PRINCIPLES FOR THE PROTECTION OF PERSONAL AND OTHER PROCESSED DATA
On this page you will find a summary of how UPC Group a.s., IČO: 09939393, with registered office at Na Folimance 2155/15, Vinohrady (Prague 2), 120 00 Prague, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, works with personal data, and the main principles of protection of your personal data and other processed data in accordance with the GDPR (see below) and Act No. 110/2019 Coll., on the processing of personal data (hereinafter referred to as the “PDPA”).
What is GDPR
GDPR, or General Data Protection Regulation, is the generic name for the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”, entered into force on 25 May 2018 and constitutes the legal framework for the protection of personal data in the European area with the aim of defending the rights of EU citizens against unauthorised handling of their data, including personal data.
Who processes your data
The controller of your personal data will be the company UPC Group a.s., ID No.: 09939393, with registered office at Na Folimance 2155/15, Vinohrady (Prague 2), 120 00 Prague, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B (hereinafter referred to as the “Controller”). The data will be processed by the Controller according to the terms set out below. The controller may be contacted by e-mail at [email protected].
What personal data we process about you
We only process personal data that you provide to us in connection with the use of our services (for example, subscribing to our newsletter or ordering goods) or in connection with the conclusion of a purchase contract in the case of the purchase of our goods. This includes the following data that you provide to us when you register for one of our services:
- e-mail address
- name and surname, date of birth (if you tell us when ordering)
- contact and/or delivery address (for delivery of ordered goods)
- telephone number (for the purpose of delivering the ordered goods or informing about the status of the order)
- payment details (credit card number) stored for your account (only for any purchases on our e-shop)
- other data that you voluntarily fill in yourself, for example in the contact form
as well as the data we collect when you use our website:
- IP address
- cookies (in the case of online services); subject to the conditions set out below
- where applicable, other online identifiers (in particular, the incoming web page – information about which website you are accessing our website from, date and time of access, details of your browser and operating system)
Why we process your personal data
We process your personal data for the following reasons:
- so that we can sell you goods and/or provide you with services that you have expressed an interest in (enabling you to order goods and/or services, processing your order including its possible delivery, sending you a newsletter);
- so that we can record contracts for possible future use to defend the rights and obligations of the parties (protection of legal claims);
- to improve the quality of our services and possibly add new services that you are interested in;
- to analyse and measure interest in our services and products;
- so that we can analyse your preferences and display content that really interests you;
- to gain advantages in organising our marketing campaigns;
- so that we can send you commercial communications in the form of newsletters. In the newsletters you will find invitations to events we organise, information about new products or special offers. We do not send them more often than once a month. However, you can easily unsubscribe directly by clicking the “unsubscribe” button in the newsletter or by emailing us at [email protected];
- so that we can answer your questions sent via our contact forms.
Who has access to your data
Your personal data is safe with us. We only work with partners who are demonstrably trustworthy and who can guarantee the security of your personal data. None of our partners may use your personal data for purposes other than those described in this policy, nor may they provide it to anyone else.
The third parties who may have access to your personal data are:
- persons to whom we provide data for the purpose of analysing traffic to our websites;
- persons who provide the technical operation of a service for us or the operators of the technologies we use for our services;
- persons who ensure sufficient security and integrity of our services and websites for us and who also regularly test this security;
- payment gateway operators (payment card operators) in the case of online payments;
- the shipping service providers who deliver your orders to you;
- operators of technical solutions that enable us to show you only content and advertising that is relevant to you.
Under certain legal conditions, we are then obliged to transfer some of your personal data on the basis of applicable legislation, for example to the Police of the Czech Republic, or to other law enforcement authorities, including specialized departments and other public administration authorities. In these cases, the legal basis for processing is the fulfilment of a legal obligation to which the controller is subject. The controller does not intend to transfer personal data to a third country (non-EU country) or an international organisation.
How long we process and store your data
We will only process your personal data for the necessary period of time in relation to each individual processing purpose. Therefore, we will process your personal data for as long as you use our services (i.e. for the duration of the contractual relationship between us), and subsequently for as long as necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims arising from these contractual relationships, i.e. until any claims are time-barred or any disputes have been resolved, but no longer than 10 years from the termination of the contractual relationship (taking into account the maximum statutory objective limitation period), unless another legal regulation requires the retention of contractual documentation for a longer period (the legal basis for the processing in this case is the legitimate interest of the controller).
Personal data processed on the basis of your consent as the legal basis for their processing will be archived for a period of 5 years, unless your consent to the processing of personal data is withdrawn by you. We are required by law to keep your billing data for 10 years. After the retention period has expired, the data controller will delete the personal data.
Can we process your personal data without your consent?
Yes, we may process your personal data without your consent, but only for the following purposes:
- the provision of a service or product (performance of a contract between you and us);
- compliance with legal obligations arising for us from generally binding legal regulations (e.g. we are obliged to store traffic and location data on the basis of Act No. 127/2005 Coll., on electronic communications); or
- processing that is necessary for the purposes of our legitimate interests (e.g. for direct marketing if you are already a customer; ensuring the security of our websites). The possibility and lawfulness of such processing follows directly from the GDPR and other applicable and effective laws. Direct marketing means sending out our newsletters. However, you can unsubscribe from receiving them at any time in the above-mentioned manner.
For what legal reasons we process your personal data
We may process your personal data:
- on the basis of your consent (in particular processing for direct marketing purposes where there is no order for goods or services);
- on the basis of our legitimate interest (in particular processing for direct marketing purposes);
- for the performance of the contract concluded between us, to the extent that the personal data is necessary for such performance;
- in order to fulfil our legal obligations.
Security of your personal data
Any personal information you provide to us is secured by standard procedures and technologies. We regularly review our system and use security measures that, where possible, prevent unauthorised access to your personal data and that provide sufficient security in light of the current state of technology. In order to keep your personal data secure, access to this data is password protected and sensitive data is encrypted when transmitted between your browser and our website.
Withdrawal of consent to the processing of your personal data
You may withdraw your voluntary consent to the processing of personal data at any time, free of charge, by sending an e-mail to: [email protected]. The withdrawal of consent does not always imply an obligation for the controller to erase the personal data, as the withdrawal of consent is for a specific purpose for which the personal data are processed, and the controller may process the personal data for other purposes for which it uses a legal ground for processing other than the data subject’s consent. In other words, in case of withdrawal of consent, the controller is obliged to stop processing personal data for the purposes defined in the consent. If consent was the only legal ground for processing, the destruction of the personal data will usually follow. Thus, withdrawal of consent does not affect the processing of personal data that we process on a legal basis other than consent (i.e. in particular if the processing is necessary for the performance of a contract, legal obligation or for other reasons specified in applicable law).
Am I obliged to provide my personal data? What if I do not provide personal data?
You voluntarily provide us with your personal data as well as your consent to its processing. It is therefore not your obligation to provide us with your personal data or consent to its processing. If you do not give us your consent to process your personal data or subsequently withdraw it, we may not be able to continue to provide you with some of our services or we may not be able to provide them to you in full or in quality.
Your rights in relation to the protection of personal data
In particular, you have the following rights in relation to your personal data:
- the right to withdraw their consent at any time;
- the right to correct or supplement personal data;
- the right to request restriction of processing;
- the right to object to or complain about processing in certain cases;
- the right to request data portability;
- the right of access to personal data;
- the right to contact the Office for Personal Data Protection;
- the right to be informed of a personal data breach in certain cases;
- the right to erasure of personal data (the right to be “forgotten”) in certain cases; a
- the right to erasure of personal data (the right to be “forgotten”) in certain cases;
Declaration of the administrator
The controller declares that the processing does not involve automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR.
The Controller is entitled, on the basis of its legitimate interest, to send you commercial communications with information about similar goods, services or the Controller’s business to your email address obtained in connection with the sale of a product or service, even if you do not complete the purchase but provide us with your email address.
You may opt-out of receiving these commercial communications free of charge before completing your order through the web interface or also in response to any commercial communication you receive from the Controller as described in this commercial communication.
You also have the possibility at any time to object to the processing of your personal data on the grounds of legitimate interest of the controller and personal data processed for direct marketing purposes. If you object, your personal data will no longer be processed for these purposes.
What are cookies and what types do we use
Several types of cookies can be distinguished. The first type are so-called technical cookies, which are necessary for the functionality of the website and generally do not contain your personal data. In this case, the controller does not need to obtain your consent to process them. The other types of cookies are those that contain personal data or cookies on the basis of which personal data is collected. Your consent is required for their processing. Such cookies will usually be marketing cookies in particular. Consent to the processing of your personal data contained in cookies is expressed by ticking the box next to the individual purposes for which you have chosen to give us consent to process them.
Cookies containing your personal data will be deleted in connection with your right to erasure under the GDPR no later than 13 months after their last use.
How to contact us
If you have any questions about data protection or withdraw your consent to further processing of your personal data, please contact us by email at [email protected]