1. GENERAL PROVISIONS
These Personal Data Processing Principles (hereinafter referred to as "PDPP") have been issued by Negocio s.r.o., ID: 12345678, with its registered office at Priklady 123, 110 00 Prague 1 (hereinafter referred to as the "Company").
These PDPP describe how the Company collects, processes, and shares information of users (hereinafter referred to as "user") of the website www.negocio.cz, and customers (hereinafter referred to as "customer") using their services. These PDPP do not apply to information that the Company's customers process using their services.
The Company is both a controller and a processor of personal data provided by customers during the ordering of goods and services, entering the loyalty program, or subscribing to the newsletter and users of the website www.negocio.cz. The Company may use other processors listed below to process personal data.
We recommend that you read the entire PDPP and ensure that you fully understand the provided information. If you have any questions about these PDPP or the collection, processing, and sharing of personal data by the Company, please contact us at obchod@negocio.cz.
2. WHAT DATA WILL BE PROCESSED
The Company processes data obtained based on the use of the website and through cookies. To better target advertising campaigns and improve the website, the Company uses information about the user's viewed pages, links they clicked on, and other activities on the website, such as filling out order and contact forms. This data is collected automatically through the Company's tools and the tools of the processors listed below. If you have cookies enabled on your device, this data is also collected through these files.
The Company mainly processes data that you provide when creating and using a user account, placing an order, registering for the loyalty program, and subscribing to the newsletter. Some personal data is necessary for registration (name and email address) and serves for basic user identification or customer login to the account. The data that the Company processes when subscribing to the newsletter or creating a user account may include:
- Name and surname, or company name
- Phone number
- Delivery address
- Company identification data
- Payment data
- Access data to servers, email, and website
- Possibly other necessary data to perform the contractual relationship
The Company knowingly does not collect information from children under the age of 15, and children under the age of 15 cannot use its services. If you learn that a child has provided us with personal information in violation of these PDPP, you can notify us at obchod@negocio.cz.
3. FOR WHAT PURPOSES WILL THE PDPP BE USED
The Company processes personal data exclusively for the purposes for which they were collected based on legitimate interest, legal obligation, or consent given. We process personal data for various purposes, mainly for:
- fulfilling and realizing concluded contracts and orders,
- fulfilling legal obligations in the field of accounting, taxes, or
- as required by other applicable laws and regulations, or as required by any legal process or governmental agency.
- communication with customers, including sending information about current services and products, updating business terms and conditions, and for marketing and promotional purposes,
- sending a response to a question from website users,
- processing a response to a specific job offer,
- website traffic analytics to improve services and their offer,
- marketing outreach through electronic contact,
- processing transactions and detecting fraud,
- targeting potential customers through online advertising. To better target advertising and optimize the website, the Company uses information about user activity on the website. This information also includes data collected through cookies.
- Push notifications. If you have this feature active, the Company may send so-called push notifications directly in the website interface. These notifications are displayed based on your consent given after displaying the relevant notice in the website interface.
4. PROCESSORS WITH ACCESS TO DATA
Personal data is primarily processed by the Company and its employees, who are bound by confidentiality, and further by the Company's suppliers if processed in connection with the fulfillment and realization of concluded contracts and orders (e.g., transport companies).
The Company may also use so-called processors to process personal data. These entities may process personal data only for purposes and in a manner specified by the Company and may not expand them without further consent. We provide processors only with the data they necessarily need to provide their services. The Company uses the following processors:
- Google LLC (web analytics and online marketing tools);
- Facebook Ireland Ltd. (online marketing tools);
- Seznam.cz, a.s. (online marketing tools);
- ClickUp (business management tool)
- Costlocker SE (economic system)
- iDoklad, Solitea Czech Republic, a.s. (accounting system)
In justified cases, the Company may transfer personal data to other entities (processors).
Personal data may be transferred to these processors:
- processors processing personal data according to the Company's instructions in the field of public contact, electronic data management, or accounting management,
- public authorities and other entities as required by applicable legal regulations;
- other entities in the event of an unforeseen event where data provision is necessary to protect life, health, property, or another public interest or if it is necessary to protect our rights, property, or safety.
5. DATA RETENTION PERIOD
Personal data for the purposes stated in point 3 are processed to the extent necessary to fulfill these purposes and for the time necessary to achieve them or for the time directly stipulated by legal regulations. Then personal data is deleted or anonymized.
After this period, personal data may be retained only for the purposes of state statistical service, for scientific purposes, and for archival purposes.
The basic retention periods for personal data are available below.
- The Company processes personal data of registered customers until their registration is canceled. Data of contact persons of customers are processed throughout the duration of the business relationship or until the customer updates the data.
- For service customers, the Company is entitled, if necessary, to process their basic personal, identification, and contact data, service data, and data from their communication with the Company for 10 years from the date of termination of the last contract.
- In the case of purchasing goods from the Company, the Company is entitled to process the basic personal, identification, and contact data of the customer, data about the goods, and data from communication between the customer and the Company for 5 years from the expiration of the warranty period for the goods.
- Invoices issued by the Company are archived in accordance with § 35 of Act No. 235/2004 Coll., on Value Added Tax, for 10 years from their issuance. Due to the need to prove the legal reason for issuing invoices, contracts are also archived for 10 years from the date of contract termination.
- Data obtained for marketing purposes are processed throughout the duration of consent, i.e., for the time when the user allows storage within the cookies settings on the website or in their browser. Processing may continue after consent withdrawal, but no longer than until the expiration of the respective type of cookies.
- Business and marketing communications via electronic contact are sent until consent is withdrawn or the subscription is canceled.
6. CONSENT WITHDRAWAL
Customers can cancel receiving any marketing and business communications at any time by:
- clicking on the appropriate link located in the footer of each business communication;
- on the dedicated web page;
- sending a request to the given contact
Users can disable targeted advertising (cookies) by changing their browser settings. If you disable the storage of selected cookies, some parts of the website may not work correctly.
7. METHODS OF PROCESSING AND STORAGE OF PERSONAL DATA
Personal data will be processed and stored:
- machine (automated) through computing hardware and software,
- in written form.
8. RIGHTS OF THE DATA SUBJECT
The data subject will have the following rights if they are an identifiable natural or legal person and prove their identity:
Right to access personal data
According to Article 15 GDPR, the data subject has the right to access personal data, which includes the right to obtain from the Company:
- confirmation whether their personal data is being processed,
- information about the purposes of processing, categories of personal data concerned, recipients to whom personal data has been or will be disclosed, the planned period of processing, the existence of the right to request from the controller rectification or erasure of personal data concerning the data subject or restriction of their processing or to object to such processing, the right to lodge a complaint with a supervisory authority, all available information about the source of personal data if not obtained from the data subject, the fact that automated decision-making, including profiling, is taking place, appropriate safeguards when transferring data outside the EU,
if the rights and freedoms of others are not adversely affected, a copy of the personal data.
In the case of a repeated request, the Company is entitled to charge a reasonable fee for a copy of personal data.
Right to rectify inaccurate data
According to Article 16 GDPR, you have the right to rectify inaccurate personal data that the Company processes about you. You also have the obligation to report changes to your personal data and provide evidence that such a change has occurred. You are also obliged to provide cooperation to the Company if it is found that the personal data processed about you is inaccurate. We will carry out the rectification without undue delay, always considering the given technical possibilities.
Right to erasure
According to Article 17 GDPR, you have the right to erasure of personal data concerning you if the Company does not prove legitimate reasons for processing these personal data. The Company has mechanisms in place to ensure the automatic anonymization or erasure of personal data if they are no longer needed for the purpose for which they were processed.
Right to restriction of processing
According to Article 18 GDPR, the data subject has the right to restrict processing until the complaint is resolved if they contest the accuracy of personal data, the reasons for their processing, or if they object to their processing, in writing to the address of the Company's registered office.
Right to notification of rectification, erasure, or restriction of processing
According to Article 19 GDPR, the data subject has the right to be notified by the Company in the event of rectification, erasure, or restriction of processing of personal data. If rectification or erasure of personal data occurs, the Company will inform the individual recipients unless this proves impossible or involves disproportionate effort.
Right to data portability
According to Article 20 GDPR, you have the right to data portability concerning you and which you have provided to us as the controller, in a structured, commonly used, and machine-readable format. You also have the right to request the transfer of these data to another controller.
If the exercise of this right could adversely affect the rights and freedoms of others, your request cannot be fulfilled.
Right to object to the processing of personal data
According to Article 21 GDPR, you have the right to object to the processing of your personal data by the Company. If the Company does not prove that there are serious legitimate grounds for processing that outweigh the interests or rights and freedoms of the data subject, the Company will stop processing based on the objection without undue delay.
Right to withdraw consent to the processing of personal data
If you give the Company consent to process personal data, it can be withdrawn at any time. The withdrawal must be made by an explicit, understandable, and definite statement of will, either in writing to the address of the Company's registered office or via the email address obchod@negocio.cz.
Automated individual decision-making including profiling
The data subject has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects or similarly significantly affect them. The Company states that it does not conduct automated decision-making without human assessment with legal effects for data subjects.
Right to contact the Office for Personal Data Protection
You have the right to lodge a complaint concerning our processing of your personal data with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7. The office's website: www.uoou.cz.
9. SECURITY
The Company is committed to protecting the personal data and other information of its customers and users of their services. For this purpose, it uses a range of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures used are designed to provide a level of security appropriate to the risk of misuse of personal data. The security of personal data is regularly tested by the Company, and protection is continuously improved. However, please note that 100% security cannot be guaranteed on the Internet.
All personal data in electronic form is stored in databases and systems to which only persons who need to handle personal data directly for the purposes mentioned in these rules have access, and only to the necessary extent.
10. CONTACT
If you have any questions about these Privacy Principles or if you want to exercise your rights, do not hesitate to contact us at obchod@negocio.cz.
The controller of your personal data is Negocio s.r.o., ID: 12345678, with its registered office at Priklady 123, 110 00 Prague 1.
11. PDPP UPDATES
We hereby inform you that we may modify or update these Privacy Principles. Any changes to these Principles will become effective upon their publication at the following link www.negocio.cz/ochrana-osobnich-udaju
These PDPP are effective from 1 January 2024.