GDPR

  1. The introductory page – Personal Data Protection
    • What is GDPR?
      • General Data Protection Regulation is a new legislation of the EU which increases the level of protection of personal data of natural persons, i.e. you as customers (hereinafter referred to as “GDPR” or “the Regulation”).
    • What rights does the GDPR give to you as customers?
      • One of the largest benefits of the Regulation is significant strengthening of rights of natural persons, or the so-called data subjects. These rights are particularly the right of access, to rectification, to erasure, the right to be forgotten, the right to restriction of processing, to data portability and last but not least the right to object.
    • What are the reasons for deleting your personal data?
      • Personal data are no longer needed for the purpose for which they were collected or processed.
      • The customer withdraws the consent if the processing is based on the consent and there is no other legal reason for the processing.
      • The customer legitimately objects against processing which is based on legitimate interests of the personal data controller such as processing for the purpose of direct marketing.
      • The personal data have been unlawfully processed.

 

  1. Terms
    • Data subject (hereinafter referred to as “the customer”):
    • Natural person (including self-employed persons) to which the personal data belong (e.g. a potential or a current customer or a customer from the past);
    • Personal data:
      • Any information concerning an identified or identifiable natural person; an identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    • Controller:
      • Česká vodíková technologická platforma, company ID: 75103630, with the registered office at Hlavní 130, 250 68 Husinec (hereinafter referred to as "the Association") as an entity that determines the purposes and means of the processing of personal data, performs the processing and is responsible for it. The Association may mandate or entrust a processor if a specific law does not specify otherwise;
    • Processor:
      • Every subject which processes personal data for the Association under the instructions of the Association and according to relevant legal regulations and the Regulation and it does so on the basis of a concluded data processing agreement;
    • The purpose for personal data processing:
      • The aim (a commercial activity or another legitimate purpose) for which the processing of personal data of a data subject is necessary or purposeful;
    • The categories for personal data processing:
      • The categories of personal data and the list of typical personal data of a data subject processed for a specific purpose;
    • Cookies:
      • Electronic data which WWW server sends to the search engine which subsequently stores them on user’s (customer’s) computer. During every following visit of the same server, the search engines sends the data back to the server. Cookies usually serve for differentiating individual users, user preferences are stored in them, etc.
    • Personal data processing:
      • Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

  1. The categories for personal data processing:
    • The Association and its contractual processors process the following categories of personal data based on the relevant legal basis and the purpose of processing:
    • Identification and contact details of natural persons acting on the basis of a legal relationship with a customer or a member of the Association in particular in connection with legal obligations;
    • Identification and contact information necessary for performing the contract and providing due diligence and services;
    • Data on the products and services provided (in particular, the product used, information on the use of the product, services, data on possible breach of contractual obligation);
    • Other information obtained from the customer or from the communication with the customer;
    • Electronic data concerning the visits of the Association’s website (IP address, cookies).

 

  1. The sources of personal data
    • The Association obtains personal data mainly from natural persons acting on the basis of a legal relationship with the customer or a member of the Association in the framework of negotiations on the conclusion of the contract, fulfillment of the statutes together, or. from third parties.
    • The Association also obtains personal data from communication with individuals acting on the basis of a legal relationship with a customer or member of the Association or from visits to its website.
    • The Association also obtains the personal data from public registers and evidences, from public authorities and on the basis of specific legislation.
    • The Association always informs the customers about when the provision of personal data is necessary for the provision of a specific service and when it is voluntary, but the provision of such personal data makes the communication between customers and the Association easier and makes the provision of services far more efficient.

 

  1. The legal basis for personal data processing
    • The Association processes customers’ personal data on the basis of the following legal reasons (titles):
      • the fulfilment of a contract;
      • the fulfilment of a legal obligation;
      • the legitimate interest of the Association;
      • customer’s valid consent to personal data processing.

 

  1. The purposes for personal data processing

 

  • The fulfilment of the contract
  • The Association processes personal data for purposes related to the fulfillment of contractual obligations, in particular for the purpose of valid conclusion, amendment and termination of the contract in accordance with the relevant legislation, related invoicing and evaluation of the level of provided services.
  • The scope of personal data processed for this purpose is defined by data on contract forms, and data obtained during the use of services or products provided by the Association, its members or other partners.
  • As a standard, these are in particular: name, surname, date of birth, permanent address, delivery or other contact address, business address, company identification number, bank account number, information on the scope and level of services used.
  • The processing time is defined by the duration of the contractual relationship.

 

  • The fulfilment of a legal obligation
    • The Association processes personal data in order to fulfil its legal obligations, e.g. in the area of taxes, bookkeeping or obligations arising from the sale and provision of selected products and services.
    • Besides processors, the Association also provides customers’ personal data to the personal data recipients among which also state authorities and other entities belong within the scope of the application of the rights laid down by law and the fulfilment of obligations laid down by law, particularly for the purpose of:
      • the provision of personal data on request to the authorities operating in criminal, infringement or administrative proceedings;
      • and for other purposes defined by law and to other authorities within the scope of the exercising of the rights laid down by law and the fulfilment of obligations laid down by law.
    • The extent of personal data processing and the period of their processing is laid down by generally binding legal regulations and relevant internal regulations of the Association.
  • Legitimate interest
    • Legitimate interest as a legal basis of personal data processing is applied when legitimate interests/rights of the controller are superior to the interests/rights of customers, taking into account adequate expectations of customers on the basis of their relationship with the controller. This concerns the cases where a consent to personal data processing is not necessary.
    • It mainly includes the following purposes:
      • The protection of fundamental and other important rights of the Association which result from generally binding legal regulations and contracts in various disputes, controls, investigations, proceedings and with regards to contractual partners and third persons and for the period of time which is laid down by generally binding legal regulations and relevant internal regulations of the Association.
      • Preventing fraudulent activities causing harm to the Association in the events of reasonable suspicion and for the period of time laid down by generally binding legal regulations and relevant internal regulations of the Association.
      • Claim recovery for the limitation period laid down by law, but for the period of 5 years at maximum.
    • Consent to personal data processing
      • In the event that the Association processes customer’s personal data for other purposes which cannot be classified as the purposes stated in Article 6.1, 6,2 and 6.3, it can do so only on the basis of a granted valid consent to personal data processing from the customer which is an expression of the customer’s free will and therefore it constitutes a specific title for the processing of personal data.
      • Not granting the consent or the restriction of its use does not affect the fulfilment of previously agreed obligations for the period of the contract duration or the possibility of concluding a new obligation from the side of the Association. The granted consent can be partially or wholly withdrawn at any time.
  1. Means of personal data processing
    • Customer’s personal data are processed by automated means as well as manually and they may be available to the employees of the Association if that is necessary for the fulfilment of their work duties and also to the processors the Association has concluded data processing agreements with and potentially to other persons in accordance with relevant legal regulations.

 

 

  1. Personal data recipients and processors
    • Besides the Association and its employees, personal data may also be processed by its contractual processors in order to secure the above-described purposes and this shall be done on the basis of data processing agreements concluded in accordance with relevant legal regulations.
    • Personal data processing may be performed for the Association only by processors and controllers which guarantee the organisational and technical security of these data with the definition of the purpose of processing while these processors cannot use the data for other purposes.
    • Customers’ personal data may be transmitted to third entities which are legally authorized to ask for the transmission of the concerned personal data.

 

  1. Cookies

 

  1. Customers’ rights related to personal data processing
    • Under the set conditions, the customer can exercise all the above-mentioned rights which are given to him/her by legal regulations which provide for the personal data protection:

 

        

        

The right

What does it mean?

How can you exercise this right?

What are the conditions for its exercising?

Right of access

Under certain conditions, the customer has the right to access his/her personal data (including the information about their processing) the Association has available.

The request for the provision of such data needs to be made personally or sent in a written form to the address of the Association or via e-mail. If possible, specify the type of data you are interested in so the reply matches your expectations.

The Association has to have a way of verifying your identity.

 

Your request cannot infringe the rights and the freedoms of others.

Right to rectification of incorrect or incomplete personal data

The customer has the right to object because of incorrect or incomplete personal data about you that the Association processes. If it turns out that the personal data are incorrect, the customer has the right for the incorrect data to be removed, rectified or completed.

We recommend you notify us about any changes related to your personal data immediately, particularly the changes of your name, address, etc.

 

You can send the notification in writing or via e-mail.

This right is related only to your own personal data.

 

Be as specific as possible when exercising this right.

Right to data portability

Under certain conditions, the customer has the right to receive the data which were provided from him/her to the Association and which are processed in an automated way and this shall be done in a commonly used and machine-readable format.

The request for the provision of such data needs to be sent in a written form to the address of the Association or via e-mail. If possible, specify the type of data you are interested in so the reply matches your expectations.

 

This right is applied to the case when the data processing is performed on the basis of your consent or on the basis of a contract you signed and when the data are processed in an automated way (e.g. it does not apply to printed records).

 

It concerns only the personal data you provided. Therefore, it generally does not apply to the personal data which were created by the Association (created and derived data).

Right to object against the processing

Under certain circumstances, the customer has the right to object against further processing of his/her personal data.

Such objection against personal data processing needs to be sent in a written form to the address of the Association or via e-mail.

You have this right only if your personal data are processed on the basis of the legitimate interests of the Association. The objection has to be based on the facts concerning your specific situation so it could be properly assessed.

 

If the personal data is processed for the purposes of direct marketing, the customer has the right to object at any time ipso facto. In such case, the customer’s personal data will not be further processed for the purposes of marketing.

Right to restriction of processing

Under certain conditions, the customer has to right to ask the Association for the restriction of personal data processing.

Please send the request in writing or via e-mail.

You have this right for example if (i) you challenge the accuracy of personal data until the accuracy is verified or (ii) the processing is against the law or (ii) you objected against their processing and for the period until this is verified whether the legitimate interests of the Association are superior to your interests.

Right to personal data erasure

Under certain conditions, the customer is entitled to ask for the erasure of his/her personal data (this right is also known as “the right to be forgotten”) and that is for example if the customer suspects that the processed data are inaccurate or the processing is against the law or he/she withdrew his/her consent.

Please send the request in writing or via e-mail. 

There are several lawful reasons on the basis of which it might happen that the Association will not be able to comply with your request for the erasure of personal data. It may concern situations when for example (i) the Association needs to fulfil its legal obligations or (ii) the Association does so for or protects its legitimate interests or (iii) the data are necessary for the fulfilment of the concluded contract. 

Right to withdraw the provided consent

The customer has the right to withdraw the provided consent with any processing of personal data.

Please send the request in writing or via e-mail.

 

If you withdraw your consent, it will have effects only for the future.

Right to lodge a complaint with a supervisory authority

The customer has the right to lodge a complaint to the Office for Personal Data Protection if he/she believes that the Association infringes its legal obligations in personal data processing.

Contact details of the Office for Personal Data Protection:

 

The Office for Personal Data Protection

Pplk. Sochora 27,

170 00 Prague 7

 

www: www.uoou.cz, e-mail:

 

 

  • Period, identity verification
  • The Association will react to any request of the customer related to the exercise of his/her rights without undue delay, within one month from the receipt of the request at maximum. This period may be extended by two months in the case it is needed with regard to the complicated nature and the number of requests and the customer shall be informed about that. In the case of a major request (e.g. a request for data transmission or a request for erasure), the Association is allowed to request the verification of the customer’s identity (e.g. the customer’s verified signature on the request, e-mail with electronic signature or phone verification).

 

  1. Effect
    • This information takes effect on August 1st, 2019

       

  2. Contact person for data protection

     

    First name and surname: Renáta Menclerová

    Email:

  • Platform
  • About hydrogen
  • Events
  • Projects
  • Contact