Thank you for your interest in the www.hast-ak.com website (hereinafter also referred to as the “website“).
Through this document, we would like to inform you about the nature, scope, and purpose of the processing of personal data carried out by us.
Zpracování osobních údajů proto probíhá vždy v souladu s právními předpisy, zejména v souladu s obecným nařízením Evropského parlamentu a Rady EU 2016/679, o ochraně osobních údajů (dále také jen „GDPR“).
The data controller within the meaning of the GDPR is:
JUDr. Vojtěch Steininger, LL.M., advokát (Czech lawyer) and Mgr. Hedvika Hartmanová, advokátka (Czech lawyer)
both as independent attorneys-at-law with registered office: Kaprova 15/11, 11000 Praha 1
IČ: 73677701 (Vojtěch Steininger), 66248892 (Hedvika Hartmanová).
(hereinafter also referred to as the “responsible party“).
The processor may be:
Sídlo: Hájek 45, 363 01, Ostrov
Where applicable, other providers of processing software, services, and applications, but which the controller does not currently use for these purposes.
(hereinafter also referred to as “processor“).
The processor may entrust another processor with the processing of personal data obtained in accordance with this document.
I. How data is collected and handled
No cookies are used on our websites, with the exception of point 2.
2. Use of analytics with the anonymisation function
The controller has integrated the Google Analytics component with anonymisation function on its websites. Google Analytics is a web analysis service for obtaining, collecting, and evaluating data about the user behavior of website visitors. Among other things, it analyses data on the websites from which the data subject has accessed our website, which subpages he or she has visited and how much time he or she has spent on them, as well as from which country and city he or she has visited the websites. The web analysis is used to optimize the web pages and to analyse internet advertising. The purpose of using Google Analytics is to evaluate the user behaviour of visitors to our websites. Information obtained in this way is used by Google, among other things, to evaluate our web pages and to obtain news about the activity on these web pages as well as to provide services in connection with our web pages.
The operator of Google Analytics is: Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
3. E-mail correspondence
If you send us an e-mail or contact us in any other way, personal data that you provide to us in this way will automatically be stored for the purpose of processing and contacting you.
II. Legality of data processing and legal basis
Personal data collected through the Websites will only be processed by the controller under the conditions and to the extent laid down by the GDPR, in particular in Art. 6 GDPR.
1) The processing of personal data is only lawful within the meaning of Art. 6 DSGVO if at least one of the following conditions is met, and only to the corresponding extent:
a) the data subject has given consent to the processing of personal data concerning him or her for one or more specified purposes;
This paragraph is the legal basis for the processing of personal data where we require consent for the processing of personal data. The data subject shall have the right to withdraw consent at any time without affecting the lawfulness of the processing previously carried out based on consent.
b) processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
This paragraph is the legal basis for the processing of personal data necessary for the performance of contracts to which the data subject is a party, for example, for the provision of a service or consideration. The same applies to the processing of personal data which necessarily takes place prior to the conclusion of a contract, for example in the case of questions about our products or services.
c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
Where the controller is subject to a legal obligation that necessarily involves the processing of personal data, such as when complying with fiscal obligations, such processing is based on this paragraph.
d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
Processing for these purposes may occur, for example, in such a case where a third party is injured in our premises and in this context, we would need to disclose information such as their first and last name, age, health insurance, etc. to the relevant health authority (of course, only if we had such information at our disposal in the first place).
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
The controller does not process personal data for these purposes.
f) processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Such legitimate interests may exist, for example, in the situation where there is a relevant relationship between the data subject and the data controller, for example, the data subject is a customer of the data controller or the data controller provides services to them.
2. Duration of storage, or criteria for determining this duration
Personal data are stored for as long as is necessary to achieve the purpose for which they were collected or as specified by the relevant legislation. When this period has expired, when the reason for processing ceases to exist or when the relevant legal period for the retention of personal data has expired, such personal data will be automatically deleted, unless it is further necessary for the conclusion or performance of contracts.
3. Whether the provision of personal data constitutes a legal or contractual requirement to be included in a contract and whether the person concerned has an obligation to provide personal data and the possible consequences of not providing such data:
III. Right to information, duration for which personal data are processed
The controller is always ready to answer any questions you may have regarding the processing of your personal data. You have the right to be informed at any time about data we hold about you, its origin, and recipients, as well as the purpose for which it is held. If you are interested in this information about your data stored by us, please contact the person responsible in writing via the e-mail address listed above. Please note that the data controller is not obliged to appoint a data protection officer and has not appointed a data protection officer.
In relation to the personal data, the data subject has the right to request: (i) access to the personal data relating to the data subject; (ii) rectification or erasure of the personal data, where applicable; (iii) restriction of the dissemination of the personal data; and further the right to (iv) object to the data processing; and (v) the right to data portability.
Details on the respective rights of the data subjects are regulated by the GDPR.
The processing of your personal data is subject to the supervision of the Office for Personal Data Protection, Pplk. Sochora 727/27, 170 00 Praha 7-Holešovice, Czech Republic, whose web pages can be accessed at www.uoou.cz. You can lodge a complaint with this office against the processing of personal data by the controller.
The controller does not disclose personal data obtained through this website to third parties, with the exception of the processor(s) mentioned above. The controller does not intend to transfer personal data to a third country or to an international organisation.
The controller does not carry out automated profiling.
IV. Use of the Internet Sites, Disclaimer and the Relationship between the controller and the processor
The content of the Internet pages may not be copied, modified, or otherwise made available to third parties for commercial purposes.
Although the controller endeavors to keep the information on its web pages up to date, complete, and accurate, it cannot be held liable or responsible for any typographical errors (typos) or oversights based on which incorrect or incomplete information has been published.
The recipient of personal data may be the processor listed above. The processor and any person acting on the instructions of the controller or processor who has access to personal data may process such personal data only on the instructions of the controller unless the processing thereof is provided for by Union law or the law of a Member State.
The controller shall only use such commissioned processors who provide sufficient guarantee by implementing appropriate technical and organisational measures to ensure that the relevant processing complies with the requirements of the GDPR and that the protection of personal data is ensured. The processor shall not involve any other processor in the processing without the prior specific or general written consent of the controller. Processing by a processor shall be governed by a contract or other legal instrument under Union law or the law of a Member State which binds the processor in relation to the controller and which sets out the subject matter and duration of the processing, the nature, and purpose of the processing, the type of personal data, the categories of data subjects and the obligations and rights of the company. Further requirements are regulated by Art. 28 (3) DSGVO and the following.
Should the processor engage further processors to carry out certain processing activities on behalf of the controller, the same data protection obligations as set out in the contract or other legal instrument between the controller and the processor must be imposed on that processor on the basis of a contract or other legal instrument under Union law or the law of the Member State concerned, in particular providing sufficient guarantees that the appropriate technical and organisational measures will be implemented in such a way that the processing will be carried out in accordance with the requirements of the GDPR. If the other processor fails to comply with its data protection obligations, the primary processor shall be liable to the controller for compliance with the obligations of that other processor.
V. Amendments to this Document, Entry into Force
The controller may amend the contents of this document as appropriate. Changes to this document may be related to, among other things, the development of the interpretation and application of the GDPR in the Czech Republic, the functioning of the websites or a change in the person of the processor.
This document enters into force on 25.5.2018.
In Prague, 24.5.2018