A brief summary
On this page you will find an overview of the main principles of personal data protection and other data processed by the business company Prestige Group Apart, s.r.o., with registered office Prague 9, Letňany, Frýdecka 441, 190 00 Prague, identification number 28171926, registered in the commercial register kept at the Municipal Court in Prague under sp. stamp C 130415 (hereinafter referred to as the “Administrator”).
In accordance with Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation (hereinafter referred to as “GDPR”), the administrator hereby informs its customers, business partners, website users website and employees, job applicants (hereinafter referred to as “data subjects”), on the processing of personal data and on the rights of data subjects.
By ticking the box “Consent to the processing of personal data”, you give your voluntary consent to the trading company Prestige Group Apart, s.r.o., with registered office Prague 9, Letňany, Frýdecka 441, 190 00 Prague, Czech Republic, identification number 28171926, registered in the commercial register kept at the Municipal Court in Prague under sp. C 130415, your conscious, informed and voluntary consent to the processing of your personal data, which is in particular your first and last name, e-mail and postal addresses, telephone connection and electronic identification data, for marketing purposes, i.e. to offer products and services, for the period necessary to store personal data, but no longer than 5 years.
You can revoke this consent at any time by emailing firstname.lastname@example.org. With regard to the processing of personal data, you have rights in accordance with Articles 15 – 20 of the General Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, the General Regulation on the Protection of Personal Data, as amended, in particular the right to access to personal data, right to correction and right to erasure of personal data.
The personal data entered by you will be linked to your customer account for the period mentioned above, and you can thus draw the benefits associated with it. It is in our interest that you have a complete overview of who can access your personal data. We recommend that you familiarize yourself with our terms and conditions for the processing of personal data listed below.
1. Scope of personal data processing
Personal data is processed by the Administrator to the extent:
a) in which the data subject provided the Administrator, in connection with the conclusion of a contractual or other legal relationship with the Administrator, or
b) which the Administrator himself collected otherwise and processes in accordance with applicable legal regulations or to fulfill the legal obligations of the Administrator.
The website of the Administrator and the online store operated by the Administrator are not intended for children under the age of 16. The Administrator does not process personal data of children under the age of 16. The Administrator does not intend to transfer personal data to a third country or an international organization.
2. Sources of personal data
The administrator processes personal data obtained:
• directly from data subjects (registration and purchases via e-shop, e-mails, phone, chat, website, contact form on the website, social networks, business cards, etc.)
• through publicly accessible registers, lists and records (e.g. commercial register, trade register, real estate register, public telephone directory, etc.)
3. Categories of personal data that are the subject of processing
The administrator processes the following categories of personal data:
a) Identification data
• Name and surname, title
• Electronic identification and network data (IP address, email)
b) Contact details
• Postal address
• Telephone number
• Verification identification data including data assigned by the state
c) Descriptive data
• Descriptive and payment data (e.g. bank details)
• Electronic data = information about a person’s business behavior (cookies)
• Photos and videos
d) Other personal data necessary for the performance of the contract or provided on the basis of and within the framework of the consent granted by the data subject (processing of photographs, use of personal data for the purpose of personnel and employment relations, etc.)
4. Categories of personal data subjects
The administrator processes personal data of the following categories of personal data subjects:
• Customer Administrator
• employee, job applicant
• supplier of goods and services
• buyer of goods and services
• another person who is in a contractual relationship with the Administrator
5. Categories of recipients of personal data
The administrator provides processed personal data exclusively to the following categories of recipients:
processors of personal data (in particular persons ensuring the technical operation of services and operators of technologies that the Administrator uses for its services, persons ensuring the transport of products and services, persons ensuring the security and integrity of the Administrator’s services and the security and integrity of the website, marketing and accounting agencies, collection agencies for the purpose of debt collection Administrator, external law firm, etc.)
state and other authorities within the framework of the fulfillment of legal obligations established by relevant legal regulations, e.g. the Police of the Czech Republic and public administration bodies.
6. Purpose of personal data processing
The administrator processes personal data of data subjects for the following purposes:
negotiations on the contractual relationship and the subsequent fulfillment of the contract, which involves the Administrator’s obligation to manage the user accounts of data subjects for the purpose of providing services by the Administrator, regardless of whether the services are free or paid (including administration and execution of payments, in the case of paid services)
purposes contained within the provided consent of the data subject
tenders for vacancies
fulfillment of the Administrator’s legal obligations arising from generally binding legal regulations (e.g. legal obligation to archive personal data, obligation to store operational and location data based on Act No. 127/2005 Coll., on electronic communications, as amended)
legitimate interests of the Administrator, e.g. sending commercial communications and other forms of direct marketing (unsubscribing from receiving commercial communications can be done at any time in the settings of the service for which the data subject has registered as a user to receive such communications, or by e-mail sent to the address: info @prestigegroup.cz), ensuring the security of the website, protecting the Administrator’s rights (e.g. enforcement of the Administrator’s claims).
7. Method of processing and protection of personal data
The processing of personal data is carried out by the Administrator or processors authorized by him by contract. The processing is carried out in the offices, branches and headquarters of the Administrator, by individual authorized employees of the Administrator, or by employees authorized by the Administrator of contractual Processors. Personal data is processed through computer technology, or also in a manual way for personal data in paper form, always in compliance with all security principles for the management and processing of personal data.
In order to properly process personal data, the controller has taken appropriate technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, their unauthorized transmission, their unauthorized processing, as well as to any other misuse of personal data. All subjects to whom personal data may be made available by the Administrator are obliged to respect the data subjects’ right to privacy protection and are obliged to proceed in accordance with applicable legal regulations regarding the protection of personal data to the same extent as these obligations are imposed on the Administrator.
8. Time of personal data processing
In accordance with the periods indicated in the relevant contracts or in the relevant legal regulations, this is the time absolutely necessary to ensure the rights and obligations arising both from the contractual relationship and from legal regulations, at least for the period of service provision, or for the period of fulfillment of the Administrator’s archiving obligations according to the applicable legislation.
In the case of processing personal data on the basis of consent, then for the duration of the consent granted by the data subject.
Furthermore, the Administrator is authorized to process personal data for the period necessary to enforce the rights of the Administrator vis-à-vis data subjects.
9. Legal reasons for processing personal data
1. The administrator always processes personal data on the basis of a legitimate legal reason, including those cases where the processing of personal data is carried out based on the consent of the data subject.
2. In accordance with Article 6, paragraph 1 of the GDPR, the Administrator may process personal data if:
• the data subject has given the Controller consent for one or more specific purposes,
• processing is necessary for the fulfillment of a contract to which the data subject is a contracting party, or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject,
• processing is necessary to fulfill a legal obligation that applies to the Administrator,
• processing is necessary to protect the vital interests of the data subject or other natural person,
• processing is necessary for the purposes of the legitimate interests of the relevant Administrator or a third party, except in cases where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over these interests.
10. Rights of data subjects
1. In accordance with Article 12 GDPR, the Controller hereby informs data subjects of their following rights:
a) the right to revoke your consent to the processing of personal data granted to the Administrator at any time;
b) the right to access personal data, which means that the data subject can at any time request the Administrator to issue a confirmation as to whether or not the personal data relating to the data subject are being processed and, if so, for what purposes and to what extent , to whom they are made available, how long the Administrator will process them, whether the data subject has the right to correction, erasure, restriction of processing or to raise an objection, where the Administrator obtained the personal data and whether automatic decision-making takes place on the basis of personal data processing, including possible profiling. The data subject also has the right to obtain a copy of his/her personal data, while the first provision is free of charge, for further provision the Administrator may demand reasonable payment of administrative costs;
c) the right to correct or supplement personal data, which means that the data subject can at any time request the Administrator to correct or supplement their personal data if they are inaccurate or incomplete;
d) the right to erasure of personal data (the right “to be forgotten”), which means that the Administrator must delete the personal data of the data subject if (i) they are no longer needed for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) the data subject objects to the processing and there are no overriding legitimate reasons for the processing, or (iv) the erasure imposes a legal obligation on the Administrator.
e) the right to request the restriction of personal data processing, which means that until the Administrator resolves any disputed questions regarding the processing of personal data, he must limit the processing of the personal data of the data subject so that he can only store this personal data and, if necessary, use it for the purpose of the purpose, the exercise or defense of legal claims;
f) the right to raise an objection or complaint against the processing, which means that the data subject can raise an objection to the processing of his personal data, which the Controller processes for the purposes of direct marketing or because of his legitimate interest. If the data subject objects to the processing for the purposes of direct marketing, his personal data will no longer be processed by the Administrator for these purposes, with the understanding that until the objection is delivered, the processing of personal data is lawful;
g) other rights set forth in the GDPR and in the Act on the Processing of Personal Data after its entry into force, in particular the right to file a complaint about the processing of personal data and the right to be informed of a breach of personal data security in certain cases.
2. Any data subject who discovers or believes that the Administrator or processor is processing his personal data that is contrary to the protection of the private and personal life of the data subject or that is contrary to the law, especially if the personal data is inaccurate with with regard to the purpose of their processing, may:
• ask the Administrator for an explanation;
• demand that the Administrator remove the state thus created. In particular, this may involve blocking, correcting, supplementing or deleting personal data.
• if the data subject’s request submitted within the scope of rights according to paragraph 1 is found to be justified, the Administrator will remove the objectionable situation immediately.
• the data subject’s procedure according to paragraph 1 does not preclude the data subject from contacting the supervisory authority directly with their initiative or complaint.
11. Contact details of the Administrator
If any additional information is needed regarding these policies and/or the processing of personal data by the Administrator, data subjects can contact the Administrator, who can be contacted through his contact person Vladislav Glinskiy at the email address: email@example.com, by phone at +420773183777.
The administrator is entitled to demand proof of the identity of the data subject in order to prevent unauthorized persons from accessing personal data. In order to improve the quality of services and keep records of the Administrator’s fulfillment of legal obligations, all communications between the data subject and the Administrator may be monitored.
This Personal Data Protection Policy of Prestige Group Apart, s.r.o. are effective from 1/1/2019.
Prestige Group Apart, s.r.o. | Administrator