CERVA GROUP a.s., Company ID No. 267 12 121, with its registered office at Průmyslová 483, 252 61, Jeneč, registered in the Companies Register of the Municipal Court in Prague under File No. B 7786, represented by Albert Giliaev (hereinafter also "us", "our" or "we"), as a personal data controller, informs you, the users of the website www.cerva.com our customers, distributors and suppliers about what personal data we collect and about our privacy regulations as described below.
- Which of your personal data we will process;
- For what purposes and how we will process your personal data and the legal basis for this processing;
- To whom your personal data may be transferred;
- For how long we will process your personal data; and
- Your rights related to the processing of your personal data.
If you need an explanation of any part of this document, if you need any advice or if you need to discuss further processing of your personal data, you can contact us anytime at the e-mail address GDPR_Info(at)cerva(dot)com
SCOPE OF PERSONAL DATA PROCESSING
If you contact us via our website, you may be asked to enter certain data about you or your company. This data may especially include:
- name and surname or commercial name;
- company's address or registered office;
- date of birth or identification number and tax identification number;
- telephone number;
- e-mail address;
- IP address
- the data obtained via cookies in Google Analytics
Our website is not intended for children under 16 years of age. We do not process any personal data of children under 16 years of age.
Our website may also collect other information such as the type of your browser or operating system, your IP address, website visits or Internet connection provider or other information of similar nature.
All the data collected on our website is collected via Google Analytics and Google Tag Manager and serves exclusively for improving the services provided to our website visitors and for marketing purposes. The method of preventing the collection of this information is described in the paragraph below. In no case we will sell, exchange or lease this data.
While most web browsers enable cookies by default, they also provide tools by which cookies can be blocked or removed.
Our company uses these cookies:
- PHPSESSID - system cookie - a cookie to preserve language settings of the website and user login
- PROXY_LANGUAGE - system cookie - a cookie to preserve language settings of the website and resolve language redirecting
- nette-browser - system cookie - the Nette framework internal cookie for detecting opening of a new website window
- newsletter - keeps information about clicking on the newsletter popup.
- Google Analytics - a tool for displaying statistical data on the behaviour of visitors to cerva.com and b2b.cerva.com
- Google Tag Manager - a tool for managing tracking codes on cerva.com and b2b.cerva.com
- DoubleClick - a non-personalized ad serving tool
- userId - system cookie - user identifier
- ZB2Bsite - system cookie - selected branch
- JSESSIONID - system cookie - user session identifier
HOW TO DISABLE COOKIES
More information on browsers and on how to configure one's cookie preferences can be found on the following websites:
An effective tool for cookie management is also available here
PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING
The data you disclose to us is used by us to contact you back and provide you with information that you request or for the performance of a contract. All personal data is processed in a legal and transparent manner and we will only ask for data that is reasonable, relevant and necessary for the purpose of the processing. The legal basis for this processing is the processing for the performance of a contract.
In addition, we can use your name, surname and e-mail address to send you commercial messages, i.e. to inform you about any events, publications or services that we provide and that, in our opinion, may interest you. The disclosure of personal data for the performance of a contract and the disclosure of personal data for answering your questions or providing information you request are one of our contractual conditions and failing to disclose this data may result in our not entering into a contract or not answering your questions. We may also use your personal data for our internal needs, especially for monitoring your satisfaction, for optimising and improving the quality of the products and services provided or for developing new products and reducing risks.
The legal basis for the above processing is the processing based on our legitimate interests, which include our interest in the promotion of our products and, at the same time, our interest in making improvements to the quality of the services we provide.
You can at any time reject the processing of your personal data for the purposes of sending commercial messages and this will have no impact on any of our other dealings. You will only have to send us an e-mail with the relevant request to GDPR_Info(at)cerva(dot)com or to the address from which you received our commercial message, or you can opt out of receiving them by using the opt-out link at the foot of every message/newsletter.
Your personal data will not be used for the purpose of any automated decision-making, including profiling.
WHO CAN ACCESS YOUR PERSONAL DATA
For the purposes of improving the quality of our services and performance of some activities, your personal data will be processed for us by processors who provide us with
- server, web, cloud or IT services;
- accounting services
- legal services
- marketing agencies
With regard to ongoing changes in the providers of some services, it is not possible to specify the names of all personal data processors. An up-to-date list of the specific personal data recipients may be provided on request at the following address GDPR_Info(at)cerva(dot)com
DATA PROCESSING/RETENTION PERIOD
We will be processing your personal data for a period during which we provide you with our services or perform a contract signed between us and you or for a period necessary for the fulfilment of the archiving obligations in accordance with the applicable laws and regulations such as the Act on Accounting, Act on Archiving and Records Management or the Value Added Tax Act.
Thus, we will retain your personal data for a period strictly necessary for the provision of products and completion of the required transactions or for other necessary purposes, such as compliance with our legal obligations, resolution of disputes and legal enforcement of our agreements. These needs may vary with different data types in the context of various products and, therefore, the actual data retention period may differ substantially. The criteria that determine the data retention period include the following:
- For how long is personal data necessary for the provision of products and for securing our company operations? This includes activities such as maintaining and improving the performance of these products, maintaining the security of our systems and maintaining the relevant business and financial records. This is a generally applicable rule which in most cases is the basis for defining the data retention period.
- Do you disclose your data to us with an expectation that we will retain this data until you expressly ask us to erase it?
- Is this personal data sensitive? If yes, it is generally appropriate to use a shorter data retention period.
- Have we introduced and announced a specific retention period for a particular type of data? If yes, then we will surely never exceed this period.
- Have you given your consent to an extension of the data retention period? If yes, we will retain data in line with your consent.
- Are we subject to any legal, contractual or similar obligations to retain data? Examples include laws that stipulate mandatory data retention or a government order that requires retention of data related to investigations or retention of data for litigation purposes.
YOUR RIGHTS RELATED TO PERSONAL DATA PROCESSING
In relation to our processing of your personal data you will have the following rights:
- the right of access to personal data;
- the right to rectification;
- the right to erasure ("the right to be forgotten");
- the right to restriction of data processing;
- the right to object to processing;
- the right to data portability;
- the right to lodge a complaint about the processing of personal data.
Your rights are explained below to give you a more concrete idea about what these rights mean.
The right of access means that you can anytime ask for our confirmation whether the personal data concerning you is or is not being processed and, if yes, for what purposes, to what extent, who is given access to this data, how long we will be processing this data, whether you have the right to rectification, erasure, restriction of processing or to object, how we have obtained this personal data and whether the processing of your personal data serves as a basis for automated decision-making, including potential profiling. You also have the right to obtain a copy of your personal data, with the first copy being free of charge, while for any additional copies we may charge a reasonable fee as compensation for our administrative costs: the fee is CZK 100.
The right to rectification means that you can anytime ask us to rectify or complete your personal data if this data is inaccurate or incomplete.
The right to erasure means that we will have to delete your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are required to do so under a legal obligation or (v) you withdraw your consent to the processing of cookies which track your activities on our websites.
The right to restriction of processing means that until we resolve any disputed issues concerning the processing of your personal data, we may only process your personal data for the purposes of its storage and we may use the data only with your consent or for the establishment, exercise or defence of legal claims.
The right to object means that you may raise an objection to the processing of your personal data that we process for direct marketing purposes or due to a legitimate interest. If you raise an objection to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes; if you raise an objection to the processing due to a legitimate interest, this objection will be evaluated and we will subsequently inform you on whether we have granted your objection and we will thus no longer process your data or whether we have found your objection unjustified and the processing will continue. In any case, until the objection is resolved, the processing will be restricted.
The right to portability means that you have the right to obtain personal data that concerns you and that is processed in an automated manner on the basis of a consent or a contract in a structured, commonly used and machine-readable format and the right to transmit this personal data directly to another controller.
If you have any concern or complaint concerning personal data protection or any question to the person responsible for data protection at our company or if you want to exercise any of your rights, please contact us by using our web form. We will respond to your questions or concerns within 30 days.
Our activities are also supervised by the Office for Personal Data Protection, where you can file a complaint if you are not satisfied. For more information, visit the website of the Office.
REPORTING OF SECURITY INCIDENTS
In today's era of modern technologies there is a very low, but real risk that your personal data may leak or may be misused or lost. While carrying out our business operations, we will do our utmost to prevent any such safety incident from happening and we will especially provide regular personal data protection training to all our employees who come in contact with your personal data, we will adopt and inform our employees about our internal corporate regulations regulating the protection of your personal data and we will always use efficient technical solutions to make our data processing secure, such as data encryption, complex passwords or software updates.
If, however, despite all our best efforts, a safety incident occurs and might pose a high risk to your rights and freedoms, we will promptly notify you of this fact, by using the e-mail address you provided to us and by publishing this information on our website including all the necessary details.