Dear customer, we are sorry but your browser doesn't support all necessary features for good site view. Please switch to one of the modern browsers (Chrome, Safari, Firefox).

The data controller to whom I give my consent to the processing of my personal data is:

PPF a.s., a company organised and existing under the Czech Law, company registration no.: 25099345, registered office at: Evropská 2690/17, 160 41 Prague 6, Czech Republic (hereinafter referred to as the “Controller“)

The Controller’s contact details: PPF – Communications Department, address: Evropská 2690/17, 160 41 Praha 6, Czech Republic, email: info@ppf.cz, www.ppf.eu.

Controller’s data protection obligations are provided by:

  1. the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to only as the “GDPR“); and
  2. Act No. 110/2019 of the Collection of Laws of the Czech Republic, on the Processing of Personal Data, as amended (the “PDPA”).

Specification of My Personal Data to the processing of which I give my consent:

(hereinafter jointly referred to only as “My Personal Data“).

  1. Identification personal data – First name, Surname
  2. Contact details – E-mail address
  3. Other personal data – Identification of an employer (optional)

Period for which I grant my consent to the processing of My Personal Data:

3 years from the date this consent was granted - the “Agreed Period”.

Purposes of processing My Personal Data for which I grant my consent:

  1. Keeping of the database of contact details of persons interested in the newsletter (interviews, podcasts, insights, press releases and statements),
  2. you apply in the selection procedure.

The way of processing of My Personal Data to which I grant my consent:

My Personal Data may be processed only in electronic form. By granting my approval, I agree with putting My Personal Data into the Controller’s database containing information about persons interested in the newsletter. I am aware that the Controller and the Processor (as defined below in par. 6, the “Processor”) have access to this database during the whole Agreed Period. I am also aware that the Controller’s database containing My Personal Data is placed with a third party (the Processor).

My Personal Data will be transmitted to the Processors 

who will provide to the Controller the services of newsletter delivery, administration and maintenance of technical and software equipment on which My Personal Data will be stored, and they will also provide for the newsletter distribution. Upon the date I am granting this consent, the Processor is SYMBIO Digital s.r.o., IČO: 26492407, registered office Na Maninách 1040/14, 170 00 Praha 7 - Holešovice, Czech Republic (generally referred to as the “Processor”). The Processor’s data protection obligations are provided by the GDPR.

Certain personal data the controller processes may be shared with state institutions or other third parties in the fulfilment of obligations complying with given legislation.

I am aware that the following persons may have access to My Personal Data:

  1. Communications department employees of the Controller;
  2. Processor or persons working for the Processor, if their job is in the field of newsletter delivery, administration and management of technical and software equipment on which My Personal Data is stored;

I am aware that the legal ground for the processing of My Personal Data by the Controller, Processor and Additional Controllers is my consent.

I am aware that the provision of My Personal Data to the Controller and the granting of this consent to the processing of My Personal Data is not my obligation, i.e. it is on a voluntary basis and subject to my consideration only.

I acknowledge having received information concerning security of My Personal Data, in particular that:

  1. The Controller and the Processor adopted effective security measures to prevent unauthorised or accidental access to and unauthorised change, destruction or loss or other unauthorised processing of My Personal Data;
  2. A “data processing agreement” was entered into between the Controller and the Processor, providing, among other things, what are the Processor’s data protection obligations;
  3. The Processor adopted a security guideline that sets out the responsibilities for the implementation of security measures;
  4. The Controller’s and Processor’s employees are obliged to keep confidential about the processed personal data;
  5. Only the following persons have access to My Personal Data: (i) PR employees of the Controller; (ii) persons working for the Controller and the Processor, who were charged by the Controller with the newsletter delivery, administration and management of technical and software equipment by which My Personal Data is processed;
  6. The Controller adopted the data protection rules. The Controller determined the rules of access to My Personal Data and the rules of data confidentiality and security for its employees and Processor which all stakeholders are obliged to observe.

Principles and procedures of personal data processing

We would also like to inform you about principles and procedures during your personal data processing, in compliance with the provisions of Article 5 of the GDPR and PDPA.

Your personal data have been processed such that:

  • The processing is lawful, correct and transparent;
  • Personal data are only collected for definite and legitimate purposes and are not processed in a way incompatible with these purposes;
  • The processed personal data are always proportional and relevant in relation to the purpose for which they are processed;
  • The processed personal data are accurate;
  • Personal data are only stored in a form enabling the identification of the data subject for the period required for the given purposes for which they are processed;
  • Their integrity and confidentiality are always guaranteed.

Data security

The controller has introduced and maintained reasonable technical and organisational measures, internal inspections and processes of the information security in compliance with the best business practice corresponding to the possible risk of a threat to you as a data subject. At the same time, the state of the technological development is taken into account with the aim of protecting your personal data against accidental loss, destruction, changes, unauthorised publication or access. These measures include inter alia taking appropriate steps to ensure the responsibility of respective employees who have access to your data, employee training, regular backup, procedures for data recovery and incident control and software protection of the equipment, on which data with personal data are stored.

Information about rights under GDPR

Under Article 7 (3) of the GDPR:

  • I have the right to withdraw my consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

Under Article 13 and 14 of the GDPR:

  • I have the right to the provision of the information where personal data are collected from the data subject, but also if data were obtained from a third party. This obligation is fulfilled by this information on the Processing of Personal Data..

Under Article 15 of the GDPR – Right to access to My Personal Data:

  • I have the right to obtain from the Controller confirmation as to whether or not My Personal Data  are being processed, and, if so, access to My Personal Data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom My Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the planned period for which My Personal Data will be stored, or, if it is not possible to determine it, the criteria used to determine it; e) the existence of the right to request from the Controller rectification or erasure of My Personal Data or restriction of processing of My Personal Data or to object to such processing;
  • I have the right to lodge a complaint with a supervisory authority;
  • I have the right to obtain all available information as to the source of My Personal Data if not acquired directly from me,; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the procedure used, as well as the meaning and the expected consequences of such processing for me;
  • I have the right to be provided with a copy of My Personal Data processed by the Controller. The Controller may charge a reasonable fee for any further copies requested by me based on administrative costs. If I make the application in electronic form, the information shall be provided in a commonly used electronic form, unless otherwise requested by me.

Under Article 16 of the GDPR – Right to rectification of My Personal Data:

  • I have the right to rectification on the part of the Controller of inaccurate personal data concerning me without undue delay. Considering the processing purposes, I have the right to completion of incomplete personal data, even by providing a supplementary statement.

Under Article 17 of the GDPR – Right to erasure of My Personal Data:

  • I have the right to erasure on the part of the Controller of My Personal Data without undue delay for one of the following reasons:
  1. My Personal Data are no longer required for the purposes for which they have been collected or otherwise processed;
  2. I have withdrawn my consent to the processing of My Personal Data, and there is no other legal grounds for the processing;
  3. I have objected to the processing under Article 21, par. 1 of the GDPR, and there are no prevailing legitimate grounds for the processing, or I have objected to the processing under Article 21, par. 2 of the GDPR;
  4. My Personal Data have been unlawfully processed;
  5. My Personal Data have to be erased to comply with a legal obligation in the law of the European Union or a Member State to which the Controller is subject;
  • what is specified under clauses (a) through (e) of this paragraph will not apply if the processing of My Personal Data is necessary:
  1. for exercising the right to freedom of expression and information;
  2. for compliance with a legal obligation that requires processing by the law of the European Union or a Member State to which the Controller is subject or for the performance of a task carried out in the public interest or in the scope of a public authority if the Controller has been authorised by it;
  3. for reasons of public interest in the area of public health;
  4. for archiving purposes in the public interest, for the purpose of scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR; or
  5. for the establishment, exercise or defence of legal claims.

Under Article 18 of the GDPR – Right to restriction of processing of My Personal Data:

  • I have the right to obtain from the Controller restriction of processing where one of the following applies:
  1. If I contest the accuracy of My Personal Data for a period enabling the Controller to verify the accuracy of My Personal Data;
  2. If the processing is unlawful and I oppose the erasure of My Personal Data and request the restriction of their use instead;
  3. If the Controller no longer needs My Personal Data for processing purposes, but I would require them for the establishment, exercise or defence of legal claims;
  4. I have objected to processing under Article 21, par. 1 of the GDPR pending the verification whether the legitimate grounds of the Controller prevail over mine.
  • If the processing has been restricted under clauses a) through d) of this paragraph, My Personal Data, with the exception of storage, may only be processed with my consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Under Article 19 of the GDPR – Notification obligation regarding rectification or erasure of My Personal Data or restriction of their processing:

  • The Controller advises individual recipients to whom My Personal Data have been disclosed of any rectification or erasure of My Personal Data or processing restrictions of, unless this proves impossible or involves unreasonable effort. The Controller informs me about these recipients only if I request it.

Under Article 20 of the GDPR – Right to data portability:

  • I have the right to obtain the personal data concerning me, which I have provided to the Controller, in a structured, commonly used and machine-readable format and I have the right to transmit those data to another controller without hindrance from the Controller, provided that the processing is carried out by automated means. In exercising my right to data portability under the previous sentence, I have the right to have My Personal Data transmitted directly from the Controller to another controller, where technically feasible.

Under Article 21 of the GDPR – Right to object:

  • I have the right to object, on grounds relating to my particular situation, at any time to the processing of My Personal Data under Art. 6(1)(f) of the GDPR – the Controller’s legitimate interest, including profiling based on those provisions. The Controller will no longer process My Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing that outweigh my interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  • I can exercise my right to object by automated means using technical specifications.

Under Article 22 of the GDPR – Automated individual decision-making, including profiling:

I have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal impacts on me or similarly affects me in a material way. This does not apply if the decision:

  1. is necessary to enter into, or perform, a contract between me and the Controller;
  2. is permitted by the law of the European Union or a Member State to which the Controller is subject and which also determines suitable measures to safeguard my rights and freedoms and legitimate interests;
  3. is based on my express consent.

Under Article 34 of the GDPR – Communication of a personal data breach

If it is likely that a specific instance of a security breach of My Personal Data will result in a considerable threat to my rights and freedoms, the Controller is required to report the breach to me without undue delay.

However, the reporting referred to in this paragraph is not required if any of the following conditions are met:

  1. the Controller has introduced appropriate technical and organisational measures, and these measures have been applied to the personal data affected by the personal data breach, in particular measures that render the personal data unintelligible to anyone who is not authorised to access them, such as encryption;
  2. the Controller has taken subsequent measures that ensure that no considerable threat to the rights and freedoms referred to in the first paragraph of this article is likely to materialise;
  3. It would involve unreasonable effort. In this ca

Information on how the rights are exercised

A person interested in the newsletter may exercise his/her rights directly with the Controller at the above-mentioned address, either:

  • electronically via data box; or
  • electronically via email.

If a request is filed electronically, the Controller will provide the information also electronically, unless required otherwise by the person interested in the newsletter. In case of a request filed electronically, the Controller must verify the identity of the person who filed the request to prevent the disclosure of information to authorised persons. To verify the identity, the Controller will contact the person interested in the newsletter . The Controller provides a copy of the processed personal data for free. A request filed repeatedly by the same person interested in the newsletter will be considered an obviously unreasonable request. In such a case, the Controller may either charge a reasonable fee to process the request or deny the request.

The scope of exercise and realization of some of the above-mentioned rights depends on the type and nature of the specific personal data processing.