Privacy Policy

Principles of personal data processing - personal data controller, data subject, processor

The personal data controller is the company TREPART s.r.o., with its registered office in Prague 4, Chodov, Pištěkova 782/3, ZIP code 149 00, registered in the public register kept by the Municipal Court in Prague, file no. C 206689, which, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), processes the personal data of its customers.

The processor of personal data is the company TREPART s.r.o., with its registered office in Prague 4, Chodov, Pištěkova 782/3, ZIP code 149 00, registered in the public register kept by the Municipal Court in Prague, file no. C 206689, which processes personal data also through third parties. These are in particular service providers, reinsurers, law firms and other persons who provide services for the company, and with whom the company has concluded a fair contract for the processing of personal data for the purpose of personal data protection.

The data subject is a natural person who has provided the administrator with their personal data on the basis of a lease agreement, purchase agreement, service agreement or other agreement concluded with the administrator or on the basis of explicit consent to the processing of personal data. The data subject may also be a natural person whose personal data the administrator has obtained from other lawful sources.

Scope of personal data processing

The administrator processes personal data to the extent that they are provided to him by the data subjects, or to the extent that the administrator obtains them from other lawful sources. This includes in particular: name, surname, date of birth, place of residence, place of business, identification number, payment card number, tax identification number, e-mail, telephone, signature.

Purpose of processing personal data

The controller processes personal data of data subjects in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as the “Regulation”) for the purpose of fulfilling a contract concluded between the data subject and the controller by electronic means of distance communication or in writing, fulfilling legal obligations and for the purpose of direct marketing (i.e. offering products and services of the controller) including sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services.

Assessment of the necessity of processing

The controller ensures the protection of the privacy of data subjects in accordance with the Regulation and therefore processes only personal data that are strictly necessary for the specified purposes of processing.

Legal basis for processing personal data

The legal basis for processing carried out for the purpose of direct marketing is the consent of the data subjects to the processing of personal data or the legitimate interest of the controller (obtaining electronic contact in connection with the sale of a product or service of the controller pursuant to Act No. 480/2004 Coll.).
In other cases, the legal basis for processing is the performance of the contract, the protection of the legitimate interests of the controller (protection of property, exercise of rights under the contract in legal proceedings, etc.) and the fulfillment of a legal obligation.

Period of processing of personal data

In the case of personal data processed for the purpose of fulfilling a contract, the controller processes personal data for the duration of the contractual relationship and subsequently for a further 10 years, taking into account the length of the limitation period for compensation for damage or harm. In the case of processing for the purpose of fulfilling a legal obligation, the controller processes personal data for the period specified in legal regulations. In the case of personal data processed on the basis of the consent of the data subject, the controller processes personal data for a period of 10 years, unless the consent to the processing of personal data is revoked by that time. This does not affect the controller's obligation to process personal data for the period specified in or in accordance with the relevant legal regulations.

Withdrawal of consent to the processing of personal data

If the data subject has granted the controller consent to the processing of personal data, he or she may withdraw his or her voluntarily given consent to the processing of personal data at any time free of charge. The withdrawal of consent does not affect the lawfulness of processing based on consent given before its revocation. The withdrawal of consent also does not affect the processing of personal data that the controller processes on a legal basis other than consent (i.e. in particular if the processing is necessary for the performance of a contract, legal obligation or for other reasons specified in applicable legal regulations).

Access to personal data

The controller and, where applicable, third parties - recipients - who provide appropriate guarantees and whose processing meets the requirements of applicable law and ensures appropriate protection of the rights of data subjects have access to the personal data of data subjects.

Other rights of the data subject

The data subject has the right under the regulation to request information about what personal data is being processed, to request a list of entities that have access to the subject's personal data, to request access to their personal data and to have it updated or corrected, to request the deletion of personal data and, lastly, in case of doubts about compliance with the obligations related to the processing of personal data, to contact us or the Office for Personal Data Protection.