• Home
  • Protection of Personal Data

Personal data processing principles

Personal Data Processing Policy

Personal data controller and data subject

The controller of personal data is Intelsol s.r.o., company ID: 02774569, with registered office at Rybná 716/24, Staré Město, 110 00 Prague 1, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 223738 (hereinafter referred to as the controller). The Administrator may be contacted in writing at the above address or by email at info@intelsol.cz.

The data subject is a natural person who has provided the administrator with his/her personal data on the basis of a purchase contract or other contract concluded with the administrator or on the basis of registration to the administrator's e-shop (https://www.intelsolpresents.com/ or https://www.intelsol.cz/). The data subject may also be a natural person whose personal data the administrator has obtained from other legal sources.

The controller has not appointed a data protection officer.

Scope of processing of personal data

The controller processes personal data to the extent that it is provided to it by data subjects or to the extent that the controller obtains it from other lawful sources. This includes in particular:

- name and surname,
- title,
- the name of the natural person's business name,
- place of residence,
- address of the registered office or place of business,
- billing and delivery address,
- identification number and tax identification number,
- e-mail,
- login name and password,
- purchase history,
- telephone,
- payment information,
- network identifiers,
- personal data obtained from cookies.

Purpose of processing personal data

The controller processes the personal data of data subjects for the purpose of fulfilling the contract concluded between the data subject and the controller (in particular, the sale of protective equipment and marketing/promotional items), the fulfilment of legal obligations and for the purpose of direct marketing (i.e. offering the controller's products and services), including sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services.

The controller sends commercial communications only if the data subject has subscribed to newsletters or if the controller has obtained the data subject's electronic contact details in connection with the sale of its products or services. The data subject has the possibility to unsubscribe from the newsletter in a simple and free way by sending an email to info@intelsol.cz or by using the link provided in each individual commercial communication.

The controller does not engage in automated decision-making, including profiling, as referred to in Article 22 of the General Data Protection Regulation 2016/679.

Assessment of the necessity of processing

The controller is committed to protecting the privacy of data subjects and therefore only processes personal data that is strictly necessary for the stated purposes of the processing.

Legal basis for the processing of personal data

The legal basis for the processing carried out for the purpose of direct marketing and website traffic analysis is the data subjects' consent to the processing of personal data (subscription to newsletters, consent to the storage of cookies) or the legitimate interest of the controller (obtaining electronic contact in connection with the sale of the controller's product or service pursuant to Act No. 480/2004 Coll.).

In other cases, the legal basis for processing is the performance of a contract, the protection of the legitimate interests of the controller (protection of property, assertion of rights under a contract in legal proceedings, etc.) and the fulfilment of a legal obligation.

Duration of processing of personal data

In the case of personal data processed for the purpose of fulfilling a contract, the controller processes personal data for the duration of the contractual relationship and subsequently for a further 15 years (due to the limitation period for damage caused intentionally pursuant to Section 636(2) of the Civil Code). In the case of processing for the purpose of fulfilling a legal obligation, the controller processes personal data for the period prescribed by law. In the case of personal data processed on the basis of the data subject's consent, the controller shall process the personal data for a period of 10 years or for the duration of the validity of the relevant cookie, unless the consent to the processing of personal data is withdrawn by that time. This is without prejudice to the controller's obligation to process personal data for the period specified by or in accordance with the relevant legislation.

Personal data processed for marketing purposes on the basis of a legitimate interest (obtaining electronic contact in connection with the sale of the controller's product or service pursuant to Act No. 480/2004 Coll.) shall be processed by the controller for a period of 10 years, unless the data subject objects to such processing by that time.

Withdrawal of consent to the processing of personal data

If the data subject has given the controller his or her consent to the processing of personal data, he or she may withdraw the voluntary consent to the processing of personal data at any time, free of charge, by sending an e-mail to info@intelsol.cz. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. Withdrawal of consent also does not affect the processing of personal data that the controller processes on a legal basis other than consent (i.e. in particular if the processing is necessary for the performance of a contract, legal obligation or for other reasons specified in applicable law).

Access to personal data

The personal data of data subjects is accessible to the controller and, where applicable, to third-party recipients who provide appropriate safeguards and whose processing meets the requirements of applicable law and ensures adequate protection of the rights of data subjects. Recipients of personal data are providers of accounting/payroll services and systems, IT system administrators, legal and tax consultancy providers, marketing service providers, carriers, and public authorities to whom the controller is obliged to provide personal data (e.g. tax authorities). 
Personal data is only transferred within the member states of the European Union, with the exception of marketing and analytics tools from Google (e.g. Google Analytics) and ActiveCampaign. These providers are based in the USA. In this case, the transfer is based on the decision on the adequate protection of personal data provided by the EU-US Privacy Framework (Data Privacy Framework) or standard contractual clauses.

Proof of identity of data subjects

The controller is entitled to require proof of the identity of data subjects in order to prevent unauthorised persons from accessing personal data.

Rights of data subjects in relation to personal data

In particular, the data subject has the following rights in relation to personal data:

(a) the right to withdraw consent at any time;
(b) the right to rectify or supplement the personal data;
(c) the right to request the restriction of processing;
(d) the right to object to or complain about processing in certain cases;
e) the right to request data portability;
(f) the right of access to personal data;
g) the right to be informed of a personal data breach in certain cases;
(h) the right to erasure of personal data (the right to be "forgotten") in certain cases; and
(i) other rights set out in the Data Protection Act, the Data Processing Act and the General Data Protection Regulation 2016/679.


What does it mean that the data subject has the right to object?

According to Article 21 of the General Data Protection Regulation 2016/679, the data subject has the right to object to the processing of personal data if the processing is carried out on the basis of legitimate interest, including processing for direct marketing purposes, among other things. The objection may be submitted to the controller in writing or by e-mail to the following address: info@intelsol.cz. If the data subject objects to the processing, the controller shall no longer process the personal data unless the data subject demonstrates compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If personal data are processed for direct marketing purposes and the data subject objects to such processing, the controller shall no longer process the personal data to that extent.

Further information on this right is contained in particular in Article 21 of the General Data Protection Regulation 2016/679.

Obligation to provide personal data

Personal data is provided by the data subject entirely voluntarily. He or she is under no obligation to provide it. If he/she does not provide personal data, he/she does not face any sanctions. However, if the data subject does not provide his or her personal data to the controller, it will not be possible to conclude a contract between the data subject and the controller or to properly perform the contract. However, it is purely and solely the data subject's choice whether or not to enter into a contractual relationship with the controller.

Security of personal data

All personal data is secured by standard procedures and technologies. Personal data that is processed in electronic form is stored within an internal system and is only accessible to authorised users working with this personal data via devices secured by a login and password. The controller uses professional antivirus protection and a firewall, which it regularly updates. The controller shall regularly check the system for vulnerabilities and attacks and shall apply such security measures as the controller may reasonably be required to take to prevent unauthorised access to the personal data provided and which, having regard to the current state of technology, provide adequate security. Personal data processed in written form shall be stored in secure premises of the controller to which only authorised persons have access. All security measures taken are regularly updated.

Although the controller secures personal data by means of appropriate technical and organisational measures, it is not objectively possible to fully guarantee their security. Therefore, it is also not possible to ensure 100% that the personal data provided cannot be accessed by third parties, copied, disclosed, altered or destroyed by breaching the controller's security measures. However, in this context, the controller guarantees that it takes all reasonable steps to keep the personal data secure and regularly checks for security breaches.

Cookies

The controller uses so-called cookies on its websites https://www.intelsolpresents.com/ and https://www.intelsol.cz/, which are stored on the devices of data subjects. These cookies are mainly used to ensure the functionality of the website and for traffic analysis. The controller uses Google Analytics and ActiveCampaign for traffic analysis. The types of cookies used by Google can be found here. ActiveCampaign's privacy policy can be found here. If the data subject does not wish to provide data about the use of the website to Google Analytics, he or she may use a plugin provided by Google. Once installed in the browser and activated, no further data will be sent. More information about the processing and use of data can be found in Google's terms and conditions.

Standard web browsers (Safari, Internet Explorer, Firefox, Google Chrome, etc.) support the management of cookies. Within the browser settings, the data subject can manually delete, block or completely prohibit the use of individual cookies, or block or allow them only for individual websites. For more detailed information, the data subject can use the help section of their browser.

Cookies are divided into so-called temporary cookies and permanent cookies. Temporary cookies are only stored on the device until the browser program is closed. Temporary cookies allow information to be stored when moving from one website to another and eliminate the need to re-enter certain data. Persistent cookies help to identify the device of data subjects in the event of repeated visits to the website and allow the website to be adapted to the interests of data subjects.

The following table shows the types of cookies used by the controller:

Publisher/ Cookie name

Google /
_ga,_gid, _gat, _gcl, NID, 1P_JAR, SAPISID, SSID, SID, _Secure-3PSID, HSID, APISID, _Secure-3PAPISID, SIDCC, _Secure-3PSIDCC, ANID, CONSENT

cookie_notice

Type

Analytical, marketing

To improve site functionality

Durability

Permanent (max. 2 years, with exceptions noted here)

Permanent (max. 1 month)

Description

Used for marketing and traffic analysis purposes

Consent to the use of cookies

Final provisions

This policy will take effect on 31 October 2020.