PRIVACY POLICY

Article 1
Introductory provisions

TESCO SW a.s. aims to protect the privacy and personal data of Users when using the Company’s products and services, in particular mobile applications (hereinafter referred to as „Services“ or „Applications„) with due care and in accordance with the obligations arising from the applicable legal provisions on privacy protection, in particular Regulation (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as „GDPR„), Act No. 110/2019 Coll, No. 89/2012 Coll., Civil Code, as amended, and other related legislation.

Article 2
Identification and contact details of the data controller

TESCO SW a.s., with its registered office at tř. Kosmonautů 1288/1, Hodolany, 779 00 Olomouc, 
ID No.: 258 92 533
DIC: CZ25892533
VAT number: CZ699000785
registered on 16 October 2001 under file number B 2530 at the Regional Court in Ostrava
email: tescosw@tescosw.cz
phone.: (+420) 587 333 333
(hereinafter referred to as the „Administrator“)

Article 3
Scope of personal data processing

1. Personal data is any information about an identified or identifiable natural person (hereinafter referred to as „data subject“ or „User“); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Due to the nature of the Services, the Administrator may collect both information that the User provides directly (e.g., by registering, creating a user account) and information that it obtains through the User’s activity in using the Application.

3. The data that the Administrator processes about Users depends on the Services used by the User and the way the Services are used. This means that the Controller does not process all the data listed below for all the purposes listed below, as the processing depends on the specific Service (Application) and the relevant contractual relationship.

4. Information collected by the Controller when using the Services:

5. Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of unique identification of a natural person, and data on the health or sexual life or sexual orientation of a natural person (so-called special categories of personal data, sensitive data) are processed by the Administrator only within the limits set by law and the GDPR, i.e. in particular if the User has given explicit consent to the processing of such personal data, or the processing relates to personal data apparently published by the User, etc.

Article 4
Legal titles for personal data processing and personal data processing purposes

1. The controller shall collect and process personal data to the extent necessary only for a predetermined purpose and only for a specified legal title, which may be:

a.  Processing of personal data with the User’s consent
Through consent, the Controller obtains permission to process the User’s personal data for one or more specific purposes. The User has the right to withdraw the consent at any time.

b.  Execution of the contract
The processing of personal data is carried out solely for the purpose of providing the User with the services ordered by the User. 
Services (for the purpose of concluding the contract and performance under the contract).

c.   Performance of a legal obligation
If the processing of personal data results from European legislation or generally binding legislation of the Czech Republic.

d.  Legitimate interest of the Controller
If the processing of personal data is necessary for the legitimate interest of the Controller, necessary to achieve the stated objective (provided that the interests or fundamental rights and freedoms of the User do not prevail, taking into account the reasonable expectations based on the legal relationship with the Controller).

2. The scope of the data processed also depends on the purpose of the processing. The information collected by the Controller is used for the following purposes:

• Identification of the contracting party

• Provision of Services

• Providing the functionality of the selected Service

• Updating and securing the Services

• Maintenance of the Services (tracking Service outages and troubleshooting problems that occur)

• Improving, enhancing the Services (using data for statistical and measurement purposes to help the Administrator determine how the Services are being used – e.g., analyzing data about User activity on the Application to optimize the appearance)

• Development of new Services (use of data regarding how the Services are used and behavioral patterns of Users)

• Promoting safety, integrity and security, protecting against abuse and fraud (information available to the Administrator is used to verify accounts and activities, to detect and prevent undesirable events, and to investigate violations of terms and conditions or policies)

• Communication with the User

• Compliance with legal obligations

• Protecting and enforcing legal claims

 Article 5
Sharing of personal data

1. In addition to the Controller and its employees, the User’s personal data may also be processed by other companies within TESSELA HOLDING SE and by companies affiliated with the Controller for the purposes described above. The personal data of Users are transferred to these companies for processing on the basis of duly concluded contracts in which they have undertaken to ensure the proper protection of the personal data of Users by taking appropriate technical and organisational measures (in particular, confidentiality obligations).

2. Personal data will not be shared with other companies, organisations or individuals (apart from those mentioned above), unless one of the following occurs:
– Legal reasons: personal data is shared by the Controller where it is necessary for the purpose of:

• • To comply with applicable law.
  • To comply with an obligation imposed by law or other decision (e.g., to provide specific data to law enforcement authorities).
  • Judicial proceedings or enforceable requests by a public authority.
  • Detecting and preventing fraud, technical difficulties or security problems.
  • Protecting against damage to Controller’s or User’s rights, property, or security of the Administrator and Users of the Services

– External processing: the Controller provides Personal Data to trusted contractors to process it for the Controller on the Controller’s instructions and in accordance with the Privacy Policy and other applicable confidentiality and security measures. No other processor is authorised to use the Personal Data provided for its own, marketing or any other purposes.

3. There is no transfer of personal data to countries outside the EU. Nor is personal data transferred to international organisations.

Article 6
Security and protection of personal data

1. In order to ensure the required level of protection of the rights and freedoms of natural persons in connection with the processing of personal data, the Controller has adopted appropriate technical and organisational measures to ensure the maximum possible level of protection of data against unauthorised access or unlawful processing.

2. All persons who come into contact with personal data in the course of their work or contractual duties are bound by a legal or contractual duty of confidentiality.

Article 7
Retention of personal data

1. Users‘ personal data are processed for the above purposes only to the extent necessary for the fulfilment of these purposes and for the time necessary to achieve them. In particular, personal data shall be processed for the duration of the contractual relationship, i.e. for the period during which the User will use the Services, or until the rights and obligations arising from the contract have been fully settled, or until the end of the following calendar year after the termination of all threatened legal claims, and subsequently for the time necessary for the fulfilment of obligations arising from special legal regulations.

2.  Personal data that are processed with the consent of Users shall be retained only for the duration of the purpose for which the consent was given. After the legal reason for processing ceases to exist, or the consent to process personal data is withdrawn, the Administrator shall immediately delete the relevant personal data. 

Article 8
Termination of use of services

1. If for any reason the User decides to terminate the use of the Services of the Administrator, the data for which there is no legal reason for further storage will be completely deleted in a manner that prevents their future recovery.

2. Some personal data will be retained by the Controller even after the User stops using the Services, if necessary for a legitimate reason.

Article 9
Summary of the User’s rights

1. The data subject shall have the following rights, namely:

•  Right of access to personal data

The User has the right to request a copy of his/her personal data processed by the Controller. The Data Controller shall provide the User, at his/her request, with information at any time on which personal data he processes and in what way.

• Right to rectification of personal data

The User has the right to ask the Controller to update or complete personal data if he/she finds an inaccuracy or wishes to complete incomplete personal data.

•  Right to erasure of personal data (right to be forgotten)

If the User believes that the Controller processes his/her personal data unlawfully, he/she has the right to request the Controller to delete them. If for some reason this is not possible, the Controller will inform the User of this reason. This situation may arise in particular if the Controller processes the data:

• • to comply with a legal obligation
  • in the performance of a contract concluded between the Controller and the User
  • for the establishment, exercise or defence of legal claims
  • for archiving, scientific or historical research or statistical purposes

•  The right to limit the processing of personal data

Personal data will not be temporarily processed if:

• • the User disputes the accuracy of the personal data – until such time it is verified whether the data is correct or not
  • the processing is found to be unlawful and the User requests a restriction on the use of the personal data instead of deleting it
  • the Controller no longer needs the personal data for processing, but the User requires it for the establishment, exercise or defence of legal claims
  • the User objects to the processing – until it is verified that the legitimate grounds of the Controller outweigh the legitimate grounds of the User

• Right to information regarding rectification, erasure or restriction of the processing of personal data

•  Right to portability of personal data

If the Controller processes the User’s personal data with the User’s consent or for the performance of a contract, the User has the right to request the portability of his/her personal data. The Controller will then transmit the personal data provided in a structured, commonly used and machine-readable format. If technically feasible, the Data Controller may, at the User’s request, transmit the personal data directly to another controller.

•  Right to object to the processing of personal data

If the Controller processes the User’s personal data for the purposes of its legitimate interests, the User has the right to object. He may also object to the processing of personal data for direct marketing purposes.

•  Right to withdraw consent to the processing of personal data

 The user has the right to withdraw his/her consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

• Right to file a complaint

• • Data Protection Officer: Ing. David Hodinář
  • Information, questions or comments on data protection: (+420) 587 333 666.

The user can exercise his/her rights in the following ways:

• • ELECTRONICALLY via e-mail: osobni.udaje@tessela.cz
  • THROUGH THE DATA BOX: TESSELA Data Box HOLDING SE: fyx8v5u
  • IN WRITING to: Data Protection Officer tr. Kosmonautů 1288/1, Hodolany 779 00 Olomouc
  • IN PERSON at the following address. Kosmonautů 1288/1, Hodolany 779 00 Olomouc

If the User believes that the processing of personal data has violated his/her rights under the GDPR, he/she has the right, in addition to administrative or judicial remedies, to file a complaint with the supervisory authority, which is the Office for Personal Data Protection in the Czech Republic, Pplk. Sochora 27, 170 00 Prague 7 (www.ouuo.cz, posta@uoou.cz).

• Right to effective judicial protection against the Data Controller or Processor and against the supervisory authority

You can download the privacy policy in pdf version here.