PRIVACY POLICY
On the basis of what legal provisions are or may be processed your personal data?
Who does this Privacy Policy apply to?
Who is the Controller?
Contact details to the Controller
Data Protection Officer
For what purposes is or can your personal data be processed?
No. |
Purpose of processing |
The scope of data |
Lawfulness of processing |
1. |
Arrangement (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the contract) |
1) in
the case of natural persons: name, surname, ID number, position, e-mail, telephone
number, registration data (e.g. NIP), other personal data in connection with
the settlement of e.g. civil law contracts (orders / work) 2) in
the case of legal persons: name and surname, position, e-mail address,
telephone number |
1) in
the case of natural persons: art. 6 (1) b), c), f) GDPR, 2) in
the case of legal persons: art. 6 (1) c), f) GDPR, |
2. |
Personal data processed for contact
purposes - replying to received correspondence |
name, surname, telephone number, e-mail
address, information provided in the content of the e-mail: position, place
of work, |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
3. |
Personal data processed in connection with age
confirmation |
Name, surname, e-mail |
1) art. 6 (1) c) GDPR - legal regulations, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
4. |
Personal data processed in connection with the
exercise of rights in the field of personal data protection |
The scope of data necessary to exercise the rights
of the person |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
We hereby inform that depending on the purpose of processing, the scope of the indicated personal data may change.
How long will personal data be processed in accordance with the storage limitation principle (personal data retention)?
Please be advised that personal data are or may be processed for the period of:
No. |
Purpose of processing |
Lawfulness of processing |
Processing period |
1. |
Arrangement (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the contract) |
1) in
the case of natural persons: art. 6 (1) b), c), f) GDPR, 2) in
the case of legal persons: art. 6 (1) c), f) GDPR, |
1)
in order to prepare, conclude and implement the provisions of the contract -
for the duration of the preparation, conclusion and duration of the contract
- for an indefinite period or until the termination of the contract or until
objections to processing are submitted, 2)
in order to make financial settlements - for a minimum period of 6 years from
the end of the financial year, 3)
for purposes related to the investigation of claims between the parties to
the contract for the performance of the provisions of the contract - if
applicable - for the duration of the claims in accordance with applicable law
and for the period of their investigation - if applicable, 4)
for internal management purposes - controlling and archiving documentation in
connection with the conclusion of the contract - for a period of 10 years
from the date of the contract, which may be changed, |
2. |
Personal data processed for contact
purposes - replying to received correspondence |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until an objection to the processing is
submitted, 2) for a period of 10 years for internal
administrative purposes, |
3. |
Personal data processed in connection with age
confirmation |
1) art. 6 (1) c) GDPR - legal regulations, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) until an objection to the processing is
submitted, 2) for the period resulting from legal
provisions, |
4. |
Personal data processed in connection with the
exercise of rights in the field of personal data protection |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) for the period resulting from legal provisions (for an indefinite
period), 2) until an objection to the processing is submitted, |
Under what circumstances is the provision of personal data a statutory or contractual requirement or a requirement necessary to enter into a contract?
No. |
Purpose of processing |
Lawfulness of processing |
Processing |
1. |
Arrangement (Personal
data processed in connection with the preparation, conclusion and
implementation of the provisions of the contract) |
1) in
the case of natural persons: art. 6 (1) b), c), f) GDPR, 2) in
the case of legal persons: art. 6 (1) c), f) GDPR, |
1)
processing of personal data in order to prepare, conclude and implement the
provisions of the contract - providing personal data is contractual, and
failure to provide personal data will result in the inability to prepare,
conclude and implement the provisions of the contract, 2)
in the case of financial settlements, it is of a statutory nature and failure
to provide personal data will result in the inability to meet the obligations
arising from the applicable law on the Controller, 3)
processing of personal data for purposes related to the investigation of
claims between the parties to the contract for the performance of the
provisions of the contract - it is voluntary, and failure to provide personal
data will result in the inability to pursue claims, |
2. |
Personal data processed for contact
purposes - replying to received correspondence |
1) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) is voluntary, but failure to provide
personal data will result in the inability to respond to inquiries or
correspondence received, |
3. |
Personal data processed in connection with age
confirmation |
1) art. 6 (1) c) GDPR - legal regulations, 2) art. 6 (1) f) GDPR - processing is
necessary for the purposes of the legitimate interests pursued by the
controller, |
1) is of a statutory nature, and failure to
provide personal data will result in the inability to comply with the
provisions of the law in the area of personal data protection imposed on the
Controller, |
4. |
Personal data processed in connection with the
exercise of rights in the field of personal data protection |
1) art. 6 (1) c) GDPR - legal provisions, 2) art. 6 (1) f) GDPR - processing is necessary for
the purposes of the legitimate interests pursued by the controller, |
1) is voluntary, and failure to provide personal data will result in
the inability to exercise the rights of the person in the field of personal
data protection, 2) is of a statutory nature, and failure to provide personal data will
result in the inability to comply with the provisions of the law in the area
of personal data protection imposed on the Controller, |
The processing of personal data based on the legitimate interest pursued by the Controller (processing is necessary for the purposes of the legitimate interests pursued by the controller)
Please be advised that in the case of processing personal data based on the legitimate interest pursued by the Controller (Article 6 (1) f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller):
No. |
Purpose of
processing |
Lawfulness of
processing |
Art. 6 (1) f) GDPR |
1. |
Arrangement (Personal data processed in connection with the
preparation, conclusion and implementation of the provisions of the contract) |
1) in the case of natural persons: art. 6 (1) b),
c), f) GDPR, 2) in the case of legal persons: art. 6 (1) c), f)
GDPR, |
Please be advised that in the case of
processing personal data of natural persons, natural persons representing or
acting on behalf of a legal person, the legitimate interest pursued by the
Controller is considered to be: a) processing in order to prepare,
conclude and implement the provisions of the contract, b) processing for the purpose of
financial settlements - activities related to the monitoring and payment of
payments, c) processing for purposes related to
the investigation between the parties to the contract of claims arising from
the performance of the provisions of the contract - if applicable - the
legitimate interest pursued by the Controller is the processing of personal
data for the purpose of seeking claims for the implementation of the provisions
of the contract, d) processing for internal management
purposes - the legitimate interest pursued by the Controller is the exercise
of control and archiving of documentation in connection with the conclusion
of the contract, |
2. |
Personal data
processed for contact purposes - replying to received correspondence |
1) art. 6 (1) f)
GDPR - processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
The legitimate
interest of the controller is the processing of personal data in order to
answer the received correspondence, inquiries - ongoing contact with the data
subject, |
3. |
Personal data
processed in connection with age confirmation |
1) art. 6 (1) c)
GDPR - legal regulations, 2) art. 6 (1) f)
GDPR - processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
A legally
legitimate interest is the possibility of exercising the rights of persons to
whom data concern and provided for by law and demonstrate the compliance with
the GDPR regulations, |
4. |
Personal data
processed in connection with the exercise of rights in the field of
personal data protection |
1) art. 6 (1) c)
GDPR - legal provisions, 2) art. 6 (1) f)
GDPR - processing is necessary for the purposes of the legitimate interests
pursued by the controller, |
A legally legitimate interest is to the
exercise of the rights of data subjects in connection with the possibility of
exercising the rights of persons to whom data concern and provided for by law
and demonstrate the compliance with the GDPR regulations, |
Disclosure of personal data by the Controller
We hereby inform that personal data is or may be disclosed by the Controller:
1) disclosed to data recipients providing services to the Controller pursuant to art. 28 GDPR – Data Processing Agreement. Depending on the purpose of personal data processing, the categories of data recipients may be: IT infrastructure providers (software and hardware), website hosting, tools for conducting meetings, conferences, online webinar, external recruiting companies. The list of the processors to whom the Controller entrusts the processing of personal data is available at the request of the data subject,
2) disclosure of data to recipients cooperating with the Controller. Depending on the purpose of personal data processing, the categories of recipients to whom personal data may be disclosed are entities operating in the field of audits, postal services, courier services, law offices. We would like to inform you that after disclosing personal data, the data recipient becomes the Controller. The list of recipients to whom the Controller discloses personal data is available at the request of the data subject,
3) disclosure of data to recipients who are public / state authorities. Depending on the purpose of personal data processing, the categories of data recipients may be such bodies as the Tax Office, Police, courts, the Supervisory Authority or other entities to which the Controller discloses personal data under applicable law. Please be advised that after disclosing personal data, their recipient becomes the Controller of the data. The list of recipients to whom the Controller discloses personal data is available at the request of the data subject,
4) disclosure of personal data to third parties. The list of third parties to whom the Controller discloses personal data is available at the request of the data subject.
Transferring personal data to a third country (i.e. outside the EEA)
1. Please be advised that personal data may be transferred to a third country, i.e. outside the EEA. In the event of transferring personal data outside the European Economic Area, such transfer may only take place on the terms set out in Chapter V of the GDPR:
1) pursuant to art. 45 GDPR - transfer based on an adequacy decision,
2) pursuant to art. 46 GDPR - transfer subject to appropriate safeguards, including the use of standard data protection clauses adopted by the European Commission,
What are the rights of the data subject?
We would like to inform you about the right to request the Controller to exercise the following rights:
1) the right to access personal data relating to the data subject,
2) the right to rectify personal data,
3) the right to delete personal data (erasure of personal data),
4) the right to limit the processing of personal data (restriction of processing),
5) the right to object to the processing,
6) the right to transfer data (the right to data portability),
7) the right to receive a copy of your personal data,
8) the right to lodge a complaint with the supervisory body.
Please be advised that due to the individual purposes of processing listed in this Cookie Policy, the exercise of the rights of data subjects may be fully or partially limited, e.g. due to applicable law, which obliges the Controller to process them. Please send inquiries regarding the protection of personal data to the Controller by traditional mail to the above-mentioned address or by e-mail to the address: dpo@1cpublishing.eu.
Who is the supervisory authority?
1. We would like to inform you about the right to lodge a complaint to the supervisory body, i.e. to the - Úřad pro ochranu osobních údajů, contact to the supervisory body is available at: https://www.uoou.cz/vismo/o_utvar.asp?id_u=10&p1=1059.
Information on automated decision making, including profiling
Please be advised that by entering the Controller's website, you are not subject to automated decision making, including profiling. Information on the data cookies used by the Controller is available in the Cookie Policy available on the website as a separate document: https://www.1cpublishing.eu/cookies.
What is the source of the data?
Personal data may:
1) come directly from the data subject,
2) come indirectly from the data subject. The source of personal data may be publicly available registers. Personal data may come from a legal entity that provides personal data of persons designated on behalf of the legal entity to represent it or to contact it, or to implement the provisions concluded between the parties.
What scope of personal data is processed?
The Controller processes personal data to the extent necessary to achieve the purposes of processing indicated in the Privacy Policy. In accordance with the principle of minimization, we process only the scope of personal data necessary to achieve the purpose of processing.
How do we secure personal data?
Please be advised that in order to protect privacy and personal data, the Controller has implemented appropriate physical, technical, organizational and legal measures to ensure the security of personal data processing and to ensure the implementation of the rights and freedoms of natural persons.
References to other sites
1. Please be advised that the website of the Controller may contain references to other websites (e.g. business partners cooperating with the Controller).
2. Please be advised that the Controller is not responsible for the processing of personal data of other websites. Information on the processing of personal data is made available by the Controllers to which the abovementioned websites belong.
Personal data breach notifications
We hereby inform that pursuant to Art. 34 GDPR, in the event of a breach of personal data protection that may result in a high risk of violation of the rights or freedoms of natural persons, the Controller shall notify the data subject of such a personal data breach without undue delay. Please be advised that pursuant to Art. 34 GDPR, personal data may be processed in connection with the personal data breach referred to above. Please be noted that the legal basis for the processing of personal data is art. 6 sec. 1 lit. c) GDPR. Please be advised that in the event of a personal data breach, the Controller will take all possible and available technical and organizational measures to meet the requirements set out in art. 33 and art. 34 GDPR.