This document contains basic information about how we process your personal data. It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR).
1. Personal data controller
The controller is the person who, alone or jointly with others, determines the purposes and decides how personal data will be processed.
The controller of your data is
Frances s.r.o. – ID 00473961, with registered office at Na Košince 106/3, 180 00, Prague 8, registered in the Commercial Register kept by the Municipal Court in Prague under file number C 127169
You can contact the administrator using the following contacts:
- tel.: +420 284 841 080, e-mail: email@example.com
- DPO: firstname.lastname@example.org
2. The purpose for which we need the personal data and the legitimacy of the processing
We process your personal data in order to:
1. ensuring the conclusion and subsequent performance of the contractual obligation between the administrator and you (Art. 6 para. 1 lit. (b) GDPR). Such a relationship gives rise to other legal obligations and the controller must process personal data for this purpose as well (Art. 6 para. 1 lit. (c) GDPR);
2. for marketing purposes, so that the controller can best tailor the offer of its products and services and commercial communications about them to your needs, for this purpose of processing the controller obtains your unambiguous consent (Article 6(1)(a) GDPR, if you are already our customer, the legitimate reason for marketing is our genuine interest (Article 6(1)(f) GDPR);
3. the protection of your legitimate interests (Article 6(1)(f) GDPR), which is to ensure the protection of the data you have entrusted to us for processing, the protection of our property.
Providing personal data to the controller is generally a legal and contractual requirement. With regard to the provision of personal data for marketing purposes (except for marketing to our existing customers, where we use our legitimate interest), which does not constitute the fulfilment of a contractual and legal obligation of the controller, your consent is required. If you do not give your consent to the controller to process your personal data for marketing purposes, this does not mean that the controller will refuse to provide you with its product or service under the contract as a result.
Our legitimate interests are in particular the proper performance of all contractual obligations, the provision of business information to customers, the proper performance of all legal obligations, the protection of our business and assets and, last but not least, the protection of the environment and ensuring sustainable development.
The lawfulness of the processing is determined by Article 6 para. 1 of the GDPR, according to which processing is lawful if it is necessary for the performance of a contract, for the fulfilment of a legal obligation of the controller, for the protection of the legitimate interests of the controller or the processing is based on the consent you have given us.
The lawfulness of the processing is also based, for example, on Act No. 563/1991 Coll., on accounting, according to which invoicing data is processed and stored, Act No. 89/2012 Coll., the Civil Code, according to which the controller defends its legitimate interests, or Act No. 235/2004 Coll., on value added tax.
3. Personal data and their processing
We process the following personal data about you:
1. Basic identification data – name and surname, or name and address of the company and its ID number and VAT number for self-employed persons,
2. contact details – phone number and email address (which is your unique identifier for us),
3. information about the services we provide to you,
4. information on mutual communication – information from emails, phone records or contact forms,
5. billing and transaction data – this is mainly information appearing on invoices, on agreed billing terms and on payments received,
6. location data – the addresses you provide to us for the implementation of services
3.1. Source of personal data
We have obtained personal data directly from you, in particular from completed forms, mutual communication or concluded contracts.
The source of the CCTV footage and telephone records are the systems we operate for this purpose and whose operation we always draw your attention to.
In addition, personal data may also come from publicly available sources, registers and records, such as the commercial or trade register.
3.2. Processing time
We keep information that we are required to keep based on the time limits set by legislation for the period of time specified in the law (this applies in particular to accounting documents).
We retain other contract information for a period of 5 years from the expiry of the contract or handover of the contract, and we destroy the documents supplied for each contract immediately after handover of the contract.
We destroy your identification and contact data and communication records 5 years after the last contact.
Personal data processed for marketing purposes only will be processed until the consent is withdrawn, for a maximum period of 7 years.
After this period, the personal data will be securely and irretrievably destroyed so that it cannot be misused.
3.3. Data transmission
We must, within the limits of the law, disclose personal data to public authorities such as tax authorities, courts, law enforcement authorities.
We will also pass on the necessary personal data (address, contact person and their phone number) in the case of using contractors – transport companies or suppliers postal services, external graphic designers or other subcontractors.
When processing orders, we then use various systems that we usually have installed on our devices. If this is not the case and the system is operated by an external supplier, we have concluded appropriate contracts with them and we make sure that they take care of your data with due responsibility and in accordance with the GDPR.
For sending out commercial offers We also use external suppliers via e-mail and SMS, to whom we only pass on the absolutely necessary data (name and surname, e-mail, telephone number).
For all processors, we ensure that they process your personal data securely and in full compliance with the GDPR.
We will not transfer personal data to countries outside the European Union or the European Economic Area or to any international organisation.
4. Your rights
In connection with the processing of your personal data, you are guaranteed the rights described in this article. You can make these claims to the Administrator at the contacts listed above, either by sending an email to the addresses listed or in writing to the Company’s registered office.
The controller provides all communications and statements regarding the rights exercised by you free of charge. However, if the request would be manifestly unfounded or excessive, in particular because it would be repetitive, the controller shall be entitled to charge a reasonable fee taking into account the administrative costs involved in providing the requested information. In the event of repeated requests for copies of the personal data processed, the controller reserves the right to charge a reasonable fee for administrative costs for this reason.
The controller will provide you with a statement and, where appropriate, information on the measures taken as soon as possible, but within one month at the latest. The administrator is entitled to extend the deadline by two months if necessary and in view of the complexity and number of applications. The administrator will inform you of the extension, including the reasons for it.
4.1. Right to information about the processing of your personal data
You are entitled to request information from the controller as to whether or not personal data is processed. If personal data are processed, you have the right to request information from the controller, in particular on the identity and contact details of the controller, its representative and, where applicable, the data protection officer, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients of the personal data, the authorised controllers, a list of your rights, the possibility of contacting the Office for Personal Data Protection with registered office pplk. Sochora 27, 170 00 Prague 7, about the source of processed personal data and about automated decision-making and profiling.
If the controller intends to further process your personal data for a purpose other than that for which it was collected, it will provide you with information about that other purpose and other relevant information before that further processing.
The information provided to you in exercising this right is already contained in this document, but this does not prevent you from requesting it again.
4.2. Right of access to personal data
You are entitled to request information from the controller as to whether or not your personal data is processed and, if so, you have access to information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the period of storage of personal data, information about your rights (rights to request from the controller rectification or erasure, restriction of processing, to object to such processing), the right to lodge a complaint with the Data Protection Authority, information on the source of the personal data, information on whether automated decision-making and profiling takes place and information concerning the procedure used as well as the significance and foreseeable consequences of such processing for you, information and safeguards in the event of transfer of personal data to a third country or an international organisation. You have the right to be provided with copies of the personal data processed. However, the right to obtain such a copy shall not adversely affect the rights and freedoms of other persons.
4.3. Right to repair
In certain situations, you generally have the right to have your personal data rectified. In the case of CCTV footage, however, this right is not relevant.
4.4. Right to erasure (right to be forgotten)
In certain specified cases, you have the right to request that the controller erase your personal data. These cases include, for example, that the processed data is no longer necessary for the purposes mentioned above. The controller deletes personal data automatically after the expiry of the period of necessity, but you can contact the controller at any time with your request. Your request is then subject to an individual assessment (despite your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data) and you will be informed in detail about the processing of your request.
4.5. Right to restriction of processing
The controller processes your personal data only to the extent necessary. However, if you feel that the administrator e.g. exceeds the purposes for which the personal data is processed as set out above, you may request that your personal data be processed solely for the strictly necessary lawful purposes or that the personal data be blocked. Your application is then subject to an individual assessment and you will be informed in detail about its processing.
4.6. Right to data portability
If you wish the controller to provide your personal data to another controller, respectively. to another company, the controller will transfer your personal data in the appropriate format to the entity designated by you, provided that no legal or other significant obstacles prevent it from doing so.
In the case of CCTV footage, this right is not relevant.
4.7. Right to object and automated individual decision-making
If you become aware or believe that the controller is processing your personal data in breach of the protection of your private and personal life or in breach of the law (provided that the personal data are processed by the controller on the basis of public or legitimate interest, or are processed for direct marketing purposes, including profiling, or for statistical purposes or for purposes of scientific or historical interest), you may contact the controller and request an explanation or rectification of the deficiency.
You can also object directly to automated decision-making and profiling (in the case of CCTV footage, there is no automated decision-making and profiling, so this right is not relevant).
4.8. Right to lodge a complaint with the Office for Personal Data Protection
You may at any time contact the supervisory authority, the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, website https://www.uoou.cz/.
4.9. Right to withdraw consent
You have the right to revoke your consent to the processing of personal data at any time, either by filling in the form on the website or by sending a revocation to the e-mail or address of the administrator’s headquarters or by using the link in the e-mail communication.
5. Personal data processor
If you entrust us with the processing of documents that contain personal data or if we process an order that requires the personal data of other persons (preparation of various events, production of personalised materials, etc.), then we are in the position of a processor in relation to this personal data.
We then act in full compliance with the client’s instructions when implementing the contract. These are usually part of the contract or purchase order for more complex contracts.
We process the documents for such orders (which may contain personal data) for as long as necessary and delete/dispose of them after the order has been completed (within 30 days after the order has been handed over, unless there are any problems).
This document is valid from 25. 5. 2018 and the last update was on 11. 09. 2023. The current version will always be published on the company’s website.