Rules on personal data protection

PRESTO – PŘEKLADATELSKÉ CENTRUM s.r.o.

Na Příkopě 31, 110 00 Prague 1

Company ID No. 264 73 194

incorporated in the Commercial Register maintained by the Municipal Court in Prague under File No. C 84492

 

  1. INTRODUCTORY PROVISIONS
    • These Rules on personal data protection (hereinafter “Rules”) have been adopted by PRESTO – PŘEKLADATELSKÉ CENTRUM s.r.o., with its registered office at Na Příkopě 31, 110 00 Prague 1, Company ID No. 264 73 194 (hereinafter the “Provider”).
    • These rules regulate the principles of processing the personal data of (i) persons who request or order translation and interpretation services, language lessons or other products, or the representatives of these persons (hereinafter “customers”), (ii) persons who personally attend language lessons, if they are not the actual customer (hereinafter “students”), and (iii) users of the website at presto.cz and www.presto-skola.cz (hereinafter “users” and the “website”).
    • When processing personal data, the Provider acts as the controller and thus determines the purpose for which, and means by which personal data will be processed.
  2. SCOPE OF PROCESSED DATA
    • These rules apply exclusively to handling the personal data of natural persons.
    • Data concerning the customer. The Provider processes personal data which the customer provides in their order. Personal data may pertain directly to the customer or to third parties. Furthermore, the Provider processes personal data which the customer provides during the term of the contract concluded with the Provider. This data refers, in particular, to the customer’s name, surname, telephone number and e‑mail address, or other contact details, information about the customer’s language skills and occupation. The Provider may add other data concerning the course of language lessons and the customer’s achieved level to this data.
    • Data concerning the student. The Provider processes personal data about students in connection with the provision of language lessons, to the extent of their name, surname, telephone number and e-mail address, and potentially the student’s language skills and occupation. The Provider may add other data concerning the course of language lessons and the student’s achieved level to this data.
    • Data concerning children. Only a person 15 years of age or older can order goods and conclude a contract with the Provider. In case of a contract concluded on behalf of a younger person, consent pursuant to these Rules must be approved by the legal guardian.
    • Given the amount of personal data obtained from the customer, the Provider cannot control its origin. If the customer provides personal data about third parties, including language lesson students and its own employees, or if this data is contained in documents received in relation to translations or interpreting, the customer is only authorised to provide this data upon fulfilment of the conditions stipulated by applicable legal regulations, including obtaining consent to process personal data, if applicable. The customer is also obliged to ensure the currency of such data and to inform the Provider immediately of any changes concerning personal data, which are relevant to its processing.
  3. PURPOSE OF PROCESSING PERSONAL DATA
    • Handling the order - fulfilment of the contract concluded between the Provider and customer. In this case, the Provider mainly uses personal data to the extent of the customer’s name and surname, address, e-mail address, telephone number and invoicing data. Personal data is thus used to ensure translations and interpreting or the organisation of lessons. Furthermore, personal data is processed for the purpose of invoicing or handling complaints by the customer or student in the case of language lessons. Personal data about students is processed based on our legitimate interest in organising lessons. Processing the given personal data for the said purpose is therefore necessary.
    • Access and management of online accounts. If any service is performed online, the Provider processes personal data within the framework of fulfilling contractual conditions for the purpose of access to the online information system and its operation, in the scope of the username and password. Processing personal data for the said purpose is therefore necessary.
    • Offer of the Provider’s services and products by e-mail. The Provider processes the customer’s name, surname and e-mail address in order to send commercial messages. These messages are sent exclusively to a customer who has been provided with a service or product, i.e. a customer who was or still is in a business relationship with the Provider. Processing personal data in this case is not conducted based on consent, but on the grounds of the Provider’s legitimate interest. Subscription to commercial messages may be cancelled at any time, or the customer may object to such processing of personal data.
    • Offer of the Provider’s services and products by telephone. The Provider may promote its services and other products by telephone on the basis of consent only. Consent may be revoked at any time via the contacts provided in these Rules.
    • The Provider only performs further processing of personal data beyond the stipulated deadline if necessary for the purpose of its legitimate interests or in order to fulfil the obligations arising from legal regulations by which the Provider is bound.
  4. CANCELLATION OF COMMERCIAL MESSAGES AND REVOCATION OF CONSENT
    • E-mail messages. If the customer does not agree to processing for marketing purposes, they have the right to cancel the sending of commercial messages at any time by clicking on the link located at the foot of every commercial message, or via the contacts provided in these Rules.
    • Telephone calls. Consent to being contacted for the purpose of promoting the Provider’s services and products may be revoked at any time by means of a request sent via any of the contacts provided in these Rules.
  5. PERSONS WITH ACCESS TO PERSONAL DATA
    • Personal data is firstly processed by the Provider and its employees. All persons who have access to personal data on the part of the Provider are bound by a duty of nondisclosure; this obligation remains in effect even after the termination of their employment or other relationship with the Provider.
    • The Provider is authorised to entrust the processing of personal data to other parties, called processors. A processor refers to any entity that processes personal data for the controller based exclusively on its instructions. A processor cannot expand the purpose and scope of processing personal data stipulated by the Provider. All processors are bound by nondisclosure and to fulfil the obligations arising from applicable legal regulations when processing personal data. Processors include, in particular:
      • external translators, interpreters and teachers, or other persons who participate in performing the services offered by the Provider;
      • providers of certain information systems and other software used by the Provider; or
      • providers or couriers and transport services.
  1. PERIOD OF DATA PROCESSING
    • To handle the order and for the performance of the contract, personal data is processed for the term of the contract and for a subsequent period of 10 years after its termination. The 10-year period commences on the termination of service provision or complete settlement of mutual rights and obligations, depending on which occurs later. The said period is stipulated with regard to the potential submission of any claim arising from or related to the concluded contract.
    • Personal data is processed for the purpose of online account management until it is cancelled. Cancellation of an online account may occur, in particular, in connection with the termination of the contract under which the on‑line account is managed or based on a request by the affected person. Termination of personal data processing will impede access to the online account.
    • Personal data is processed for the purpose of sending commercial messages until such time as you unsubscribe or object to such processing, but for a maximum period of 5 years. The 5-year period commences on termination of the contractual relationship with the Provider or placement of the last order, depending on which occurs later. The Provider will request confirmation of continued interest in receiving commercial messages for the forthcoming period prior to the expiry of this 5-year period. The Provider also checks the currency of the e-mail database at regular intervals.
    • The liquidation of system backups in which personal data may be stored after the expiry of stipulated deadlines is set at maximally 31 days, after which the personal data therein will also be erased.
    • The Provider only performs further processing of personal data beyond the above deadlines if necessary to fulfil its obligations or to exercise rights arising from legal regulations that apply to the Provider.
  2. RIGHTS RELATED TO PERSONAL DATA PROCESSING
    • In connection to personal data processing, the customer or any third party whose personal data is affected has the right to request the Provider for:
  • Information about the personal data that the Provider processes, and the purpose and nature of processing personal data, including information about the potential recipients of personal data apart from the Provider.
  • Access to the data which the Provider has at its disposal. If this right is exercised, the Provider will confirm whether and what specific personal data is processed and potentially make this data available with information about its processing.
  • Correction of personal data if it is in any way inaccurate or incomplete. The Provider can only handle your order correctly, duly manage your online account and communicate with you if the data is up to date.
  • Explanation and elimination of deficiencies (e.g. blocking, correction, completion or liquidation of personal data), if you believe the Provider has processed personal data in breach of the protection of your privacy and private life or contrary to legal regulations.
  • Erasure of personal data (right to be forgotten) or restriction of processing, if these are necessary for the said purposes or if the Provider no longer has legal grounds on which to process personal data, including cases when you do not consent to further processing. Within the framework of fulfilling the said conditions, the Provider will entirely or partly erase your data, and justify why it was not erased completely, if applicable
  • Portability of automatically processed personal data obtained on the basis of your consent or in connection with the performance of the contract from the Provider to another entity, where the Provider will transfer your personal data in the commonly used format to you or another controller based on your instructions.
    • In the case of direct marketing in the form of sending commercial messages, the customer may object to personal data processing, based on which the controller will cease processing personal data for these purposes.
    • In connection to the application of rights when processing personal data, information about the required action may be recorded using a log, e.g. the change or erasure of personal data. The Provider stores this log based on its legitimate interest for a period of 5 years from taking the respective action, to prove that it was carried out based on your request.
    • In addition to the aforementioned rights, you always have the option to address a complaint to the Office for Personal Data Protection if you suspect a breach of obligations during personal data processing.
  1. SECURITY
    • The Provider handles personal data in full accord with valid legal regulations, including the General Data Protection Regulation (GDPR). When processing personal data, the Provider places considerable emphasis on the technical and organisational security of processed data.
    • All personal data in electronic form is stored in databases and systems, which can only be accessed by the persons who need to handle personal data directly for the purposes specified in these Rules, and only to the extent absolutely necessary. Access to this data is protected by adequate means. Personal data security is regularly tested and protection is continuously improved.
  2. CONTACTS
    • You may contact the Provider with any comments regarding personal data processing or to exercise your rights by e‑mail at gdpr@presto.cz.
  3. The person responsible for personal data protection is Ing. Petr Nedvěd, gdpr@presto.cz.
  4. EFFECTIVENESS
    • These Rules become valid and effective on 25 May 2018.

 

PRESTO – PŘEKLADATELSKÉ CENTRUM s.r.o.