketing and business purposes)
- biometric signature data (signing within the application)
3. Purposes, legal reasons and periods of personal data processing
The scope of the processed data depends on the purpose of the processing. For some purposes, it is possible to process data directly on the basis of a contract, legitimate interest, or on the basis of law (without consent), for others only on the basis of consent.
1) Processing due to the fulfillment of a contract, fulfillment of legal obligations or due to legitimate interests
In order to enter into a contract with you and provide our services, we need to know your basic data. The provision of personal data necessary for the performance of the contract, the fulfillment of legal obligations and the protection of legitimate interests is thus necessary. Without providing personal data for these purposes, it would not be possible to provide services. Processing for the purpose of fulfilling the contract and the fulfillment of legal obligations cannot therefore be refused.
In order for you to be able to operate your personal account in the Stavario application, we manage your access data - especially login names and passwords, which are used to securely authenticate the logged in person.
As part of the simplification and functionality of the Stavario application, the company allows you to conclude any contract within the application using a biometric signature.
These are in particular the following basic sub-purposes:
- provision of license (performance of contract)
- billing for services (contract performance)
- fulfillment of legal tax obligations (fulfilment of legal obligations)
- purposes established by special laws for the needs of criminal proceedings and to fulfill the obligation to cooperate with the Police of the Czech Republic and other state authorities (fulfilment of legal obligations)
- processes associated with customer identification (contract fulfillment)
- collection of customer claims and other customer disputes (legitimate interest)
- collection of customer claims and other customer disputes (legitimate interest)
- register of debtors (legitimate interest)
Personal data for these activities are processed to the extent necessary for the fulfillment of these activities and for the period necessary to achieve them or for the period directly stipulated by legal regulations.
We only keep your data for as long as necessary. We keep them for 10 years due to the fulfillment of legal obligations, due to the duty of prudence and due professional care, especially with regard to the statutory limitation periods, then another 10 years. The long-term nature of some claims, such as the long-term duration of the license, extends the need for the length of processing at least for the duration of copyright protection.
According to the VAT Act, the company is obliged to keep tax documents and records with detailed data related to the selected services provided for 10 years from the end of the tax period in which the performance took place.
In addition to the stated archiving rules, the company keeps most of the data longer with respect to the company's obligations of prudence and professional care, especially in case it is necessary to present evidence in legal proceedings.
2) Processing of service customer data
In connection with the use of products and services, the company may use contact information to send information regarding the products and services used. It is primarily about creating a suitable offer of the company's products and services.
3) Processing cookies from websites operated by ABRA Software a.s.
If the subject has cookies enabled in his web browser, we process behavioral records about him from cookies placed on websites operated by companies, for the purpose of ensuring better internet operation and for the purposes of the company's internet advertising.
If the subject has cookies enabled in his web browser, we process behavioral records about him from cookies placed on websites operated by companies, for the purpose of ensuring better internet operation and for the purposes of the company's internet advertising.
A cookie is a short text file that the visited website sends to the browser. Allows the website to record information about the Data Subject's visit, such as preferred language and other settings. Cookies serve a variety of purposes. They are used, for example, to store your safe search settings, to select relevant advertisements, to monitor the number of visitors to the page, to facilitate the registration of new services, to protect your data or to save. You can find more about cookies at https://policies.google.com/technologies/types?hl=cs.
Website users can refuse the use of cookies by selecting the relevant settings in their browser, but if the Data Subject does so, he must be aware that he may not be able to fully use all the functions of this page. Website users can refuse the use of cookies by selecting the relevant settings in their browser, but if the Data Subject does so, he must be aware that he may not be able to fully use all the functions of this page.
Each user, i.e. also the customer, determines in the settings of his PC, or in the browser settings, whether the browser should allow the website to store cookies on the end device. This setting can be considered as consent to the processing of personal data. The browser is a tool for mediating consent.
4. Categories of recipients of personal data
The company uses the professional and specialized services of other entities in fulfilling its obligations and obligations from the contracts. This is mainly about debt collection, activities of experts, lawyers, auditors, administration and solutions of IT systems, internet advertising or sales agency, bookkeeping, information for financial operations for the purpose of making payments, performance of analytical services. We carefully select each such entity and conclude a personal data processing contract with each one. In case of interest, the company will inform the specific recipient with the request.
Processors are companies based both in the Czech Republic and in a member state of the European Union. Personal data is not handled in any way, we do not sell or redistribute personal data for any purpose other than that stated in these policies.
As part of the fulfillment of its legal obligations, the company transfers personal data to administrative bodies and authorities established by applicable legislation, if necessary.
5. Method of personal data processing
The company processes personal data manually and automatically.
6. Information on the rights of data subjects in connection with the processing of valid personal data
According to the Regulation, if the data subject is an identifiable person and proves himself to the company, he has the following rights.
1) Right of access to personal data
According to Art. 15 of the regulation, the data subject has the right to access personal data. You have the right to ask the company for confirmation as to whether we are processing personal data concerning you and to obtain an overview of this data from us. Furthermore, you have the right to be informed about the purposes of their processing, categories, planned storage period, from which source we have the data and with whom we share it, about your rights to correction, erasure of data, restriction of their processing, the possibility to raise an objection with us or file a complaint with the supervisory authority , and whether automated decision-making takes place and related information.
2) The right to correct inaccurate data
According to Art. 16 of the regulation, the data subject has the right to correct inaccurate personal data. In the event that the personal data concerning you is incorrect or inaccurate, we will of course correct it at your request. We can also supplement the data at your request.
3) Right to erasure
According to Art. 17 of the regulation, the data subject has the right to delete personal data concerning him. In the following cases:
- the company no longer needs the data for the purposes for which it collected them about you;
- the company processes the data on the basis of your consent, which you have withdrawn, and the company cannot process the data on the basis of another legal reason (e.g. our legitimate interest);
- you have objected to the processing based on legitimate interests or public interests;
- the processing is unlawful;
- we must comply with our legal obligation by erasing;
However, we would like to point out that the company will not and cannot delete data if data processing is necessary, among other things:
- to fulfill a legal obligation or a task carried out in the public interest;
- for archival purposes in the public interest;
- for securing and enforcing legal claims;
- for another purpose that is compatible with the original purpose.
4) Right to restriction of processing
According to Art. 18 of the Regulation, the data subject has the right to limit processing until the resolution of the complaint, if he denies the accuracy of personal data, the reasons for their processing or if he objects to their processing.
5) Right to notification of correction, erasure or restriction of processing
According to Art. 19 of the Regulation, the data subject, if he so requests, has the right to be notified by the company in the event of correction, deletion or restriction of personal data processing carried out in accordance with Article 16, Art. 17 par. 1 and Article 18.
6) Right to portability of personal data
According to Art. 20 of the regulation, the data subject has the right to the portability of the data concerning him and which he has provided to the administrator, in a structured, commonly used and machine-readable format, and the right to request the company to transfer this data to another administrator.
7) The right to object to the processing of personal data
According to Art. 21 of the regulation, the data subject has the right to object to the processing of his personal data due to the legitimate interest of the company.
8) The right to withdraw consent to the processing of personal data
Consent to the processing of personal data for effective marketing and business purposes can be revoked at any time. It is necessary to make the appeal explicit, understandable and a certain manifestation of will with the possible identification of the data subject.
9) The right to contact the Office for the Protection of Personal Data
In case of suspicion of a violation of the protection of personal and private life, which should be caused by the processing of personal data, the Data Subject has the right to demand an adequate explanation. The data subject is also entitled to file a complaint at any time with the supervisory authority, which is the Office for Personal Data Protection, Plk. Sochora 27,170 00 Praha 7, www.uoou.cz.
7. The personal data processing policy is valid from 14 12. 2018.
You can exercise your rights, for example, by sending an email or letter to the company's contact details:
Vím o všem s.r.o.
Smetanova 1249/6, 419 01 Duchcov
info@stavario.com