In accordance with Act No 101/2000 Coll., on the protection of personal data and on amendments to some acts and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), I hereby consent to the processing of my personal data by the controller (as further defined herein) under the conditions specified below.
1. Principles of Personal Data Processing
When processing personal data, we honour and respect the highest data protection standards and particularly comply with the following principles:
(a) we always process personal data for a clearly and comprehensibly established purpose, by established means and using an established method, and only for the absolutely necessary period of time with regard to the purposes of its processing. We only process precise personal data and we are certain that its processing corresponds to the established purposes and is essential for fulfilling those purposes;
(b) we protect personal data, which means that we process it in a manner which ensures the highest possible protection of the data and which prevents any kind of unauthorised or accidental access to personal data, changes to the data, loss or destruction, unauthorised transfers, any other unauthorised processing and any other abuse;
(c) we always provide comprehensible information on personal data processing and on requirements for precise and full information on the circumstances of the processing, as well as on other related rights of data subjects;
(d) we take appropriate technical and organisational steps in order to assure a level of security corresponding to the possible risks. All persons who come into contact with personal data are obliged to maintain confidentiality on information obtained in connection with the processing of such data.
2. Information on Personal Data Processing
2.1. Information on the Controller
The personal data controller is the limited liability company ADDLAND, s.r.o., Organisation ID No: 272 53 589, with its registered seat at the address Prague 6 – Dejvice, Synkovská 1327/6, post code: 160 00, listed in the Commercial Register maintained by the Municipal Court of Prague, Section C, File 107884 (hereinafter referred to as “the Controller”),
2.2. Purposes and Legal Basis for Processing
2.2.1. Processing Personal Data without Consent
This generally concerns situations where clients are obliged to submit certain personal data as a condition so that we can provide our product or service, or in cases where we have obtained the authorisation to process personal data by other means.
(a) by law, we are authorised to process personal data without consent for the following purposes in order to comply with our legal obligations, in particular:
(i) prevention of fraudulent behaviour;
(ii) fulfilment of notification requirements towards public authorities;
(iii) fulfilment of obligations regarding the enforcement of a ruling;
(iv) fulfilment of archiving obligations;
(b) entry into or the performance of a contract
This particularly concerns the implementation of a transaction or other performance of a contract between our company and a client. Personal data is required, among other things, for us to implement a transaction without disproportionate legal risks, including for negotiations for entry into a contract or an amendment to a contract;
(c) protection of rights and interests protected by law, especially for:
(i) the protection of the rights and legally protected interests of our company, authorised beneficiaries or other relevant persons, for example, when documenting facts which our company is obliged to prove to third parties, when recovering receivables, when securing receivables or otherwise enforcing claims, or when expanding and developing services provided;
(ii) negotiations with parties interested in the assignment of a receivable of our company from a client or in another form of transfer or changeover of a receivable, including the related implementation and other follow-up negotiations with third parties;
(iii) the resolution of any disputed administration, particularly for the purposes of managing litigation or other disputes.
2.2.2. Processing Personal Data with Consent
This particularly concerns situations where a client voluntarily grants consent for our company, as the Controller, to process provided or otherwise obtained personal data. If consent is not granted, this may mean that our company is unable to provide certain products or services or will be obliged to reasonably adjust the availability, scope, or conditions of the provision of products or services.
On the basis of granted consent, our company processes personal data for the following purposes:
(a) customer care; this concerns activities which do not constitute the performance of a contract or other statutory framework for personal data processing and which include the following operations:
(i) market research;
(ii) monitoring client behaviour on our company website in connection with offered services (this purpose does not, therefore, only concern the mere acquisition of information on the behaviour of users visiting our website using cookies, which is described below in the article on Means of Electronic Communication and Mobile Applications);
(b) offers of products and services; this particularly concerns the dissemination of information, offers of products and services of our company and those of other persons, including offers of products and services targeted at individual clients through various channels, e.g. by post, by electronic means (including e-mail and messages sent to a mobile device via a phone number), by phone and via a website. To a certain extent, in such cases our company is also authorised to offer products and services without obtaining consent. If it ensues from law, clients shall be notified of the right to express their non-consent to further offers of goods and services. In this regard, personal data can also be submitted to third parties for the purpose of disseminating information and offering products and services of such third parties.
2.3. Scope of Processed Personal Data
Our company processes personal data in the necessary scope for fulfilling the above specified purposes. We particularly process contact and identification data, data relating to creditworthiness, trustworthiness and payment history, descriptive and other data, and in the necessary and authorised scope, data on other persons. Further information on personal data processing is specified in the integral Annex No 1 to the Information Memorandum.
Certain specific personal data categories and the means of their processing:
Birth numbers, if assigned, are processed so that we can implement a transaction without disproportionate legal and material risks for our company. If the processing of a birth number should be required for other purposes, this shall only be carried out with the consent of the client as the data subject.
Copies of Documents
Given the necessity of properly identifying a client due to possible claims for payments, our company must process, among other things, certain data on personal documents and, therefore, with consent, we also make copies of such documents and subsequently store them.
Records of Communications
Our company monitors and records selected communications, especially telephone calls. We always provide prior warning in the case of making a recording. The content of such communications is confidential and is used solely for the purposes of adhering to legal obligations, entering into or performing contracts, and protecting rights and legally protected interests.
Primarily on the premises of the club Goldfingers Prague, where services are provided to clients, our company monitors the movement of persons. Camera recordings are made solely for the purposes of adhering to legal obligations, entering into or performing contracts, and protecting the rights and legally protected interests of our company, its clients, or third parties. If recordings are not assessed as necessary for the purposes of criminal, administrative, or other similar proceedings, our company will dispose of them. The necessary assessment shall be carried out without undue delay, no later than seven (7) days after making a recording, and in the case of those recordings that have been stored, further assessments shall be continuously carried out.
2.4. Method of Personal Data Processing
The method by which our company processes personal data comprises both manual and automatic processing, including algorithmic processing, in our company’s information systems. Another method which our company uses to process personal data is automated evaluation (profiling) of a client’s personal data. This process also creates derived data on the client. We particularly use this method for the purposes of complying with our legal obligations and protecting the rights and legally protected interests of our company, its clients, or third parties. To a certain extent, however, our company can also use the results of relevant evaluations when preparing individualised products and services.
Personal data is primarily processed by employees of our company and, to the necessary extent, also by third parties. Prior to handing over any personal data to a third party, we always enter into a written contract with this party. The contract contains the same guarantees for personal data processing which our company itself ensures in compliance with its statutory obligations.
2.5. Recipients of Personal Data
The personal data of our clients is accessible, in particular, to employees of our company in connection with the performance of job duties which require the handling of clients’ personal data, however, only to the absolutely necessary extent in each particular case and while observing all security measures.
In addition, personal data is also handed over to third parties who participate in the processing of the personal data of our company’s clients. Such data may also be made accessible to such entities for other reasons in accordance with the law. Prior to handing over any personal data to a third party, we always enter into a written contract with this party. In such a contract, we regulate personal data processing so that it contains the same guarantees for personal data processing which our company itself ensures in compliance with its statutory obligations.
2.5.1. In accordance with applicable legislation, our company is authorised or directly obliged, without consent, to hand over personal data:
(a) to relevant government bodies, courts and law enforcement authorities for the fulfilment of their obligations and the enforcement of rulings;
(b) to other entities to the extent stipulated by legislation, e.g. to third parties for the purpose of recovering our receivables from clients.
2.6. Transfer of Personal Data to Other Countries
Personal data is processed within the Czech Republic, where they are processed with the use of our company’s servers as well as Microsoft cloud services provided within the European Union.
2.7. Duration of Personal Data Processing
Our company only processes personal data of our clients for the absolutely necessary period with regard to the purpose of its processing. We continuously assess whether it is still necessary to process certain personal data required for a particular purpose. If we discover that data is no longer required for any of the purposes for which it has been processed, we will dispose of the data. Internally, however, in relation to certain purposes for personal data processing, we have already assessed a typical period of usability for data, during which we carefully assess the need to process the relevant personal data for the given purpose. In this regard, it also applies that personal data processed for the purposes of:
(a) the performance of a contract, we process data for the duration of the contractual relationship with the client; further, the relevant personal data is typically usable for a period of ten years;
(b) offers of products and services, we process data for the duration of the contractual relationship; further, the relevant personal data is typically usable for a period of ten years; if, in this regard, personal data is handed over to third parties, the duration of processing shall be determined by such third parties in compliance with valid legislation and the rules specified in the Information Memorandum;
(c) customer care, we process data for the duration of the contractual relationship with the client; further, the relevant personal data is typically usable for a period of ten years.
2.8. Right to Withdraw Consent
Clients are not obliged to grant our company their consent to the processing of personal data and, at the same time, are entitled to withdraw their consent. We remind you that we are authorised to process some personal data for particular purposes without consent. If, in such a case, a client withdraws his/her consent, we will terminate processing of the relevant personal data for the purposes requiring the relevant consent, however, we may be authorised or even obliged to process the same personal data for other purposes.
If you do not grant or withdraw your consent, we can:
(a) adjust the accessibility, scope or conditions of our products or services in a corresponding manner, or
(b) refuse to provide you with our products or services if we find such consent to be essential for the provision of a product or service under the particular conditions.
Should you wish to withdraw your consent to the processing of your personal data, please contact us in writing at the company address ADDLAND, s.r.o., Prague 6 – Dejvice, Synkovská 1327/6, post code: 160 00.
2.9. Sources of Personal Data
We particularly obtain personal data:
(a) from clients themselves, both directly, e.g. when entering into contracts concerning the provision of products or services, or indirectly, e.g. when using products or services themselves, or as part of making products or services accessible e.g. via a website, etc.;
(b) from publicly accessible sources (public registers, records or lists);
(c) from third parties authorised to handle personal data and to transfer it to our company while meeting established conditions;
(d) from potential persons interested in the services of our company within marketing events and campaigns;
(e) from our own activities, specifically by processing and evaluating other personal data of clients.
2.10. Right of Access to Personal Data and the Protection of Rights
If you ask us for information concerning personal data processing, we will provide you with all information on which of your data we are processing without undue delay. For the provision of such information, we are entitled to request proportionate reimbursement of costs invested for that purpose.
If you discover or suspect that our company or a third party which participates in data processing is carrying out personal data processing in a manner which contravenes the protection of your private life or is in violation of the law, especially if such data is inaccurate, you can:
(a) request an explanation from our company or the third party which participates in data processing;
(b) request that the situation be rectified; in particular you can request that corrections or additions be made to the personal data. If necessary, such data may be temporarily blocked or disposed of.
If we find your request to be justified, our company or the third party which participates in data processing shall rectify the situation promptly and free of charge.
3. Means of Electronic Communication and Mobile Applications
As part of customer care, our company develops technology so that you can make use of our products and services using modern electronic means of communication and mobile applications. This particularly concerns services connected with the use of the internet, social networks and various mobile applications. At the same time, we are aware of the particular nature of the provision of our products and services, and so we take great care to protect personal data during the use of such media and applications.
Mobile applications. For greater accessibility of our products and services, our company can offer mobile application services including, in particular, a reservation system (hereinafter referred to as “Mobile Applications”). A Mobile Application is also a service through which information on our company’s products and services is available, including individual offers. In this regard, we process selected data concerning a mobile device which you use for Mobile Application services. We process all personal data obtained during the use of a Mobile Application in compliance with the conditions and principles specified in this Information Memorandum.
Social Networks. Our company can also address clients via various social networks. We mostly use such communications channels as marketing tools. These do not currently serve for the provision of our products and services. If this changes in the future, similar rules shall apply to social networks as in the case of Mobile Applications.
4. Information Memorandum
This Information Memorandum shall enter into force and effect as of 24 May 2018. The current version of the Information Memorandum is published on our company’s website.
Annex No 1 – Scope of Processed Personal Data
1. Identification data – includes, in particular, some or all of the following data: name, surname, date and place of birth, birth number, permanent residence, type, number and expiration date of ID; for a client who is a natural person – entrepreneur, also ID number and VAT ID number. Other possible identification data includes information on the IP address of a used computer, a specimen signature, or the number of a bank account or credit (debit) card used to pay for our products and services.
2. Contact data – contact addresses, telephone numbers, e-mail addresses, fax numbers, or other similar contact data.
3. Essential data for making a decision on entry into a contract – this concerns data which is necessary, above all, for risk assessment as regards prevention of the legitimisation of the proceeds of crime and financing of terrorism, as well as data collected for business risk assessment.
4. Data arising from the performance of contractual obligations – depending on the nature of the provided product or service, we process data which concerns said product or service.
5. Personal data obtained in connection with the provision of our products and services – this concerns data obtained through mutual interactions. It concerns in particular:
(i) data which serves for ensuring communications security;
(ii) geolocation data, i.e. data on a geographical location;
(iii) records of your preferred language for communications, on interest expressed in a product or service, or on specific requirements which have been communicated to us.