Principles of processing personal data
Principles of processing personal data of clients in Apertia Tech s.r.o.
We would like to inform you about how we at Apertia Tech s.r.o. (hereinafter also referred to as „we“ or „our company“) process your personal data in connection with offering, arranging, providing and administering products and services.
This Policy is mainly here to provide you with information about, in particular, what personal data we collect, how we handle it, from what sources we obtain it, for what purposes we use it, to whom we may disclose it, where you can obtain information about your personal data that we process and what your individual rights are in relation to the protection of personal data.
Thank you for reviewing the contents of this Policy. We will answer your questions either at our business premises, at Matěje Košt’íře 269; 250 88 Čelákovice – Praha East or by e-mail at firstname.lastname@example.org.
1. General information
We have a number of legal obligations relating mainly to the processing of personal data of our clients, which we must comply with in particular with regard to the performance of contractual obligations, security in the use of our products or the exercise of public authority. In this respect, our company cannot provide you with its products and services without your personal data.
We also process our clients‘ data and all personal data beyond the scope of our legal obligations, mainly for the purpose of taking care of you and our other clients, so that we can also address you with a targeted offer of products and services. And for this reason we need to obtain your consent. Where you do not give your consent in these cases, the products or services we provide may be limited or otherwise modified depending on the scope of the data we are authorised to process.
We will inform each client of the restriction or modification.
This Policy applies in all respects to the processing of personal data of potential clients, i.e. persons with whom we have not yet entered into a contractual relationship but with whom we are already in contact, or former clients.
All information in this Policy that is set out herein shall also apply to a reasonable extent to the processing of personal data of other persons in respect of whom we have certain obligations or with whom our company is directly in contact, although we do not have a contractual relationship with them. (e.g. sales representatives, company agents and corporate contact persons)
1.1 Principles of personal data processing
We respect and honour the highest standards of data protection when processing your personal data and in particular adhere to the following principles:
(a) We always process everyone’s personal data for a clearly and comprehensibly stated purpose, by stated means, in a stated manner, and only for as long as is necessary in relation to the purposes for which it is processed; we only process accurate personal data of our clients and we ensure that the processing is appropriate to the stated purposes and necessary for the fulfilment of those purposes;
b) We ensure that your personal data is protected and processed in the most secure manner possible. This highest security prevents any unauthorised or accidental access to, alteration, destruction or loss of, or unauthorised transfer of, the personal data of our clients, as well as any other misuse.
(c) We will inform you in a comprehensible manner about the processing of your personal data and about your requirements for accurate and complete information about the circumstances of this processing, as well as about your other related rights;
d) At Apertia Tech, s.r.o., we observe organizational and appropriate technical measures to ensure a level of security appropriate to all possible risks; all persons who come into contact with the personal data of our clients are obliged to maintain the confidentiality of information obtained in connection with the processing of such data.
2. Information on the processing of personal data
2.1 Information about the controller
The data controller of your personal data is our company, i.e. Apertia Tech s.r.o., with registered office at Šlikova 549/4, Postal Code 169 00, Prague 4 – Břevnov, ID No.: 27117758, a company registered in the Commercial Register maintained by the Municipal Court in Prague, file number C 97580.
2.2 Purposes of processing and legal basis for processing
2.2.1. Processing of personal data without your consent
These are generally situations where you are obliged to provide us with certain personal data as a condition for us to provide you with our product or service, or where we are entitled to process your personal data obtained in another way.
(a) We are legally entitled to process your personal data without your consent for the following purposes to comply with our legal obligations, in particular
(i) compliance with notification obligations to public authorities;
(ii) compliance with archiving obligations;
(b) entering into or performing a contract with you.
(c) the protection of rights and legitimate interests, in particular for the resolution of any litigation, in particular for the purposes of litigation or other dispute resolution.
2.2.2 Processing of personal data with your consent
These are generally situations where you voluntarily consent to us processing personal data provided by you or otherwise obtained. If you do not provide your consent, this may result in our company being unable to provide certain products or services or being forced to make reasonable adjustments to the availability, scope or terms of the products and services provided.
Based on your consent, our company processes your personal data for the following purposes:
(a) client care; these are activities that do not constitute performance of a contract or other lawful processing of personal data and include the following activities:
(i) market research;
(ii) monitoring the behaviour of clients on the Apertia Tech website in relation to the services offered (this purpose does not therefore refer to the mere acquisition of information about the behaviour of users visiting our company’s website through cookies, which is described below in the article on Electronic means of communication and mobile applications);
(b) offering products and services; this includes, in particular, the dissemination of information, offering products and services to our company and others, including offering products and services that are specifically targeted to individual clients, through various channels such as mail, electronic means (including email and messages sent to a mobile device via a telephone number) or by telephone call, via the Website. To a certain extent, in these cases, our company is entitled to offer products and services to clients also without obtaining their consent; if this is required by law, you will be advised of your right to object to the further offering of products or services in this context. In this context, your personal data may also be transferred to third parties for the purpose of disseminating information and offering products and services to these third parties. More details about the transfer are set out later in this Policy.
2.3 Scope of processing of personal data of clients
Our company processes your personal data to the extent necessary to fulfil the above purposes. We process contact and identification data. Further information on the scope of the personal data of clients processed is provided in Annex 1 of this Policy.
2.4 Method of processing personal data
The way in which our company processes your personal data includes manual and automated processing, including algorithmic processing, in our company’s information systems,
Your personal data is processed only by our employees and, to the extent necessary, by third parties who have a confidentiality agreement with our company. Prior to any transfer of your personal data to a third party, we will always enter into a written contract with that person which contains the same guarantees for the processing of personal data as our company itself complies with in accordance with its legal obligations.
2.5 Recipients of personal data
In particular, your personal data of clients is disclosed to our company’s employees in connection with the performance of their work duties that require the handling of personal data of clients, but only to the extent necessary in that particular case and in compliance with all security measures.
In addition, your personal data is passed on to third parties involved in the processing of personal data of our company’s clients or may be disclosed to them for other reasons in accordance with the law. Prior to any transfer of your personal data to a third party, we will always enter into a written contract with that party, in which we will regulate the processing of personal data in such a way that it contains the safeguards for the processing of personal data that our company itself observes in accordance with its legal obligations.
2.5.1 In accordance with applicable law, our company is entitled or directly, without your consent, obliged to transfer your personal data:
to the relevant government authorities, courts and law enforcement authorities for the purpose of fulfilling their obligations and for the purpose of enforcing decisions;
to other persons to the extent provided for by law, for example to third parties for the purpose of recovering our debts from clients.
2.6 Transfer of personal data abroad
Your personal data is processed on the territory of the Czech Republic and on the territory of other European Union countries which share the same standards of personal data protection as the Czech Republic. Neither our company nor entities involved in the processing of clients‘ personal data transfer clients‘ personal data to countries outside the European Union.
2.7 Duration of processing of personal data
Our company processes clients‘ personal data only for the period of time that is necessary for the purposes of processing. We continuously assess whether there is still a need to process certain personal data necessary for a particular purpose. If we determine that they are no longer necessary for any of the purposes for which they were processed, we will destroy the data. However, we have already internally assessed the normal period of usefulness of personal data in relation to certain purposes of processing personal data, at the end of which we particularly carefully assess the need to process the relevant personal data for that purpose. In this context, it also applies that personal data processed for the purposes of:
(a) the performance of a contract, we process for the duration of the contractual relationship with the client; furthermore, the relevant personal data are usually usable for a period of ten years;
(b) the offering of products and services, we process for the duration of the contractual relationship; furthermore, the relevant personal data are normally usable for a period of ten years; if personal data are transferred to third parties in this context, the third parties determine the processing period in accordance with the applicable legislation and the rules set out in this Policy;
(c) client care is processed for the duration of the contractual relationship with the client; furthermore, the relevant personal data is usually usable for a period of ten years.
2.8 Right to withdraw consent
We have tried to explain in this Policy why we need your personal data and that we may only process it for certain purposes with your consent. You are not obliged to consent to our processing of your personal data and you are entitled to withdraw your consent. We would like to remind you that we are also entitled to process certain personal data for certain purposes without your consent. If you withdraw your consent in this case, we will stop processing the relevant personal data for the purposes requiring the relevant consent, but we may be entitled or even obliged to continue to process the same personal data for other purposes.
If you do not give or withdraw your consent, we may:
(a) modify the availability, scope or terms of our products or services accordingly; or
(b) refuse to provide you with our products or services if we find that such consent is necessary to provide the product or service under the circumstances.
In the event that you wish to withdraw your consent to the processing of your personal data, please contact us in writing at email@example.com or directly in person at Apertia Tech Ltd’s offices.
2.9 Sources of personal data
We obtain personal data of our clients mainly from:
(a) from clients themselves, directly, e.g. when concluding contracts relating to the products or services provided, or indirectly, e.g. when clients use the products or services themselves or when making information about products and services available to clients, e.g. via the company’s website, etc;
(b) from potential prospective customers for our services in the context of marketing events and campaigns;
(c) from our own activities by processing and evaluating other personal data of clients.
2.10. Your right to request access to personal data and protection of clients‘ rights
If you ask us for information regarding the processing of your personal data, we will provide you without undue delay with full information about what data we process about you. In return for providing such information, we have the right to claim reasonable compensation for the costs incurred in providing this information. If you become aware or believe that our company or a third party involved in the processing is processing your personal data in a way that is contrary to the protection of your private life or contrary to the law, in particular if your personal data is inaccurate, you may:
(a) request an explanation from our company or the third party involved in the processing;
(b) request that the deficiency be rectified, in particular you may request that the personal data be rectified or completed; if necessary, the data will be temporarily blocked or destroyed.
If we find your request to be justified, our company or the third party involved in processing the data will rectify the deficiency immediately and free of charge.
2.11. Electronic means of communication and mobile applications
As part of our client care, our company develops technology so that you can use modern electronic means of communication and mobile applications to use our products and services. This includes services related to the use of the Internet, the use of social networks and various mobile applications.
Social networks. You can also reach us through various social networks. We use these communication channels mainly as marketing tools and do not currently provide our products and services through them.
This Policy is valid and effective as of 17.11.2022. The current version of the Policy is published on our products‘ websites and is also available on our premises
Appendix 1 – Scope of personal data processed
Identification data – includes data, which are mainly name, surname, e-mail, telephone, employer or represented company; in the case of a natural person client – entrepreneur, also ID number and VAT number. Other possible identification data include, for example, the IP address of the computer used and sets of specific authentication data, the use of which we agree.
Contact data – name, surname, contact address, telephone number, e-mail address or other similar contact data. Other possible identification data include, for example, the IP address of the computer you are using and sets of specific authentication data that we agree to use.
In the event that you withdraw a submitted request for a product or service, we will process the date of withdrawal in addition to the data provided by you up to the time of withdrawal.
Data arising from the performance of contractual obligations – depending on the nature of the product or service provided, we process data relating to the product or service provided. This category includes the processing of personal data such as the duration of the contract, products and services purchased.
Personal data collected in connection with the provision of our products or services – this is personal data collected during our interaction. These include:
(i) data used to ensure the security of communications,
(ii) records of your preferred language for communication, your expressed interest in a product or service, or your specific requirements communicated to us.