PRIVACY POLICY
The protection of personal data is a priority of our company, below we provide detailed information about the principles of personal data processing in our company and why we process your personal data, what your rights are in connection with the processing of your personal data, and other information regarding personal data processing. When processing personal data, we follow strict rules in our company and make sure that only authorized persons have access to them. Without your knowledge, we do not transfer your personal data outside the structure of our organization, except in cases of your consent, or when required by law or authorized by law, or if it is in our legitimate interest.
Please read the personal information processing information below.
1. Personal data controller Lesya Klymyuk, IČ: 27189074, with its registered at Na Kocandě 239, 25063 Veleň (hereinafter referred to as the “Administrator”) hereby informs about the purpose, scope, time and legal title of processing personal data of data subjects, including access to them and scope the data subject’s rights relating to the processing of personal data by the controller. The Administrator is the operator of servers on the Internet – hereinafter referred to as the Administrator’s servers. 2. Legal regulations, concepts The controller processes personal data following valid legal regulations, ie Act No. 101/2000 Coll., On the protection of personal data (hereinafter the „Act“) and with effect from 25 May 2018 also REGULATION OF THE EUROPEAN PARLIAMENT AND COUNCIL (EU ) 2016/67 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (“the Regulation”).
For the purposes of the principles below, the administrator shall use the following terms of the Regulation:
• personal data – all information about an identified or identifiable real person (data subject).An identifiable real person is an idividual who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or cultural elements. the social identity of that natural person;
• special categories of personal data – personal data that reflect racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data to uniquely identify a natural person and health or sexual life or sexual orientation of a natural person;
• processing of personal data – any operation or set of operations with personal data or sets of personal data which is carried out with or without the aid of automated procedures such as the collection, recording, arrangement, structuring, storage, adaptation or modification, retrieval, inspection, use, disclosure by transmission, dissemination or any other disclosure, sorting or combination, restriction, deletion or destruction;
• pseudonymization – processing of personal data so that they can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separate and subject to technical and organizational measures to ensure that it is not assigned to an identified or identifiable natural person ;
• controller – an individual or legal person, public authority, agency, or other entity which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, that law may specify the controller concerned or specific criteria for its designation;
• Recipient – an individual or legal person, public authority, agency, or other entity to which personal data are provided, whether a third party or not;
• consent of the data subject – any free, specific, informed, and unambiguous expression of will by which the data subject gives his / her consent to the processing of his / her personal data by a statement or other obvious confirmation;
• processor – a natural or legal person, public authority, agency, or other entity that processes personal data for the controller;
• records – any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or broken down by function or geography;
• deletion of personal data – the physical destruction of media, their physical deletion or permanent exclusion from further processing;
• restrictions on the processing of personal data – marking of stored personal data to limit their processing in the future;
• personal data breach – a breach of security that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized provision or disclosure of personal data transmitted, stored or otherwise processed;
• Supervisory Authority – an independent body established by an EU Member State, which is responsible for monitoring the application of personal data protection requirements; in the Czech Republic, this body is the Office for Personal Data Protection.
Purpose, scope, and duration of personal data processing The controller shall process the personal data of data subjects only to the extent necessary for the fulfillment of the specified purpose and only for the time necessary to achieve it, but no longer than for the period specified by the relevant legal regulations and following them.
The basic purposes of the processing of personal data by the Administrator are:
• business activities of the Administrator resulting from valid trade licenses. The administrator processes personal data to the following extent:
• identification data: title, name, and surname;
• address details: telephone, e-mail address;
• other personal data: bank account number; technical data: username, IP address. The controller does not process any special categories of personal data within the meaning of Article 9 of the Regulation. The deadlines for deleting the personal data of registered users of administrator servers are as follows:
• in the event that the user does not activate the account within 10 days of registration, the Administrator reserves the right to cancel the account and delete personal data without further notice,
• in the event of termination of subscription to messages or provision of services to registered users, the Administrator reserves the right to cancel the account and delete personal data without further notice within no more than 60 days,
· legal and contractual conditions govern all other deadlines for processing personal data the Administrator processes the data.
3. Legal title for the processing of personal data The controller processes personal data on the basis of the following legal titles:
• performance of the contract pursuant to Article 6, paragraph 1, letter b) Regulation;
• fulfillment of the legal obligation according to Art. 6 par. 1 let. c) Regulation;
• legitimate interest according to Art. 6 par. 1 let. f) Regulation.
4. Processing with consent
The controller processes personal data based on prior consent, which is necessary for:
4.1. Processing for marketing purposes We also process personal data for marketing purposes if we have given our consent for this purpose. Processing for marketing purposes includes in particular:
4.1.1 Offer of products and services Based on your consent, we may send you offers electronically, especially in the form of e-mail messages or messages sent to mobile devices.
4.1.2. Transfer of personal data to third parties The administrator uses detailed third-party tools – Google Analytics – to evaluate server traffic Details of this service are available here: https://analysis.google.com. The consent provided for marketing purposes is voluntary but is necessary for the provision of individual offers of our products and services. We cannot provide you with individual offers without the consent granted in this way. The consent for marketing purposes lasts for the duration of the contractual relationship with the Administrator and for the next 2 years after the termination of this contractual relationship or until the revocation of the consent. The consent can be revoked at any time at the following contact links of the Administrator or directly on the electronic account of each user.
5. Access to personal data Only the Administrator and persons who are employed by him concerning him or by processors based on a contractual relationship with the Administrator have access to personal data, and only for the specified purpose of processing. Access to and handling of personal data processed by the Administrator is subject to the Administrator’s internal security regulations. The controller may disclose the personal data of the data subject to third parties only in cases where this is required or permitted by law, otherwise only with the consent of the data subject. The processors of personal data are providers of services related to the operation of the Administrator’s organization.
6. Transfer of personal data to third countries The controller does not transfer personal data to third sides.
7. Rights of the data subject According to the Act and the Regulation, each data subject has the following rights:
• the right to access personal data – the data subject has the right to obtain confirmation from the Administrator whether he is processing his personal data and, if so, he has the right to obtain access to this personal data;
• the right to rectification or deletion, or restriction of processing, Regulation – the data subject has the right to request the Administrator to correct or supplement incorrect, resp. incomplete personal data, request the deletion of personal data if the reason for their processing has lapsed or is not given, or request a restriction on the processing of personal data in connection with the resolution of the circumstances of personal data processing with the Administrator;
• the right to data portability – the data subject has the right to obtain personal data concerning him provided to the Controller in a structured, commonly used and machine-readable format, and the right to transfer this data to another controller;
• the right to object – the data subject has the right to object at any time to the processing of personal data if the processing is carried out, ie necessary for the performance of a task carried out in the public interest or the exercise of public authority entrusted to the controller or the processing is necessary for the legitimate interests of the Administrator or a third party;
• not be the subject of a decision based solely on automated processing – the data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for him or is significantly affected by him in a similar way;
• the right to lodge a complaint with the supervisory authority – the data subject has the right to lodge a complaint with the supervisory authority if it considers that the processing of his personal data has been violated, and this supervisory authority will be the Data Protection Office for data subjects residing in the Czech Republic.
8. Cookies Cookies are small data files, thanks to which the user who visits the website can remember his actions and settings so that he does not have to enter these data repeatedly. Cookies are not dangerous, but they are important for the protection of privacy. Cookies cannot be used to identify visitors to the site or to misuse login details.
The administrator’s servers use cookies to preserve information about the registered user’s login to the EBE servers in the Internet browser (until the Internet browser is closed, but for a maximum of 8 hours). Furthermore, EBE servers use third-party cookies (eg Google Analytics for traffic analysis, and advertising servers for providing advertising). These cookies are controlled by third parties and the operator does not have access to read or write this data.
9. Contact details for data subjects To exercise the above rights, each data subject may contact the Administrator by telephone at +420 731 723 005 or by e-mail at info@moleeks.com