Principles of personal data processing for customers and co-workers I know about everything s.r.o. and users of the Stavario application according to the Regulation of the European Parliament and the Council of the EU 2016/679 issued by the company I know about everything s.r.o., IČO: 06935338, DIČ: CZ06935338 with its registered office at Smetanova 1249/6, 419 01 Duchcov (hereinafter also the company). The company is a personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The aim is to provide information on what personal data the company processes about data subjects in the delivery and provision of services, sales of goods, visits to websites operated by the company as well as Stavario online applications operated by the company and contacts with existing and potential customers, for what purposes and how. The company processes this personal data for a long time in accordance with valid legal regulations, to whom and for what reason it can pass it on. Furthermore, to inform about what rights belong to the subjects of personal data in connection with the processing of their personal data. This always happens only to the extent given by the specific service or purpose of processing.
These principles are issued in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation). personal data) (hereinafter referred to as the Regulation or the GDPR).
This document will be updated regularly. You can always find the valid version at https://www.stavario.com/cs/obchodni-podminky/ochrana-osobnich-udaju, previous versions are available on request from the company at the contacts listed in this policy.
You can be absolutely sure that we handle your personal data with due care and in accordance with applicable law. When processing them, we always respect the highest standards. The company has the strictest rules governing which employees can have access to your personal data and what data, including how they can process it. In principle, we do not transfer your personal data outside the company, unless we have your consent, impose it or authorize us to do so by law or our legitimate interest (for example, in the case of suppliers, an external accounting firm or a lawyer, or at the request of public authorities, ie eg bodies active in criminal proceedings, etc.).
Personal data is any information that relates to a natural person that the company is able to identify. In connection with the provision of services and the sale of goods, personal data may be processed by the company. However, we only process data in order to provide you with professional services and to fulfill our contractual obligation in relation to you and to comply with our legal obligation and protect our legitimate interests. We collect data mainly about our clients - customers, including potential clients who are interested in our services or who we have contacted with our offer. Depending on the nature of the situation, we process data on, for example, representatives, including members of statutory bodies and employees.
1) Basic personal identification data and address data
Such data are necessary for the conclusion and performance of the contract. These are in particular:
From the technical data, we include your IP address among the identification data.
Identification data is a mandatory part of every contract you enter into with the company. We use and process identification data to the extent provided by legal regulations, in particular Acts No. 89/2012 Coll., The Civil Code, No. 634/1992 Coll., On Consumer Protection, No. 235/2004 Coll., On value added, No. 563/1991 Coll., on accounting. We also use the data in order to achieve the purpose of the contract and maintain your account, ie to fulfill your contracts concluded with the company. Without providing this information, it is not possible to fulfill our obligations under the given contracts.
2) Contact details
The data is needed to contact the data subject. These are in particular:
Please note that the main communication channel is email or contact via social networks and / or telephone call, when in communication with you and thus the use of personal data will occur when communicating by email or telephone.
3) Data on purchased goods, purchased services, use of services and payment morale
4) Data from communication and interaction between you and the company
This data is generated during communication related to the provision of services between the company. These are records of personal communication with the customer, written and electronic communication with the customer. This data also includes data from the use of our website and application. Thanks to your preferences, the company can improve the quality of services and offer you products that are tailor-made for you (personalization).
5) Data processed on the basis of consent to the processing of personal data
Processing on the basis of consent to the processing of personal data is not necessary for the performance of the contract or legal obligations or the protection of the company's legitimate interests. Personal data are processed only if consent is granted and may be processed for the period of validity of this consent. After the revocation of the consent, these data can be stored only for the fulfillment of other purposes (eg in the case of a biometric signature to fulfill a legitimate interest in the case of a concluded contract). These are in particular:
The scope of processed data depends on the purpose of processing. For some purposes, it is possible to process data directly on the basis of a contract, a legitimate interest, or on the basis of law (without consent), for others only on the basis of consent.
1) Processing due to the performance of the contract, the fulfillment of legal obligations or due to legitimate interests
In order to contract with you and provide our services, we need to know your basic information. The provision of personal data necessary for the performance of the contract, the fulfillment of legal obligations and the protection of legitimate interests is thus necessary. It would not be possible to provide services without providing personal data for these purposes. Processing cannot be refused due to the performance of the contract and the fulfillment of legal obligations.
In order to be able to operate your personal account in the Stavario application, we manage your access data - especially login names and passwords, which are used for secure authentication of the logged in person.
As part of the simplification and functionality of the Stavario application, the company allows you to enter into any contract within the application using a biometric signature.
These are mainly the following basic sub-purposes:
Personal data for these activities are processed to the extent necessary for the performance of these activities and for the time necessary to achieve them or for a period directly stipulated by law.
We only retain your data for as long as is strictly necessary. We keep them for 10 years due to the fulfillment of legal obligations, due to the duty of prudence and due professional care, especially with regard to the legal limitation periods, then another 10 years. The long-term nature of some claims, such as the long-term duration of the license, extends the need for processing time for at least the duration of copyright protection.
According to the VAT Act, the company is obliged to keep tax documents and records with detailed data relating to the selected services provided for 10 years from the end of the tax period in which the performance took place.
In addition to the above archiving rules, the company keeps most of the data for longer due to the company's prudential and professional care obligations, especially in case it would be necessary to present evidence in court proceedings.
2) Processing of customer service data
In connection with the use of the products and services, the company may use the contact details to send information about these used products and services. It is primarily a matter of creating a suitable offer of the company's products and services.
3) Processing of cookies from websites operated by ABRA Software a.s.
If the subject has cookies enabled in its web browser, we process records of behavior from cookies placed on the websites operated by the company, for the purpose of ensuring better internet traffic and for the purposes of the company's internet advertising.
The company uses Google Analytics services to improve and simplify the use of the website and for marketing purposes.
A cookie is a short text file that a visited website sends to your browser. Allows the site to record information about the Data Subject's visit, such as preferred language and other settings. Cookies are used for a variety of purposes. They are used, for example, to store your SafeSearch settings, to select relevant ads, to track the number of visitors to a page, to facilitate the registration of new services, to protect your data or to store. You can find more about cookies at https://policies.google.com/technologies/types?hl=en.
Each user, including the customer, determines in the settings of their PC, resp. in the browser settings, whether the browser should allow the website to store cookies on the end device. This setting can be considered as consent to the processing of personal data. The browser is a consent tool.
The Company uses professional and specialized services of other entities in fulfilling its obligations and duties under contracts. These include debt collection, the activities of experts, lawyers, auditors, administration and solution of IT systems, Internet advertising or sales representation, bookkeeping, information for financial operations for the purpose of making payments, performing analytical services. We carefully select each such entity and enter into a contract with each other on the processing of personal data. If interested, the company will communicate the specific recipient to the application.
Processors are companies domiciled both in the Czech Republic and domiciled in a Member State of the European Union. Personal data is not further processed in any way, we do not sell or redistribute personal data for any purpose other than as stated in this policy.
As part of the fulfillment of its legal obligations, the company transmits personal data, if necessary, to administrative authorities and bodies specified by the applicable legislation.
The company processes personal data manually and automatically.
According to the Regulation, the data subject has the following rights if he is an identifiable person and proves to the company.
1) Right of access to personal data
According to Article 15 of the Regulation, the data subject has the right of access to personal data. You have the right to ask the company to confirm whether we are processing personal data that concerns you and to obtain an overview of this data from us. You are also entitled to be informed about the purposes of their processing, categories, planned storage time, from which source we have data and with whom we share it, your rights to rectification, deletion of data, restrictions on their processing, the possibility to object to us or file a complaint with the supervisory authority. , and whether there is automated decision - making and related information.
2) Right to correct inaccurate data
According to Article 16 of the Regulation, the data subject has the right to correct inaccurate personal data. In the event that personal data concerning you are incorrect or inaccurate, we will of course correct them at your request. We can also add data at your request.
3) Right of deletion
According to Article 17 of the Regulation, the data subject has the right to delete personal data concerning him. This is in the following cases:
However, we would like to inform you that the company will not and cannot perform data deletion if the processing of data is necessary, inter alia:
4) The right to restrict processing
According to Article 18 of the Regulation, the data subject has the right to limit the processing until the complaint is resolved if he denies the accuracy of the personal data, the reasons for their processing or if he objects to their processing.
5) The right to be notified of a correction, deletion or restriction of processing
Pursuant to Article 19 of the Regulation, the data subject has, if he so requests, the right to be notified by the company in the event of rectification, erasure or restriction of the processing of personal data carried out in accordance with Article 16, Article 17 (1) and Article 18.
6) The right to the portability of personal data
Under Article 20 of the Regulation, the data subject has the right to the portability of the data concerning him provided to the controller in a structured, commonly used and machine-readable format, and the right to request the company to transfer this data to another controller.
7) The right to object to the processing of personal data
Pursuant to Article 21 of the Regulation, the data subject has the right to object to the processing of his personal data on grounds of the legitimate interest of the company.
8) The right to withdraw consent to the processing of personal data
Consent to the processing of personal data for marketing and business purposes can be revoked at any time. Appeals need to be made an explicit, comprehensible and definite expression of will with the possible identification of the data subject.
9) The right to contact the Office for Personal Data Protection
In case of suspicion of a breach of the protection of personal and private life, which should be caused by the processing of personal data, the Data Subject has the right to request an adequate explanation. The data subject is also entitled to file a complaint at any time with the supervisory authority, which is the Office for Personal Data Protection, Lt. Col. Sochora 27,170 00 Prague 7, www.uoou.cz.
You can exercise your rights, for example, by sending an email or letter to the company's contact details:
Vím o všem s.r.o.
Smetanova 1249/6, 419 01 Duchcov, Czech Republic