The aim of these Personal Data Processing Policy for Daktela customers according to the GDPR issued by Daktela s.r.o. with registered office at Vinohradská 2828/151, Prague 3, 130 00 ("Policy" and "Company") is to provide information on what personal data the company (as administrator) processes natural persons during the provision of services, sales of goods, and contacts with potential customers, for what purposes and for how long Daktela processes this personal data in accordance with applicable legal regulations, to whom and for what reason it can pass it on, as well as inform about the rights of natural persons in connection with the processing of their personal data.
These Principles relate to the processing of personal data of Daktela customers and, as appropriate, their representatives or contact persons, users of Daktela services, and those interested in services and goods. These Principles are effective from 25/05/2018 and are issued in accordance with Regulation (EU) 2016/679, on the protection of natural persons in connection with the processing of personal data ("regulation" or "GDPR") in order to ensure the information obligation of Daktela as administrator according to Article 13 GDPR.
Personal data is any information that relates to a natural person that the company is able to identify. In connection with the provision of services and the sale of goods, the company may process the following categories of personal data:
1. Basic personal identification data and address data
Such data are necessary for the conclusion and performance of the contract. These are in particular:
In the case of contracts for the one-time sale of goods, the scope is limited to basic identification data.
2. Contact information
Data from communication between Daktela and the customer
These data are generated during communication related to the provision of services and goods between Daktela and the customer. These include written and electronic communications with the customer and records of telephone calls, chat, and video chat communications between the customer and Daktela.
The scope of the processed data depends on the purpose of the processing. For some purposes, it is possible to process data directly on the basis of a contract, Daktela's legitimate interest, or law (without consent). Daktela does not collect personal data for direct marketing purposes.
Processing due to the fulfilment of the contract, legal obligations, and legitimate interests of Daktela
The provision of personal data necessary for the performance of the contract, the fulfilment of Daktela's legal obligations, and the protection of Daktela's legitimate interests is mandatory. Without providing personal data for these purposes, it would not be possible to provide services. We do not need consent to process personal data for these purposes. Processing for the purpose of fulfilling the contract and legal obligations cannot be refused.
Examples of sub-purposes include:
Personal data is processed for the necessary duration of these activities or as stipulated by law. Data is then deleted or anonymised.
For Daktela service customers, Daktela is authorized to process their basic personal, identification, contact data, service data, and data from their communication with Daktela for a period of 4 years from the date of termination of the last contract with Daktela.
In case of the purchase of goods from Daktela, the company is entitled to process the basic personal, identification, and contact data of the customer, data about the goods, and data from communication between the customer and Daktela for a period of 4 years from the date of expiry of the warranty period for the goods.
In the event of a negotiation between Daktela and a potential customer regarding the conclusion of a contract, which was not concluded, Daktela is entitled to process the provided personal data for a period of 3 months from the relevant negotiation.
In accordance with § 35 of Act No. 235/2004 Coll., on value added tax, invoices issued by Daktela are archived for a period of 10 years from their issuance. Due to the need to document a legal reason for issuing invoices, customer contracts are also archived for a period of 10 years from the date of termination of the contract.
According to § 90, paragraphs 3 and 4 of Act No. 127/2005 Coll., on electronic communications, Daktela is obliged to store operational data until the end of the period during which the billing or the provision of the electronic communications service can be legally challenged by a complaint.
Daktela uses the professional and specialized services of other entities in fulfilling its contractual obligations and legal responsibilities. If these suppliers process personal data transferred from Daktela, they have the status of personal data processors. These include:
Daktela processes personal data manually and automatically. It keeps records of all activities, both manual and automated, where personal data is processed.
Subcontractors - the customer grants permission for the involvement of a subcontractor as an additional processor, which includes hosting providers and companies in which Daktela holds a majority stake. This involvement is necessary for the performance provided under the contracts.
Under the GDPR regulation, from May 25, 2018, data subjects have the following rights if they are identifiable natural persons for Daktela and can prove their identity:
1. Right of access to personal data
According to Article 15 of the GDPR, data subjects have the right to:
2. Right to correct inaccurate data
According to Article 16 of the GDPR, data subjects have the right to correct inaccurate personal data.
3. Right to erasure
According to Article 17 of the GDPR, data subjects have the right to delete personal data if Daktela does not demonstrate legitimate reasons for processing the data.
4. Right to restriction of processing
According to Article 18 of the GDPR, data subjects have the right to limit processing until the resolution of a complaint.
5. Right to be notified of correction, erasure, or restriction
According to Article 19 of the GDPR, data subjects have the right to be notified by Daktela of any corrections, erasures, or restrictions of processing.
6. Right to data portability
According to Article 20 of the GDPR, data subjects have the right to the portability of their data in a structured, commonly used, and machine-readable format.
7. Right to object
According to Article 21 of the GDPR, data subjects have the right to object to the processing of their personal data due to Daktela's legitimate interest.
8. Right to contact the Office for Personal Data Protection
The data subject has the right to contact the Office for the Protection of Personal Data (www.uoou.cz).
From May 25, 2018, the contact for Daktela's data protection officer is available: Daktela s.r.o., Vinohradská 2828/151, 130 00 Prague, or dpo@daktela.com.
