Principles of Personal Data Protection
The website that you are viewing is administrated by the company IBG Česko s.r.o. (hereinafter referred to as the “Company”). Within the Company, we focus on the protection of your personal data in accordance with the legislation in force, which since 25 May 2018 is represented particularly by EU Regulation 2016/679 (General Data Protection Regulation, hereinafter referred to as the “GDPR”), which is supplemented in the Czech Republic by the accompanying Act on Processing of Personal Data.
This section of the website contains, in particular, information on how we process your personal data. This may vary depending on your relationship with the Company (e.g., if you are a supplier, customer, visitor or job applicant).
Administrator of personal data
The administrator of personal data in the sense of national and European legislation is:
IBG Česko s.r.o.
Kralupy nad Vltavou, V Pískovně 2053, Postal Code 278 01
Identification no.: 26683229
If you have any questions regarding the processing and protection of your personal data, you can contact us by e-mail at GDPR@ibg.cz or by telephone at +420 315 721 445.
Categories of personal data
In connection with the Company’s activities, we process various categories of personal data. We retain most of the personal data that we process in relation to our customers, suppliers and other third parties in connection with the offer, provision and assurance of our services and products. This primarily involves the following categories:
- Address and identification (e.g. name, surname, telephone number, address, e-mail address)
- Descriptive data including image information
- Data on a different person
Purposes of processing
We process personal data primarily for the purposes set forth below:
- Performance of business activities and activities arising therefrom. Performance of such activities includes:
- Negotiations on contractional relationships which, in addition to the actual conclusion of the given contract, involves preparation of calculations, offers and solution proposals.
- Determination of the customer’s needs and requirements.
- Administration of contracts and termination of contracts.
- Fulfilment of the commitments arising from contracts and provision of maintenance services.
- Fulfilment of the requirements of government and other bodies and fulfilment of the statutory obligations arising from the legal regulations.
- Protection of the Company’s rights and interests protected by the law.
- The internal administrative needs of the Company.
- Establishment, management and termination of relationships with intermediaries and business partners.
- Offering of the Company’s own services (direct marketing).
- Addressing of potential customers.
- Offering of third-party products and services and transfer of personal data to third parties for such purpose.
- Transfer of personal data within IBG for internal administrative purposes, including processing of customers’ and employees’ personal data.
Legal grounds of processing
The Company always processes required and obtained personal data only for the specified purposes of processing on the basis of the relevant legal grounds of processing:
- Processing is necessary for the performance of a contract to which the subject of data is a contracting party, or for the implementation of the measures adopted prior to the conclusion of the contract at the request of the subject of data (Article 6  [b] of the GDPR).
- Processing is necessary for the fulfilment of the legal obligation relating to the administrator (Article 6  [c] of the GDPR).
- Processing is necessary for the purposes of the legitimate interests of the relevant administrator or third party, with the exception of cases when the interests or fundamental rights and freedoms of the subject of data requiring the protection of personal data have precedence over such interests, especially if the subject of data is a child (Article 6  [f] of the GDPR).
- The subject of data has granted consent to the processing of his/her personal data for one or more specific purposes (Article 6  [a] of the GDPR).
Processing necessary for the purposes of legitimate interests
The company processes personal data for the purposes of legitimate interests, particularly for:
- Processing of non-contracting parties’ data – The Company processes the personal data of persons who are non-contracting parties on this legal basis. This particularly concerns contact and other persons whose personal data are necessary for the performance of contractual activities.
- Marketing activities and dissemination of commercial messages – in the case of fulfilment of the condition that the subject of data can reasonably anticipate such processing with respect to the circumstances. Direct marketing includes offering of the Company’s products to existing customers.
- Protection of the Company’s physical and intangible assets and the safety of persons – this includes processing using a camera system and physical and IT security systems.
Processing on the basis of the data subject’s consent
The Company requests consent to the processing of personal data particularly for:
- Collection and evaluation of information (incl. profiling) in connection with business.
Sharing of personal data
We use all personal information obtained from customers and third parties exclusively for the internal needs of the Company. We protect such data from misuse and we do not provide such data to third parties without prior notification or consent.
An exception consists in companies that are part of the IBG group (IBG Slovensko s.r.o., IBG Magyarorsáh Kft.), external companies that provide us with support services, control and audit companies, providers of services necessary for the performance of our activities (administrative activities, payroll administration, archiving, legal consulting, management of receivables, etc.) and bodies of the state administration and local authorities.
In the case of all such service providers, we contractually require (with the exception of bodies of the state administration and local authorities) that they process your personal data in accordance with the conditions of personal data protection and the legislation in force.
We process personal data only within the EU in order to ensure such data’s security and appropriate protection.
Period for which we process your personal data
We process and retain the personal data of customers and third parties for the period necessary for ensuring all rights and obligations arising from the given contract, as well as for the period during which we are obligated to retain data in accordance with the generally binding legal regulations.
We process personal data obtained on the basis of voluntary consent until you withdraw your consent.
In connection with the processing of personal data, you have the right to demand that we do the following:
- upon your request, provide you with information on the kind of data about you that we are processing and other information on such processing, including copies of the processed personal data (i.e. right of access).
- upon your request, carry out correction or completion of your personal data.
- delete your personal data from our systems, if
- we no longer need the data for further processing.
- you have withdrawn your consent to the processing of your data.
- you have legitimately raised an objection against the processing of your data.
- your data were processed illegally.
- your data must be deleted pursuant to the legal regulations.
- restrict the processing of your personal data (e.g. if you assert that processing is illegal and we are verifying the veracity of such assertion or during such period until your objection to processing is resolved).
- on the basis of your withdrawal of consent, cease processing personal data for the processing of which you did not provide to us consent.
Furthermore, you have the right to raise an objection against the processing of your personal data.
If you intend to exercise any of these rights, please contact us at the e-mail address or correspondence address set forth above.
We will also notify you of any breach of the security of your personal data if such breach poses a high level of risk with respect to your rights and obligations.
You also have the right to address your complaints or suggestions to the Office for Personal Data Protection, contact: Pplk. Sochora 27, 170 00 Prague 7, email: firstname.lastname@example.org, data box: qkbaa2n.