Privacy Statement

Privacy Statement pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").

1. Data Controller

Company Name: PPS Czechia, s.r.o.

Company Address: K letišti 1049/57, 161 00 Prague 6 – Ruzyně

ID: 19450346

VAT ID: CZ19450346

Data box ID: vqqnk8e

Email: sekerka@ppscz.com

Company registered in the Commercial Register kept by the Municipal Court in Prague, file number C 386811 (hereinafter referred to as the "controller"), hereby informs you in accordance with Article 12 GDPR about the processing of your personal data and your rights.

2. Scope of Personal Data Processing

Personal data is processed to the extent provided by the data subject to the controller in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes in accordance with applicable laws or to fulfill the legal obligations of the controller.

3. Sources of Personal Data:

• Directly from data subjects

• Wholesale

• Distributor

• Publicly accessible registers

• Lists and records (e.g., commercial register, trade register, land registry, public telephone directory, etc.)

4. Categories of Personal Data Processed:

• Address and identification data for the unique and unmistakable identification of the data subject (e.g., name, surname, title, if applicable, personal identification number, date of birth, permanent address, identity document number, gender, ID, VAT ID) and data enabling contact with the data subject (contact details – e.g., contact address, phone number, fax number, email address, and other similar information)

• Descriptive data (e.g., bank details, date)

• Other data necessary for the performance of the contract

5. Categories of Data Subjects:

• Controller's customers

• Service providers

• Other persons in a contractual relationship with the controller

6. Categories of Recipients of Personal Data:

• Processor

• State and other authorities in the performance of legal obligations set by relevant laws

7. Purpose of Personal Data Processing

• Purposes contained within the consent of the data subject

• Negotiating a contractual relationship

• Contract performance

• Protection of the rights of the controller, the recipient, or other affected persons (e.g., recovery of the controller's claims)

• Archives based on the law

• Fulfillment of legal obligations on the part of the controller

• Protection of the vital interests of the data subject

8. Method of Processing and Protection of Personal Data

The processing of personal data is carried out by the controller. Processing is carried out in its premises, branches, and registered office by authorized employees of the controller, or a processor if applicable. Processing is done using information technology, possibly manually for personal data in paper form, while observing all security principles for the administration and processing of personal data. For this purpose, the controller has adopted technical and organizational measures to ensure the protection of personal data, especially measures to prevent unauthorized or accidental access to personal data, their alteration, destruction, or loss, unauthorized transfers, unauthorized processing, as well as other misuse of personal data. All entities that may have access to personal data respect the data subjects' right to privacy and are obliged to act in accordance with applicable legal regulations regarding the protection of personal data.

9. Duration of Personal Data Processing

In accordance with the deadlines specified in relevant contracts, in the controller's filing and disposal regulations, or in applicable legal regulations, it is the time necessary to ensure the rights and obligations arising from both contractual relationships and relevant legal regulations.

10. Information

The controller processes data with the consent of the data subject, except in cases provided for by law when the processing of personal data does not require the consent of the data subject.