Personal data processing
processing of personal data within the meaning of Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and Act No 110/2019 Coll., on the processing of personal data.
Who is the administrator?
The personal data controller is:
Faster CZ spol. s r.o.
ID: 60722266
registered office Jarní 1064/44g, 614 00 Brno-Maloměřice
Tel.: +420 533 433 030
e-mail: gdpr@faster.cz
The controller have a designated data protection officer.
Trustee:
Marta Svobodová
tel.: +420 533 433 030
e-mail: svobodova@faster.cz
What data is processed?
The controller, as an entrepreneur, processes personal data necessary for the proper provision of the services offered, in particular:
- name and friendly;
- e-mail;
- home/residence address;
- bank account number;
- credit card number;
- IP address;
- the date and time of access to the user section;
- web browser information;
- operating system information;
- language settings;
- behaviour on the administrator’s website.
For what purpose is personal data processed?
The controller processes your personal data for the following purposes:
a) Performance of a contract – provision of services – Article 6(1)(b) GDPR allows such a procedure;
b) Legitimate interest of the controller (in particular the exercise of its rights and the exercise of its claims arising from the legal relationship with you as a client) – such procedure is allowed by Article 6(1)(f) GDPR.
c) Compliance with obligations imposed by law – Article 6(1)(c) of the GDPR allows such a procedure.
How long is personal data processed?
Personal data are processed principally for the time necessary to fulfil the purpose of their processing.
For the purpose of providing legal services, personal data is processed for the entire period of providing the agreed services.
For the purpose of fulfilling legal obligations, personal data is processed for the period required by the relevant legal regulations of the Czech Republic or the European Union. As a rule, this is five (5) or ten (10) years.
For the purposes of the legitimate interest of the controller, personal data are processed for the duration of the rights and obligations arising from the legal relationship between the controller (Provider) and you (User), even after the end of the provision of the agreed services. As a rule, this will be a limitation period of three (3) years from the termination of the rights and obligations arising from the legal relationship between the controller and you in the provision of the agreed services.
For the purposes of the performance of the contract, i.e. the provision of the agreed services, personal data is processed for the entire duration of the contractual relationship.
Who processes personal data?
The processing of personal data is carried out by the Controller.
However, personal data may also be transferred to the following persons:
- employees of the Administrator;
- other persons cooperating with the Administrator, such as auditors, attorneys, tax advisors, etc. (all such persons are bound by confidentiality).
What about personal data stored in the Controller’s cloud services?
If you store information within the cloud Services provided by the Controller that is personal data within the meaning of the GDPR, you will be the controller and we will be the processor (for the purposes of this section of the Controller Policy, the “Processor”).
In this case, the Processor:
a) not disclose or permit the disclosure of personal data to a third party other than in accordance with this Policy or your instructions, unless such disclosure is required by the law of the Czech Republic, the EU or a Member State to which the Processor is subject;
b) implement appropriate technical and organizational measures to ensure that the processing of personal data complies with the requirements of the GDPR as well as other generally binding legal regulations, in order to ensure adequate protection of the rights and legitimate interests of personal data subjects;
c) prevent the unauthorised reading, alteration, erasure or disclosure of personal data, and shall not make copies of personal data media for other than business use and shall not allow other persons to do so;
d) use only secure hardware and software and adhere to the principles of secure computing, in particular to secure all technology (hardware and software), equipment and systems against cyber-attacks in a manner appropriate to the nature of the personal data and the state of the art. The processor shall be liable for damage to personal data by a third party if it is proven that the personal data have not been secured in accordance with this paragraph; otherwise, it shall not be liable for damage or misuse;
e) ensure that he or she and the persons involved in the processing of the personal data maintain the confidentiality (secrecy) of the personal data as well as of their processing;
f) will take into account the nature of the processing of personal data and will assist you to comply with your obligation to respond to requests to exercise the rights of the data subject, as well as to comply with other obligations under the GDPR;
g) if the Processor becomes aware of a breach or threatened breach of security of personal data, accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access to processed personal data, it shall inform you in writing without delay, but no later than within 24 hours, and describe to you as best it can the security risk that has arisen or is imminent, communicating to you all appropriate measures to prevent or minimise the damage and taking all necessary measures to minimise the damage itself;
h) it will only process personal data in accordance with this Policy or on the basis of your other documented instructions, including, where applicable, the transfer of personal data to a third country or an international organisation within the meaning of and under the conditions set out in Article 28(3)(a) of the GDPR;
i) assist you in implementing and maintaining appropriate technical and organisational measures to safeguard personal data and in reporting breaches of such security, as well as in ensuring compliance with your obligations under Articles 32 to 36 of the GDPR;
j) provide you, through appropriate technical and organisational measures, with all the necessary assistance to comply with your obligation to respond to requests from data subjects in the exercise of their rights under the GDPR without undue delay, but at the latest within 14 days of the request;
k) provide you, at your request, without delay, but no later than 7 days after your request, with all the cooperation and information necessary to demonstrate that the personal data are adequately secured organisationally and technically and that all other obligations set out in Article 28 of the GDPR have been complied with;
l) allow you or a person authorised by you to check (including audit or inspection) compliance with this Policy and the lawful processing of personal data, and in such checks provide you or any other controlling person with all necessary assistance as reasonably instructed by you or the controlling person;
However, the Processor informs you that it does not and will not actively examine data that you upload to the cloud Service or to cloud storage provided as part of the Service.
In case you are the data controller and need to ensure special protection of your personal data, the Processor is also prepared to enter into another data processing agreement within the meaning of Article 28(1) GDPR, which will replace the provisions set out in this Policy.
What rights do you have when processing personal data?
You have a right:
- to access their personal data;
This means the right to obtain confirmation from the Controller as to what personal data is processed about you, the right to access this personal data and to be informed of the purpose for which the personal data is processed, the categories of personal data, to whom the personal data has been or will be disclosed, the existence of the right to rectification or erasure of personal data, as well as the right to restrict the processing of personal data and/or the right to object to such processing;
- to have their personal data rectified or completed;
This means the right to request at any time the rectification or completion of personal data that are inaccurate or incomplete.
- to erasure of personal data (right to be forgotten);
This means the right to request the erasure of your personal data without delay. However, you only have this right if (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) you withdraw your consent to the processing of your personal data and there is no other reason for processing it; (iii) you object to the processing and there are no overriding legitimate grounds for processing or it is an objection to the processing of personal data for direct marketing purposes; (iv) the personal data has been unlawfully processed; (v) the Controller is obliged to erase it by a law of the Czech Republic, the EU or another Member State applicable to the Controller; (vi) the personal data has been collected in connection with the offering of information society services to a child over 16 years of age and/or a child under 16 years of age with the consent of a legal representative.
- to limit the processing of personal data;
This means the right to restrict the processing of personal data on the grounds that (i) you contest the accuracy of the personal data (then for the time necessary to verify the accuracy); (ii) the processing is unlawful but you refuse to erase it and at the same time request a restriction on its use instead of erasure; (iii) the Data Controller does not need the personal data for the purposes of the processing but you request further processing for the establishment, exercise or defence of your legal claims; (iv) you object to the processing, pending verification that the Data Controller’s legitimate grounds do not override your legitimate grounds.
Personal data will only be processed by storing it. Otherwise only with your consent.
- on the portability of personal data;
This means the right to receive personal data from the Controller in a structured and machine-readable format and the right to transfer this personal data to another controller, in the event that the processing of personal data is automated and/or based on your consent.
- object to the processing of personal data;
This means the right to object to the processing of personal data on grounds of public interest or legitimate interests of the Controller, including any related profiling, as well as the right to object to the processing of personal data for direct marketing purposes.
- not to be subject to automated individual decision-making, including profiling;
This means the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effects on you or significantly affects you in a similar way.
This does not apply if such processing is necessary for the performance of a contract, if such processing is permitted by generally applicable law and/or if you have given your explicit consent to such processing.
- lodge a complaint with the Data Protection Authority or apply to the court of competent jurisdiction.
This means the right to lodge a complaint with the Data Protection Authority, which supervises compliance with the obligations under the GDPR and related legislation. More information at: https://uoou.gov.cz/
At the same time, you can also assert your rights and claims before the courts of competent jurisdiction.
PROCESSING COOKIES
Cookies
Cookies may be placed on your device when you visit the faster.cz website.
Cookies are small data files that are stored on your device’s browser when you visit the website. They are used to store information about your visit, which allows the website to function effectively. For example, they enable the website to recognise you and adapt the content to your preferences or user settings when you visit again, so that you do not have to re-enter them.
Cookies can record various information such as language settings, login details, browsing history, etc.
Cookie categories
NECESSARY
Necessary cookies that are essential to the basic functions of the website and the website and without them will not function as intended.
As these cookies are essential tools for the functioning of the website, your consent is not required to use them.
Necessary cookies do not store any personally identifiable data, and do not contain data that could be used for marketing purposes or tracking of users outside of our website.
| Cookie name | Description | Cookies used | Expiry |
|---|---|---|---|
| PHPSESSID | Tento soubor cookie je nativní pro This cookie is native to PHP applications. It is used to store and identify a unique user session ID in order to manage the user’s session on the website. It is a session cookie and is deleted when all browser windows are closed. | Cookie own – Faster CZ | session |
| tarteaucitron | This cookie is created by the TARTE AU CITRON service and is used to remember users’ consent so that their preferences can be respected on future visits to this website. It does not collect or store any personal data about visitors to the site. | Cookie third party – Tarteaucitron | instant |
| cgpts-16813 | A technical cookie created by CustomGPT. It is used to optimize the platform’s features, such as managing user sessions, personalizing content or storing user preferences. This cookie usually does not contain any personal data and its main purpose is to ensure a smooth functioning and better user experience. | Cookie third party – CustomGPT | 7 days |
| wp-wpml_current_language | This cookie is created by the WordPress multilingual plugin and is used to store language settings. | Cookie third party – WPML WordPres | session |
ANALYTICS
We use these cookies to collect information about how you interact with our website. They help us to understand how you use the website, where you access the website from, the level of traffic to the site, where you leave the site, etc., in order to improve the website.
We need your consent to collect analytics cookies.
| Cookie name | Description | Cookies used | Expiry |
|---|---|---|---|
| _ga_ZE59E0CMZZ | Used to store and count page views. | Cookie third party – Google Analytics (GA4) | instant |
FUNCTIONAL
These cookies are used to store personalised website features such as user settings, language preferences, etc. At the same time, they are also used to enable certain other website features, such as sharing website content on social media platforms, collecting feedback, etc.
We need your consent to collect functional cookies.
| Cookie name | Description | Cookies used | Expiry |
|---|---|---|---|
| _ga | Used to store and count page views. | Cookie third party – Google Tag Manager | instant |
MARKETING (ADVERTISING)
These cookies are used to track and analyse your behaviour on the website in order to provide personalised advertising offers. In particular, these cookies collect information about what pages you visit, what products you view and what actions you take. Without these cookies, you will be shown less interesting and untargeted advertising.
We need your consent to collect advertising cookies.
| Cookie name | Description | Cookies used | Expiry |
|---|---|---|---|
| _gcl_au | It is used to track and measure the performance of advertising campaigns, store conversions and collect data to optimize advertising spend. | Cookie third party – Google Ads | instant |
Cookie settings
The so-called “opt-in” rule applies to the processing of cookies. This means that cookies will not be processed unless you give us your consent to process them. By continuing to use the site, consent is not granted.
This does not apply to strictly necessary cookies, which are processed at the time of accessing our website.
You can grant or withdraw consent in the “cookie bar”, and you can grant or withdraw consent for each category separately at any time.
If you do not give us your consent to the processing of cookies, you will be able to continue to use our website, but without certain user functions for which the processing of cookies is necessary.
Effective 1 December 2024
