personal data protection principles

 

MARLENKA International s.r.o., Company Reg. No. 259 00 706, with its registered office Valcířská 434, Lískovec, 738 01 Frýdek-Místek, entered in the Commercial Register under the file no. C 25098 maintained by the Regional Court in Ostrava (hereinafter also referred to as “We”), as the Controller of your personal data, informs you, our customers, suppliers, distributors or visitors to our web site https://www.marlenka.cz/, about the processing of personal data and privacy protection principles described below.

We believe that your personal data protection is very important, that is why we will always observe the principles as regards our relations. When using our services we want to make sure that you find your personal data processing by us absolutely clear, transparent and that you know all your rights.

In these Personal Data Protection Principles (“Principles”) we explain:

  • ·                which personal data we will process;
  • ·                how we use the collected personal data and what the legal basis is;
  • ·                who has access to your personal data;
  • ·                how long we will process your personal data;
  • ·                how we maintain security of your personal data; and
  • ·                what your rights related to your personal data protection are.

If you need any part of the text explained, if you need consultation or if you want to discuss further processing of your personal data, feel free to contact us anytime at the following e-mail address: . We will do our best to answer any of your questions regarding the processing of your personal data performed by us.

1.       WHICH PERSONAL DATA WE WILL PROCESS

We process the following information:

  • ·                Data contained in your CV which you sent, especially your education level, your hobbies or your employment history and working experience.
  • ·                Personal data which your provide us with. It concerns your personal data which you provide us with when you communicate with us. These are the data arising from concluded contracts regarding our products, when you contact us (either using our web sites or otherwise) and when you send your requests and suggestions to us, when you provide or fill in certain data about yourselves, when you provide us with your personal data for the purpose of invoicing and also when you report harmful events.
  • ·                Personal data which we obtain, when you subscribe to our products. We collect information about the selection of products which you order from us and how you use our services, i.e. from the visit to our web site to the final order of our products. It concerns the following information:

o      Information about your activity on our web sites. When you visit our web sites, your activity is recorded. We use the cookies technology to analyse traffic on our web sites. When you visit our web, we collect information about your behaviour on the web, such as the number of pages visited, the length of your visit, visited pages, repeated visits, etc. This information is never connected to any of your personal data, such as the data you complete in the forms or your IP address. Further information about using cookies is specified in Appendix A of these Principles.

  • ·         Personal data we collect when you visit the registered office of our company or our Customer Centre. On the premises there is a CCTV camera system with recording in order to protect our property and your health as well as health of our employees. The CCTV camera recordings are stored only for the necessary period of time and access to them is strictly restricted.

Please note, that our web sites are not for children under 16. We never process personal data of children under 16 as a matter of principle. However, children under 16 can visit our Customer Centre, where they are recorded by our CCTV camera system. However, they are clearly informed about this fact in the forms of pictograms and other signs near the entrance to our Customer Centre.

2.       HOW WE USE THE COLLECTED PERSONAL DATA AND WHAT THE LEGAL BASIS IS

  • ·                Any data which you provide (disclose) to us, are used in order to provide you with our services and our products, to be able to contact you and give you information you requested or information which we believe you may be interested in, e.g. sending price quotation for the next period. We also use the information we collect to send business messages, i.e. to inform you about events, planned changes or new products which we provide.
  • ·                Information acquired from the cookie files (when visiting our web sites) are used to improve the user environment of our web sites and the overall quality of our services. To achieve this we use several services of third parties (see Appendix A – USING COOKIES ON OUR WEB SITES, including 3.2 – Functions of Third Parties).  For example, if we save your language settings, we will be able to show the services in your preferred language. When personalized advertisements are shown, we will not match the identifier from cookies or similar technologies to your personal data. Your IP address is used to identify the city where you visit our web sites from in order to get a better understanding of the behaviour of our web sites’ visitors.
  • ·                Information obtained from third parties (Central Register of Executions, Insolvency Register) can be used to provide our services and to protect our legitimate interests protected by law.

Your personal data are processed in accordance with the aforesaid Principles based on the performance of a contract or your request, based on the performance of our duties imposed by law, our legitimate interest or based on your potential consent granted with respect to particular processing. Before we use any information for the purpose not specified in these Principles, it is always assessed if your consent is required. In such case we will inform you and ask for your consent.

Our legitimate interests based on which we process your personal data are based on our mutual relationship. Our legitimate interests as regards processing of your personal data are especially the following:

  • ·                Contacting and informing you as part of our mutual business contact, including any potential realization of direct marketing;
  • ·                Improving our products which you have bought;
  • ·                Promoting our services and products;
  • ·                Learning about and solving any issues which may occur when our products are consumed or in the case you are dissatisfied with the quality;
  • ·                Making statistics based on your motions and questionnaires which will enable us to adjust our products to our customers;
  • ·                Keeping records of your economic situation;
  • ·                Providing customer support services efficiently; and
  • ·                Protecting your and our legal claims.

Your personal data are used in our internal documentation where we keep records about where we store your personal data, how they are secured, if your data were deleted, who deleted them in our company and when, so as to we are able to present our compliance with the legal regulations in the area of personal data protection and we also could perform our other duties arising from other legal regulations.

Processing of your personal data for the purpose of sending you business messages can be refused anytime without affecting our other mutual relationships. If you are not sure if you have given consent with sending such messages or if you want to withdraw your consent, just send us an e-mail with your request at , or another e-mail address which we used to send you our business messages. The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

3.       WHO CAN ACCESS YOUR PERSONAL DATA

Our company cares about the protection of your personal data; that is why we transfer personal data to third parties only for the aforesaid purposes and only to the extent strictly necessary. If we transfer your personal data to third parties, we always do it based on adequate contracts concluded with respective persons or based on general business conditions, so that we can check how third parties deal with your personal data.

Your personal data can be accessed by the below mentioned providers whose services we use to enhance the quality of our services:

  • ·                server, web, cloud or IT services – companies in the Moravian-Silesian Region
  • ·                state administration bodies in accordance with our compliance with our legal obligations, especially the Financial Administration of the Czech Republic;
  • ·                legal services – law office in Frýdek-Místek
  • ·                accounting and tax services – a company in the Moravian-Silesian Region
  • ·                banking services – banking institution with its seat in Prague
  • ·                marketing services – marketing offices operating in the Czech Republic
  • ·                audit services – audit companies operating in the Czech Republic

Your personal data are processed in the European Union territory and they are not transmitted outside this territory.

4.       HOW LONG WE WILL PROCESS YOUR PERSONAL DATA

Your personal data will be processed only for as long as necessary for the performance of the aforesaid purposes they were collected for – providing services and products, completing the requested transactions or other necessary purposes, such as our compliance with our legal obligations, dispute resolutions and legal enforcement of our agreements. These needs may vary in the context of various products that is why the actual period for storing information can vary significantly. Among the criteria, based on which the time period for storing information is determined, there are the following:

  • ·                How long are personal data necessary in order to provide products and how long do we need them for our company’s operations? It includes activities such as maintaining and improving performance of the products, maintaing our systems security and observing relevant business and financial records. This rule is generally applicable and in most cases it is the basis for determining how long the data will be stored.
  • ·                Do you provide your data and expect that we will store them until you explicitly ask for them to be deleted? If so, we will store them for the period you required.
  • ·                Are these personal data sensitive? If so, generally it is appropriate to shorten the period for storing the data.
  • ·                Have we implemented and informed you about a specific period for storing certain type of data? If so, we will never exceed it.
  • ·                Have you given your consent with extending the period for storing information? If so, we will store the data in compliance with your consent.
  • ·                Do any legal, contractual or similar obligations as regards storing the data apply to you? Among the examples there are the laws governing mandatory storing of data, government decree to store data connected with investigation or data which are necessary to store for the purposes of a lawsuit.

5.       HOW IS THE SECURITY OF YOUR PERSONAL DATA MAINTAINED

We are aware of the fact that it is our important obligation towards you to secure your personal data to make sure they are not abused. That is why we use efficiently the best possible safeguards to prevent any abuse or unlawful access to your personal data or transfer thereof.

However, if any security incident occurs despite our efforts and such incident could pose high risks for your rights and freedoms, we will notify you thereof immediately via the e-mail address you provided and also by publishing such information on our web sites including any and all necessary particulars.

In order to safeguard your personal data we have taken the following measures:

  • ·                Organizational security. We put emphasis on securing your personal data against human factor risks, especially:

o      We have implemented and maintained directions and documents concerning internal security;

o      We organize regular trainings of our employees and other workers focusing on the rules as regards working with personal data and information security risks;

o      Liability of our employees, external workers, suppliers and other third parties who have access to your personal data is stipulated in contracts;

o      We have implemented and maintained standardized processes concerning work with your personal data.

  • ·                Technical measures. We have implemented important technical measures to maintain security of your personal data, especially:

o   Password-protected access to systems containing personal data

o   Regular maintenance of devices where the data are stored

o   Ensuring the protection by using antivirus, firewall, measures to prevent any unauthorised persons from accessing your personal data and the devices used to process them;

o   Measures to prevent unauthorised reading, creating, copying, transferring, modifying, deleting or other processing of personal data.

6.       WHAT RIGHTS RELATED TO YOUR PERSONAL DATA PROTECTION YOU HAVE

In respect of our processing you personal data you have the following rights:

  • ·                the right of access to your personal data;
  • ·                the right to rectification;
  • ·                the right to erasure (“right to be forgotten”);
  • ·                the right to restriction of processing your personal data;
  • ·                the right to object to processing;
  • ·                the right to data portability;
  • ·                the right to lodge a complaint related to the processing of your personal data.

Your rights are explained below so that you can get a better idea what their contents are.

The right of access means that you can request us to confirm anytime if the personal data concerning you are processed or not, to what extent, for what purposes, to what extent and to whom access is enabled, how long we will process them, if you have the right to rectification, deletion, restriction of processing or the right to lodge a complaint, where we collected the data from and if automated decision-making, including profiling, is used to process your personal data. You also have the right to obtain a copy of your personal data, the first copy is for free; and then we are entitled to adequate compensation of administrative costs which amounts to CZK 100.

The right to rectification means that you can ask us anytime to rectify or complete you personal data if these are inaccurate or incomplete.

The right to erasure means that we have to erase your personal data if (i) they are no longer necessary in relation to the purposes for which they were collected or otherwise proceeded, (ii) the processing has been unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) it is imposed by a statutory obligation or (v) in relation to the processing of personal data you gave your consent you withdraw such consent.

The right to restriction of processing means that until any contested matters are solved concerning the processing of your personal data, we cannot process your personal data apart from storing them and we can use them only if you give us your consent or for the purpose of establishment, exercise or defence of legal claims.

The right to object means that you can object to the processing of your personal data which we process based on the performance of a task carried out in the public interest, or in the exercise of official authority, for the purposes of direct marketing or on the grounds of legitimate interests, including profiling based on our legitimate interest. If you object to the processing for direct marketing purposes, your personal data shall no longer be processed for such purposes. If you object to the processing of your personal data on the grounds of other reasons, your objection shall be assessed and we will inform you if we accept it and we will stop processing your personal data or if the objection was not reasoned and the processing shall continue. In any case, the processing will be restricted until the objection is handled.

The right to data portability means that you have the right to receive the personal data concerning you which you have provided based on your consent or contract, and which are processed by automated means in a structured, commonly-used and machine-readable format, and the right to have those data transmitted directly to another controller.

If you have any comments or complaints concerning the protection of your personal data or if you have any questions you would like to ask the person in charge of the data protection in our company or if you want to exercise any of your rights, please contact our person in charge at

We will react to your questions or comments within 30 days.

Our activity is supervised by the Office for Personal Data Protection, where you can lodge your complaint if you are dissatisfied. For more information go to the web sites of the Office (www.uoou.cz).

CHANGES OF PRINCIPLES

These Principles can be changed at times. Without your explicit consent we will not restrict your rights arising from these Principles. All changes of the Personal Data Protection Principles will be posted at https://www.marlenka.cz/ and if the changes are significant, we will inform you in detail (in the case of some services we can inform you about the changes of the Principles by e-mail). Previous versions of the Principles are archived, so that you can access them in the future. These versions are accessible from the links at the beginning of the Principles.

These Principles are effective as of May 25, 2018.


 

APPENDIX A

USING COOKIES ON OUR WEB SITES

1.              What are cookies

Cookies are small text files which web sites store in your computer or your mobile device at the moment you start using the sites. For some time, the sites remember your preferences and operations you performed (e.g. log-in data, language, font size and other display preferences), so that you do not have to enter the data again and jump from one page to another.

2.              Why do we use cookies?

Our web sites, as well as nearly all other web sites, use cookies in order to provide you with the best user experience as possible. Specifically, our cookies help us:

  • ·                make our web sites do what you expect them to do;
  • ·                make our web sites faster and better safeguarded;
  • ·                enable you to share comments on social networks;
  • ·                improve our web sites constantly;
  • ·                enhance our marketing efficiency (which, as a consequence, enable us to provide the services and products for the prices they are currently traded for).

Cookies are not used to:

  • ·                collect any sensitive data;
  • ·                transfer personal data to third parties; or
  • ·                get any sales commissions.

For more information about the cookies we use, please read the following.

3.              More information about cookies

3.1.        Cookies used in order to make sure the web works properly

Some cookies are used in order to make sure that our web site works properly, for example:

  • ·                To find out if you are logged in the system or not;
  • ·                To remember your search and browsing history on our web sites.

Unfortunately, there is no way to avoid using the cookies other than stop using our web sites.

3.2.        Functions of third parties

Our web sites, as well as majority of other web sites, include functionalities provided by third parties. Embedding a YouTube video on your web sites is a typical example. Disabling the cookies will probably result in loss of functionalities provided by these third parties.

Any and all data from our web sites are collected with the help of marketing tools, especially by Google Analytics. These tools are exclusively used to improve the existing services and for marketing purposes; however, they do not enable us to identify specific user or collect his or her personal data.

There is an option how to avoid collecting the information, it is described in the paragraph below. On no account we do sell, exchange or lease the data. For more information, go to the web sites of the providers of individual services, especially at https://www.google.com/analytics/ or to the online encyclopaedia Wikipedia at https://cs.wikipedia.org/wiki/Google_Analytics.

3.3.    How to refuse using the cookie files

Some functions related to our services are based on cookie files. Even if you gave consent with using cookies which monitor your behaviour on the web sites, you can turn them off later. If you decide to disable cookies, you will probably not be able to log in or use the functions and all your settings which require using the cookies will be lost. Using the cookie files can be set in your internet browser. Most browsers enable using cookies automatically in their default settings. In your internet browser you can disable cookie files or in your settings you can decide that you will use only some cookie files.

For more information about browsers and settings concerning cookies, please go to the following web sites:

Efficient tool for cookie files administration is available at https://www.youronlinechoices.com/cz/