Controller’s contact details
The contact details of the Controller are as follows:
Address: Türkova 2319/5b, Prague 4, 149 00, Czech Republic
Telephone: +420 222 508 297
The Controller did not appoint a Data Protection Officer within the meaning of Article 37 of the Regulation.
Personal data that the Controller processes
Personal data mean any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Controller is the operator of websites at addresses www.mirror121.com (hereinafter the “website”), through which it offers its services and products. A contact form is located on the website. The Controller requires the following personal data for completing the contact form: a name, surname, telephone, e-mail address, and, further, information about the company you work for and your job position. The data regarding the company and position are primarily used to fit the Controller’s offers to your needs and requirements.
If a contract is concluded between you and the Controller, the Controller requires your identification and contact details (e.g. your name, surname, telephone, address, date of birth), and, if applicable, other information that is necessary for the performance of the contract.
The Controller does not process any of your personal data unless you have given your consent to such processing or unless the legislation permits the processing of personal data without consent.
If you use the website, the Controller records your IP address and standard information, such as the type of your browser and links to other web pages you viewed on the Controller’s website. This information is used to monitor and prevent fraud, diagnose problems, and process statistical data that are anonymous and do not disclose your personal data.
Purposes of the processing of personal data
The Controller processes your personal data for the following purposes:
- pre-contractual negotiations;
- performing a contractual relationship;
- contacting you in order to respond to your inquiry, to provide information about services and products upon your request;
- sending commercial communication, service and product offers, information about events organised by the Controller, including sending invitations to these events, and carrying out other marketing activities;
- compliance with the Controller’s statutory duties;
- improving the quality of services provided by the Controller, and improving the website features.
Legal basis for the processing of personal data
The Controller processes personal data based on the following legal bases:
- processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of measures taken at the request of that data subject before the conclusion of the contract; the disclosure of personal data is a prerequisite for the performance of a contract or for the implementation of measures taken at the request of that data subject before the conclusion of the contract; without disclosure of personal data, it is not possible for the Controller to conduct pre-contractual negotiations, to conclude or perform the contract;
- processing is necessary for compliance with a legal obligation to which the Controller is subject;
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data;
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Your consent constitutes only one of the legal bases applicable to the processing of personal data. The Controller asks for your consent to the processing of your personal data above all when sending the commercial communication, service and product offers and information about events organized by the Controller, including sending invitations to these events.
The consent to the processing of your personal data given by you to the Controller is granted to the Controller by you voluntarily, and you have the right to withdraw it at any time, by sending an e-mail message to that end to the Controller’s email address: firstname.lastname@example.org, stating your name and surname for your identification. Any withdrawal of your consent is without prejudice to the lawfulness of processing based on the consent given prior to such withdrawal.
Period during which the personal data will be processed
Personal data will be processed by the Controller:
- for a period of time that is necessary for exercising the rights and performing the obligations arising from the contractual relationship between you and the Controller, and for raising claims arising from these contractual relationships – for the term of the contractual relationship and thereafter 15 years after the termination of the contractual relationship;
- as concerns the processing of personal data on the basis of consent – for a period from the time the consent is given until it is revoked.
After the expiry of the period for which the personal data are stored, the Controller will delete them.
Disclosure of personal data to third parties
Personal data are provided to third parties cooperating with the Controller as part of providing services, which parties are involved in delivering products, making payments, and providing marketing services (i.e. in particular, mailing and cloud services providers). These third parties need access to your data in order to carry out their activities, and when processing your personal data, they are required to comply with the personal data processing principles set out in the Regulation. The current list of such third parties is available upon request.
Without your consent, the Controller does disclose your personal data to any third parties other than those stated above, nor does it share them with other persons or non-affiliated companies, except for the following:
- compliance with legislation or in response to requirements set out in legislation;
- protection of the rights and property of the Controller, its agents, users, and other persons, in particular for the purposes of enforcing its contracts, policies and user conditions and, in emergency situations, for protecting the security of the Controller, its users, or any other persons;
- in connection with any merger, a sale of company assets, financing or acquisition of all or part of the Controller’s enterprise by another company or during such process.
The Controller will not transfer your personal data without your consent to any third country or international organization, except for the third parties listed above.
Rights of the data subject
As the data subject whose data are processed, you have the rights listed below that you can enforce at any time. These include:
- the right to access your personal data (i.e. the right to obtain information whether or not your personal data are being processed, and, where that is the case, the right to access them);
- the right to have your personal data rectified (i.e. you may request correction if you find out that the Controller processes inaccurate or untrue data);
- the right to request explanations (i.e. if you suspect that the processing of your personal data violates the protection of your personal and private life or is in breach of the law);
- the right to limit the processing of personal data (i.e. the right to request a temporary limitation on the processing of your personal data);
- the right to have your personal data erased (i.e. if your data are no longer needed for the purposes for which they were processed);
- the right to object to the processing of personal data (the Controller is required to prove that there is a compelling legitimate reason for the processing of personal data that overrides your interests or rights and freedoms);
- the right to data portability (i.e. the right to request that your data be provided to a third person);
- the right to file a complaint with the Office for Personal Data Protection (i.e. if you believe that your privacy has been violated);
- the right to withdraw your consent to the processing of your personal data at any time; any withdrawal of the consent is without prejudice to the lawfulness of processing based on the consent given prior to such withdrawal.
Security measures and disclosure of personal data
The Controller declares that it has taken all appropriate technical and organizational measures to safeguard personal data.
The Controller has taken technical measures to secure data storage and personal data storage in paper form, especially by antivirus software, encrypted discs, regular backups, and passwords. Data in paper form are secured in lockable cabinets in the Controller’s establishment, in a safeguarded building. The Controller declares that personal data can only be accessed by persons authorized by it.
Cookies and web beacons
The Controller can also collect data during the use of websites using web beacons. These are electronic images that can be used on websites in connection with the services offered by the Controller through the website or in an e-mail sent by the Controller. It uses beacons to forward cookies, count visits, and to let you know if an e-mail has been opened and processed. The Controller can also collect information about your computer or any other access device to mitigate risks and prevent fraud.
Effective date: 25 May 2018