Privacy Policy
Personal data controller and data subject
The data controller is the company operating this website, i.e STATECH s.r.o., ID No.: 274 02 975, with its registered office at Počapelská 346, 277 01 Dolní Beřkovice, registered in the Commercial Register lodged with the Municipal Court in Prague, Section C, File No. 111021 (“controller”). The controller may be contacted in writing at the specified address or via email at privacy@statech.cz.
The data subject is a natural person who provides their personal data to the data controller based on a rental agreement, purchase agreement, service agreement or other agreement concluded with the controller or based on consent to process personal data when subscribing to the newsletter distributed by the controller. The data subject may also be a natural person whose personal data the data controller obtains from other lawful sources. Furthermore, the processing may also relate to contracts concluded with legal entities if they contain personal data of the natural persons representing them or persons authorised to execute the contract.
Scope of personal data processing
The controller processes personal data in the scope provided by the data subject or in the scope obtained from other lawful sources by the controller. This includes: name, surname, date of birth, place of residence, place of business, identification number, tax identification number, email address, telephone number, signature.
Purpose of personal data processing
The controller processes the data subject’s personal data for the fulfilment of contracts concluded between the data subject and the controller (rentals, sales and service), to ensure compliance with its legal obligations and for direct marketing purposes (offering the controller’s products and services), including sending commercial communications as defined by Act No. 480/2004 Coll., on Certain Information Society Services. The controller only distributes business correspondence when the data subject has subscribed to the newsletter or if the controller has obtained detailed electronic contact details for the data subject during the sale of its products or services. The data subject may easily unsubscribe from the newsletter free of charge by sending an email to privacy@statech.cz.
Determining the necessity of processing
The controller shall protect the privacy of the data subject’s data, and therefore only processes that personal data necessary for the defined purposes of processing.
Legal basis for processing personal data
The legal basis for processing for direct marketing purposes is consent from the data subject to the processing of their personal data (subscribing to the newsletter) or the legitimate interests of the controller (whereby electronic contact details are obtained in connection with the sale of the controller’s product or service under Act No. 480/2004 Coll.).
In other instances, the legal basis for processing is the performance of an agreement, to protect the legitimate interests of the controller (protect property, apply rights under an agreement within litigation, etc.) and to comply with legal obligations.
Period of personal data processing
If personal data is processed to perform an agreement, the controller shall process this personal data for the duration of the contractual relationship and for an additional 10-year period, given the length of the statute of limitations concerning compensation for damage or injury. If personal data is processed to comply with a legal obligation, the controller shall process this personal data for the period laid down in legislation. If personal data is processed based on consent from the data subject, the controller shall process this period data for a 10-year period, unless consent to such personal data processing is revoked at any time in such period. This has no prejudice on the controller’s obligation to process personal data for the period laid down in applicable legislation and in accordance therewith.
Revocation of consent to personal data processing
If the data subject provides the controller with consent to personal data processing, they may revoke such consent at any time and at no charge by sending an email to privacy@statech.cz. Revocation of consent has no prejudice against the lawfulness of processing based on consent issued before it is revoked. Revocation of consent has no impact on the personal data processed by the controller on a legal basis other than consent (i.e. processing to perform an agreement, legal obligations or other reasons specified in valid legislation).
Access to personal data
The controller has access to the personal data of data subjects, along with certain third parties, recipients, who provide suitable guarantees and whose processing complies with the obligations under valid legislation and who ensure suitable protection of the rights of data subjects. Personal data recipients may also be companies specialising in the recovery of debts (collection agencies), as well as a company in a group of enterprises performing the same activities as the controller (disclosure within the group), whereby in such cases this personal data shall only be disclosed within Member States of the European Union. The controller shall not provide personal data to any third countries or international organisations (except for Google Analytics cookies, see below).
Proof of identity of the data subject
The controller may require that data subjects provide proof of their identity to restrict unauthorised access to personal data.
Rights of data subjects concerning personal data
Data subjects have the following rights with respect to personal data:
- the right to revoke consent at any time;
- the right to rectification of personal data;
- the right to restrict processing of personal data;
- the right to object to processing in certain cases;
- the right to data portability;
- the right to access personal data;
- the right to be informed if personal data protection is compromised in specific cases;
- the right to erasure (the right to be forgotten) in specific instances; and
- other rights laid down in the Personal Data Processing Act and Regulation No 2016/679, the General Data Protection Regulation (GDPR).
What does it mean when a data subject has the right to object?
Under Article 21 of the GDPR, a data subject has, inter alia, the right to object to the processing of their personal data if such processing is performed based on a legitimate interest, including processing for direct marketing purposes. Objections addressed to the controller shall be sent via email to: privacy@statech.cz. If a data subject raises an objection to processing for direct marketing purposes, the personal data controller shall no longer process such data in the given scope.
More information concerning such right is contained in Article 21 of the GDPR.
Right to file a complaint
A complaint regarding the processing of personal data by the controller may be filed by the data subject with the supervisory authority, which is the Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague, www.uoou.cz. Alternatively, the data subject has the right to seek judicial protection from a competent court.
Obligation to provide personal data
The data subject provides its personal data on a completely voluntary basis. The data subject is under no obligation to provide such data. There is no threat of any penalty for not providing personal data. However, if a data subject chooses not to provide its personal data to the controller, no contract involving the controller and the data subject may be concluded or performed. It is completely within the competencies of the data subject to decide to enter any contractual relationship with the controller or not.
Personal data protection
All personal data is secured using standard procedures and technologies. However, it is not objectively possible to completely guarantee the security of personal data. Therefore, it is impossible to provide a 100% guarantee that no third party will gain access to such personal data, it cannot be copies, published, modified or destroyed by defeating the controller’s security measures. Within this context, the controller undertakes to regularly conduct vulnerability checks of the system and to ensure it has not been subject to attack, and to apply such security measures that may be reasonably demanded of the controller to prevent unauthorised access to personal data and that provide sufficient protection given the current state of the art. All accepted security measures are regularly updated.
GPS on aerial work platforms and the Q.Drive application
GPS monitoring devices are installed on all aerial work platforms owned by the controller to monitor their movements and to protect the controller's property. Aerial work platform positioning data obtained from GPS devices are processed by the GPS system operator (processor), who provides suitable guarantees and the processing of which meets the conditions under valid legislation and secures suitable protection for the rights of data subjects. The data controller does not connect any aerial work platform positioning data to any identifiable natural persons (data subjects).
The controller uses the Q.Drive application to monitor the movement of its vehicles. Details concerning personal data processing that is conducted through this application are contained in the privacy policy contained right in the application.
Monitoring of the controller’s site
The controller monitors its site with a CCTV system that stores temporary video recordings
Cookie Policy
The controller uses cookies on its websites that are saved on the data subject’s devices. Cookies are small files that make a website more functional, customise website content to meet the needs of data subjects, and remember selected settings.
Cookies used by the operators of advertising systems running on our website may also be stored on your computer when you visit our website. Our company also uses Google systems for remarketing activities. We use data from remarketing exclusively for segmentation of visitors in order to display more relevant ads. Segments are created using several general patterns of visitor behaviour.
Information gathered from Google Analytics cookies used to analyse site traffic and remarketing purposes are sent to Google, which is headquartered in the USA (a third country). The transfer of personal data to these companies is based on standard contractual clauses. Google uses such information for the purposes of evaluating the use of websites and creating activity reports from such sites for the controller. The information is also used to provide other services related to activity on the site and the use of the Internet in general. Google may provide such information to third parties if required by law or if such third party processes this information for Google.
The Google Analytics service is an expansion of the related advertising functions provided by Google, specifically: Google Display Network impressions, remarketing (showing content network ads based on viewed products) and extended demographic reports (reporting anonymous demographic data).
If a data subject does not want to provide anonymous data on Internet usage to Google Analytics, they may use the plugin provided by Google. Data will no longer be transmitted once this is installed and activated in your browser. More information on the processing and use of data is provided in Google’s Terms and Conditions.
Standard browsers (Safari, Internet Explorer, Firefox, Google Chrome and others) support cookies. You may use your browser settings to manually delete individual cookies, disable or prohibit cookies or simply disable or enable cookies for individual websites. For more detailed information, please refer to your browser’s Help section. If your browser is configured to accept cookies, we will operate under the assumption that you consent to the use of standard cookies from the controller’s server.
The controller will not associate the data obtained from cookies with any other data and shall handle this data in a way that does not allow specific persons to be identified.
The controller uses temporary cookies and persistent cookies on its websites. Temporary cookies are only stored on the given device until the browser is closed. Temporary cookies allow information to be saved when navigating from one site to another and eliminate the need to repeat the entry of certain data. Persistent cookies enable the identification of a data subject’s device on frequently visited websites and the modification of site content to match the user’s interests, but do not allow for the identification of a specific individual. The information obtained from cookies is stored in a completely unanimous manner and is not associated with any other data.
The following table shows how we use the individual types of cookies.
Publisher / Cookie Name | Type | Expire | Description |
---|---|---|---|
Facebook (_fbp) | Analytical, Tracking, Remarketing | 1 hour | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. |
Google Analytics (_ga,_gac_.*,_gid) | Analytical, Tracking | persistent 90 days persistent | |
php (PHPSESSID) | Essential | may vary |