Personal data are processed to the extent that the relevant data have been provided by the entity to the Administrator, namely in connection with the conclusion of a contractual or other legal relationship with the Administrator, due to a legitimate interest, or that the Administrator has collected otherwise and processes them in accordance with applicable law or to fulfill the legal
obligations of the Administrator.

3. Sources of personal data

• Directly from entity (registration, web contact forms and chat, e-mails, telephone, websites, business cards, etc.)
• Publicly accessible registers, lists and records (e.g. Commercial Register, Trade Register, Land Register, etc.)
• Automated records of electronic communication based on Act No. 127/2005 Coll. and   Decree 357/2012 Coll.

4. Categories of personal data that are the subject of processing

• Address and identification data used for conclusively and unmistakable identification of the entity (e.g. name surname, title, or birth number, date of birth, permanent residence address, ID, VAT number) and data enabling contact with the entity (contact details – e.g. contact address, telephone number, e-mail address and other similar information).
• Descriptive data (e.g. bank details).
• Other data necessary for the performance of the contract.
• Data provided beyond the scope of the relevant laws processed within the framework of the consent granted by the entity (processing of photographs, use of personal data for the purpose of personnel management, for the purpose of sending business communications or information messages, etc.).

5.Purpose of personal data processing

• The purposes contained in the entity's consent.
• Negotiation of a contractual relationship.
• Performance of the contract.
• Protection of the rights of the Administrator, the beneficiary or other persons concerned (e.g. recovery of the Administrator's claims).
• Archiving conducted on the basis of the law.
• Selection procedures for vacancies.
• Fulfillment of legal obligations by the Administrator.

6. Method of processing and protection of personal data

The processing of personal data is carried out by the Administrator. Processing is carried out in its premises, branches and registered office of the Administrator by individual authorized employees of the Administrator, or by the processor. The processing takes place by means of computer technology, or even in a manual manner for personal data in paper form, while observing all security principles for the management and processing of personal data. For this purpose, the Administrator has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their change, destruction or loss, unauthorized transfers, their unauthorized processing, as well as other misuse of personal data. All entities to whom personal data may be disclosed respect the right of data subjects to privacy protection and are obliged to proceed in accordance with the applicable legislation regarding the protection of personal data.

7. Method of processing and protection of personal data

The processing of personal data is carried out by the Administrator. Processing is carried out in its premises, branches and registered office of the Administrator by individual authorized employees of the Administrator, or by the processor. The processing takes place by means of computer technology, or even in a manual manner for personal data in paper form, while observing all security principles for the management and processing of personal data. For this purpose, the Administrator has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their change, destruction or loss, unauthorized transfers, their unauthorized processing, as well as other misuse of personal data. All entities to whom personal data may be disclosed respect the right of data subjects to privacy protection and are obliged to proceed in accordance with the applicable legislation regarding the protection of personal data.

8. Duration of personal data processing

In accordance with the deadlines specified in the relevant contracts and consents, the deadlines prescribed for handling in the case of legitimate interests of the Administrator or a third party, in the relevant legal regulations it is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.

 9.Instruction

The Administrator processes the data with the consent of the entity, except in cases stipulated by law where the processing of personal data does not require the consent of the entity, i.e. when there is another legal basis for the purpose of the processing. In accordance with Article 6. paragraph 1 GDPR, the Administrator may process the following data without the consent of the entity:

• processing is necessary for the performance of a contract to which the entity is a counterparty or for the performance of measures taken prior to the conclusion of the contract at the request of the entity,
• processing is necessary to comply with a legal obligation to which the Administrator is subject,
• processing is necessary to protect the vital interests of the entity or of another natural person,
• processing is necessary for the performance of a task carried out in the public interest or in the execution of official authority for which the Administrator is authorized,
• processing is necessary for the purposes of the legitimate interests pursued by the Administrator concerned or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the entity requiring the protection of personal data.

10. Rights of entities

1. In accordance with Article 12 of the GDPR, the Administrator shall, at the request of the entity, inform the entity of the right of access to personal data and the following information:

• the purpose of the processing,
• the category of personal data concerned,
• the recipients or categories of recipients to whom the personal data of the entity have been or will be disclosed,
• the planned period for which the personal data will be stored,
• all available information on the source of personal data,

if they are not obtained from the entity, whether automated decision-making, including profiling, takes place. The Administrator has the right to request reasonable compensation for the provision of information, not exceeding the costs necessary to provide the information, for the second and each additional copy within the administrative costs associated with it. 

1. Any data of the entity who discovers or believes that the Administrator or processor carries out processing of his or her personal data which is contrary to the protection of the private and personal life of the entity or contrary to the law, in particular if the personal data are inaccurate with regard to the purpose of their processing, may:

• Ask the Administrator for an explanation.
• Require the Administrator to remove the resulting condition. In particular, this may include blocking, correcting, supplementing or deleting personal data.
• If the entity’s request pursuant to paragraph A. is found to be justified, the Administrator shall immediately remedy the defective condition.
• If the Administrator does not comply with the entity's request under paragraph A., the entity has the right to contact the supervisory authority directly, i.e. the Office for Personal Data Protection.
• The procedure referred to in paragraph A. does not exclude the entity from addressing his or her complaint directly to the supervisory authority.

1. The entity has the right to withdraw its consent to the processing of personal data previously granted to the Administrator. 

1. The rights of entity are therefore: to exercise the right to rectification, to erasure, to forgetting, to restriction of processing. Furthermore, the right to remotely handle the data if technically or organizationally feasible.