Personal data controller

The personal data controller Jan Vaidiš., CRN 88500748, registered office at Rakovník - Rakovník II, Lipová 2764, PSČ 26901 (hereinafter referred to as the 'controller'), declares that all personal data processed by the controller are strictly confidential. The administrator handles them in accordance with national legislation and applicable EU regulations in the field of personal data protection.
The controller collects, retains and uses your personal data in accordance with Act no. 110/2019 Coll., on the processing of personal data (hereinafter referred to as the Personal Data Processing Act), or Regulation (EU) of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the ' GDPR'). The purposes for which the controller processes personal data are further defined.
The controller also collects this personal data via his website at janvaidis.cz (hereinafter referred to as the 'website').
The controller issued this policy to inform you of the type of personal data the controller processes, for what purpose he processes them, for how long, who will have access to your personal data, and what rights you have. This policy applies to all personal data collected by the controller, whether they were collected for the purpose of fulfilling a contractual relationship, a legal obligation, a legitimate interest, or granted consent.

Processed data

The controller is authorised to process the following personal data according to the purpose of processing, the category of personal data, the category of data subjects, the category of recipients and the retention period as follows.

No.	Purpose of processing	Category of personal data	Category of data subject	Category of recipients	Retention period
1	Commercial communications	Identification data	Customers	Controller	1 year

The following are purposes of data processing:

Fulfillment of a contractual relationship means: the relationship between you and the controller arising on the basis of an order, registration, the conclusion of a contract, application and participation in a competition, etc.;
Sending commercial communications and offering products and services means: sending commercial offers via electronic mail (email), via short text messages or via a telephone call;
Accounting and tax purposes means: accounting records pursuant to accounting and tax legislation;
Personnel, payroll agenda means: the conclusion of business contracts, processing wages, social and health insurance levies pursuant to Act no. 262/2006 Coll., the Civil Code, no. 582/1991 Coll., on the organization and implementation of social security, no. 48/1997 Coll., on public health insurance and on the amendment of certain related acts;
Statistical purposes means: anonymised detection of website traffic, monitoring of the number of page views, the time spent on the website, the type of device from which you access the website. We collect data to improve the quality of the services provided and to offer out clients relevant content;
Displaying ads means: displaying ads on websites based on statistically determined customer preferences;
Legitimate interest means: an effective defense in the event of a dispute; in such cases, the processing period for personal data is 4 years from the expiry of the warranty period for goods, and it is extended by the duration of the dispute. We want to constantly improve the quality of our services and provide new and better services; we want to resist obstruction of this activity, which is why activities that contribute to the fulfillment of this goal are our legitimate interest. Legitimate interest is processing for the purposes of fraud prevention (e.g. assessing the risk of concluding a contract), direct marketing (e.g. offering relevant services to existing customers), transfer of personal data within a group of companies for internal administrative purposes, notification of criminal offenses and transfer of personal data to the relevant authority, ensuring network and information security. This list is only intended to provide an example.
Performance of other legal obligations means: giving information to law enforcement authorities, giving information to other public authorities and the like.

We process your personal data for the period necessary to ensure all rights and obligations resulting from mutual legal action, at least for the period of processing an order, executing a transaction, setting up a service, etc., and for the period during which the controller is obliged to retain the personal data according to generally binding legal regulations, or for the period for which you may have given consent to the controller. Otherwise, the processing period depends on the purpose for which the personal data is processed, or it is determined by legal regulations.
Personal data are processed automatically. The controller is authorised to process certain information automatically, e.g. to create statistical information about the traffic of his website.

Personal data processed on the basis of consent

If you gave us your consent to the processing of your personal data, this was for one of the following purposes:
Sending commercial communications and offering products and services.

Rights of data subjects

As a data subject, you have the following rights stipulated in legal regulations that you can exercise at any time:

The right of access to personal data, according to which you have the right to obtain information about whether the controller is processing your personal data. The controller is obliged to give you this information without undue delay. The content of the information is determined by an article of the GDPR. The controller has the right to request a reasonable fee for the provision of this information not exceeding the costs necessary to provide the information;
The right to rectification or erasure of personal data, or restriction of processing, according to which you have the right to have personal data that is inaccurate or incorrect rectified. If your personal data are no longer needed for the purposes for which they were collected, or if they are processed unlawfully, you have the right to request their erasure. If you do not want to request the erasure of your personal data but only to limit their processing, you can request restriction of processing;
The right to request an explanation; if you suspect that the controller's processing of your personal data is in violation of the law;
The right to contact the Office for the Protection of Personal Data in case of doubts about compliance with obligations related to the processing of personal data;
The right to data portability, i.e. the right to obtain personal data concerning you that you have given the controller in a structured, commonly used and machine-readable format, see details in Art. 20 of the GDPR;
The right to object to the processing of personal data that are processed for the purpose of fulfilling a task carried out in the public interest, in the exercise of public authority, or for the purpose of protecting the legitimate interests of the controller. The controller will terminate the processing without undue delay if he does not prove that there is a legitimate interest/reason for the processing that outweighs your interest, rights or freedoms;
The right to withdraw your consent to the processing of personal data at any time if you have given the controller consent to the processing of your personal data.

Transfer to third countries

Your personal data will not be transferred to third countries.

Information and questions

Data subjects can obtain further information about rights and obligations in the protection of personal data on the website at janvaidis.cz, or they can write to kouzelnik@janvaidis.cz.