Protection of personal data
Information about personal data processing
This document provides you with information about your rights relating to the processing of personal data by EFES, spol. s r.o., Company ID: 41189710, with its registered office at K Radotínu 492, 156 00 Prague 5, registered by the Municipal Court in Prague, Section C, under file 3360 (hereinafter the “Company” or the “Controller”).
In personal data processing we follow legal regulations, in particular Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and on Personal Data Protection Act No. 101/2000 Coll. Personal data processing always takes place only to the extent of the respective service or purpose of the processing.
We treat personal data with the due care and in accordance with the applicable legal regulations. We protect personal data to the maximum possible extent, which corresponds to the technical level of the available resources.
The Company has strict rules determining which authorised person has access to personal data and which personal data can be processed. We do not transfer personal data unless we have consent, unless such transfer is imposed by law or we are entitled for such transfer by a legal regulation or a legitimate interest.
If you disagree with the method your personal data is processed, you can contact the Office for Personal Data Protection at: Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
Purpose and extent of personal data processing
The Controller processes personal data in accordance with European Union laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”).
The Controller only processes the personal data for the specified purpose, to the extent specified below, and for the period stated in the concluded contracts or in the applicable legal regulations.
The Controller shall process the personal data necessary for performing the contract concluded between the Controller and the data subject for the purposes of implementing the business relationship between the Controller and the data subject as contained in the contract and for managing the relationship with the data subject. The Controller processes personal data on the basis of their legitimate interests as well as based on legitimate interests of the Controller’s partners, unless such interests are outweighed by interests, rights or freedoms of the data subject. The Controller further processes personal data to analyse and improve the quality of its services. The Controller shall use the personal data to create a relevant promotion event and to offer the Company’s products and services. Personal data can be processed both manually and by computers.
Basic purpose of the personal data processing
Personal data processing purposes, for which the personal data is intended, and the legal basis for processing:
- Processing of requirements and preparation of a contract, provision of information
- Performance of contract and provision of services
- Arranging for operating activities
- Accounting and tax purposes
- Exaction of receivables
- Performance of a legal obligation
- Protection of property and persons
- Archiving made based on law.
By providing your personal data, you agree and grant your consent to your personal data processing. Please be careful during the on-line inputting of personal data. It is your responsibility to safeguard your passwords and personal information. By using this website, you confirm the aforementioned and take over the said risks.
Extent of personal data processing:
The Controller processes the personal data to the extent to which it was provided by the data subject or otherwise collected by the Controller and processed by the Controller in accordance with the applicable legal regulations or for fulfilment of the Controller’s statutory duties. The aforementioned particularly includes the following categories of personal data:
- Address and contact details, in particular name, surname, date of birth, birth registration number, residential address, telephone number and others,
- Descriptive data, for example, a bank account number,
- Other data resulting from a specific contract or law,
Rights of the data subject:
The Controller processes the personal data transparently, correctly and in accordance with GDPR. The data subject has the right to access their data, to an explanation as well as other rights if the data subject believes that the personal data processing is not right. The data subject may lodge a complaint with the Office for Personal Data Protection.
The Controller shall inform the data subjects about their rights, which are as follows:
- The right to know the purpose of the personal data processing,
- The right to know the category of the respective personal data,
- The right to know the personal data recipients or categories of the recipients,
- The right to know the period for which the personal data will be saved,
- The right to require the Controller to correct or erase personal data or restrict its processing and to file objection against such processing,
- The right to file a complaint with the supervising authority,
- The right to any available information about the source of personal data if it is not obtained from the personal data subject,
- The right to withdraw the consent to the personal data processing at any time if personal data is processed on the basis of the granted consent,
The data subject has the right not to provide their data to the Controller. In the event that the provision of such personal data is obligatory (by law or according to contract), the Controller shall notify the data subject that the Controller will not be able to provide their services.
Personal data processors and recipients:
Processors and recipients of personal data administered by the Controller are:
- Service suppliers and providers,
- Financial institutions and banks,
- State and other authorities within performing their legal obligations.
Camera surveillance system
The Controller’s premises are monitored by a camera surveillance system, of which the visitors of the establishments are informed. The purpose of the personal data processing is to monitor the designated areas. The processing is carried out in accordance with Article 6 (1) (f) of the GDPR where the consent of the data subject is not necessary, because the processing is necessary for the legitimate interests of the Controller or any third party, and to protect the interests and fundamental rights and freedoms of the data subject. The legitimate interests include protection of property, protection of the Controller’s interests, and protection of persons located in the monitored premises, examination of the course of accident at the workplace, occurrence of damage, examination of circumstances of the alienation of things from the workplace, and trespassing by an unauthorised person in the Controller’s premises.
Recordings from the camera system are stored in accordance with law and internal regulations, and then erased in an automatic loop. No sound recordings are made, and no software is used to compare certain biometric characteristics of the data subject (e.g. motion or walking characteristics of the data subjects).
An IP address is a specific number that allows you to identify a user’s internet connection, and your web browser provides it automatically whenever you visit the website. Visiting the Company’s website may result in registration of the respective IP address upon entering the Company’s website. IP addresses are also used to calculate traffic and utilisation of the Company’s website and monitoring of the website use.
Cookies data files
Your consent to placing cookie files is voluntary. If you wish, you can block some or all cookies or delete cookies that have already been set up. If you block or delete cookies sent from our website, which are vital, or which ensure the functionality and performance, this might result in an impossibility to use the website.
You can display the types of cookies used on our website to collect information how to change the cookie settings, or how to block the cookies used on our website.
In the case of asking any question or exercising any right set out in the GDPR, the Controller shall provide its contact details, which the data subject may use for contact.
The materials on this website are provided by the Company as a service to its customers, and the materials can only be used for information purposes.