Data Privacy Notice
This information on personal data processing is provided under Act No. 110/2019 Coll., on personal data processing (hereinafter “PDPA”) and Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).
We value your cooperation and the trust you express by giving us your personal data. Consequently, we pay maximum attention to ensure your data are processed safely. We do not process more data than absolutely necessary and we store them only for a necessary period. The following text informs you about the rules that govern us, purposes for which we process personal data, how we treat personal data and who has access to your personal data.
Who is the controller of your personal data?
SparkTECH s.r.o., ID: 24841455, Prague 5 - Hlubočepy, U šípků 690/6, post code 15400, kept with the Municipal Court in Prague under file ref C 179353 (hereinafter “Controller”) is your data controller.
The Controller is also the owner and operator of “sparktech.cz” and “www.eluvia.com” domains (hereinafter “Website”).
Where can you find us and how to contact us?
The main establishment is located at Pláničkova 445/13, 162 00 Prague 6
We are also the operator of eluvia.com domain, where you can find current contact data. Updated version of this Data Privacy Notice is also available on our Website.
You may also contact us over the phone at +420 777646771, or by email to firstname.lastname@example.org
Important terms under GDPR
Controller - in this case SparkTECH s.r.o., is an entity which defines and is responsible for the purpose and means of personal data processing. The Controller may authorize or appoint a processor to process personal data, unless a special law stipulates otherwise.
Processor - a natural or legal entity, public authority, agency or other entity which process personal data for the controller
a) in the case of a Controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the Controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment
b) in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation.
Personal data - any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyte or predict aspects concerning that natural person´s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Filing system - means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
Information society service - means a service within the meaning of Article 1 (1)b) of Directive (EU) 2015/1535 (19).
Supervisory authority - means an independent public authority which is established by a Member State
Principles related to processing:
- Personal data are processed lawfully, fairly and in a transparent manner for specific explicit purposes.
- Personal data processing shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Measure have been taken to ensure personal data are accurate and if needed up-to-date.
- Personal data are processes strictly for necessary period in relation to a specific purpose of processing.
- Personal data processing is secured in adequate manner corresponding to the purpose of processing, to ensure level of security appropriate to all risks including implementation of sufficient organizational and technical measures to maintain integrity and confidentiality.
- Information on the processing of your data is easy to understand
How do we process your personal data?
The company process personal data manually as well as using automated means.
You are not subject to automated evaluation or profiling.
Personal data can be made available to authorized employees of the Controller, if necessary for performing a contract and solely when absolutely necessary for fulfilling their work and contractual obligations, always to a necessary and limited extent.
Personal data may be disclosed to processors who concluded a personal data processing agreement with the Controller and also to other persons in accordance with the law and EU regulations.
The processing of personal data shall be ensured in an adequate manner commensurate with the purpose of the processing, so as to ensure a level of security commensurate with all risks, including the introduction of sufficient organizational and technical measures, so as to maintain integrity and confidentiality.
What personal data are processed?
As the Controller, we process data you provide to us. These are data provided by filling out a form on the website, sent by e-mail, telephone or by concluding a contract.
These are, in particular, name, surname, address, e-mail, telephone, contact and invoicing data, or other data from communication. Furthermore, payment details (account number, date and amount of payment made, payment identifiers and more…).
What are „cookies“
The Controller uses “cookies” on its website, which are stored on the visitor´s computer and automatically recognize him the next time. For example, cookies allow us to tailor the website to the data subject´s needs or to store their username so they do not have to enter it again each time. If the data subject does not want to allow the website to recognize their computer, it is necessary to adjust the settings of the Internet browser so that cookies are deleted from the computer´s hard disk, blocked or a warning is displayed before cookies are saved.
What are the purposes of processing? How long are data processed?
We process personal data mainly for the purpose of concluding a contract and fulfilling contractual obligations and to communicate with you. For this purpose, we process the following common personal data: name, surname, title, ID number, address, e-mail, telephone, services provided or subscribed, contractual documents. We process these personal data for the duration of the contractual relationship, and for a maximum of two years after its termination.
Upon termination of the contractual relationship, certain data may be retained for the purpose of fulfilling legal obligations or for the purposes of a legitimate interest.
As part of the fulfillment of contractual obligations, we may also process your CVs and personal data, which you voluntarily send us as a part of a current selection procedure. We then process such personal data no later than two months after the end of the selection procedure. If we wish to process your CV for the purpose of future selection procedures, we will ask for your consent to the processing of personal data. In this case, we will process your personal data for a maximum of two years from the date you granted your consent.
We also process your personal data to fulfill legal obligations. In particular, bookkeeping, tax compliance and other legislation. For this purpose, we process the following data in particular: name, surname, title, ID number, address, account number, date and amount of payment made, services used and provided. We process these personal data for the period specified in legislation, however, no more than two years after the expiry of such an obligation.
We may also process personal data for the purpose of protecting our legitimate interests. A legitimate interest can cover a wide range of situations. Therefore, we inform you of the legitimate interests for which we process personal data. A legitimate interest is the protection and substantiation of our rights and legal claims, especially from concluded contracts or damage caused. For these purposes, we process personal data for a maximum of five years after the termination of the contractual relationship or our last contact, if a contract was not concluded. This period is set with regard to the limitation periods for claims, taking into account the fact that we may not know about a possible claim asserted in court immediately when it is asserted by the other party. Data from contracts and our mutual communication are stored for the aforementioned purpose.
Direct marketing and offering of services are also legitimate interests. To send commercial messages, we will process the following personal data of our clients: name, surname, e-mail. Sending of commercial messages is governed by Act No. 480/2004 Coll., and you can unsubscribe from these messages at any time simply by clicking the link provided in the email.
Processing based on consent to the processing of personal data. If you enter your e-mail on our website to receive free information, tips and news, by sending the completed form you agree to receive such information, tips and news.
You can withdraw your consent at any time. However, if we also process some of your personal data on the basis of another legal title, we will process personal data for these purposes even after you withdraw your consent, as it is not required for these purposes.
Who else processes your personal data?
To keep your data safe, we have concluded contracts with processors which bind them to fulfill data protection regulations
The current list of processors will be given you upon request. As of the date of this Data Privacy Notice, we engage the following processors:
- Wedos a. s. ID: 28115708 hosting provider, provider information society service
- Google Ireland Limited, RN: 368047, provider of information society service
- Amazon Web Services, Inc., provider of information society service
- Mailgun Technologies, Inc., information society service
- Accounting company, bookkeeping and payroll managemen
Personal data may also be disclosed to the relevant administrative authorities if required by law (especially in the case of an inspection, when the authority is entitled to request the submission of personal data, or to law enforcement agencies and others).
What are your rights and obligations connected with personal data processing?
The subject is obliged to provide the Controller with true and accurate personal data and inform about their changes.
The subject has the right to request the Controller to verify the provided data.
The subject has the right to obtain from the Controller access to his/her personal data.
The subject has the right to rectification of the provided personal data.
The subject has the right to obtain erasure of the provided personal data.
The subject has the right to restriction of personal data processing.
The subject has the right to data portability.
The subject has the right to object.
If personal data processing requires consent of the data subject, he/she may withdraw such consent at any time, according to the rules laid down below.
Data subjects can exercise their rights:
- In person in the main establishment of the company during working hours: 10:00 – 17:00 upon their identification
- By a data box: qnt2kny
- By e-mail to: email@example.com, sent from the email which was used for granting consent or entered during registration which is under applicant´s control. Further identification of the applicant may be required.
- By post mail (certified signature is required).
Data subject (user) may file a complaint with a supervisory authority if he/she believes that personal data processing by the association violates personal data protection regulations. You may file a complaint with a supervisory authority – Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
Obligations of Controller
The Controller has the right to verify veracity and accuracy of the personal data provided.
The Controller is obliged to provide the data subject with information on the scope and manner of the provided personal data, if the data subject so requests. The administrator shall do so immediately within 30 working days at the latest.
The Controller has the right to charge for provision of personal data in case of repeated and unfounded requests.
The Controller shall provide the information in electronic form, unless the data subject requests otherwise.
If you have further questions about the processing of your personal data, you can contact us at firstname.lastname@example.org. By sending a message to this e-mail or by sending a written request to our address given in this document, you can also directly exercise your rights.
The Controller may amend or supplement the Data Privacy Notice.
All information contained in this document is for informational purposes only and may not always be complete or accurate.
The current version of this document is always available on www.eluvia.com.
This information on the processing of personal data is part of the general terms and conditions.
This document enters into effect when published, i.e. on 19 October 2020