PRIVACY POLICY

Commercial company

EU DIGITAL SOLUTIONS LTD
Company No. 16621031
with registered office at ENTERPRISE HOUSE, 2 PASS STREET, OLDHAM, MANCHESTER, OL9 6HZ
incorporated under the Companies Act 2006 as a limited company.
e-mail: info@electronic-vignette.eu

(hereinafter referred to as the „Administrator“)

hereby takes the opportunity to inform the data subjects about the principles of personal data processing and certain rights of data subjects under the applicable legislation. We ask data subjects to read this data processing policy carefully, as this policy sets out the basis on which we will process the personal data that we obtain from you as a data subject or that you provide to us. This policy is a clear summary of the most important practices that the controller applies to protect personal data. If you have any questions about the processing and protection of your personal data, please contact the controller at the contact details listed in the header.

Introductory provisions

The company EU DIGITAL SOLUTIONS LTD, Company No. 16621031 with its registered office at ENTERPRISE HOUSE, 2 PASS STREET, OLDHAM, MANCHESTER, OL9 6HZ incorporated under the Companies Act 2006 as a limited company is the administrator of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as „GDPR“) in conjunction with Act No. 110/2019 Coll., on the processing of personal data.

The Administrator undertakes to protect and respect the data subjects' right to privacy, as the Administrator considers the protection of privacy and personal data to be its primary duty. The Administrator declares that it handles personal data exclusively in accordance with the legislation in force.

This Policy constitutes a generally applicable document which the Administrator undertakes to follow in the protection and processing of personal data of natural persons as data subjects obtained by the Administrator in connection with the negotiation of a contract and any subsequent conclusion of a contract or in connection with any free consent of the data subject to the processing of his or her personal data.

Principles of personal data processing

In accordance with Article 5 of the GDPR, the Administrator is responsible for ensuring that the processing of personal data complies with the principle:

  • lawfulness – the obligation to determine the legal title for each processing of personal data,
  • fairness and transparency – the obligation of the controller to ensure that the data subject is as well informed as possible about his or her personal data, including in particular transparent communication with the data subject and openness towards the data subject regarding his or her personal data. The obligation of the Administrator to use plain language to communicate with the data subject about his/her personal data and the obligation to provide clear, comprehensible and accurate information,
  • purpose limitation – the obligation for the Administrator to process personal data only for specified, explicit and legitimate purposes,
  • data minimisation – the obligation for the Administrator to process only those personal data which he/she needs for the fulfilment of the stated purpose of the processing and only to the extent necessary,
  • accuracy – the obligation to keep and process only up-to-date and accurate personal data and to delete or correct inaccurate data without delay,
  • storage limitation – the obligation to keep personal data only for the time necessary for the purposes of processing,
  • integrity and confidentiality – the obligation to process personal data in such a way as to maintain their security and prevent unlawful or unauthorised processing or their damage, destruction or loss,

and is able to demonstrate compliance with these principles.

Rights of data subjects in relation to the protection of personal data

The data subject has the right to contact the administrator at any time to obtain information about the processing of his or her personal data.

The data subject shall have the right to contact the administrator at any time to exercise the rights set out below:

  • the right of access to personal data and the right to obtain confirmation from the administrator as to the processing or non-processing of personal data concerning him or her and the right to request a copy of the personal data processed,
  • the right to rectification where the data subject considers that personal data held about him or her by the administrator are inaccurate and the right to have incomplete personal data completed,
  • the right to erasure („right to be forgotten“) of personal data without undue delay if they are no longer necessary for the purpose for which they were collected and processed, if the data subject has withdrawn consent to the processing and there is no further legal basis for the processing, or if the personal data have been unlawfully processed,
  • the right to restriction of processing where the data subject contests the accuracy of the personal data for the period necessary for the administrator to verify the accuracy of the personal data, the processing is unlawful and the data subject refuses to erase such data, the administrator no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims (he data subject has objected to the processing in order to exercise a legal right to obtain the data in order to assert a claim in court), or the data subject has objected to the processing, it is not clear whether the legitimate interests of the administrator outweigh the legitimate interests of the data subject,
  • the right to data portability where the data subject requests the administrator to receive the personal data concerning him/her which he/she has provided to the administrator in a structured, commonly used and machine-readable format,
  • the right to object to the processing of personal data, including profiling, which is processed by the data subject on the grounds of legitimate interest. If the subject objects to the processing of personal data for direct marketing purposes, the personal data will no longer be processed for this purpose,
  • the right to withdraw consent where the data subject has consented to the processing of personal data for purposes requiring consent. The data subject shall have the right to withdraw consent in this case at any time. The Administrator points out that in the event of withdrawal of consent, the processing of personal data that occurred before the withdrawal of consent is lawful,
  • the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, if the data subject believes that the processing of personal data has violated the rules of personal data protection.

The administrator shall provide the data subject, upon request pursuant to Articles 15 to 22 of the GDPR, with information on the measures taken, without undue delay and in any event within one month of receipt of the request. This period may be extended by a further two months if necessary and taking into account the complexity and number of requests. The administrator shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data subject makes the request in electronic form, the information shall be provided in electronic form where possible, unless the data subject requests otherwise.

Processing of personal data

The Administrator declares that it processes the personal data of the data subjects that are necessary to fulfil the purpose of the contract and to protect the legitimate interests and claims of the Administrator.

The Administrator points out that, in addition to processing personal data on the basis of the data subject's free consent, it is allowed to process personal data without the data subject's consent in cases provided for by law (e.g. for the performance of the obligations arising from the concluded contracts; for the fulfilment of the obligations imposed by special legal regulations; for the protection of rights and legally protected interests; for the performance of a task carried out in the public interest; to the extent strictly necessary for the legitimate interest of the administrator for fraud prevention purposes, for the protection against damage to computer systems and electronic communications systems).

The Administrator collects and processes data on the basis of the data subject's free will or to the extent necessary, which the Administrator has obtained in connection with the negotiation of the contract and any subsequent conclusion of the contract or on the basis of another legal title.

The Administrator processes personal data to the extent necessary for the purposes of the contractual relationship or other legal title and to the extent agreed with the data subject, primarily for the purposes of evaluating customer satisfaction, improving services, sending product and service offers, sending commercial communications and newsletters.

Personal data are collected, stored and used for the necessary period of time, but at least for the duration of the contractual relationship or other legal title, for the period of time for which claims arising from the contract can be asserted before the competent public authority, for the period of time necessary to protect the rights and claims of the controller, or for the period of time for which the administrator is required to do so by law, or until the consent is withdrawn, if the data were provided on the basis of the data subject's consent and the obligation to process personal data is not imposed on the administrator by law. In particular, the data is processed in connection with business transactions and for the purpose of customer care, informing about news, products and services, sending selected commercial communications and obtaining the data subject's views, all for the purpose of improving customer care and to comply with the legal or contractual obligations of the controller.

The Administrator shall not communicate personal data to third parties except as provided in this Policy. The Administrator is entitled to share personal data of data subjects with a third party for the purpose of providing information about products and services if the Administrator has the data subject's consent or if required or permitted by law. The administrator is entitled to share the data subject's personal data with a third party in order to prevent a crime or reduce potential risks, where required by law or where the administrator considers it appropriate to protect the legitimate interests, rights or property of itself or third parties. The Administrator transfers personal data to a third party for the purpose of fulfilling an obligation under a contract (order), namely to the State Fund for Transport Infrastructure with its registered office at Sokolovská 1955/278, Prague 9, 190 00, Czech Republic, established by Act No. 104/2000 Coll., on the State Fund for Transport Infrastructure, as amended.

Personal data is collected, stored and processed by the administrator in a secure manner so that it remains confidential and cannot be accessed by any unauthorised third party. Personal data in paper form shall be processed, stored and protected by the administrator at its headquarters in a locked room to which only authorised employees of the administrator who are bound by confidentiality may have access. Personal data in electronic form are processed, stored and protected by passwords and firewalls. If the processing of personal data is based on the data subject's consent or on the legitimate interests and purposes of the administrator, personal data may be processed by external collaborators and suppliers, in particular by an external law firm, an external accounting firm or external IT support. The entities that cooperate with the controller are carefully selected on the basis of safeguards that ensure the technical and organisational protection of the personal data transmitted.

Personal data is archived in accordance with the statutory time limits. The Administrator has set up strict internal rules that verify the lawfulness of the holding of personal data to ensure that personal data is not held by the Administrator for longer than it is entitled to. The Administrator is required to delete relevant personal data once the lawful reason for holding it is no longer applicable.

Final provisions

This Policy shall take effect on 1. 8. 2025 and shall be issued for an indefinite period of time.

The Administrator may make changes to this Policy at any time without the consent of the data subject. The current version of this Policy is available for inspection during business hours at the Administrator's registered office.