1. Who is the personal data Controller?
- Online taxes s.r.o., ID: 06326609, with registered seat at Prague, Košíře, Zahradníčkova 1220/20a, Postal Code 150 00, registered in the Commercial register maintained by the Municipal Court in Prague, file no. C 280309 as the provider of the Czech Taxes online application available at https://www.czechtaxesonline.cz (hereinafter referred as the „Provider”). Should you have any questions, please contact us at firstname.lastname@example.org.
2. Which personal data is being processed?
- The Provider processes the Users ´s personal data entered in the Application, in particular in the following extent:
- User´s Identification data and contact details (e.g. name, surname, date of birth, address of residence, correspondence address, phone number, e-mail address, place of birth, birth number).
- Descriptive data (e.g. financial data – personal and labour financial data, bank account numbers, accounting documents, etc.).
- Data of third persons related to the User (identification and descriptive data of the User´s husband/wife/kids).
3. Why does the Provider process the personal data and what is the relevant legal basis for that?
- The Provider processes User´s personal data in particular for the following reasons (purposes):
- Conclusion/performance of the contract, pursuant to the article 6/1 b of the GDPR. User is not legally obliged to provide these personal data, but without them, any contract could not be concluded and/or performed.
- Registration and organizational purposes, pursuant to the article 6/1 f of the GDPR. Provider processes User ´s personal data in its legitimate interest (e.g. maintenance of the Users ´ database, access details or claims records). User may submit an objection to such personal data processing.
- Invoicing and accounting management, pursuant to the article 6/1 c of the GDPR. Processing is based on the Provider´s legal obligation. The processing shall not be refused by the User.
- Direct marketing, pursuant to the article 6/1 f of the GDPR. User shall be entitled to refuse commercial communication. In such case, the User shall contact the Provider at email@example.com.
- No User´s consent is needed in case of processing pursuant to the article without the User´s consent.
- The Provider shall be entitled to process other personal data, for any other purpose, pursuant to the article 6/1 a of the GDPR – i.e. upon the User ´s consent. The User shall be informed via the Website on such processing as well as on the scope of the personal data at the moment the consent is granted (i.e. what personal data are processed and for what purpose). This information shall be applied mutatis mutandis.
4. How are the User´s personal data processed and whom the Provider may provide them to?
- Processing of personal data shall be carried out manually as well as by automated means, in particular within the Application. Personal data are processed by:
- The Provider´s employees.
- The external processor, whom the Provider cooperate with, on the basis of the contract on the personal data processing. With regard to the changes concerning the individual processors / number of processors, the User shall be informed about them upon the User´s request.
- The personal data shall be further provided to the competent public authorities which are entitled to request them in accordance with the relevant law (i.e. Police of the Czech Republic, inspection authorities etc.).
- Personal data shall not be transfer to any third country and/or international organisation (i.e. outside of the EU).
5. How long shall be the personal data stored?
- The Provider shall store the User´s personal data entered by the User into the Application for the period of the existence of the User´s Account, but no longer than 24 months from the last use of the Application. The personal data shall be automatically deleted when such period is over. In other cases, the personal data shall be stored for the period stipulated by relevant legal regulations or for the period of prescription stipulated by the relevant laws for exercise or protection Providers´ rights. Detailed information shall be provided upon the User´s request.
- IIn case of a consent granted on personal data processing, the Provider shall process/store the personal data for the period mentioned in such consent. The User is aware that the consent shall be granted voluntarily and may be withdrawn at any time via the contact details mentioned above.
6. What are the User´s rights?
- The User shall have the following rights:
- Access to the processed personal data, correcting inaccurate or incorrect data or adding to incomplete data.
- Revocation of consent to personal data processing.
- Deletion of personal data if the processing is no longer warranted or unauthorized.
- Restriction or blocking of personal data processing; submitting an objection to the processing of personal data if User believes that processing is unwarranted.
- Information on third persons, whom the personal data have been provided to.
- Listing your personal data in a structured, machine-readable format to be utilized by yourself or another data controller
- Communication a personal data breach to the User without undue delay, if a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, unless appropriate technical and organisational protection measures have been implemented ensuring that no risk for the personal data is expected.
- In case the User considers the Provider is processing personal data in non-compliance with the personal data protection legislation, the User may file a complaint with the Office for Personal Data Protection at any time.
- Cookies are small text files which the Website creates and stores on the User´s device. As a result, the device can be identified whenever the User returns to the server. Usually, cookies record the User´s preferences (such as language choice) or current status (whether the User is logged in, chosen preferences, etc.).
- for the proper function of the Website (technical cookies). The technical cookies are stored in Provider´s legitimate interest and no User´s consent in this case is required.
- to monitor the Website traffic and generate statistics on the User´s behaviour on the Website; cookies are not analysed individually, but as a whole and in the anonymized form (there is no personal data processing), or in a pseudonymized form, which is a kind of personal data processing not allowing the identification of the User without significant and professional efforts. These cookies are stored in Provider´s legitimate interest and no User´s consent in this case is required.
- The Provider uses the following cookies:
Name/Issuer of the used cookie Type of cookies Expiration period Visible for third parties? AdWords monitoring, remarketing 90 days Yes DoubleClick monitoring, remarketing persistent Yes monitoring persistent Yes Google Analytics (_ga, _gid, _gat) monitoring 2 years, 24 hour, 1 minute Yes PHPSESSID technical (current session identificatory) session No
- Cookies shall be visible for the following recipients:
- Google Ireland Limited, ID: 368047, with the registered seat at Gordon House, Barrow Street, Dublin 4, Ireland.
- Vanio Solutions s.r.o., ID: 01591762, with the registered seat at Na Šafránce 1758/5, Vinohrady, 101 00 Prague 10.
- Facebook Ireland Limited, with the registered seat at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland.
- Seznam.cz, a.s., ID: 261 68 685; with the registered seat at Praha 5 - Smíchov, Radlická 3294/10, PSČ 150 00.
- Smartsupp.com, s.r.o., ID: 036 68 681, with the registered seat at Lidická 2030/20, Černá Pole, 602 00 Brno.
- The above-mentioned recipients process User´s personal data only for the purposes and according to the Provider's instructions to comply with the relevant confidentiality and personal data protection measures.
- Cookies shall be transferred outside the European Union countries subject to appropriate safeguards – Google is part of the Privacy Shield.
1 Regulation (EU) 2016/679 ofthe European Parliament and of the Council of 27 April 2016 on theprotection of natural persons with regard to the processing ofpersonal data (General Data Protection Regulation)