In connection with the processing of personal data, pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), we hereby provide you with the following information on how we process personal data within our company Seyfor, a. s.
For your easier orientation, we have divided the content of this document into the following sections:
- Our commitment to the protection of personal data
- Information on the data controller
- Purposes and legal bases for the processing of personal data
- Legitimate interests pursued by the controller
- Data processors and disclosure of personal data
- Security of personal data processing
- Transfer of personal data outside the EU
- Retention period of personal data
- Rights of the data subject
- Amendments and changes
- Contact details
Our commitment to the protection of personal data
The protection of personal data is very important to us. Our aim and intention is to provide services in such a manner that the fundamental principles and rules of privacy and, in particular, the protection of personal data are observed at all times. Our primary principle is to collect and retain personal data only to the extent strictly necessary and for no longer than is necessary.
When processing personal data, we are guided in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), as well as by other legal regulations relating to the processing of personal data and the protection of privacy.
Information on the data controller
The controller that has determined the purposes and means of the processing of personal data is Seyfor, a. s., Company ID No.: 01572377, with its registered office at Drobného 555/49, 602 00 Brno, registered in the Commercial Register maintained by the Regional Court in Brno, Section B, File No. 70172.
Seyfor, a. s., (pursuant to Article 37 of the General Data Protection Regulation (GDPR)) together with Seyfor Slovensko, a joint-stock company, Company ID No.: 36 237 338, with its registered office at Plynárenská 7/C, 831 02 Bratislava, registered in the Commercial Register maintained by the District Court Bratislava I, Section SA, File No. 2969/B, forms part of a group of undertakings which are affiliated. Within this group of undertakings, data are transferred for administrative purposes, including the processing of clients’ or employees’ personal data. This processing is based on a legitimate interest (pursuant to Article 48 of the General Data Protection Regulation (GDPR)).
Regardless of whether Seyfor processes your personal data independently or as a joint controller, you may exercise your rights with any undertaking within the group.
If you have any questions regarding the protection of your personal data, you may contact us in writing at the address of the registered office or by email at gdpr@seyfor.com.
Purposes and legal bases for the processing of personal data
Personal data that we obtain when you visit our websites or fan pages on social media are processed in accordance with the law for the following purposes:
|
Purpose |
Legal basis |
|
Website traffic analysis |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Displaying interest-based online advertising |
Consent of the data subject pursuant to Article 6(1)(a) GDPR |
|
PR communication via social media |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Analysis of engagement on social media pages |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Establishing, exercising and defending legal claims |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Handling data subject requests |
Compliance with a legal obligation pursuant to Article 6(1)(c) GDPR |
In connection with the use of the Chatbot (its use is voluntary):
|
Purpose |
Legal basis |
|
Communication with website visitors and providing responses via the Chatbot |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Enquiries from customers or potential customers about our products via the Chatbot |
Performance of a contract or steps taken prior to entering into a contract pursuant to Article 6(1)(b) GDPR |
|
Analysis and improvement of the Chatbot’s functionality |
Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR |
|
Processing of data for compliance with legal obligations (e.g. responding to a data subject request for erasure or for a copy of data from the communication) |
Compliance with a legal obligation pursuant to Article 6(1)(c) GDPR |
Legitimate interests pursued by the controller
In connection with the legitimate interests we pursue, we process your data as a controller without your consent only to the extent necessary in order to achieve the specified purpose. By way of explanation, we provide the following:
|
Legitimate interest |
Additional information |
|
Website traffic analysis |
In an effort to improve the functionality of our websites, we analyse how visitors navigate the website, from which devices they access it, how long they stay and how many pages they visit. We obtain these data only if you give consent to the storage of cookies on your device. Our objective is not to identify you; for statistical purposes, we process the data in anonymised form. |
|
PR communication to increase awareness of our products and services via social media |
If you choose to follow our fan pages on a social network, your data, profile, posts and interactions will form part of the information that we process as a joint controller with Facebook. However, you can hide your posts at any time or stop following our pages. |
|
Analysis of engagement on social media pages |
In an effort to improve our communication via social media (Facebook, LinkedIn), we analyse the reach of our posts. For statistical purposes, we process these data in anonymised form. |
|
Establishing, exercising and defending legal claims |
In the event of dispute resolution, negotiations on contractual relationships, debt recovery, notifications to public authorities and similar activities, we process personal data that are necessary for establishing, exercising and defending our legal claims. |
|
Communication with website visitors and providing responses via the Chatbot (its use is voluntary) |
To ensure effective communication with us and quicker orientation on the website via the Chatbot, we process only the personal data that you provide yourself. The Chatbot will usually ask you to enter your phone number, which is then forwarded to a specialist who will contact you to answer enquiries regarding a specific product. |
|
Analysis and improvement of the Chatbot’s functionality |
We work to continuously improve the Chatbot and ensure it fulfils its function as effectively as possible; therefore, we may anonymise your personal data and process and use them for the internal development of the Chatbot. |
Data processors and disclosure of personal data
When processing your personal data, situations may arise where we disclose your personal data to a third party (another controller) or to our contractual partners (processors) who assist us with the processing of personal data.
Our processors who process personal data in accordance with our instructions and subject to appropriate security measures include:
- Providers of application hosting and cloud services
- Providers of communication tools
- Marketing agencies in the area of online advertising and communication via social media
- Companies conducting customer satisfaction surveys
We disclose your personal data to the following categories of recipients:
- Operators of online advertising systems and social networks
- Public authorities where required by applicable legislation
Security of personal data processing
In accordance with the requirements of applicable legislation, we implement all necessary security, technical and organisational measures to protect your personal data. Electronic data are stored in secure databases on a server that is owned by us or reserved exclusively for us. We protect your personal data against damage, destruction, loss and misuse. All persons who come into contact with clients’ personal data are obliged to maintain confidentiality regarding information obtained in connection with the processing of such data.
Transfer of personal data outside the EU
We carry out the processing of personal data through information and communication systems in such a manner that personal data are not transferred to third countries outside the European Economic Area (EU, Iceland, Norway, Liechtenstein). Our systems and applications are mostly operated in the Czech Republic and Slovakia or in data centres located within the EU with verified providers (e.g. Microsoft).
However, in connection with our communication via social media (e.g. Facebook, LinkedIn, Google, YouTube), we use services of global suppliers whose registered offices may be located outside the EU in third countries, e.g. the USA, which do not ensure an adequate level of protection.
Any transfer of personal data outside the EU or the European Economic Area takes place only in compliance with GDPR requirements, on the basis of standard contractual clauses approved by the Commission.
Below we provide links to the standard contractual clauses relating to transfers of data to the USA:
|
Processor |
Privacy information |
Appropriate safeguards within the meaning of Article 46 GDPR |
|
|
||
|
|
||
|
|
||
|
Microsoft |
Retention period of personal data
We process personal data only for the period necessary to achieve the specified purpose. After this period, we either anonymise all data in electronic form or erase them in a manner that prevents their unwanted restoration.
|
Processing activities |
Period |
|
Personal data processed for purposes relating to marketing and online advertising |
In most cases, we do not process personal data for longer than 24 months. |
|
Establishing, exercising and defending legal claims |
For the duration of court proceedings or out-of-court settlement, but no longer than until the expiry of the limitation period. |
Rights of the data subject
When processing personal data, we are prepared to ensure the exercise of your rights:
- You have the right of access to your personal data, as well as the right to know the purpose and the retention period and any recipients of your personal data.
- You have the right to rectification; if your data are inaccurate or have changed, please contact us and we will rectify them.
- You have the right to erasure of personal data if they are inaccurate or processed unlawfully.
- If your personal data are processed on the basis of consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- You have the right to restriction of processing of personal data. If you so request, we will process the data only for the strictly necessary reasons laid down by law, or not at all.
- You have the right to object to automated individual decision-making where such processing takes place and you find or believe that such processing is unlawful or in breach of your rights.
- You have the right to data portability; if you wish to transfer the data to another controller, we will provide them to you in an appropriate format, provided that technical or legal obstacles do not prevent this.
- You also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Czech Republic, with its registered office at Pplk. Socha 27, 170 00 Prague 7, Czech Republic, Company ID No.: 70837627, telephone: +420 234 665 800, https://www.uoou.cz/vismo/
You may exercise your rights in writing at the address of the registered office, by post or by email.
We will respond to your request free of charge within 30 days. In cases of complexity or a high number of requests, we are entitled to extend this period by a further 60 days. If this occurs, we will inform you accordingly.
Amendments and changes
Personal data protection is not a one-off matter. The information contained in this document may change or may become outdated. Therefore, we reserve the right to change or amend this information at any time. Any changes will be communicated via these pages or by email.
Contact details
Seyfor, a. s.
Drobného 555/49, 602 00 Brno
https://www.seyfor.com/, e-mail: info@seyfor.com
Tel: +420 511 182 400