Privacy Policy

Personal data processing and protection policy

The purpose of this Personal Data Processing and Protection Policy (hereinafter referred to as the “Policy”) is to provide information on what personal data about individuals is processed in the provision of services and sale of goods by our company, for what purposes and for how long our company processes such personal data in accordance with applicable law, to whom and for what reason it may be transferred, as well as to inform about what rights individuals have in connection with the processing of their personal data. The Policy is effective from 25 May 2018 and is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

Personal data controller, contact details for GDPR

The personal data controller is RUBIKON spol. s r.o., ID No. 47118679, with its registered office at Karlovo náměstí 285/19, Nové Město (Prague 2), 120 00 Prague, registered in the Commercial Register maintained by the Municipal Court in Prague, File No. C 12636/MSPH (hereinafter referred to as the “Controller”). Any questions regarding the processing of personal data can be sent to the address of the Controller’s registered office, at the email address info@villarichter.cz.

Data collected

The Company processes personal data to the following extent (by type of data subject):

  • name and surname
  • address of residence or place of business
  • contact e-mail address
  • contact telephone number
  • in the case of business entities, registration number, VAT number
  • information about the job
  • records of behaviour on websites managed by the Controller obtained from cookies if cookies are enabled in the web browser.

Purpose of processing

Processing for the performance of a contract, the fulfilment of legal obligations and for the legitimate interests of the Controller is mandatory. Without the provision of personal data for these purposes, it would not be possible to provide the services. The Controller does not need the consent of the data subject to process personal data for these purposes. Personal data for these activities are processed to the extent necessary for the fulfilment of these activities and for the period necessary to achieve them or for the period directly provided for by law.

Processing of customer data with consent

With the consent of the data subject, the Controller processes personal data for marketing and business purposes for the purpose of possibly creating a suitable offer of the Controller’s products and services and in connection with addressing the customer. The provision of consent for marketing and commercial purposes is voluntary and may be withdrawn by the data subject at any time. All categories of data collected may be processed for marketing and commercial purposes on the basis of consent. If the data subject withdraws his/her consent, this does not affect the processing of his/her personal data by the Controller for other purposes and under other legal titles, in accordance with this Policy.

Processing of cookies from websites operated by the Controller

If the data subject has cookies enabled in his/her web browser, the Controller processes behavioural records about him/her from cookies placed on websites operated by the Controller, for the purpose of ensuring better operation of the Controller’s websites and for the purpose of the Controller’s Internet advertising. If consent is given to the processing of personal data for marketing and commercial purposes, this data is processed together with other personal data for this purpose.

Method and duration of processing of personal data

The processing of personal data is carried out by the Controller. The processing is carried out at its premises and headquarters by individual authorised employees of the Controller or by the processor. The processing is carried out by means of computer technology or, where applicable, manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing and other misuse of personal data. All entities to which personal data may be disclosed shall respect the right of privacy of data subjects and shall comply with applicable data protection legislation. The processing of personal data by the Controller does not involve automated decision-making within the meaning of Article 22 of the GDPR.

The processing of personal data takes place for the period of time necessary for the purposes for which the data are processed, in accordance with the time limits specified in the relevant contracts, in the internal regulations of the Controller or in the relevant legislation.

Personal data processors

In addition to the company and its employees, personal data is processed by processors for the purposes described above, on the basis of personal data processing contracts concluded in accordance with the Regulation and the law. These include, in particular, IT system administrators, auditors, lawyers, experts, freight forwarders and internet advertising providers.

Personal data is not transferred to third countries outside the EU in the context of this processing.

Rights of the data subject

Data subjects have the following rights to guarantee the protection of their personal data:

1. Right of access to personal data
Pursuant to Article 15 of the GDPR, the data subject has the right of access to personal data, which includes the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her are being processed and, if so, the right to obtain access to such personal data. The data subject also has the right to request a copy of the personal data processed, provided that the rights and freedoms of others are not adversely affected. In the event of a repeated request, the Controller is entitled to charge a reasonable fee for a copy of the personal data.

2. Right to rectification
Pursuant to Article 16 of the GDPR, the data subject has the right to rectification of inaccurate or incomplete personal data processed about him or her by the Data Controller. The data subject is obliged to notify changes to his or her personal data and to provide evidence that such a change has occurred. At the same time, he/she is obliged to provide the Controller with assistance if it is found that the personal data processed about him/her is not accurate.

3. Right to erasure (to be forgotten)
Pursuant to Article 17 of the GDPR, the data subject has the right to erasure of personal data concerning him or her, unless the Controller demonstrates legitimate grounds for processing such personal data.

4. Right to restriction of processing
Pursuant to Article 18 of the GDPR, the data subject has the right, pending the resolution of the complaint, to restriction of processing if he or she contests the accuracy of the personal data, the grounds for processing or objects to processing.

5. Right to data portability
Pursuant to Article 20 of the GDPR, the data subject has the right to the portability of the data concerning him or her which he or she has provided to the Controller in a structured, commonly used and machine-readable format, and the right to request the Controller to transfer such data to another controller.

6. The right to object
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of his or her personal data on the grounds of legitimate interest of the Controller. If the Controller does not demonstrate that there are compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, the Controller shall process on the basis of the objection, the processing shall be terminated without delay.

7. Right to withdraw consent to the processing of personal data
Consent to the processing of personal data for marketing and commercial purposes may be withdrawn at any time. The revocation must be made in an explicit, comprehensible and specific expression of will. The processing of data from cookies can be prevented by adjusting the settings of your web browser.

8. Right to be informed of a personal data breach
Pursuant to Article 34 of the GDPR, the data subject has the right to be informed by the Controller without undue delay of a personal data breach adopted by the Controller if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.

9. The right to apply to the Data Protection Authority
The data subject has the right to contact the Data Protection Authority (www.uoou.cz) if he or she becomes aware or believes that the controller or processor is processing his or her personal data in breach of the data subject’s privacy and personal data protection obligations or in breach of applicable law.

Prague, 25 May 2018