The company JOHNNY SERVIS, s.r.o., ID No.: 47538856, with its registered office at náměstí Kněžny Ludmily 1, 266 01 Tetín, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 18533 (hereinafter referred to as "JS") is governed by the rules set out in this Personal Data Processing Policy to ensure effective protection of personal data and prevent its misuse.
The personal data processing rules set out in this Policy correspond to the obligations imposed on us as a data controller for the processing of personal data by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation ("GDPR").
Through this policy, we also inform about the facts and rights that we are required to inform about in accordance with the GDPR, thereby ensuring sufficient transparency and openness in the processing of personal data.
This policy sets out the procedures and principles on the basis of which we process personal data. For further information or clarification, please contact our Data Protection Coordinator listed below.
Reasons for collecting personal data
We collect and process personal data only if it is necessary for:
-
To perform the contract.
-
To provide the service.
-
To fulfil the requirements of the law.
-
Protecting the vital interests of subjects.
-
The purposes of our legitimate interests, unless the interests or fundamental rights and freedoms of the data subjects take precedence in such case.
Personal data
JS processes your name, surname and email when you register for the services provided, enter into contracts or use the services provided.
Sending for direct marketing purposes
One of the legitimate interests may be the processing of personal data for the purpose of direct marketing - sending commercial communications. This means that we may send information or offers of similar products or services to clients who have purchased a product or used a service from us. The sending of commercial communications can be cancelled at any time via the link contained in the commercial communication sent or via the contact email below. We will process your personal data for the purpose of our legitimate interests for a period of three years after your last purchase.
Consensus
In other cases, we can only collect and process personal data with your explicit and free consent. Consent may be withdrawn at any time using the contact details provided in this policy. The specific conditions for the use of personal data after consent is given are always set out in each individual consent.
Collection of personal data
JS does not obtain personal data from publicly available sources, but always only from entities or third parties that cooperate with JS and have obtained personal data in accordance with the GDPR. When using personal data, JS is always guided by this policy and the GDPR.
We may either explicitly request personal data directly, or we may obtain it as part of registering for the services provided, entering into contracts or using the services provided. We also collect some personal data automatically - for example, by using cookies when you visit the website.
We will always inform you of the specific reason for processing your personal data either directly in the contract you enter into, in the terms of service provided or in this policy.
We use personal data primarily to provide services, to enable us to enter into a required contract, to perform a contract, to comply with legal requirements, to notify you of changes to the services. We also use personal data to improve our services and products. JS processes contact data for the purpose of sending commercial offers of products and services: sending general advertising messages without targeting a specific group of recipients. In this case, the processing period is 3 years.
Transfer of personal data
We will not disclose personal information to anyone except as described in this policy.
Personal data will be accessible by employees who are authorised to handle it. All employees who will have access to personal data are bound in writing to confidentiality, so they must not disseminate personal data anywhere. These employees are also responsibly selected, have been made aware of the internal rules on data protection, and have also been properly trained so that they know how to handle personal data and under what conditions it may be processed.
We will transfer personal data to certain third parties when necessary. These parties are called processors. JS is responsible for ensuring that these processors provide appropriate safeguards to process personal data. We choose all processors responsibly. At the same time, the processors will be contractually obliged to fulfil data protection obligations, which will contractually ensure that personal data is adequately protected and minimise the risk of misuse.
Third parties to whom personal data may be transferred
Here are the categories of persons to whom we may transfer personal data and who may have access to personal data:
|
Categories of beneficiaries |
Purpose of transfer of personal data |
|
Legal advisers |
Use of legal advice. |
|
Accounting and tax advisors |
Use of accounting and tax consultancy. |
|
Marketing specialists |
Use of marketing services. |
|
IT service providers |
IT administration and user application management. |
|
Webmasters |
Website management. |
|
Providers of on-line tools |
Use these tools to improve service quality and customer experience. |
|
Communication service providers |
Ensuring the distribution of commercial and other communications. |
|
Transporters |
Delivery of ordered goods. |
|
Subcontractors |
Provision of sub-delivery for the ordered service. |
In JS, information, including personal data, is exchanged. However, the contractual partners provide sufficient safeguards for the protection of personal data.
We may share personal information with other third parties to prevent crime and reduce risk, where required by law and where we deem it appropriate, in response to legal process, or to protect the rights or property of JS, partners or data subjects.
Transfer outside the EU
Personal data will not be transferred to countries outside the European Union or to international organisations, except for situations where it is transferred there for the purpose of better data backup and protection and situations explicitly mentioned in this policy.
JS does not carry out any automated individual decision-making or profiling when processing personal data.
JS processes personal data only for the necessary period of time. If the personal data is no longer required for the purposes of processing, the personal data is deleted immediately.
If JS processes personal data on the basis of consent, the processing period is specified in the consent.
If JS processes personal data as a result of statutory provisions, it processes it for the period of time required by law. Where the law requires the archiving of certain data, such personal data is archived in accordance with the law for the required period.
Where personal data is processed by JS due to the conclusion or performance of a contract or the provision of a service, JS shall process the data for 10 years after the termination of the contract or the provision of the service. During this period, personal data is processed only for the purpose of settling any legal claims or conducting legal proceedings. The period of 10 years then corresponds to the limitation period during which claims can be brought before a court.
For the purpose of sending commercial offers of products and services, JS processes for a period of five years from the date of consent or until the consent is withdrawn
For the purposes of our legitimate interests, we process for three years after the service has been provided.
Right to information
You can contact us at any time to confirm whether we are processing your personal data using the contact details below. If we are processing your personal data, you have the right to access this information:
-
For what purpose do we process personal data and what are the categories of personal data
-
Who are the recipients and processors of personal data
-
For how long the personal data will be stored and, if that period cannot be determined, the criteria used to determine that period
-
For which personal data you can request erasure or restriction of processing and object to such processing
-
The right to lodge a complaint with a supervisory authority
-
On the sources of personal data
-
Whether there is automated individual decision-making or profiling
If you ask us to do so, we will provide you with a copy of your personal data that we process. If you request further copies, we may charge a fee for providing them at the cost incurred. If you request in electronic form, copies will be provided to you in electronic form unless you request another form. However, we have the right to require you to verify your identity to ensure that this information relating to your personal data does not come into the possession of an unauthorised person.
We will endeavour to supply the information as soon as possible, depending on the extent requested. However, no later than 30 days.
Right to correction
If you discover that we have inaccurately, incorrectly or incompletely provided any of your personal data, you have the right to have your personal data corrected or completed without undue delay after you notify us.
Right to be forgotten - right to erasure
You have the right to have us delete your personal data without undue delay if:
-
Your personal data is no longer needed for the purposes for which it was collected
-
You withdraw your consent
-
You object to data processing
-
We have processed your personal data unlawfully
-
The deletion will fulfil a legal obligation under the Act
-
Personal data has been collected in connection with the offer of information society services
However, we will not delete personal data even for the reasons stated above if one of the grounds under Article 17(3) GDPR exists
If personal data has been disclosed or transmitted to third parties, we will also ensure the erasure of this personal data, if technically possible and feasible.
Right to restrict processing
You have the right to have us restrict the processing of your personal data if:
-
You tell us that your personal data is inaccurate for a period of time while we verify the accuracy of the personal data
-
We process your personal data unlawfully but you ask us to restrict its use instead of erasing it
-
We no longer need your personal data but you require it to establish, exercise or defend legal claims
-
You have objected to the processing while it is being examined to see if it is justified
During the period of restriction of processing, your personal data may only be stored, otherwise they may only be processed on the basis of your consent, for the establishment, exercise or defence of legal claims or for reasons of public interest.
Right to object
You have the right to object to the processing of your personal data if we process it for direct marketing purposes. You must send your objection to us in writing or by email to the email address below. If you object to processing for direct marketing purposes, we will no longer process your personal data to that extent unless we can demonstrate compelling legitimate grounds for processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to data portability
If you request, JS will transmit the personal data to you in a structured, commonly used format so that you can provide it to another controller. In doing so, where technically feasible, you may request that JS transmit the personal data directly to the controller you designate.
Right to complain
You can lodge a complaint regarding the processing of personal data or non-compliance with GDPR obligations with a supervisory authority at any time.
The supervisory authority is:
-
in Czech Republic: Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7, ČR, www.uoou.cz.
JS has put in place personnel, organisational and technical measures to minimise the risk to rights and freedoms and to the protection of personal data. To this end, JS has trained employees who come into contact with personal data. All personal data in physical form is secured against unauthorised access. For personal data stored in electronic form, security standards are maintained and the data is also secured against unauthorised access. JS has prepared a risk analysis to prevent risks and ensured that appropriate risk mitigation measures are implemented.
JJS is not obliged to appoint a Data Protection Officer under the GDPR and has not appointed one. However, it has appointed a Data Protection Coordinator who is responsible for data protection. You can contact the Data Protection Coordinator on any matter relating to personal data and to exercise your rights. You can contact the Privacy Coordinator at This email address is being protected from spambots. You need JavaScript enabled to view it..
If you have any requests, requirements, comments or uncertainties, you can contact us by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or in writing at our registered office.
This policy was adopted on 1 January 2023 and modified 5.8.2024. JS may change this policy as long as it remains in compliance with the law and GDPR. We will notify you of any changes to this policy on our website at www.johnnyservis.cz.
