Data protection regulation policy – BOCA Group,a.s. Company ID: 03705927, registered address: Vinohradská 2828/151, 130 00 Prague 3 registered in the Commercial Registry maintained at the Municipal Court in Prague, file No. B 20340,(hereinafter only the "Company")
Due to the provision of services offered by the Company, which include the use of our www.bocagroup.cz and www.bocapraha.cz portals (hereinafter only "Web portal"), as well as due to goods purchases offered by the company, we are entitled to process your personal information and data.
In this document we would like to inform you how and why we process your personal information and what rights you may exercise in connection with the processing of your personal information. When processing your personal data, we follow legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data (so-called GDPR) and Act No. 110/2019 Coll., on the processing of personal data, as amended. Protection of personal information is important to us. While processing your personal information we adhere to the strictest safety standards.
We recommend that you read the following information carefully. You can always find the current version of this document at www.bocagroup.cz.
1. Who is the administrator of your personal data?
1.1. The administrator of your personal data is BOCA Group, a.s. Company ID: 03705927, registered address: Vinohradská 2828/151, 130 00 Prague 3 registered in the Commercial Registry maintained at the Municipal Court in Prague, file No. B 20340, (hereinafter only the "Company")
2. What is the purpose and the legal basis for the processing and how long is personal data stored?
2.1 The processing of personal data always only takes place within the extent based on the scope of the provided services and in line with the purpose of the processing. We process your personal data for the below specified purposes, based on the below legal requirements and only for the necessary time.
2.2 If you use the services offered by our Web portal, you do so as a Registered user. Your fill out the relevant information using the Web portal in order to use the relevant service within the extent specified in the registration form.
The legal basis for the processing of your data is the implementation of measures accepted before the conclusion of the contract, fulfilment of the contract, and also the legitimate interest of the Company. Your personal data will only be processed for the necessary period and for the given purpose while the legitimate interest of the Company lasts.
2.3 When you decide to purchase goods or services (works), you provide us with the necessary data required to enter into a purchase contract or a contract for work. These usually represents the following personal data: your name, surname, date of birth, address, e-mail, telephone number and information specifying the subject of the purchase or work. The legal requirement that must be complied with in order for us to process the above data is the successful fulfilment of the contract. This personal data will be processed while the contractual relationship lasts, including the relevant legal obligations that apply to us as the administrator.
2.4 Pursuant to Section 7 paragraph 3 of Act No. 480/2004 Coll., on certain services provided by information companies, we may contact you by e-mail or telephone in order to offer our services to you, and you have the option to refuse to receive such messages at any time (the so-called opt-out). Details of your electronic contact will be processed until you refuse the processing. In the event that the conditions set out in Section 7 of the above-mentioned Act are not met, we shall only keep sending you offers if you give us your consent to do so. If you give us your consent, we shall process your personal data while your consent lasts.
2.5 In order to analyse your behaviour and your preferences (profiling), as such analysis help us to customise our commercial messages based on your particular interests and needs, we are allowed to process your personal data within the extent provided to us through the web portal including cookies.
The legal basis for this processing is your consent with the processing, which you gave us voluntarily. Your personal data will be processed while your consent lasts.
2.6 Profiling is also done for the internal needs of our Company as well as for persons who use services available through our Web portal, but who did not register. For this purpose we process personal data within the extent of information provided by you through the Web portal.
The legal basis for the processing of the above information is the legitimate interest of the administrator. This personal data will be processed for one year, starting on the day when you entered your data through the Web portal, after which the data is deleted.
2.7 In case of possible future dispute or administrative proceedings, we process and store data beyond the scope specified above and within the following extent: your first name, surname, email, telephone number, address, information defining the specific services or goods sold and also information related to the given business case or process.
The legal basis for this type of processing is a legitimate interest of the Company or third party. Therefore, this personal data shall be processed for the necessary time needed to fulfil the relevant purpose, but no longer than for 20 years after the event which is decisive for the limitation period in each individual case.
2.8 When creating analytical models, we combine, compare and analyse aggregated or fully anonymised data on products and services including profile information, so statistical methods can be used to correctly estimate and then fulfil the needs of the selected categories of entities. Models do not target specific persons. Data is scrutinised under full anonymity so we can publish results of these analyses. For our internal purposes, we may also create various data analyses and statistics, but always based on the use of anonymous data.
The legal basis for this type of processing is a legitimate interest of the Company. This personal data is processed for the time necessary to fulfil this purpose, but no longer than for ten years.
2.9 In certain cases a new software cannot be deployed unless sufficient testing is done while using the data of our clients. Therefore, in necessary cases where there is insufficient test data, we use the data about you stored in the given software to test the software, software changes, or to train our employees.
The legal basis for this type of processing is a legitimate interest of the Company. These personal data is therefore only processed for the time necessary to fulfil this purpose.
3. To whom may we provide your personal data?
Further, let us inform you that we may forward your personal data to entities that provide administrative/technical support for us or with whom we cooperate, providing that these entities are able to guarantee maximum technical and organisational security when processing personal data. Such entities act as processors of personal data or independent administrators, providing they alone decide what means and purposes shall be used for data processing. If cloud storage is used, then these repositories (storage servers) are only located within the EU, and a high level of data protection and security is always ensured. Most often the actual recipients of your personal data are suppliers of IT services, including cloud repositories, marketing agencies, lawyers, providers of press and postal services, including couriers.
4. What are your rights as the subject of personal data in relation to data processing?
As the subject of personal data processing, you have the right to request information at any time focusing on the fact whether we process your personal data, and if so, you have the right to access your personal data. However, you also have other rights in relation to the processing of your personal data. If your personal data is inaccurate or incomplete, you have the right to correct or supplement your data. You have the right to request deletion of your personal data, but only under certain conditions, e.g., if your personal data is no longer needed for the relevant purpose or if you withdraw your consent and there is no further legal reason for the processing of your personal data.
Under certain conditions, you may also request a limiting of your personal data processing, especially in a situation where you question or deny the accuracy of personal data or if you raise an objection against the processing.
You have the right to transfer your personal data. The right to transferability only applies to personal data that you have provided to us and the processing of your data is based either on your consent or on a contract concluded with us. Such data must also be regarded as personal data processed by automated means. If you exercise this right it must not adversely affect the rights and freedoms of other persons. It is the responsibility of the Company to asses it.
You also have the right not to be the subject of any decision which was made solely through automated processing, including profiling, providing that such decision could have legal effects on you or if such decision could significantly affect you in a similar way. We do not currently make any such automated decisions; should such automated decision-making process occur in the future, we shall inform you about it in an appropriate manner.
Should you have any doubts as to whether your personal data is being processed in accordance with the applicable legal regulations, you may always exercise your right to contact the Company.
If you have given us your consent with the processing of your personal data, you have done so voluntarily and you have the right to revoke or restrict your consent at any time and for each individual purpose. You can revoke your consent by way of an e-mail message sent to email@example.com, or by a written appeal sent to the Company's registered address.
If your personal data is processed for the purpose of direct marketing, including possible profiling, or is processed based on the legitimate interest of the Company, you may also exercise your right to object to such processing at any time.
You can exercise all of these rights in the following way:
• by sending a request letter to the Company's registered address;
• by sending a request to the above e-mail including your electronic signature; or
• by sending a request to a data box.
Should you have any questions please contact us by e-mail at firstname.lastname@example.org, or by calling the following phone number +420 222 712 433. You may also exercise your rights defined in Article 4 of this Policy while observing the manner set forth herein. If you are not satisfied with the outcome or you are not satisfied with the information provided or with the processing of your request, you can file a complaint with the supervisory authority:
Office for Personal Data Protection
Address: Pplk. Sochora 27, 170 00 Prague 7
telephone: +420 234 665 111
5. Processing methods and means
We obtain your personal data as defined in Article 2 above through the forms you complete on our website or we use other information provided by you, or possibly by publicly accessible registers.
Personal data is stored in our archives or information systems, and if necessary, data may also be backed up on a backup server / storage carrier.
Personal data is under our constant physical, electronic and procedural control, we use modern control, technical and security mechanisms that ensure maximum possible protection of processed data against unauthorised access or transfer, against data loss or destruction, as well as against other possible misuse.
All persons who come into contact with your personal data while fulfilling their employment or contractual obligations are bound by legal or contractual obligations of confidentiality, which remain valid even after the termination of the relevant employment or after the relevant contractual relationship is terminated.
6. What if there are processing changes?
We may adjust the information contained in this document based on the current needs or status. In such a case, we will notify you (as the personal data subject), of such a change in due time. However, we recommend that you regularly monitor the current wording of this document on our Web portal.
BOCA Group, a.s.