Processing of personal data information
The company PLAVBY LODÍ PRAHA, s.r.o. (hereinafter referred to as the "Administrator") informs the Customer as the data subject (hereinafter referred to as the "Customer") in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council
27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repealing of the Directive 95/46 / EC (General Regulation on the Protection of Personal Data) (hereinafter referred to as the "GDPR Regulation"), concerning the processing of its personal data:
Purpose of processing of personal data
Personal information is obtained directly from the customer at the time of sending the order. The administrator undertakes to process accurate personal data only for the purpose of:
- Compliance of the contract (service contract) [in accordance with Article 6 (1) (b) of the GDPR Regulation] and its subsequent compliance, including the dealing of any claims by the customer for defective performance. The processing of customer's personal data is also necessary to meet the statutory obligation that applies to the trustee. The trustee has the duty to comply with the statutory obligations arising from the laws governing rights and obligations in the context of consumer protection and bookkeeping. The reason for the provision of personal data by the customer to the trustee is the identification of the parties necessary for the conclusion and performance of the contract (contractual requirement), which would not be possible without providing such information. Failure to provide customer's personal information may result in non-performance or termination of performance by the trustee.
The administrator undertakes not to process personal data in a way that is incompatible with the above-mentioned purposes.
Extent of personal data
The administrator undertakes to process personal data only to the extent necessary in relation to the above mentioned purposes for which they are processed. The scope of personal information is as follows:
- name and surname,
- telephone number,
- email address
- address of residence in the case of sending gift vouchers by mail
(hereinafter referred to as "Personal Information").
Time of processing of personal data
The Administrator undertakes to process the personal data that he processes for the purpose of fulfilling the contract for a period of 5 years from the date of receipt of the personal data from the customer. The administrator is obliged to keep the personal data according to the generally binding legal regulations, namely according to Act No. 235/2004 Coll., On value added tax. After this time, the administrator has the obligation to liquidate personal data.
The categories of recipients of personal data and the transfer of personal data
The Administrator declares that personal data will only be made available to the appropriate trustee's employees who are required to maintain confidentiality of such data, as well as to security measures the disclosure of which would jeopardize the security of such personal data.
The Administrator also declares that he will not transfer personal data to third countries or any international organization.
Automated decision making
Automated decision-making will not occur when processing the customer's personal information according to Article 22 of the GDPR Regulation.
The trustee draws the customer´s attention to the fact that profiling occurs (a form of automated processing of customer's personal data by using personal data to evaluate some personal aspects relating to the customer, in particular to analyze or estimate aspects of personal preferences and interests).
Administrator uses profiling only to personalize service offerings (targeted advertising). If the customer raises an objection to profiling, the Administrator undertakes to terminate profiling in relation to the customer.
Rights of the data subject
The trustee informs the data subject about his rights under the GDPR Regulation, in particular:
- the right of access to personal data (the data subject has the right to obtain from the administrator a confirmation that the personal data concerning him / her are or are not processed under Article 15 of the GDPR Regulation);
- rights of corrections (the data subject has the right to correct the inaccurate personal data relating to him without undue delay, as well as the right to edit incomplete personal data under Article 16 of the GDPR Regulation);
- deletion rights (the data subject has the right to delete the personal data relating to the data subject without undue delay if one of the reasons given in Article 17 of the GDPR Regulation is given);
- the right to limit the processing (the data subject has the right to limit the processing to the controller, in the cases provided for in Article 18 of the GDPR Regulation);
- the right to data portability (the data subject has the right to obtain personal data that relates to the information provided by the controller in a structured, commonly used and machine-readable format, and the right to pass it on to another controller without the data controller being prevented from doing so in the cases referred to in Article 20 of the GDPR ); the customer may exercise the right to data portability only in the case of the processing of personal data in order to comply with the contract under Article 20 of the GDPR Regulation.
- the right to object (the data subject has the right, at any time, to object to the processing of personal data relating to him under Article 6 (1) (e) or (f) of the GDPR Regulation, including profiling on these provisions under Article 21 of the GDPR Regulation);
- the right not to be the subject of any exclusive decision for the automated processing (the data subject has the right not to be the subject of any decision basedsolely on automated processing, including profiling which has legal effects for him or is significantly affected by Article 22 GDPR in a similar way);
- the right to file a complaint with the Supervisory Authority, such as the Office for the Protection of Personal Data, with registered office at Pplk. Sochora 727/27, Post Code 170 00, Prague 7 Czech Republic.
Personal Data Protection Officer
The administrator, in accordance with Article 30 (1) a) GDPR provides the customer with contact with the Delegate for the protection of personal data.
any inquiries may be sent.
The Customer hereby declares that he has been properly informed by the Administrator about the processing of personal data in accordance with the provisions of Article 13 of the GDPR and that the personal data provided are accurate and true.