Privacy and Personal Data Protection Policy
of Pealock holding, s.r.o.
Pealock holding, s.r.o. , with its registered office at Nové sady 988/2, Staré Brno, 602 00 Brno, Czech Republic, identification number 078 37 208, registered in the Commercial Register maintained by the Regional Court in Brno under file number C 110396 (the Company or we), which in its activities as a controller processes personal data of its customers (and potential customers) and website visitors (you), in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council (GDPR), hereby, in accordance with Article 13 of the GDPR and Act No. 127/2005 Coll., on electronic communications (Electronic Communications Act) provides the following information about this processing (Policy):
1.1 What is the purpose of this Policy?
If you cooperate with us, whether you are our customer or use our services and products, or if we are considering any form of cooperation with you, or if you have visited our website, we process some of your personal data that you have provided to us or that we have obtained in another lawful manner.
In this document, you will find summary information about what personal data we process, to what extent, in what way, for what purpose, for how long, and what your individual rights are in relation to this processing of personal data.
1.2 How can you contact us?
If you are unclear about how we handle your personal data, please contact us at the following e-mail address: [email protected] or at the correspondence address of our Company: Pealock holding, s.r.o., Mostecká 130, Vsetín, 755 01, Czech Republic.
1.1 From what sources do we obtain personal data?
We obtain your personal data either by you providing it to us, e.g. when discussing possible future cooperation through our website or other communication channels or during the cooperation itself (e.g. identification data; contact data; billing or transaction data), or we collect it automatically through our IT systems whenever you access our website or use our products (e.g. web browsing data and marketing cookies; device location data).
1.2 What personal data do we process and for what purpose?
We only process data about you that we need to fulfil our contractual obligations, or to carry out the measures taken on the basis of your order or instruction, to comply with our legal obligations (for example, to keep proper accounts), to pursue our legitimate interests (for example, to offer you our products or to assess the suitability of possible mutual cooperation), or data that you have given us your consent to process.
We only process your personal data to the extent necessary and proportionate to the stated purpose of the processing. To give you an easy overview of which of your data we process, for which purpose and what legal basis we have for doing so, we have prepared the following table:
We are entitled to process all of the above categories of personal data to the extent necessary for the establishment, exercise or defence of our legal claims based on our legitimate interest in protecting our rights (Article 6(1)(a) GDPR).
We are entitled to anonymise device location data for the purposes of further risk analysis of the sites and the operation of our products and services, based on our legitimate interest in improving the provision of our services (Article 6(1)(a) GDPR).
1.3 What data do we process about you on our website?
1.4 What happens if you refuse to provide us with personal data?
As long as you have not entered into a contract with us, you may choose not to provide us with any of the above categories of personal data and not to enter into a contract with us.
However, if we have already established a business relationship with you or you are interested in establishing one, we will need at least your identification, contact, billing and transaction data (and in the case of subcontractors, some profile data such as education and work experience) in order to fulfil our obligations, otherwise we cannot establish cooperation with you or provide you with our services.
For personal data that we process on the basis of your consent, you have the right to withdraw your consent at any time. If you do so, you will not call into question the lawfulness of the processing of your personal data at the time prior to your withdrawal, but we will no longer be able to process this data in the future.
1.5 How long will we keep your personal data?
We only keep your personal data for as long as necessary to fulfil the purpose for which we process it, after which we will irreversibly delete it. The length of retention for each category of data thus varies according to the purpose of processing:
(i) we keep the data processed for the performance of the contract, i.e. identification, contact, billing and transaction data, for the entire duration of the contractual relationship and until the end of the longest limitation period relating to the obligations and rights governed by this contract (i.e. generally 10 years during the limitation period and 1 year after its end for claims made at the end of the limitation period, unless a longer limitation period has been agreed or extended);
(ii) data processed for the fulfilment of the legal obligation to keep proper accounting records, i.e. invoicing and transaction data, are stored for a maximum of 10 years from the end of the tax period in which the last document for your order was issued or the last transaction was carried out;
(iii) we process the data processed in the Pealock App for the performance of the contract with you for the entire duration of your personal profile in the Pealock App;
(iv) data processed on the basis of our legitimate interest to offer our products and services, i.e. identification and contact data, are stored for 3 years following the termination of the contractual relationship or since our last contact (if no business relationship has been established);
(v) data processed on the basis of your consent to receive our product and service offers, i.e. identification and contact data, are then processed only for the period of time to which you have consented, i.e. no longer than 3 years, unless you withdraw your consent earlier;
(vi) data processed on the basis of our legitimate interest in providing client care and enhancing our reputation, i.e. data from mutual communication, are retained for the duration of the mutual communication and until the end of the calendar year following our last contact;
(vii) we only process the device location data processed to execute your request to locate the device and to trigger an alarm for the time necessary to execute your request, or repeatedly every 3 seconds when an alarm is triggered, without prejudice to the processing of this data within the Pealock Application;
(viii) we retain web browsing data processed on the basis of our legitimate interest in ensuring the smooth operation of our website for as long as it is valid, but no longer than 24 months, unless you remove technical and analytical cookies from your device earlier; and
(ix) marketing and analytical cookies processed on the basis of your consent, we process only for the period of validity to which you have consented, i.e. no longer than 24 months, unless you withdraw your consent earlier.
1.6 To whom do we transfer personal data for processing? With whom do we share personal data?
As we use external suppliers to provide certain services to our business, we transfer your personal data to them to the extent necessary to enable them to provide these services to us. These suppliers are:
(x) software services and marketing services (e.g. Tawk.to, Google, Facebook, Instagram);
(xi) tax and legal services;
(xii) payment services (Stripe); and
(xiii) logistics services (Skladon).
When transferring personal data to these suppliers, we make sure that they, as processors, use the personal data transferred only for the purposes set out by us and stated above.
As we also use the services of processors based in the USA (Google, Stripe), we also transfer personal data outside the EU. Such transfers are based on standard contractual clauses.
We may also transfer your personal data to other recipients (controllers), namely providers of additional services in which you have expressed interest.
We do not transfer personal data to international organisations.
1.7 Do we use automated decision-making, including profiling, in processing?
The processing of your personal data does not involve automated decision-making or profiling, i.e. a situation where personal data is processed automatically, without human intervention, and the result of this automated processing would have legal effects on the data subject or would otherwise significantly affect him or her. A human being is always present during any processing of your data by us. Should we wish to use automated decision-making in the future, we will inform you of such intention.
1.8 What rights do you have in relation to personal data and how can you exercise them with us?
It is our duty and priority to ensure that the processing of all personal data by our Company is carried out properly and securely. As such, only authorised persons have access to personal data via secure access and we will delete the data when it is no longer required.
We also guarantee you the rights listed below, which you can exercise with us in writing, by telephone or by email to the contacts listed above. We will do our best to respond promptly and, if possible, to comply with your request. We provide all information and statements regarding the rights you have exercised free of charge. Only if we find your request manifestly unfounded or unreasonable may we charge a reasonable fee to reflect the administrative costs involved in providing the information requested. Also, should your requests for copies of the personal data processed be repeated, we reserve the right to charge a reasonable fee to cover the administrative costs for this reason.
If you ask us for a statement or information about the measures we have taken, we will provide it as soon as possible and within one month at the latest. We can only extend this period if the complexity and number of requests make it necessary. However, we would always inform you of such an extension, stating the reason and the length of the extension, which will not exceed 2 months.
(a) Right to information about the processing of your personal data and access to personal data
You have the right to be informed about whether we process your personal data, what data is involved, for what purpose we process it, to whom we transfer your data (or to which categories of recipients of personal data), what rights you have in connection with our processing, that you can contact the Office for Personal Data Protection, what are the sources of the personal data processed and whether automated decision-making and profiling take place. This policy is also designed to ensure that you are informed.
If we intend to further process your data for a purpose other than that for which it was collected, we will provide you with information about this other purpose and other relevant information before such processing. The information covered by this right can also be found in this document, but this does not prevent you from requesting it again.
At your request, we will also provide you with a copy of the personal data processed, provided that the rights and freedoms of others are not adversely affected.
(b) Right to repair
If any of your personal data that we process has changed, for example if you have changed your address or telephone number, you have the right to request us to correct this data. In addition, you have the right to have incomplete personal data completed, including by providing an additional declaration.
(c) Right to erasure (right to be forgotten)
You have the right to request that we delete your personal data. Your request is then subject to individual assessment; despite your right to erasure, we may have an obligation or legitimate interest to retain your personal data, for example, if it relates to invoices that we need to keep for tax reasons. However, in any case you will be informed in detail about the processing of your request. We delete data that is no longer necessary for the purposes for which it was processed automatically, but you can contact us at any time to request deletion.
(d) Right to restriction of processing
You have the right to require us to restrict the processing of your personal data (i.e. to prevent its use, but at the same time to prevent its complete destruction) in the following cases:
(i) you have contested the accuracy of the personal data (processing will then be limited to the time necessary to verify accuracy);
(ii) the processing is unlawful and you are not interested in having it deleted;
(iii) We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of your legal claims;
(iv) you have objected to processing and we are verifying whether our legitimate grounds for processing outweigh yours.
Even if the processing is restricted, we will still be able to process your personal data in cases where this is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons.
(e) Right to data portability
If you ask us to provide your personal data to another controller or company, we will transfer your personal data in the appropriate format to the entity you specify, unless we are prevented from doing so by law or other significant obstacles.
(f) Right to object and automated individual decision-making
If you believe that we are processing personal data in violation of the protection of your private and personal life or in violation of the law, you can contact us and ask us to explain or remedy the defect.
Should automated decision-making or profiling be carried out on our part, you can further object to such processing.
(g) Right to lodge a complaint with the Office for Personal Data Protection
If you feel that we are treating your personal data in breach of our obligations, please contact our contact person listed at the head of this document. We trust that we will be able to clarify any discrepancies. If you are not satisfied with our response, you always have the right to address your complaint or complaint regarding the processing of personal data to the supervisory authority, namely the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, website https://www.uoou.cz/.