The purpose of these Privacy and Data Protection Principles ("Principles") is to provide information about what personal data is processed by individuals in the provision of services and sales, mediation of the sale of goods and services to our company, for what purposes and for how long our company processes these personal data in accordance with applicable law, to whom and for what reason it may transmit it, as well as to inform about the rights of natural persons in connection with the processing of their personal data. The principles are valid from 25 May 2018 and are issued in accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding with the protection of individuals with regard to the processing of personal data and of the free movement of such data (GDPR ").
1. Personal Data Manager, Personal Data Processing and Privacy (GDPR)
The administrator of the personal data is YeahCoach s.r.o., Company ID 06039201, registered office at Gregorova 2115/10, Chodov, 14800 Praha 4, registered in the Commercial Register kept by the Municipal Court in Prague in Section C, File 274298 (hereinafter referred to as the "Administrator"). Any inquiries regarding the processing of your personal data can be sent to the address of the Administrator's address at email@example.com or by phone: +420 730 808 803.
2. Scope of processing and category of personal data processed
Personal data shall be processed to the extent that the relevant data subject has provided the Administrator in connection with the conclusion of a contractual or other legal relationship with the Administrator or otherwise collected by the Administrator and processing them in accordance with the applicable legal regulations or the fulfillment of the statutory duties of the Administrator , or which the data subject himself provided as part of the registration or in connection with the publication of his profile on the websites operated by the Administrator. The administrator processes the following categories of personal information:
(a)name and surname, or academic title,
(b) the name of the firm,
(c) IN, TIN
(d) address of permanent residence,
(e) the address of the place of business or place of business,
(f) delivery address,
(g) contact e-mail address,
(h) contact telephone number,
(i) a job and / or position in the company,
(j) bank connections,
(k) profile photo,
(l) biographical data,
(n) personal web site,
(o) personal motto,
(p) personal skills,
q) records of cookie-cooked websites' behavior when cookies are enabled in a web browser.
3. Purpose of the processing of personal data
3.1 Processing for performance of the contract, fulfillment of legal obligations and due to the legitimate interests of the Administrator
The provision of personal data necessary for the fulfillment of the contract, the fulfillment of the legal obligations of the Administrator and the protection of the legitimate interests of the Administrator is obligatory. Without providing personal data for these purposes, it would not be possible to provide services. In order to process personal data for these purposes, the Administrator does not need the consent of the personal data subject.
The basic partial purposes for the processing of personal data are in particular:
a) processes relating to the identification and possible contact of the customer (performance of the contract);
b) provision of services and delivery of ordered goods (fulfillment of the contract),
c) direct assistance by third parties, ie direct aid providers (performance of the contract)
d) billing for services, issuance of tax documents (fulfillment of the contract),
e) fulfillment of statutory tax obligations (fulfillment of statutory obligations);
f) recovery of customer receivables and other customer disputes (legitimate interest),
g) Debtors' records (legitimate interest).
Personal data for these activities are processed to the extent necessary for the performance of those activities and for the time required to achieve them or for a period of time prescribed by law. Personal data is then erased or anonymized. The basic deadlines for the processing of personal data are available below in Article 5 of the Basic Law.
3.2 Processing of data published by the user in his profile
The data subject has the possibility to post information about his or her person, such as profile photo, biographical data, nickname, personal website, personal motto, personal skills, etc. within the profile published on the websites operated by the Administrator. This information may not be filled in by the data subject, he may at any time edit or delete. If the data subject does not require any of this information to be published on its profile, it does not need to indicate or possibly delete it on its profile, and it will no longer be processed.
3.3 Processing of user data with their consent for marketing and business purposes
With the consent of the data subject, the Administrator processes personal data for marketing and business purposes in order to create an appropriate offer of the Administrator's services and in the context of customer engagement, exclusively by electronic communication through a contact e-mail address. Granting consent to marketing and business purposes is voluntary and the data subject may revoke it at any time. Such consent shall remain in effect for 10 years after its grant or for the duration of the use of the Services by the Administrator and for the following 10 years thereafter or until the data subject has withdrawn it. For marketing and business purposes, all categories of data specified in Article 2 of this Code may be processed by consent. If the data subject withdraws his consent, this is without prejudice to the processing of his personal data by the Administrator for other purposes and other legal titles in accordance with these Principles.
3.4 Processing Cookies from Websites Operated by the Administrator
In case the cookie is allowed by the data subject in his Web browser, the Administrator handles the cookie tracking entries on the websites operated by the Administrator for the purpose of ensuring better operation of the Administrator's web sites and for the Internet advertising of the Administrator. In the case of consent to the processing of personal data for marketing and business purposes, these data are processed together with other personal data for this purpose.
4. Method of processing and protecting personal data
The processing of personal data is done by the Administrator. The processing is carried out at its premises and headquarters by individual authorized employees of the Administrator, processor. The processing takes place via computer technology, and manually to personal data in paper form, with all the security policies for managing and processing your personal information. To this end, the Administrator has adopted a technical and organizational measure to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All entities to which personal data may be made available respect the privacy rights of data protection entities and are required to comply with applicable privacy laws. When processing personal data, the administrator does not have automated decision-making within the meaning of Article 22 GDPR.
5. The processing of personal data
The processing of personal data takes place for the time necessary for the purposes for which the data are processed, in accordance with the deadlines specified in the relevant contracts, in the Administrator's File and Sharing Rules or in the relevant legislation. The length of time that personal data will be stored is determined as follows:
a) In the case of the disclosure of personal data in a user's profile, the Administrator is authorized to process the user's information and process personal data only for as long as the user decides to publish it within his / her profile. These personal data are edited or deleted by the user at any time.
b) In the case of service customers, the Administrator is entitled, in the event that these have fulfilled all his obligations towards him, to process in the customer's database their basic personal, identification, contact details, service data and data from their communication with the Administrator for a period of 4 years the day of the last contract with the Administrator.
c) In case of purchase of goods from the Administrator, this person is entitled to process the basic personal, identification and contact details of the customer, data on goods and communication data between the Customer and the Administrator for a period of 4 years from the expiration of the warranty period for the goods.
d) In the case of negotiations between the Administrator and the potential customer on the conclusion of a contract that has not been concluded by the conclusion of the contract, the Administrator is entitled to process the provided personal data for a period of 6 months from the end of the pre-contractual negotiations.
e) Tax documents issued by the Administrator shall be archived for 10 years from the end of the taxable period in which the transaction took place in accordance with Section 35 of Act No. 235/2004 Coll. Due to the need to prove the legal reason for issuing invoices, customer contracts are also archived for 10 years from the date of termination of the contract.
6. Categories of recipients of personal data
In fulfilling its obligations and contractual obligations, the manager uses specialized and specialized services of other entities. If these vendors process personal data transmitted from the Administrator, they have the status of processors of personal data and process personal data only within the instructions from the Administrator and should not use them otherwise. These include, in particular, merchant shippers, payment gateways, experts, lawyers, auditors, IT system administrators, internet advertisers, or sales representatives. Each such entity is carefully selected by the Administrator and each person has a personal data processing agreement where the processor has strict obligations to protect and safeguard personal data.
When contacting the direct help section, the contact details or bank details of the applicant / assistance beneficiary are also sent to the direct aid provider (s) for the sole purpose of providing the requested assistance. If the data subject disagrees with the transmission of the data to that third party, direct assistance may not be implemented and the data subject will not be required to provide direct assistance in such a case.
7. Rights of data subjects
In accordance with the GDPR, the following rights are the subject of the personal data subject. In the case of rights to the Administrator, the data subject is entitled to apply them to the contact addresses listed in Article 1 of this Code.
7.1 Right of access to personal data
Under Article 15 of the GDPR, the data subject has a right of access to personal data, which includes the right to obtain from the Administrator a confirmation that the personal data concerning him / her are processed or not and, if so, has the right to have access to these personal data data and information on:
(a) the purposes of processing,
(b) the categories of personal data concerned,
(c) the recipients whose personal data have been or will be made available,
(d) the planned processing time,
(e) the existence of the right to request from the Administrator the correction or deletion of personal data relating to the data subject or the restriction of their processing or to object to such processing,
(f) the right to lodge a complaint with the Supervisory Authority,
(g) any available information on the source of personal data, unless it is obtained from the data subject,
(h) the fact that automated decision making, including profiling,
(i) appropriate safeguards when transmitting data outside the EU.
In case the rights and freedoms of other persons are adversely affected, the data subject also has the right to request a copy of the processed personal data. In case of a repeated request, the Administrator is entitled to charge a reasonable fee for a copy of his or her personal data.
7.2 Right to correct inaccurate data
Under Article 16 of the GDPR, the data subject has the right to correct the inaccurate or incomplete personal data he or she is processing. The data subject has the obligation to notify changes to his or her personal data and to demonstrate that such a change has taken place. At the same time, it is required to provide the Administrator with assistance if it is determined that the personal data processing it is inaccurate.
7.3 Right to Deletion
Under Article 17 of the GDPR, the data subject has the right to delete personal data concerning him / her if the Administrator does not prove legitimate reasons for the processing of such personal data.
7.4 Right to limit processing
Under Article 18 of the GDPR, the data subject has the right to limit the processing if he or she denies the accuracy of the personal data, the reasons for the processing, or the objection to the processing of the data. Where processing has been restricted, the personal data in question may be processed only with the consent of the data subject or for the purpose of determining, enforcing or defending legal rights, for the protection of the rights of another natural or legal person or for reasons of overriding public interest in the EU or one of its Member States.
7.5 Notification of the Administrator regarding the repair or deletion of personal data or limitation of processing
In the event of correction, deletion, or limitation of the processing of personal data, the Administrator shall, in accordance with Article 19 of the GDPR, be obliged to inform the individual recipients of personal data of this fact, except where this proves impossible or requires unreasonable effort. Based on the data subject's request, the Data Submission Administrator will provide information on these recipients.
7.6 Right to portability of personal data
Under Article 20 of the GDPR, the data subject has the right to the portability of the data concerning him / her which has been provided to the Administrator in a structured, commonly used and machine readable format and the right to request the Administrator to transfer the data to another Administrator if the processing personal data has occurred on the basis of the conclusion and performance of the contract or the consent of the data subject, and their processing is carried out automati- cally. In the event that the exercise of this right could adversely affect the rights and freedoms of third parties, such requests can not be met.
7.7 Right to object to the processing of personal data
Under Article 21 of the GDPR, the data subject has the right to object to the processing of his personal data due to the legitimate interest of the Administrator. If the Administrator does not prove that there are serious legitimate reasons for processing that prevails over the interests or rights and freedoms of the data subject, the Administrator shall immediately terminate the opposition on the basis of the objection.
7.8 Right to withdraw consent to the processing of personal data
Authorization to process personal data for marketing and business purposes may be revoked at any time. It is necessary to make an appeal in an explicit, comprehensible and certain manner of will. Processing of cookie data can be avoided by setting up a web browser.
7.9 Right to be informed about a personal data breach
According to Article 34 of the GDPR, the data subject has the right to be informed without undue delay by the Administrator of a breach of security of personal data received by the Administrator if it is likely that a breach of personal data will result in a high risk to the rights and freedoms of individuals.
7.10 Right to contact the Office for Personal Data Protection
The data subject has the right to contact the Personal Data Protection Authority (www.uoou.cz) if he / she finds or believes that the Administrator or processor carries out the processing of his / her personal data contrary to the protection of the data subject's private and personal life or in contradiction with relevant legislation.
8. Change the Policy
These Principles may be modified by the Administrator, and if he makes substantial changes to them, they notify changes to data subjects through the services provided or in other ways to have the opportunity to review changes before it enters into force. If some of the changes do not agree with the data subject, they may cancel their account or delete any data from their profile. If the data subject continues to use the Service Provider after publishing or sending the changes to the Policy Amendment, the data subject agrees with the changes.