Cookie Policy

1. IDENTIFICATION OF THE PERSONAL DATA CONTROLLER

1.1. The purpose of this document is to provide information about the processing of personal data by bnt.agency a.s., VAT 14043335 with its registered office at U Pekařky 484/1a, Libeň, 180 00, Praha 8 (hereinafter referred to as the “Company”). In connection with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) effective as of 25 May 2018, we have summarized basic information concerning the processing and protection of your personal data by the Company.

1.2. Should you have any questions or requests concerning the protection of personal data, please contact our authorized employee at gdpr@bnt.agency.

2. PURPOSE, EXTENT AND LEGAL BASIS OF PERSONAL DATA PROCESSING

2.1. For the purposes of executing and performing a contract /order, we process essential data. The legal basis for this processing is the execution and performance of a contract as well as the fulfillment of legal obligations. We obtained these personal data directly from you and/or in performing an order/contract.

  • Identification data (first and last name, address);
  • Contact details (e-mail, phone number);
  • Name, IN/TIN and registered office of the firm.

 

2.2. For the purposes of analyzing and improving our services and offers. The legal basis for this processing is the legitimate interest of our company. We obtained these personal data based on your visit of our website.

  • Details about your visit of our website (cookies, IP address).

 

2.3. For the purposes of communicating with you, responding to your questions and requests (complaints, etc.). The legal basis for this processing is our legitimate interest or the performance of a contract and the fulfillment of legal obligations. We obtained these personal data based on your question/request made at gdpr@bnt.agency.

  • Contact details (e-mail, first and last name, phone number).

 

3. TIME-LIMIT OF PERSONAL DATA PROCESSING

3.1. The time-limit of personal data processing depends on the purpose of processing. It is therefore the term of a contract or an order and the time period required. In view of the statute of limitation pursuant to the Civil Code, we shall keep your personal data for 10 years after the termination of our contractual relationship. In the case of our legitimate interest, we shall process your personal data as long as this legitimate interest exists.

4. TO WHOM WE TRANSMIT YOUR PERSONAL DATA

4.1. We may transmit your personal data to:

  • The providers of services related to our activity, e.g. carriers, banks and entities that help us manage contracts and your claims or print and deliver notices;
  • Other entities in compliance with applicable legal regulations (e.g. reporting to tax offices as required by law, to the police as part of crime investigation, etc.).

 

4.2. Your personal data may be processed by entities within the European Economic Area (EEA) as well as by entities outside the EEA that include the companies from B&T ecosystem and the providers of information and other services. In the case that we transmit your personal data outside the EEA, we protect them through applicable contractual clauses or other relevant guarantees in compliance with the GDPR.

5. PERSONAL DATA PROCESSING AND SECURING

5.1. The Company has many security policies in place to protect data against loss, alternation or unauthorized access. To secure your personal data, the Company has adopted appropriate organizational and technical measures based on the GDPR, including controlled access to personal data. The Company performs regular audits concerning data and personal data security.

5.2. Your personal data shall be stored in both electronic form and paper form. Electronic data are stored on shared disks in the Company’s data center. Only Company employees have limited and controlled access to personal data on shared disks. Paper documentation is kept in locable filing cabinets, to which only designated Company employees have access. Electronic and paper data are regularly liquidated in compliance with the filing and shredding regulation.

6. COOKIES, GOOGLE ANALYTICS

6.1. Cookies are small data files that are necessary for a correct functioning of a website and are stored in your computer at the moment you start using the website. This is how the website remembers your actions and settings for a certain time period so that you would not have to enter them again when you revisit the website and go to different website sections. When using the website, the user consents to using this technology.

  • Essential cookies – cookies that are essential for the operation of a website and the provision of Internet services. No consent is required for using these cookies.
  • Analytical cookies – consent is required for using other cookie files. These cookies are mostly used for an anonymous tracking of the visit and activity of our website’s users. This helps us see what our customers like and we can thus improve our services.
  • Google Analytics – it allows to measure and evaluate the success of our website.

 

For more information, go to:

https://policies.google.com/privacy

https://www.google.com/policies/technologies/cookies/

 

6.2. In the case that you do not consent to using cookies and data obtained through our website that uses cookies technology for the aforesaid purposes, you have the option to:

  • Block cookies technology by setting your browser or another computer program to your preference.

 

7. YOUR RIGHTS

7.1. Access to your personal data – you have the right to request access to your personal data. We shall inform you about which of your personal data we process, to whom we transmit them, how long we process them and how we secure them.

7.2. Right to rectification of personal data – you have the right to request rectification of your inaccurate personal data and the right to have your incomplete personal data completed.

7.3. Right to erasure and to be forgotten – you have the right to request erasure of your personal data, provided that they are processed without any legal ground, i.e. unlawfully. Your personal data are liquidated in compliance with the shredding regulation. You have the right to be forgotten at the moment the legitimate purpose or time-limit for further processing of personal data no longer exists.

7.4. Right to object to processing – you have the right to object to the processing of your personal data based on a legitimate interest – e.g. for the purposes of sending commercial communications based on our business relationship. In the case that you do so, your personal data shall no longer be used for these purposes.

7.5. Right to restriction of processing – you have the right to request restriction of your personal data processing – e.g. to object to the processing of your personal data until the legitimate interest is assessed based on your objection to the processing of personal data.

7.6. Right to data portability – you have the right to request a statement of your personal data so that you could transmit them to another controller. This right applies only to the personal data that we obtained based on your consent or based on a contract.

7.7. Right to file a complaint at the Office for the Protection of Personal Data – in the case that you suspect any illegal processing of your personal data, you may file a complaint at the the Office for the Protection of Personal Data (posta@uoou.cz).

7.8. Right not to be subject to automated decision-making with legal effects – automated decision-making means decisions that are made by a machine and not by a human being and that have legal or other similarly serious consequences for the data subject (e.g. withdrawal from a contract). Automated decision-making is possible in the case that it is necessary for the execution and perfomance of a contract and with the consent of the data subject.

However, this type of processing is not done in the Company – a specific Company employee is always involved in processing and decision-making.

8. FINAL PROVISIONS

By sending your inquiry/question to gdpr@bnt.agency, you confirm that you read and accept the conditions of personal data protection.