I. Basic provisions
A-kontas LAW s.r.o., Company ID 099 64 151, with its registered office at Zenklova 610/154, 180 00 Prague, Czech Republic, registered in the Commercial Register kept at the Municipal Court in Prague, Section C, File 345504, is the controller of personal data (the "controller") in accordance with Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR").
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as set out in Article 4(1) GDPR.
A client is a natural or legal person using the services of the operator, whose personal data the controller processes.
The website is an internet application available on the internet used to display, select and order Services at www.a-kontas.cz.
The controller has not appointed a Data Protection Officer.
II. Sources and categories of personal data processed
The controller processes the client's personal data provided by the client, both on the basis of a service order placed by the client and on the basis of a visit to the controller's website.
The controller processes the client's identification and contact data and data necessary for the performance of the service agreement.
III. Legal basis for processing personal data
The legal grounds for processing personal data are:
Performance of the agreement between the client and the controller under Article 6(1)(b) GDPR.
The controller's legitimate interest in providing direct marketing, in particular for sending commercial communications and newsletters, under Article 6(1)(f) GDPR.
Consent to the processing of the client's personal data for the purposes of direct marketing (in particular sending commercial communications and newsletters) under Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll.
For the purposes of this Privacy Policy and pursuant to Article 4(11) GDPR, "consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Where processing is based on consent, the controller must be able to demonstrate that the data subject has consented to the processing of their personal data.
Where consent is given as part of a written declaration which also concerns other matters, the request for consent must be presented in a manner clearly distinguishable from those other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of the GDPR shall not be binding.
The data subject has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The controller informs the data subject of this before consent is given. Withdrawing consent must be as easy as giving it.
IV. Purpose of processing personal data
The purpose of processing personal data is to provide services under the agreement concluded with the client, in particular the processing of personal data when handling the client's order, and sending commercial communications and other marketing activities.
The controller does not apply automated individual decision-making within the meaning of Article 22 GDPR.
V. Recipients of personal data
Recipients of personal data are persons involved in providing services under the agreement, persons involved in administering the controller's website, and persons providing marketing services.
The controller declares that it does not intend to transfer personal data to countries outside the EU.
VI. Personal data retention period
Personal data is retained for the period necessary to exercise the rights and obligations arising from the service agreement concluded between the controller and the client and to assert claims arising from these contractual relationships (for 5 years from the termination of the contractual relationship).
Personal data processed on the basis of the client's consent is processed until the consent is withdrawn, but for no longer than 5 years from the granting of consent.
After the expiry of the retention periods referred to in paragraphs 1 and 2 of this article, the controller shall dispose of the personal data in accordance with applicable law.
An exception applies to tax documents issued by the controller, which are retained for 10 years from the end of the tax period in which the taxable supply took place, in accordance with Section 35 of Act No. 235/2004 Coll.
VII. Client rights
The right of access to personal data means that the client has the right to obtain from the controller confirmation as to whether personal data concerning them is being processed and, if so, access to that data and information on how it is processed. The client also has the right to have the controller correct, without undue delay, inaccurate personal data concerning them at the client's request. The client has the right to have incomplete personal data completed at any time.
The right to erasure of personal data means the controller's obligation to destroy personal data processed about the client, provided that certain conditions are met and the client requests it.
The client has the right to have the controller restrict the processing of their personal data in certain cases. The client has the right to object at any time to processing based on the legitimate interests of the controller or a third party, or processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
The right to data portability gives the client the option to obtain the personal data they provided to the controller in a structured, machine-readable format. This data can then be transmitted to another controller, or, where technically feasible, the client may request that the controllers transmit it directly between themselves.
The right to withdraw consent to the processing of personal data at any time does not apply where the client's personal data is processed for the performance of an agreement concluded with the client rather than on the basis of consent.
If the client is in any way dissatisfied with the controller's processing of their personal data, they may lodge a complaint directly with the controller or contact the Office for Personal Data Protection.
More information on client rights is available on the website of the Office for Personal Data Protection (uoou.cz).
VIII. Personal data security
The controller declares that it has taken all appropriate technical and organisational measures to secure personal data and data storage, including storage of personal data in paper form.
The controller declares that only persons authorised by it have access to personal data.
IX. Final provisions
By using the website, the client confirms that they have read and understood the terms of personal data processing.
If the client does not agree with this Privacy Policy, they are obliged to leave the controller's website.
By concluding the service agreement, the client confirms that they have read and understood the terms of personal data protection.
The controller is entitled to unilaterally amend this Privacy Policy. The controller will publish the current version of the Privacy Policy on its website and make it available at its premises at any time. At the client's request, the controller will send the current version of the Privacy Policy to the client's email address.
On behalf of A-kontas LAW s.r.o., Monika Procházková, Managing Director These terms take effect on 1 January 2023.