Privacy Policy

Pursuant to Art. 12-14 of Regulation No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter only as the “GDPR”)

The Company Adbros s.r.o., ID No.: 27677338, with its registered office at Srbská 2741/53, Královo Pole, 612 00 Brno, registered in the Commercial Register kept at the Regional Court in Brno, file reference C 51283 (hereinafter only as “Adbros”), hereby informs you as a customer, supplier or visitor to its website about how it will process your personal data.

1. Adbros as a data controller

In relation to the processing of personal data, Adbros is the controller of your personal data in accordance with the GDPR and Act No. 110/2019 Coll., on the Processing of Personal Data. The data controller determines the means and purposes of the processing of personal data and therefore decides how the processing of personal data is carried out and bears full liability for the processing of personal data that it carries out.

Personal data means any information about an identified or identifiable natural person (data subject); for example, the name, surname, one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special category personal data means any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person.

The data subject means primarily visitors to the www.adbros.cz website or any other persons who provide Adbros with their personal data.

Processing of personal data means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by means of automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other disclosure, alignment or combination, restriction, deletion, or destruction.

2. We comply with the basic principles of processing personal data pursuant to the GDPR

Whenever we process personal data, we always respect the basic principles, i.e.:

A. The principle of legality, fairness, and transparency

  • We do not process personal data for no reason, we always have a reason (legal title) for processing.
  • We do not hide our processing methods, as we believe that data subjects have a right to know what is happening to their personal data.
  • Our practices are fair; we do what we would like other data controllers to do with our personal data.

B. The principle of purpose limitation

  • We do not combine the purposes of the processing, unless the data subject expressly requests it.

C. The principle of data minimisation

  • We do not process more data than we absolutely need.
  • In the course of processing, we check whether there personal data missing or to spare.

D. The principle of accuracy

  • If we wish to provide high-quality services, inaccurate data is not enough.
  • We always try to make sure that all data corresponds to reality

E. The principle of storage limitation

  • We do not keep personal data forever, but only for as long as necessary.
  • If we no longer need the personal data, we delete it.

F. The principle of integrity and confidentiality

  • We secure the processing in terms of the organisation (we carefully maintain the physical documentation and secure our premises) and technology (we ensure adequate IT security of the computers and network).

3. What personal data do we process?

Our practice implies that we process in particular the following personal data:

  • Identification data (name and surname or business name, ID number, or VAT number);
  • Contact details (e-mail address, postal address, or telephone number);
  • Payment or bank details;
  • Any other data relating to the performance of the contract or other obligations.

4. For what purpose do we process your data and what is the legal basis for this?

We may process your personal data for the purpose of concluding a contract and its subsequent performance. In any such case, the processing of the personal data of the data subject (customer or supplier) is necessary for the performance of a contract to which the data subject is a party or for implementing the measures adopted prior to the conclusion of the contract at the request of the data subject. This constitutes the legal basis for processing under Article 6(1)(b) GDPR.

When entering into a contract, the provision of personal data may be a contractual and legal requirement (with respect to tax and accounting legal regulations). The provision of personal data in association with the conclusion of a contractual obligation therefore represents a necessary requirement for the establishment of a specific legal relationship and the performance of the rights and obligations arising from it. Without the provision of personal data for these purposes, the contractual obligation cannot be concluded.

Compliance with a legal obligation to which Adbros is subject may represent another purpose of processing. These may typically include obligations under Act No. 89/2012 Coll., the Civil Code, as amended, Act No. 563/1991 Coll., on Accounting, as amended, and Act No. 280/2009 Coll., the Tax Code, as amended. The compliance with a legal obligation constitutes the legal basis for the processing of personal data pursuant to Article 6(1)(c) GDPR.

In some cases, we may also process personal data in the context of our legitimate interest. However, this interest shall never take precedence over the interests and fundamental rights of the data subject requiring the protection of personal data. Legitimate interest represents a legal basis for us under Article 6(1)(f) GDPR, in particular in situations where we protect our property, our economic interests, and our reputation, if we need to initiate and conduct legal or arbitration proceedings, or when we ensure the security of the www.adbros.cz website.

Also, if you contact us via the contact form on the www.adbros.cz website, your personal data (name, surname, e-mail address, or any other personal data provided in the message) will be used primarily for further communication and processing of your request.

5. How do we carry out personal data processing operations?

We process personal data both manually and automatically. We do not carry out profiling or automated decision-making.

6. Who will have access to your data and for how long will we process it?

Your personal data is processed primarily by Adbros employees. We do our best to protect your personal data from misuse or unauthorised use.

We may share your personal data with public authorities in the event of compliance with a legal obligation. We may share your personal data with a legal representative if we seek to protect our legal interests.

We store personal data in accordance with the time limits set out in the applicable legal regulations, or for the period of time necessary in relation to the purpose for which the personal data is processed. Generally, it means for 3 years.

We store the personal data which we obtain from the contact form for the period of one month. We may keep it for longer if there is another legal basis for processing (e.g. conclusion of a contract).

7. When will you find out more about how we process personal data?

The function of the Data Protection Officer for Adbros is performed by the company LAWYA, s.r.o., ID No.: 02322021, with its registered office at Králova 298/4, 616 00 Brno, through Mgr. Ivana Šilhánková, poverenec@lawya.cz, +420 770 606 082, who may be addressed with enquiries.

8. What are your rights?

Please note that you may exercise the following rights:

A. Right to access your personal data

Upon your request, we will notify you whether we process your personal data or any other information you request from us. You may request the information on what data we process, how we process it, where it comes from, etc. This right is enshrined in Article 15 of the GDPR, where you can also find a complete list of information you can require in your access request.

B. Right to rectification of personal data

The personal data we process should always be accurate and factual. If you find that the personal data we process about you is incorrect, you can ask us to correct it (within our technical capacities). This right is based on Art. 16 GDPR.

C. Right to deletion (the so-called “right to be forgotten”)

You may also ask us to delete your personal data that we no longer need. However, we can only comply with the request if we no longer need to process the personal data. Thus, we cannot delete personal data, for example, if the statutory archiving period for certain documents has not yet expired, etc. However, we will of course explain this to you in response to your request. In the GDPR, you can find this right under Art. 17.

D. The right to limit the processing of your personal data

Upon your request, we will limit the processing of personal data about which there is an issue or dispute, e.g. whether the personal data is accurate, whether the processing is unlawful, etc. This right is enshrined in Art. 18 of the GDPR.

E. The right to object to the processing of your personal data at any time

You may raise an objection if you do not agree with the processing of your personal data in respect of our legitimate interest. Our task will then be to demonstrate the legitimate interest. If we fail to do so, we will discontinue processing personal data.

F. Right to data portability

If we process your personal data in electronic form, you may ask us to transfer it to another controller. If possible in a particular case, we will transfer your personal data upon your request.

If you decide to exercise any of the above rights, please contact our Data Protection Officer by email at poverenec@lawya.cz or by phone at +420 770 606 082. We may only provide information about the processing of personal data to the person to whom the personal data relates; we can therefore first check whether the person to whom the personal data we process relates is requesting the exercise of the rights. We will process the data subject’s request free of charge within thirty days. In the case of a complex request, we can extend the time limit by 60 days. If the requests are repeated or excessive, a fee may be required. However, we always inform the data subject of this in advance.

9. Are we going to change the Policy?

We may change this Policy if our purposes or means of processing personal data change. The current version of the Policy will always be available on the www.adbros.cz website.

icon-heart10