Conditions for processing of personal data
ADVICE ON PERSONAL DATA PROCESSING
Česká mincovna a.s.
Address: U Přehrady 3204/61, 466 23 Jablonec nad Nisou,
Tel: +420 800 225 228
The data controller pursuant to Art. 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data is Česká mincovna a.s., with the registered office at U Přehrady 3204/61, 466 23 Jablonec nad Nisou, Company identification No.: 28737016.
SCOPE OF PROCESSED DATA
Personal data are all the information concerning an identified or identifiable natural person. An identifiable natural person is a natural person who may be identified directly or indirectly, including but not limited to a reference to a certain indicator, such as a name, identification number, location information, network identificator or to one or more special attributes of the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
Česká mincovna a.s. processes personal data provided by the Client upon the start of the business relationship, i.e. upon the goods purchase order or reservation by the Client or the use of provided services (Golden Account, Golden Savings, Golden Safe) as well as upon customer account registration. Furthermore, the company processes personal data provided by the Client for the purpose of participation in company events or marketing communication.
The processed data may include:
- General personal data: name and surname, email address, phone number, billing and delivery address, academic degree, date of birth, bank account number, iBod card number, information on executed business transactions (reservations, purchase orders, issue slips, invoices, goods purchase, services used (Golden Account, Golden Savings, Golden Safe) and contact history (emails and SMS sent). Moreover, in the event of electronic access to the company website, the following data are processed: IP address and cookies).
- Sensitive personal data: none
PURPOSE OF DATA PROCESSING
Personal data of Clients are processed for the purposes listed below:
1) Client registration in the information systems of the Czech Mint and sending information messages
Client registration is important, in particular to enable a future business relationship and follow-up information given to the Client about any business transactions in progress (Reservations, Purchase Orders, Invoices, etc.). The scope of the data provided by the Client corresponds to the needs of the future business relationship. The Client states their name and surname, billing address, email and other optional data.
For this processing purpose, the Client gives their consent, which may be withdrawn anytime in the same way it was obtained, i.e. in the event of the customer account registration by the Client on the www.ceskamincovna.cz website – after logging in to their customer account, in the event of registration in a shop, the Client may withdraw their consent in any of the Czech Mint shops.
2) Marketing communication
Marketing communication is sent in order to inform the Client about any current marketing activities and offers of the Czech Mint. The scope of the provided data is restricted to an email or postal address, name and surname.
For this purpose, a legitimate interest of the data controller to provide direct marketing is applied (in particular to marketing communication), if a business relationship has already been established with the Client. In cases where the business relationship has not been established yet, the Client must give their consent to this purpose of processing. In both the cases above, the consent may be withdrawn anytime, in the footer of each email communication or using the contact information stated above.
3) Data processing for a legitimate interest
Client’s personal data processing for a legitimate interest takes place mostly in order to protect the rights of the Czech Mint. In this respect, personal data of a Client who shows an interest in visiting an area that requires a higher level of security (e.g. the company production department) are recorded.
4) Data processing for contract performance
For the purpose of contract performance, the Czech Mint processes the personal data of a Client in relation to any contracts in force and effect concluded pursuant to Art. 6(1)(b) of Regulation (EU) 2016/679.
5) Statutory reasons for data processing
The Czech Mint complies with all the applicable laws and regulations of the Czech Republic and EU and processes the Client’s personal data as required by these laws and regulations, such as:
- Client’s personal data related to any accounting documents need to be retained for a statutory period.
o Act No. 235/2004 Coll., on VAT
o Act No. 563/1991 Coll., on Accounting
o Act No. 280/2009 Coll., the Tax Code
PERSONAL DATA SOURCES
1) The data controller processes the personal data provided by you or personal data collected in relation to the performance of your purchase order.
2) The data controller processes your identification and contact information and any data necessary for the contract performance.
WITHDRAWAL OF CONSENT TO DATA PROCESSING
The Client always gives their consent to the personal data processing willingly and has the opportunity to withdraw it anytime, in full or in part. The Client has several options how to withdraw their consent:
• Through their customer account on the company website.
• By an email request sent to firstname.lastname@example.org.
• By a written request sent to the address of the company registered office.
• Using the unsubscribe link stated in the footer of each marketing communication.
After the Client's consent to data processing has been withdrawn, the Czech Mint is allowed to process their personal data solely where there is another purpose of the processing and solely in the scope adequate to the purpose.
The Czech Mint is the Clients' data controller and at the same time the main data processor. In order to ensure the necessary services to the Client (such as goods transport, email distribution, etc.), other companies providing such services to the Czech Mint are involved in the data processing. The Czech Mint has data processing agreements to guarantee the Client's data protection in place with all the processors.
List of partner companies:
- STAPRO – Information system support
- AutoCont CZ s.r.o. – Information system support
- G2 server CZ s.r.o – server hosting
- Microsoft Azure – server hosting
- Post servis – Communication distribution
- ClickDimension – Marketing communication distribution
- Česká pošta – Goods delivery
- Loomis – Goods delivery
- FEDEX – Goods delivery
- CMS – Video equipment
DATA DISCLOSURE TO OTHER PARTIES
The Czech Mint does not provide the Client’s personal data to any parties except for the ones listed above. Moreover, the personal data may be disclosed solely to parties authorized by the applicable laws and regulations, such as law enforcement authorities, etc.
DATA PROCESSING PERIODS
The period of the Client’s personal data processing is based on the purpose of data processing. The respective processing periods are specified below:
- Client’s records in the information system based on registration consent:
o The Client's consent is given for 3 years; after the end of this period, the Client’s data will no longer be processed.
o If the Client withdraws their consent in the course of the 3-year period, the Client’s data will no longer be processed.
- Marketing communication:
o The Client’s consent is given for 3 years; after the end of this period, the Client’s data will no longer be processed.
o If the Client withdraws their consent in the course of the 3-year period, the Client’s data will no longer be processed.
- Data processing for a legitimate interest
o The Client’s data will be processed solely for the duration of the legitimate interest.
• Data processing for contract performance
o The Client’s data will be processed solely for the period required in order to perform any contractual obligations.
- Statutory reasons for data processing
o The Client’s data will be processed solely for the duration of the statutory reason.
CLIENTS’ RIGHTS IN RELATION TO DATA PROCESSING
In the context of personal data processing, the Clients are granted new rights applied in Regulation (EU) 2016/679 (the General Data Protection Regulation). As far as these rights are concerned, the Czech Mint will always accommodate its Clients, therefore on www.ceskamincovna.cz you can find forms to use in order to exercise your rights. In accordance with the Regulation, the Client's request shall be dealt with within 30 days of submission.
1) Client’s right of access
Access to the personal data means the Client’s right based on their active request to obtain information (confirmation) from the Czech Mint about whether their personal data are processed or not, and if they are, the data subject is entitled to obtain these personal data and at the same time, the data subject is entitled to obtain the following information:
- Purposes of processing;
- Categories of the personal data in question;
- Recipients of categories of recipients the personal data have been or will be disclosed to;
- Scheduled period of the personal data retention;
- Any available information concerning the data source, if the data have not been collected from the Client;
- The fact that automated decision-making takes place, including profiling.
The provision is equivalent to the right of access laid down in Section 12 of Act No. 101/2000 Coll., on Personal Data Protection.
2) Client’s right to erasure or rectification
The right to erasure (right to be forgotten) in the general regulation represents the obligation of the Czech Mint to dispose of the personal data, if at least one of the conditions is met:
- Personal data are no longer needed for the purposes they have been collected or otherwise processed for;
- Client has withdrawn their consent and there is no other statutory reason for processing;
- Client objects to processing and there are no prevailing legitimate reasons for processing;
- Personal data have been processed unlawfully;
- Personal data must be erased in order for a legal obligation to be met;
- Personal data have been collected in relation to the offer of information society services pursuant to Article 8(1) of the Regulation.
Thus the right to erasure will be applied solely under the listed circumstances, i.e. if a given situation occurs. The majority of the listed situations are included in Act No. 101/2000 Coll., on Personal Data Protection, or they follow from its nature.
The right to personal data rectification means that the Client may request the Czech Mint to correct their data if they are inaccurate or incorrect and the Czech Mint is obliged to rectify the data
3) Right to restriction of data processing
The Client is entitled to the Czech Mint restricting their personal data processing in the following cases:
- The accuracy of the personal data is contested by the Client, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The Czech Mint no longer needs the personal data for the purposes of the processing, but they are required by the Client for the establishment, exercise or defence of legal claims.
- The Client has objected to processing pursuant to Article 21(1), pending the verification whether the legitimate grounds of the Czech Mint override those of the Client.
Where processing has been restricted as described above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A Client who has obtained restriction of processing pursuant to the above shall be informed by the Czech Mint before the restriction of processing is lifted.
4) Right to Client’s data portability
The right to data portability is a new right of the Client providing for the possibility to receive the personal data concerning the Client, which the Client has provided to the Czech Mint, and to transmit those data to another controller.
Joint conditions of the application of the right to data portability:
- The processing is based on the legal grounds of a consent or a contract;
- The processing is carried out by automated means.
The execution of the right to data portability shall not adversely affect the rights and freedoms of others.
5) Client’s right to object
The Client shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on the following legal grounds:
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the Czech Mint or by a third party.
The Czech Mint shall no longer process the personal data of the Client unless the Czech Mint demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Client or for the establishment, exercise or defence of legal claims. To a certain degree, this is equivalent to the right to explanation pursuant to Section 21 of Act No. 101/2000 Coll., on Personal Data Protection.
Furthermore, the Client has the right to file a complaint with the Office for Personal Data Protection, if the Client believes their right to personal data protection has been violated.
PERSONAL DATA SECURITY
The Czech Mint represents it has implemented any and all suitable technical, process and organization measures in order to secure the personal data and that solely authorized persons have access to the personal data.
You express your consent to these Conditions by ticking off the consent in the internet form, by sending a purchase order/reservation or by entering into a contract with the Czech Mint, both through the company website and the company agents or partners. By each of the above actions, you confirm you have been informed about the Conditions of Personal Data Processing and you accept them in full.
The data controller is entitled to amend the Conditions. The current version of the Conditions of Personal Data Processing is always available at www.ceskamincovna.cz.