Our company PODOSA s.r.o., located at Kaplanova 1780/1d, 767 01 Kroměříž, VAT: 29355303, represented by the CEO Tomáš Smutný, will process your personal data in the course of its activities. These principles set out the rules by which we will process your personal data to preserve your right to the protection of your personal data, your right to privacy, and to prevent the misuse of your personal data. We will adhere to these principles throughout the entire period in which we process any of your personal data. The rules for processing personal data outlined in these principles correspond to the obligations imposed on us by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation (hereinafter referred to as GDPR). Through these principles, we also inform you about the facts and your rights that, in accordance with the GDPR, you must be informed about, ensuring adequate transparency in the processing of your personal data. These principles establish the procedures and principles on the basis of which we will process your personal data and handle them. If anything is unclear or if you have any questions regarding your personal data, please use the contact details provided in these principles.

2.1. Reasons for Collecting Personal Data. We will collect and process your personal data solely if it is necessary for:

a) Fulfilling the contract you have entered into with us or wish to enter into.

b) Providing the service you wish to use.

c) Fulfilling legal requirements.

d) Purposes of our legitimate interests, provided that in such cases your interests or fundamental rights and freedoms requiring the protection of personal data do not take precedence.

2.2. Sending for Direct Marketing Purposes. Processing your personal data for the purpose of direct marketing - sending commercial communications, may be considered as a legitimate interest, if we already have a business relationship with you and the commercial communications are directly related to goods or services that we have already provided to you. However, you can unsubscribe from such marketing communications at any time via the link in the commercial communication or by contacting the email address provided below.

2.3. Consent. In other cases, we may only obtain and process your personal data with your explicit and voluntary consent. You can revoke your consent at any time by using the contact details provided in these principles. The specific terms of use of your personal data after giving consent are always specified in each individual consent. V ostatních případech můžeme Vaše osobní údaje získávat a zpracovávat pouze s Vaším výslovným a svobodným souhlasem. Váš souhlas můžete kdykoliv odvolat prostřednictvím kontaktních údajů uvedených těchto zásadách. Konkrétní podmínky využití Vašich osobních údajů po udělení souhlasu jsou vždy uvedeny v každém jednotlivém souhlasu.

2.4. Acquiring Personal Data. We do not obtain your personal data from publicly accessible sources, but always directly from you or from third parties who cooperate with us and have obtained your personal data in accordance with the law and are authorized to pass them on to us. In both cases, we will adhere to these Principles. We may either explicitly request your personal data from you or obtain them when you register for our services, enter into a contract with us, or use a service. Alternatively, you may provide us with your personal data by filling out forms on our website or by communicating with us via phone, email, online discussion, or other means. Some of this information may also be collected automatically with your consent, for example through the use of cookies when you visit our website. We will always inform you of the specific reason for processing your personal data in each individual case. This information is either provided directly in the contract being concluded, in the terms of service, or in these principles. Alternatively, you may contact us at any time to inquire about the reasons for processing your personal data using the contact details provided below.

We primarily use your personal data to provide you with our services, fulfill concluded contracts, meet legal requirements, notify you of changes to our services, improve our services, enable us to enter into or fulfill the requested contract with you, or to meet legal requirements. With your consent, we may also use this information to inform you about other services and products offered by us or selected third parties that may interest you or that you may wish to use. We will always inform you about any other possible uses of your personal data.

4.1. Transfer for Processing. We will not disclose your personal data to anyone outside the cases described in these Principles. Your personal data will be accessible to employees of our company who will be authorized to work with this personal data. All employees who will have access to your personal data are bound by written confidentiality agreements, therefore your personal data may not be spread anywhere. These employees are also carefully selected and properly trained to know how to handle your personal data and under what conditions your personal data may be processed. We will then transfer your personal data to certain third parties if necessary. These persons are called processors. Our company is responsible for ensuring that these processors provide appropriate guarantees for the processing of your personal data. We carefully select all processors. Processors will also be contractually obligated to fulfill all their obligations, thereby contractually ensuring that your personal data will be adequately protected and the risk of misuse minimized. If you give us your consent, we may then also transfer some information to selected third parties to inform you about services and products offered by us or selected third parties that may interest you.

4.2. Third Parties - Processors to Whom Personal Data Will Be Transferred.   Processors primarily include our accountants, legal advisors, tax advisors, marketing advisors, and other consultants and collaborating companies. We may also share your personal data with other third parties in order to prevent crime and reduce risks, as required by law, and where we deem it appropriate, in response to legal proceedings, or to protect the rights or property of our company, our partners, or you.

4.3. Transfers Outside the EU Your personal data is not transferred to countries outside the European Union or to international organizations, except in situations where they are transferred there for the purpose of better data backup and protection.

We process your personal data only for the necessary period. If your personal data are no longer needed for the purposes of processing, we will promptly erase them. If we process your personal data based on your consent, the processing period is specified in this consent. If we process your personal data due to legal provisions, we process them for the period required by law. If the law requires the archiving of certain data, we will archive your personal data in accordance with the law for the required period. If we process your personal data due to the conclusion of a contract or the provision of a service, we will process your personal data for the duration of the performance of this contract or the provision of the service and for an additional 10 years after the termination of the contract or the provision of the service. However, during this period, we will only process your personal data for the purpose of defending against potential legal claims or conducting legal proceedings. The 10-year period corresponds to the maximum statutory limitation period during which claims can be successfully asserted in court. If legal or other proceedings are initiated requiring your personal data, we will continue to process them for the duration of these proceedings, including any enforcement and subsequent related proceedings.

7.1. Right to Information.   At any time, you may request us, using the contact details provided below, to send you confirmation of whether we process any of your personal data, and if so, you have the right to access this information:

a) Purposes of Processing Your Personal Data and Their Categories.
b) Recipients and Processors of Your Personal Data.
c) Duration of Storage of Your Personal Data, and if the period cannot be determined, the criteria used to establish this duration.
d) Personal data for which you can request deletion or restriction of processing and object to such processing.
e) Right to lodge a complaint with the supervisory authority.
f) Sources of personal data if they were not obtained from you.
g) Whether there is automated decision-making or profiling. Upon request, we will provide you with copies of your processed personal data. If you request additional copies, you may be charged the amount of the costs incurred. If you request in electronic form, copies will be provided to you in electronic form unless you request otherwise. However, we reserve the right to request verification of your identity to ensure that these personal data-related information does not reach an unauthorized person. We will try to provide you with this information as soon as possible, depending on the extent of the information you requested. However, no later than within 30 days.

7.2. Right to Rectification.   If you discover that any of your personal data we have is inaccurate, incorrect, or incomplete, you have the right for us to promptly correct or complete these personal data after you inform us of the issue.


7.3. Right to Erasure – You have the right for us to erase your personal data without undue delay if:

7.4.

Right to Restriction of Processing. You have the right for us to restrict the processing of your personal data if:

a) You inform us that your personal data is inaccurate, and this until the accuracy of the personal data is verified.

b) We are processing your personal data unlawfully, but you request restriction of their use instead of deletion.

c) We will no longer need your personal data, but you will request them for the determination, exercise, or defense of legal claims.

d) You have objected to the processing, and this until it is verified whether the objection is justified. During the restriction of processing, your personal data may only be stored and otherwise processed based on your consent, for the establishment, exercise, or defense of legal claims, or for reasons of public interest.

7.5. Right to Object. You have the right to object to the processing of your personal data if we process it for direct marketing purposes. The objection must be sent to us in writing or by email. If you object to the processing for direct marketing purposes, we will no longer process your personal data for this purpose unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.


7.6. Right to Data Portability.   If you request it, we will provide you with your personal data in a structured, commonly used, and machine-readable format so that you can transmit it to another controller. Additionally, if technically feasible, you may request us to transmit your personal data directly to the controller you designate.


7.7. Right to Lodge a Complaint. You have the right to lodge a complaint at any time regarding the processing of your personal data or our failure to fulfill our obligations under the GDPR with the supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

Our company has implemented personnel, organizational, and technical measures to eliminate various risks to your rights, freedoms, and the protection of your personal data. To this end, we have provided training to all employees who handle personal data. Additionally, all personal data in physical form is secured against unauthorized access. For personal data stored electronically, we adhere to security standards and ensure they are protected against unauthorized access as well. Furthermore, we have conducted a risk analysis to prevent risks and have taken appropriate measures accordingly.

Within our company, we have a data protection officer who is responsible for the protection of personal data. You can contact this person regarding any issues related to your personal data and to exercise your rights. They are available at the contact email poverenec@podosa.cz.

In case of any requests, demands, comments, or uncertainties, you can contact us via email at gdpr@podosa.cz, or in writing at the address of our company headquarters.