Personal Data Processing Policy

The companies of the ELTODO Group process personal data as data controllers or processors exclusively in compliance with the applicable legal regulations of the Czech Republic, particularly Act No. 110/2019 Coll. on Personal Data Processing, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).

This Privacy Policy does not provide a comprehensive overview of personal data processing by the companies of the Group but serves to fulfill the basic informational obligation of the Controller towards data subjects regarding the possibilities, conditions, and methods of processing their personal data. The recipients of this Policy are primarily existing or potential business partners and their representatives, job applicants, visitors (users) of the websites of the individual companies, etc. Employees are informed about the processing of their personal data through internal documents.

Who is the controller of your personal data?

The controller of your personal data is ELTODO, a.s., Novodvorská 1010/14, 142 00 Prague 4, Company ID (IČO) 45274517.

What personal data do we process and why?
Within its activities, we may process personal data obtained directly from the data subject or from public sources. The following list is not exhaustive but rather demonstrative; if necessary for fulfilling a specific processing purpose and we have a relevant legal basis, we may process other personal data not listed here.

Identification and contact data:

Name and surname
Academic title
Business name
Company ID (IČO), Tax ID (DIČ) (may include personal identification number)
Permanent residence address, registered office, or place of business
Billing address
Identification data of the client’s representative or a contact person designated by the client
Bank account details
Signature
Contact telephone number
Contact email address
Additional data about business partners (natural persons):
Business activity
Education and qualifications, references, etc.
Payment discipline, information about previous business transactions
Additional data about job applicants:
Education and qualifications
Employment history
Extract from the Criminal Register (for selected positions)
Results of entry occupational health examinations
Other data voluntarily provided by the data subject (applicant)

Security camera recordings:
Entrances, reception areas, and other internal premises of the Controller’s facilities may be monitored by security camera systems that create recordings due to the Controller’s legitimate interest in protecting its property, legal interests, and the ability to adequately respond to security incidents. Recordings capturing the appearance, behavior, and conduct of individuals entering the Controller’s premises are made so as not to excessively interfere with their privacy. The recordings are automatically stored in a data repository and handled exclusively in the event of a security incident. Otherwise, recordings are automatically deleted or overwritten within 7 days at the latest. Information about processing, including a camera pictogram, is posted at all monitored entrances to the Controller’s facilities.

Cookies and other similar technologies:
The websites of the Group companies use tools to optimize user experience, including cookies, tags, and similar technologies, which allow the provision of information tailored to users’ needs (e.g., password saving for future visits, language preferences, search methods, etc.). Cookies help provide, protect, and improve websites and related services (applications). By continuing to use the websites, users consent to the use of cookies. Users may refuse the use of cookies and similar technologies, but must configure their devices (PC, mobile phone, etc.) accordingly to disable these technologies.
Legal basis for processing personal data

We process personal data:

To fulfill legal obligations, i.e., whenever required or foreseen by applicable and effective legislation.
To perform contracts where the data subject is a contractual party, including steps toward contract conclusion (e.g., personal data of job applicants or business partners who are natural persons).
For our legitimate interests (e.g., business activities, service provision, protection of our legal interests).
Based on your informed and voluntary consent to the processing of your personal data. In this case, you have the right to withdraw your consent at any time.
How long do we process personal data?
We process your data for the duration of the processing purpose and further for the period required by applicable laws (retention period) or as long as our legitimate interest in protecting our rights persists in the case of complaints or possible disputes, i.e., for the duration of applicable warranty and limitation periods. Please contact us for more details.

Personal data security

The security of personal data is our top priority; therefore, we have implemented appropriate organizational and technical measures to protect them. All our employees processing personal data are bound by confidentiality and are regularly trained on information and personal data security. Personal data are stored in secure repositories with strictly controlled access rights, both physical and logical, and we cooperate only with partners who apply the same standards.

We provide or make personal data accessible only to authorized recipients for legal obligations or our legitimate interests. When using processors, we select them carefully and have data processing agreements in place. Due to the Group’s structure, your personal data may be transferred between companies within the Group, primarily for internal administrative purposes and efficient data processing and protection.

We do not transfer personal data to third countries or international organizations.

What rights do you have?

Under the Regulation, you have the following rights:

If processing is based on your consent, you may withdraw your consent at any time by contacting us using the details below.
The right to access your personal data to determine what personal data we process.
The right to rectify inaccurate data.
The right to erase personal data where justified and possible.
The right to restrict processing of your personal data in cases provided by the Regulation.
The right to data portability where the legal basis for processing is consent or contract performance and data is processed automatically.
The right to object where our legitimate interest is the legal basis for processing. In such cases, we will stop processing your data for the given purpose unless we have overriding legitimate grounds or for the establishment, exercise, or defense of legal claims.
If you believe your personal data is processed unlawfully, you may file a complaint with the supervisory authority, which for the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz).

How to contact us?
Please direct any questions, comments, or requests to the email address: gdpr@eltodo.cz, or in writing to:

ELTODO, a.s.
Novodvorská 1010/14
142 00 Prague 4
Attn: Data Protection Officer, Mgr. Vít Derner