PRIVACY POLICY

Through this Privacy Policy (hereinafter referred to as the "Principles"), we inform the data subjects whose personal data we process about all processing activities and data privacy policy principles.

1. Responsible persons

Privacy Manager:

STUDENT AGENCY k.s., ID No. 253 17 075, with its registered office at náměstí Svobody 86/17, Brno-město, 602 00 Brno

and

RegioJet a.s., IČ: 283 33 187, with its registered office at náměstí Svobody 86/17, Brno-město, 602 00 Brno

and

ORBIX s.r.o., ID: 266 94 638, with its registered office at Revoluční 767/25, Staré Město, 110 00 Prague 1

as joint personal data administrators within the meaning of Article 26 of the GDPR (hereinafter referred to as "Companies", "we", "our" or "us")

Joint Administrators belong to the STUDENT AGENCY Holding and are mutually engaged in the processing of personal data.

Joint Administrators have entered into a contract with each other to regulate the rights and obligations under which STUDENT AGENCY k.s. STUDENT AGENCY k.s. is further responsible for the reporting obligation for the repair or deletion of personal data or the limitation of processing, the obligation to implement appropriate technical and organizational measures, record personal data processing and report any personal data breaches.

STUDENT AGENCY k.s. under the contract it acts as a central contact point for data subjects whose personal data are processed by joint managers. Each data subject may exercise his rights under the GDPR of each of the personal data administrators as well as to each of them, regardless of the terms and conditions set forth in the above contract.


administrator contact: phone: +420 800 100 300; E-mail: privacy@studentagency.cz

2. Basic Terms

GDPR:
Regulation (EC) No 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ES with effect from 25. 5. 2018.

Personal data:
Personal data concerning European Parliament and of the Council and Regulation (EC) No 2016/679 on the protection of individuals with regard to the processing of personal data and of repealing Directive 95/46/ES (hereinafter referred to as GDPR) shall mean any information relating to an identified or identifiable natural person (i.e. in regards to the Data Subject = You)

Special personal data:
Special personal data refers to personal data and information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of biometric data in order to assist in the unique identification of individuals concerned or data concerning the health or sex life of the individual, disability, age or sexual orientation.

Data Subject= You:
Data Subject refers to identified or identifiable (natural) person as one who can be identified, directly or indirectly, in particular by reference to an identification factor such as name, identification number, location data, network identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of natural person.

The processing of personal data:
For the purposes of Article 4(2) of GDPR, processing of personal data shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Controller:
For the purposes of Article 4(7) of GDPR “controller” shall mean the natural person or legal entities, public authority, agency or any other body which alone or jointly with others determine the purposes and means of the processing of personal data; where the purposes, conditions and means of processing are determined by Union law or Member State law, this law can determine the concerned controller or the specific criteria for his nomination may be designated; Company included.

Processor:
The processor for the purposes of Article 4(8) of GDPR shall mean a natural person or legal entities public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; including some trading partners of the Company, which in under the direction and in compliance with the requirements of the Company, respectively its responsible employee, process personal data for the Company as the processor.

The supervisory authority:
Supervisory authority shall be an Authority for the protection of personal data in Slovakia (hereinafter referred to as „ÚOOÚ“).

Risk processing:
Risk processing shall mean the processing which likely represents the risk for rights and freedoms of the data subjects, the processing is not occasional nor does include the processing of special data or processing of data relating to criminal convictions and offenses described under Article 10 of GDPR.

3. Processed personal data

We are processing identification data (first name, surname, date of birth), contact data (address, e-mail, phone number), data included in job seekers’ resumes, accounting information (bank account number), order history, claims history. We are processing this data in compliance with GDPR and other legislation concerning personal data protection.

4. Categories of data subjects

a) Customers
b) Suppliers of goods and services
c) Potential customers and suppliers of goods and services
d) Job seekers
e) Web page visitors
f) Subscribers

5. The purpose of personal data processing

We are processing personal data for a clearly identified purpose:

Categories of data subjects Purpose of personal data processing Legal basis and processed personal data Data processing period
Our customers – NATIONAL bus and train transport Performance and realization of customer contracts
  • The legal basis is the performance of the contract
  • The absolute vast of the customers are individuals whose personal data are processed by us (first name and last name, date of birth, further information from MojeID, when applicable special category – ZTP, senior over 60 years of age, child under 6 years of age, children from 6-15 years of age, student up to 15 years of age, documents proving discount entitlement, travel documents), contact information (e-mail, phone number, IP address) which are communicated by us in relation to fulfilment and performance of the contract, data of current orders and submitted claims. We are exceptionally trading with natural persons established and legal persons whose identification data we process (first name, last name, title), contact information (postal address or place of residence, e-mail, phone number), current orders data and submitted claims
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – INTERNATIONAL bus and train transport Performance and realization of customer contracts
  • The legal basis is the performance of the contract
  • The absolute vast of the customers are individuals whose personal data are processed by us (first name and last name, date of birth, further information from MojeID, when applicable special category – ZTP, senior over 60 years of age, child under 6 years of age, children from 6-15 years of age, student up to 15 years of age, documents proving discount entitlement, travel documents), contact information (e-mail, phone number, IP address) which are communicated by us in relation to fulfilment and performance of the contract, data of current orders and submitted claims. We are exceptionally trading with natural persons established and legal entities whose identification data we process (first name, last name, title), contact information (postal address or place of residence, e-mail, phone number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – Aviation passenger transport mediation Performance and realization of customer contracts
  • The legal basis is the performance of the contract..
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), contact information (e-mail, phone number, postal address or a place of residence) which are communicated by us in relation to fulfilment and performance of the contract and data of current orders and submitted claims. We process identification data of natural persons established or legal entities (first name, last name, title) which are necessary in order to provide the service, contact information (postal address or place of residence, e-mail, phone number), accounting information (bank account number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – Sale and travel arrangements mediation Performance and realization of customer contracts
  • The legal basis is the performance of the contract..
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), contact information (e-mail, phone number, postal address or a place of residence) which are communicated by us in relation to fulfilment and performance of the contract and data of current orders and submitted claims. We process identification data of natural persons established or legal entities (first name, last name, title) which are necessary in order to provide the service, contact information (postal address or place of residence, e-mail, phone number), accounting information (bank account number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – Individual tourism services mediation Performance and realization of customer contracts
  • The legal basis is the performance of the contract.
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), contact information (e-mail, phone number, postal address or a place of residence) which are communicated by us in relation to fulfilment and performance of the contract and data of current orders and submitted claims. We process identification data of natural persons established or legal entities (first name, last name, title) which are necessary in order to provide the service, contact information (postal address or place of residence, e-mail, phone number), accounting information (bank account number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – Claims recovery in air transport operated by Click2Claim s.r.o mediation Performance and realization of customer contracts
  • The legal basis is the performance of the contract.
  • We are processing customers´, when necessary contact persons of legal entities, identification data (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), flight ticket number), contact information (e-mail, phone number) and data of current orders and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers – Insurance mediation Performance and realization of customer contracts
  • The legal basis is the performance of the contract.
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), contact information (e-mail, phone number, postal address or a place of residence) which are communicated by us in relation to fulfilment and performance of the contract and data of current orders and submitted claims. We process identification data of natural persons established or legal entities (first name, last name, title) which are necessary in order to provide the service, contact information (postal address or place of residence, e-mail, phone number), accounting information (bank account number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our Customers – Residence permit administration mediation Performance and execution of contracts with customers
  • The legal basis is the performance of the contract..
  • We are processing solely customers´ data necessary in order to provide services. Natural persons’ data processed by us are personal (first name and last name, date of birth, health information, the number of customer loyalty rewards program, the nationality, travel document), contact information (e-mail, phone number, postal address or a place of residence) which are communicated by us in relation to fulfilment and performance of the contract and data of current orders and submitted claims. We process identification data of natural persons established or legal entities (first name, last name, title) which are necessary in order to provide the service, contact information (postal address or place of residence, e-mail, phone number), accounting information (bank account number), current orders data and submitted claims.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our Customers – Language Study Stay Abroad Performance and execution of contracts with customers
  • The legal basis is performance of the contract..
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (name and surname, date of birth, health status, nationality, travel document), contact details (email, telephone number, delivery address or permanent address) which are needed to communicate when concluding and executing the contract, and information on current orders and claims. In case of customers of natural entities and legal entities, we process identification data (name, surname, name, date of birth) necessary to mediate the service, contact details (e-mail, telephone number, delivery address or permanent address) which are needed to communicate when concluding and executing the contract, accounting data (bank account number) and the data about the actual orders and the claims made.
  • The legal basis is the consent of the data subject.
  • For individuals, special personal data (health and religious data) may be processed.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our Customers – Working Holiday mediation Performance and execution of contracts with customers
  • The legal basis is performance of the contract.
  • Regarding customers, we only process the data necessary to provide the service. In case of individuals we process personal data (name and surname, date of birth, health status, nationality, travel document), contact details (email, telephone number, delivery address or permanent address) which are needed to communicate when concluding and executing the contract, and information on current orders and claims. In case of customers of natural entities and legal entities, we process identification data (name, surname, name, date of birth) necessary to mediate the service, contact details (e-mail, telephone number, delivery address or permanent address) which are needed to communicate when concluding and executing the contract, accounting data (bank account number) and the data about the actual orders and the claims made.
  • The legal basis is the consent of the data subject.
  • For individuals, special personal data (health and religious data) may be processed.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our Customers – Parking mediation Performance and execution of contracts with customers
  • The legal basis is performance of the contract.
  • We process the customers´ or the contact persons´ of the legal entities identification data (name, surname), contact information (e-mail, telephone) and information on current orders and claims. For this purpose, personal data may be processed for the duration of the contractual relationship.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Our customers (in general) Managing a client database for repeatable of services
  • The legal basis is the consent of the data subject..
  • We process customers’ or the contact persons’ of the legal entities identification data (name, surname, date of birth, nationality, loyalty program number, travel document), contact details (e-mail, telephone), history of orders and complaints, history of communication.
For this purpose, personal data may be processed for a period of 5 years, or until the withdrawal of consent.
Our customers (in general) Keeping statistics
  • The legal basis is the consent of the data subject..
  • We process customers’ or the contact persons’ of the legal entities identification data, contact details (email, telephone), the history of orders and complaints, the history of the communication. For this purpose, personal data may be processed for a period of 5 years, or until the withdrawal of consent.
For this purpose, personal data may be processed for a period of 5 years, or until the withdrawal of consent.
Our customers (in general) Sending information emails and satisfaction / dissatisfaction questionnaires Dissemination of business messages in the form of email newsletters containing an offer of goods or services and news Claims arising from contractual relations after termination of the contract
  • The legal basis is our legitimate interest.
  • We process our clients’ or contact persons’ of legal entities identification data (name, surname), contact details (e-mail, telephone, delivery address or address of permanent residence), history of orders and complaints, history of communication. These data are required after the termination of the contract for dealing with claims, debt recovery and other contractual obligations between us and our customers.
For this purpose, personal data may be processed for a period of four years after the termination of the contractual relationship and if administrative or judicial proceedings are initiated, then throughout the proceedings.
Sending information emails and satisfaction / dissatisfaction questionnaires
  • The legal basis is our legitimate interest in improving our services.
  • We process customer contact details (email, phone number)
For this purpose, personal data may be processed for the duration of the contractual relationship and for a prolonged period after termination of the relationship
Dissemination of business messages in the form of email newsletters containing an offer of goods or services and news
  • The legal basis is our legitimate interest.
  • The handling of customer identification and contact details is carried out in order to disseminate business communications in accordance with Act No. 480/2004 Sb.
  • Data processor is Filip Zwyrtek, ID 74354841, with registered office at Koperníkova 1585/11, 737 01, Český Těšín.

For this purpose, personal data may be processed for an indefinite period until the recipient withdraws from the subscription.

Performance of our duties in accounting and taxation
  • The legal basis is the fulfillment of legal obligation imposed by legislation such as the Act on Accounting or the Value Added Tax Act (VAT Act).
  • We process identification data (name, surname), contact details (delivery address or permanent address, e-mail, telephone), accounting data (bank account number and other information on tax documents).For this purpose, personal data may be processed for up to ten years from the end of the tax period in which the transaction took place.
For this purpose, personal data may be processed for up to ten years from the end of the tax period in which the transaction took place.
Personal data listed in the telephone call record on customer care line for performance of the contract
  • The legal basis is performance of the contract.
  • he processing of personal data (identification data, contact details, accounting data) from voice recordings in electronic communications is necessary to meet mutual contractual obligations with these entities.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Personal data listed in the telephone call record on customer care line for the purpose of enforcing any legal claims
  • The legal basis is our legitimate interest.
  • The processing of personal data (identification data, contact details, accounting data) from voice recordings in electronic communications is necessary for the enforcement of legal claims under contracts with these entities.
For this purpose, personal data may be processed for a period of four years after termination of the contract.
Personal data listed in the telephone call record on customer care line to improve service quality
  • The legal basis is the consent of the data subject.
  • The processing of personal data (identification data, contact details, accounting data) from voice recordings within electronic communications takes place in order to improve the quality of our services.
For this purpose, personal data may be processed for a period of one month since the telephone call was made.
Our suppliers, associates and creditors Execution and implementation of contracts concluded with suppliers, external associates and creditors, recovery of receivables
  • The legal basis is performance of the contract.
  • Personal identification and personal accounting data processing of the other contracting parties is necessary to fulfill the mutual contractual obligations.
For this purpose, personal data may be processed for the duration of the contractual relationship. For this purpose, personal data may be processed for a period of four years from the termination of the contractual relationship, in case of the disputed proceedings throughout the proceedings.
Claims arising from contractual relations after termination of the contract
  • The legal basis is our legitimate interest.
  • Collection of personal identification and accounting data, including payments made, is necessary for the settlement of claims, recovery of claims and other contractual obligations under contracts between us and data subjects.
For this purpose, personal data may be processed for a period of four years from the termination of the contractual relationship, in case of the disputed proceedings throughout the proceedings.
Potential customers Dissemination of business messages in the form of professional information and reports, marketing materials, service offers, invitations to professional events etc.
  • The legal basis is the consent of the data subject.
  • Processing of personal data (e-mail address or other identification data, contact details, accounting data provided by the data subject
For this purpose, personal data may be processed until the consent is withdrawn. For this purpose, personal data is processed for 6 months since cancellation of the selection process or admission of another selected candidate to the advertised position as an employee.
Job seekers Evaluating suitability of the job seeker for the employee selection process and re-addressing him/her in case the employment relationship with another selected candidate is terminated during their probationary period
  • The legal basis is our legitimate interest.
  • We collect job seekers’ identification data, personal contact data, information on education and job experience data for a purpose of ongoing selection process and possible re-addressing in case the employment relationship with another selected candidate is terminated during their probationary period
For this purpose, personal data is processed for 6 months since cancellation of the selection process or admission of another selected candidate to the advertised position as an employee.
Possible proof of compliance with the prohibition of discrimination and equal treatment under the Employment Act in the employee’s selection procedure
  • The legal basis is our legitimate interest.
  • We collect job seekers’ identification data, personal contact data and information on education and job experience data for a purpose to prove compliance with the prohibition of discrimination and equal treatment under the Employment Act in the employee’s selection procedure
For this purpose, personal data may be processed for a period of three years from the end of the selection process, in case of an ongoing process throughout the process.
Web page visitors
Statistics prior to data anonymization, our goods and services ad serving

  • The legal basis is our legitimate interest in the sense of (a) improving our services and focusing on what the customer really is interested in; (b) offer the customer similar services or goods that meet his / her needs based on access to our website.
  • Identification data (name, surname), contact details (address, e-mail, phone), IP address and cookies.
For this purpose, personal data may be processed for a period of 2 years after the data has been provided.
Sending a response to a web page visitor’s query
  • The legal basis is execution of the agreement or consent of the data subject.
  • We process identification data (name, surname), contact details (address, e-mail, phone), IP address and cookies, query placed using the contact form.
For this purpose, personal data may be processed until the query from the contact form is resolved, however this period cannot exceed a time period of 30 days, or the time period in which your consent with processing is valid.
Subscribers Regular sending of business and other types of communication via e-mail
  • The legal basis is the consent of the data subject who granted it when registering to receive news.
  • We process contact information (e-mail) or Identification data (name and surname).
  • Data processor is Filip Zwyrtek, ID 74354841, with registered office at Koperníkova 1585/11, 737 01, Český Těšín.
For this purpose, personal data may be processed until the consent is withdrawn.
6. Data processing period

We preserve personal data only during the period necessary for their processing – see the table above. After the expiration of this period the personal data shall be preserved only for the purposes the State Statistical Service, for scientific purposes and for archiving purposes.

7. Personal data recipients and transfer of personal data outside the European Union

We may transfer your personal data in duly justified cases to other bodies (hereinafter referred to as „recipients”):

A transfer of personal data to these recipients might occur:

  • Processors which process your personal data according to our guidelines and mutual relationships which are treated according to Article 28 of GDPR::
    • Persons operating software used by us solely for the purpose of administration and technical support of these programs
    • Persons providing services and goods to us through which they process your personal data for us
    • Other legal entities in STUDENT AGENCY/RegioJet group
  • Public authorities and other recipients if required by an applicable legal regulation
  • Other recipients in case an unexpected event occurs requiring data sharing necessary for the protection of life, health, property or another public interest or if necessary for the protection of our rights, property or safety.
8. Principles applicable to the processing of personal data

Legality
We process your personal data according to applicable legal regulations, particularly GDPR.

Data subject's acceptance
We process data in a matter and a scope in accordance with your given consent if the consent is sufficient for processing.

Minimizing and limitations of personal data processing
We process the personal data only to the extent necessary to achieve the purpose of the data processing and for no longer than is necessary for the purposes for which the personal data are processed.

The accuracy of personal data processing
We process personal data with attention to their precision. We process updated personal data using all reasonable means.

Transparency
Through these Principles and the contact referred to them, you are able to get fully acquainted with the way your personal data are processed, their scope and their content.

Purpose Limitation
We process personal data only to the extent necessary for fulfillment of given purpose and in accordance with this purpose.

Security
We process personal data in a manner which ensures their proper security, including their protection through appropriate technical or organizational measures against unlawful or illegal activities and against loss, destruction or damage.

9. Automizer individual decision-making and profiling

There is no automizer individual decision-making, neither on the basis of profiling, during the personal data processing.

Automizer individual decision-making including profiling is commonly understood to mean any form or decision based on automizer processing of personal data, i. e. without human interference, involving among others some personal aspects applicable to a data subject, particularly for the purpose of analysis or estimation, respectively analysis or anticipating of aspects concerning their work performance, economic situation, medical condition, personal performances, interest, dependence, behavior, location or movement.

10. Your rights as a data subject

Right of access to personal data
You have the right to request an access to personal information about your person from us. In particular, you have the right to receive a confirmation from us whether personal data concerning you are being processed or are not being processed by us and to provide further information on the processed data and the processing method within the meaning of the relevant GDPR provisions (purpose of processing, personal data category, the duration of data saving, the existence of your right to request a correction, the deletion, the limitation of processing or the right to object, the source of personal data and the right to file a complaint). If you ask for it, we will provide you with a copy of the personal data we process about you free of charge. In case of a repeated request, we may charge a reasonable fee for providing a copy corresponding to the administrative costs of processing.
To access your personal data, please use the contact listed in this policy.

The right to withdraw consent to the processing of personal data if processing takes place on the basis of consent
You have the right at any time to withdraw consent to the processing of personal data processed by us on the basis of such consent.
You can revoke your consent through the contact listed in this policy.

Right to rectification, erasure or restriction
If you find that personal information about you is inaccurate, you may require us to correct this information without undue delay. If this is appropriate in the light of the specific circumstances of the case, you may also request the addition of the information we have about you.
You may request correction, limitation, or deletion of data through the contact listed in this policy.

Right to deletion of personal data
You have the right to request us to erase without undue delay the personal data processed by us that concern you in the following cases:

  • If you withdraw your consent to the processing of personal data, and there is no other legitimate reason for our processing to prevail over our right of deletion;
  • if you object to the processing of personal data (see below);
  • Your personal information is no longer needed for purposes for which we have collected or otherwise processed it;
  • personal data were unlawfully processed by us;
  • personal information was gathered in connection with the provision of information society services to a person below the age of 18;
  • Personal data must be cleared to comply with the legal obligation set forth in European Union law or the Czech law applicable to us.

You may request a deletion in these cases through the contact listed in this policy.

The right to request the deletion of personal data is not given in a situation where processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfill our legal obligations;
  • for public interest reasons in the field of public health;
  • for purposes of archiving in the public interest, for purposes of scientific or historical research or for statistical purposes, where the deletion of data would be likely to disable or seriously threaten the achievement of the objectives of such processing;
  • for determining, exercising or defending legal claims.

You can find out whether there are reasons you cannot apply for the right of cancellation through the contact listed above. .

The right to limit the processing of personal data
You have the right to limit the processing of your personal data in the following cases:

  • you deny the accuracy of personal information. In this case, the limitation is valid for the time required to verify the accuracy of personal data.
  • the processing of personal data is illegal and you do not want to delete your personal information, instead you only want to limit their use.
  • we no longer need your personal information for the purposes for which we processed it, but you are required to identify, exercise or defend your legal claims;
  • you object to processing (see below). In this case, the limitation applies for a period until it is verified that the legitimate reasons on our side outweigh your legitimate reasons.

In the period of limited processing of personal data, we may process your personal data (with the exception of its storage) only with your consent or for the purpose of determining, enforcing or defending our legal rights, for the protection of the rights of another natural or legal person or for reasons of major interest of th European Union or a Member State. As noted above, you can request processing restrictions through the contact listed in this policy.

Right to object to processing
You have the right to object to the processing of your personal data in the following cases:

  • If personal data are processed on the ground that processing is necessary to fulfill a public interest task or in the exercise of public authority to which we are entrusted or for the purposes of our legitimate interests and you object to the processing, further processing is not possible unless we can demonstrate serious legitimate processing grounds that outweigh your interests, rights and freedoms, or determine, exercise or defend our legal rights.
  • If personal data is processed for direct marketing purposes and you object to processing, we will no longer process personal data for these purposes.
  • If your personal data is processed for purposes of scientific or historical research or for statistical purposes, we will not process it further unless processing is necessary to fulfill a task carried out for reasons of public interest.

You can submit the objection via the contact listed in this policy.

Right to data portability
In case that we process your personal data with your consent or because it is necessary to fulfill a contract between us, you have the right to obtain from us the personal data you are referring to and you have provided us in a structured, commonly used and machine-readable format, if personal data are processed by us in the manner. You have the right to pass this data to another data administrator or to demand from us to provide this information directly to another data administrators if this is technically feasible.
Contact the contact listed in this policy to obtain your personal information.

The right not to be subject to any decision based exclusively on automated processing, including profiling
We do not currently use personal data for automated decision making. Otherwise, you have the right not to be the subject of any decision based solely on automated processing, including profiling, which has any legal effects for you or you have a significant impact on you.
This does not apply if:

  • automated decision-making is allowed by legal regulation;
  • automated decision making is necessary to conclude or perform a contract between us;
  • your explicit consent to automated decision-making has been granted.

The right to obtain information about a breach of security of your personal data
If it is likely that a breach of our security will be a high risk for your rights and freedoms, we will notify you of this violation without undue delay. If appropriate technical or organizational measures have been used to process your personal data, such as making the data incomprehensible for the unauthorized person, or to ensure by additional measures that the high risk does not occur, we are not obliged to transmit the information on violation.

Right to file a complaint with the Supervisory Authority
If you believe that the processing of your personal data is in violation of the obligations set forth in the GDPR, you have the right to file a complaint with the Supervisory Authority. The Supervisory Authority in the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů)

Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7

telefon: 234 665 111
E-mail: posta@uoou.cz
Datová schránka: qkbaa2n
www.uoou.cz

This Privacy Policy is valid from May 25, 2018.