1.1 The purpose of this document is to summarise the basic information about the principles of personal data processing that our company follows and has adopted in order to comply with the EU Regulation 2016/679 (“GDPR”).

1.2. Our company has taken all necessary steps to strengthen the security and confidentiality of the processed data and to comply with all prescribed obligations under Czech law.

2.1. Our company, AUTOGARD spol. s r.o., with its registered office at Nová 387/32 664 41 Popůvky, ID No.: 49446053, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 12304, is in the position of a personal data controller with respect to visitors to the www.autogard.cz website, customers, clients, employees and selected contractual partners.

2.2. In accordance with the GDPR, our company processes personal data in accordance with this policy:

a) Lawfulness, fairness and transparency — We only carry out processing where there is a legitimate reason to do so (e.g. a legal obligation, performance of a contract, protection of our interests, protection of the interests of 3rd parties, or consent given by the data subject). We carry out processing transparently and inform data subjects about how their personal data is handled, who has access to it and what rights they have.

b) Purpose limitation — We collect personal data only for specific, explicit and legitimate purposes (see above).

c) Data minimisation — We only process personal data to the extent and to the extent necessary in relation to the purpose.

d) Accuracy — We only process actual personal data that reflects the true state of affairs.

e) Storage limitation — We hold personal data for no longer than is necessary and lawful.

f) Integrity, confidentiality — We have implemented sufficient technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.

g) Accountability — We are able to demonstrate compliance with the principles in a. — g.

2.3. We process most of the personal data in order to comply with statutory obligations and to fulfil our contract with our clients. This includes in particular personal data necessary for the conclusion and performance of the contract, i.e. in particular identification and contact data (title, name, surname, address, date of birth, national identifier if applicable, business name, name, registered office, place of business, identification number, e‑mail address, bank connection).

2.4. The data subject is duly informed of the principles of personal data processing in the context of the conclusion of the contract and acknowledges that the Controller is entitled to make personal data available to other processors or administrators, as appropriate, in accordance with applicable law.

2.5. In the event that we carry out processing the purpose of which is not to comply with statutory obligations, this is processing of personal data for which we need the explicit, free, specific and informed consent of the data subjects. In this case, the processing of personal data is mainly for marketing purposes and in each case the client is informed in advance of the scope of the processing. The provision of such consent is entirely voluntary and consent may be withdrawn at any time or other rights described in the consent may be exercised.

3.1. The Company has taken the necessary measures to ensure the security of the personal data processed in both physical and electronic form. These measures include, in particular, establishing rules for working with the information systems in question, ensuring that only authorised persons use the systems for automated processing of personal data, ensuring that these persons have access only to personal data corresponding to their authorisation, and making electronic records, identifying and verifying when, by whom and for what reason personal data were recorded or otherwise processed, and preventing unauthorised access to data media, in particular by setting passwords, access rights, encryption, drawing up documentation on the technical and organisational measures taken, increasing security by installing locks, etc.

3.2. All employees and persons who have access to personal data in the course of our business are properly trained and are familiar with the rules of security and confidentiality when handling personal data.

4.1. In order to fully use the cookie data, the legal title for processing is the user’s consent, which is normally obtained by setting the user’s browser. If multiple users are using the device, it is assumed that the user is aware of how the device is set up, otherwise they would have set it up differently.

4.2. Similarly, the endpoint device may be set up in the workplace by the employer and the employee is aware of this, even if they wish to set up the storage of Cookies differently.

4.3. Consent is not required for Cookies strictly necessary for the operation of the website and Internet services.

4.4. According to the GDPR, the handling of data obtained from cookies is processing of personal data.

5.1. We transfer personal data to third parties only in cases prescribed by law (mandatory reporting to state authorities) or to the extent necessary to selected suppliers who provide certain services for us that are necessary to provide services to our clients. We have clear contractual relationships with all such parties and all suppliers comply with the necessary rules for processing personal data within the scope and parameters required by the GDPR.

5.2. We transfer personal data abroad within a clearly defined scope for the purpose of providing services to our clients, only to selected suppliers, and all affected parties are always informed of such transfers.

6.1. We have a system in place for reporting potential security incidents. In the event of any data leakage, we comply with the GDPR in order to minimize potential damage and make appropriate reports to the Data Protection Authority (www.uoou.cz) in prescribed cases.

7.1. If you believe that we are processing personal data in a way that is contrary to the protection of privacy or is contrary to the law, in particular if the personal data is inaccurate with regard to the purpose of its processing, you can send us an objection or ask for an explanation. In such cases, please do not hesitate to contact us at any time either by phone at +420 724 202 405 or electronically at autogard@autogard.cz.