Personal Data Processing Information

The Controller POPP s.r.o, ID: 25507869, registered at náměstí Okružní 828, 696 15 Čejkovice, registered in the Commercial Register maintained by the Regional Court in Brno, file ref. C 27268 (hereinafter the "Controller"), hereby informs data subjects, pursuant to Act No. 110/2019 Coll., on the processing of personal data, as amended (hereinafter the "Act"), and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the "Regulation"), about the processing of personal data that the Controller may process about data subjects.

Data Controller Contact Details

The Controller can be contacted either in writing at the registered office address or electronically:

by e-mail: info@popp.cz
via data box: uaft4i6

The Controller is entitled to request proof of identity from the contacting person in order to ensure the protection of personal data; for the same reason, all communication between the Controller and the contacting person may be monitored.

Processed Data and Scope of Processing

The Controller will process the provided personal data in accordance with the Act and the Regulation to the extent to which they were provided to the Controller and only in connection with the purpose of processing.

In particular, the following personal data will be involved:

contact details — e.g. e-mail address, telephone number, bank details, contact address, etc.,
data provided beyond the scope of relevant legal regulations, processed on the basis of the data subject's consent to the processing of personal data.

Purpose of Personal Data Processing

The personal data provided to the Controller may be processed for the purpose of:

performance of a contract concluded between the Controller and the data subject,
mediation or preparation of legal documents necessary for the execution of a contract between the Controller and the data subject or contractual obligations arising from such a contract,
fulfilment of the Controller's legal obligations and legitimate interests,
communication between the Controller and the data subject, sending newsletters and other commercial communications with updates on the Controller's activities or activities and events related to the Controller's services, sending promotional e-mails, all in writing and by electronic means (in particular e-mail, SMS, telemarketing) pursuant to Act No. 480/2004 Coll., on certain information society services, as amended,
offering goods and services of the Controller or other entities whose services or products relate to the Controller's services,
other marketing activities of the Controller.

Legal Basis for Personal Data Processing

Personal data are thus processed by the Controller on the basis of the following legal titles:

consent of the data subject,
necessity of processing personal data for the performance of a contract concluded between the Controller and the data subject, if such a contract has been concluded,
necessity of processing personal data for compliance with a legal obligation applicable to the Controller,
necessity of processing personal data for the purposes of the Controller's legitimate interests.

In the case of granting consent to processing, such consent is entirely voluntary; there is no legal obligation to provide it and there is no penalty for not providing it.

Duration of Personal Data Processing

Personal data will be processed for the duration of the contractual relationship and subsequently for a further 10 years, or for a period in accordance with the applicable legal regulations of the Czech Republic on document archiving (if such a period is longer).

Personal data provided to the Controller on the basis of the data subject's consent will be processed for an indefinite period, until the consent to their processing is withdrawn.

Persons Authorised to Process Personal Data

The processing of personal data is carried out by the Controller, or by third parties who provide means and guarantees of appropriate and proper processing of personal data, data security and protection of your rights (hereinafter the "Processors"). The Processors will have direct access to your personal data only for the time strictly necessary and only to the extent strictly necessary for the implementation of processing. The Processors are:

IT system administrators and software service providers,
external partners — providers of payroll and accounting services, financial, tax and legal advisory services, etc.

Recipients of Personal Data

The Controller informs that the data subject's personal data may be transferred to third parties on the basis of a legal obligation. These third parties are in particular:

public authorities, administrative bodies, courts, the Czech Social Security Administration, health insurance companies,
external partners — providers of payroll and accounting services, financial, tax and legal advisory services, etc.

Data Subject Rights

In relation to personal data that are subject to processing, the data subject has in particular the following rights:

the right to be informed about the processing of their personal data,
the right of access to personal data,
the right to have personal data corrected or supplemented,
the right to erasure of personal data (the so-called "right to be forgotten"),
the right to request restriction of processing,
the right to request data portability to another controller,
the right to object to the processing of personal data,
the right not to be subject to automated individual decision-making with legal or similar effects, including profiling,
the right to be informed of a personal data breach in certain cases,
other rights set out in the General Regulation.

Consent to the processing of personal data may be withdrawn at any time during the period of processing. The withdrawal of consent must be delivered in writing or by electronic communication (e-mail, data box) to the Data Controller. The effects of the withdrawal of consent begin from the day the withdrawal is delivered to the Data Controller and do not apply to the processing of personal data that is necessary and takes place on the basis of a legal ground other than such consent.

Right to Lodge a Complaint with a Supervisory Authority

If the data subject has doubts about compliance with the principles contained in this document or in the General Regulation, or suspects that the activities of the Data Controller are violating their rights, they have the right to lodge a complaint against the Data Controller with the relevant supervisory authority (the Office for Personal Data Protection).

Objections to Personal Data Processing

Objections to the processing of personal data may be filed for the reasons stated in the Act and the Regulation. In cases where the option to file an objection is exercised, the Controller shall no longer process the personal data, unless it has a legitimate interest or the processing of personal data serves the public interest.

Personal Data Security

Personal data provided for processing will be secured by security procedures and technologies determined by the Controller for this purpose, which have been assessed as appropriate and adequate.

In the event of a security breach and possible disclosure of the data subjects' personal data, the Controller will immediately inform the data subject as well as the relevant supervisory authority, in accordance with the obligations set by legal regulations.

Consent granted in electronic form (in particular by confirming or "clicking" consent via the internet or another electronic network) is considered unambiguous, specific and genuine consent, granted by its provider in a form equivalent to written consent.