All4FM Services

GENERAL DATA PROTECTION DECLARATION

 

Pursuant to Act No. 110/2019 Coll., on the processing of personal data, as amended, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and related legislation.

We are delighted by your visit to our website and also by your interest. We take the protection of your personal data seriously and would like you to feel comfortable when visiting our website. Protecting your privacy when processing your personal data is an important matter for us and we take it into consideration in our business processes. In the following privacy statement, we would like to inform you about the processing of your personal data by our company in connection with your use of the website: https://all4fm.cz (hereinafter referred to as the “Website”).

 

1. Introductory provisions

The controller of your personal data is the company All4FM Services, s.r.o., ID No.: 077 08 360, with its registered office at Pobřežní 249/46, Karlín, 186 00 Prague 8, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 319780 (hereinafter referred to as the “Company”).

In processing personal data, the Company may act as a controller or processor of personal data.

A user is a natural person who fills in and sends the Company a contact form from the Website.

2. Personal data

2.1 Personal data is any information about a person who is identified or identifiable, in particular by reference to an identifier such as a name, identification number, location data, network identifier or by reference to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that person (“Personal Data”).

2.2 Processing of Personal Data means any operation or set of operations on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.

3. Type and origin of data processed by the Company

3.1 We obtain the personal data we process directly from users when they submit a contact form from the Website or when we track their activity on the Website.

3.2 This Personal Data may be provided in particular through the contact form or other chosen means of communication. It may also be Personal Data only of potential customers, suppliers, other clients or other persons.

3.3 The Company processes the following Personal Data:

– Identification and address data: address, academic title, first name, surname, date of birth, birth number, permanent or temporary residence address, delivery or other contact address, address of the subscription point, e-mail address, business address, registration number, VAT number, etc.;

– electronic contact details: telephone, mobile phone, e-mail address, mailbox ID;

– other electronic data: IP address and derived device location, cookies;

– data about user behavior when using the Website necessary to improve the quality of the service, which are specific to the services viewed, the links clicked on, movement around the Website, and data about the device from which the Website is accessed, such as the IP address and the location derived from it, the identification of the device, its technical parameters such as the operating system and its version, as well as data obtained from cookies and similar technologies to identify the device;

– derived data, which means personal data derived from the user’s settings, data about the user’s behavior when using the Website;

– data relating to the user’s communications with us, which includes, in particular, the identification of messages sent to us, including identifiers such as IP addresses

3.4 We also use cookies on our Website to track traffic and improve our services. Please refer to article 10 of this declaration for further information on the use of cookies.

4. Legal Titles for Processing Personal Data

4.1 We process personal data for the performance of our contractual and legal obligations towards users, most often in connection with the request and use of services using the contact form on the Website, in accordance with Article 6(1)(b) and (c) of the GDPR.

4.2 We may process certain Personal Data on the basis of our legitimate interest, in accordance with Article 6(1)(f) of the GDPR.

5. Purposes of the processing of Personal Data

5.1 We process the personal data of users primarily for the purpose of concluding and performing a contract, providing services or answering and/or processing a query.

5.2 Should we ever process Personal Data for a purpose other than that for which we collected it, we will inform the user of this new purpose in accordance with the law.

5.3 The above applies to the processing of Personal Data whereby we process it in our capacity as the controller of the Personal Data. However, should we act as a processor when processing Personal Data, the purpose, as well as the means of such processing, will always be determined by the relevant Personal Data controller. Even in this case, however, the Company complies with all legal provisions relating to the processing of Personal Data and provides a high level of security. The Company never conceals the purpose for which Personal Data is collected and further processed.

5.4 Where we act as a controller of Personal Data, we only ever process it for permitted purposes and in accordance with the current applicable law.

6. Recipients of Personal Data

6.1 Personal Data may in some cases be disclosed to third parties as processors, in particular to individual external suppliers and contractors of the Company, operators of technologies used by the Company, or, to the extent necessary, to the Company’s legal or tax advisors.

6.2 In addition to the above, we may transfer Personal Data to other recipients if we are required to do so by law. In all other cases, we will only transfer Personal Data to third parties if the user has provided the Company with appropriate permission to do so.

6.3 There is no transfer of Personal Data to recipients in countries without an adequate level of protection (third countries).

7. Time limits for storage and retention of Personal Data

7.1 We process personal data for the purposes of fulfilling our contractual obligations only for as long as necessary to fulfill the contractual obligations. As soon as the data is no longer necessary for this purpose, it is deleted as a matter of principle.

7.2 In order to comply with certain legal regulations or to protect the interests of the Company, we must retain certain data after the contractual relationship has ended.

7.3 When assessing the retention period of Personal Data, we rely on the time limits set by the relevant legislation. Where the processing period is not expressly stated in this document or set out in law, we will determine the reasonableness of the processing period for Personal Data taking into account, in particular, the length of the limitation period, with a margin for knowing whether a lawsuit or other proceedings have been brought, whether there is a likelihood of legal claims which could be brought against the Company, and taking into account the expected timeframes for detecting attacks on our network or other security breaches, the usual practices and recommendations of supervisory authorities, and the likelihood and significance of the risks involved.

8. User data protection

8.1 We store Personal Data electronically only on our own devices and on the devices of carefully selected processors under a Personal Data processing agreement. Personal Data processed in electronic form is processed by means of a sufficiently secure system (encryption, limited access by third parties, confidentiality obligations of the persons responsible and technical security). In the event that Personal Data must be stored physically, it is stored on the Company’s premises and under the supervision of the persons responsible, who are bound by confidentiality obligations and legal compliance.

8.2 The Company may also grant access to User Data to other persons, processors, for the necessary period and to the extent necessary, on the basis of a Personal Data processing agreement. It is a necessary condition that the processors comply with all legal requirements and provide appropriate safeguards to protect the user’s rights and this data. Access to user data may also be granted if this obligation is imposed by law.

9. Automated decision making and profiling

9.1 The Company does not use automated decision-making or profiling procedures within the meaning of Article 22 of the GDPR in decisions that may have legal consequences for the user or may otherwise significantly affect the user. This also applies to the situations described in Article 8 of this Declaration.

10. Cookies

10.1 Cookies are small data files, short texts, which are placed in the web browser of visitors to the Website. Cookies are used by the Company on the Website to improve its functioning,  evaluate its traffic and optimize its marketing activities.

10.2 Cookies are not used to identify visitors to the Website personally and do not allow for such identification.

10.3 For more information on the processing of cookies, see the document Information on the processing of personal data through cookies, which is available here or directly on the Website (https://all4fm.cz).

11. Social plugins

11.1 The Website also contains third-party social plug-ins that allow users and other visitors to the Website to share content with their friends and other contacts. These include:

– Facebook plugin, which is managed by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA;

11.2 The aforementioned social plugins are not administered by the Company, so the Company is not responsible for any processing of Personal Data by the aforementioned operators (administrators) of these plugins or the websites they link to, nor for their functionality or any damage they may cause.

 

12. Users’ rights in relation to the processing of Personal Data

12.1 In connection with the processing of Personal Data by the Company, the persons concerned, in particular users, have the following rights under the GDPR, or within the limits set by law:

– the right to information about the processing carried out;

– the right of access to the Personal Data processed;

– the right to rectification or erasure of Personal Data;

– the right to restrict the processing of Personal Data;

– the right to portability of Personal Data;

– the right to object to processing; and

– the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, website https://www.uoou.cz/.

12.2 In the event of receipt of a request within the meaning of this Article, the Company shall inform of the measures taken without undue delay, but in any case, within one (1) month of receipt of the request. This period may be extended by a further two (2) months if necessary and taking into account the complexity and number of requests. The Company is not obliged to comply with the request; for example, if the request is manifestly unfounded or unreasonable, in particular because of repeated submissions. In such cases, the Company may charge a reasonable fee taking into account the administrative costs involved in providing the requested information or, where appropriate, refuse to comply with the request. In the event of reasonable doubt as to the identity of the applicant, the Company shall be entitled to ask the applicant to provide additional information necessary to confirm his or her identity.

12.3 Users may exercise the above rights in writing at the Company’s address: Pobřežní 249/46, Karlín, 186 00 Prague 8, Czechia, or electronically at all4fm@all4fm.cz. Users may also send other questions regarding the processing of personal data to the contact details provided.

13. Final provisions

13.1 All legal relations arising in connection with the processing of Personal Data pursuant to this Declaration shall be governed by the laws of the Czech Republic, regardless of where the data was accessed from. The Czech courts shall have jurisdiction to resolve any disputes, with local jurisdiction determined by the registered office of the Company.

13.2 This Declaration shall become effective on December 31, 2021.