The purpose of this Personal Data Processing Policy for visitors to the www.coingarage-finance.com website (hereinafter referred to as the "Policy") is to provide information on what personal data the Coingarage Finance s.r.o. business, ID NO: 17579708, with its registered office at Revoluční 1082/8, 110 00 Prague 1, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 373482 (hereinafter referred to as "the Company" or "the Controller") processes about natural persons when providing services, visiting websites operated by the Company and contacting potential customers, for what purposes and for how long the Company processes this personal data in accordance with applicable law, to whom and for what reason it may transfer it, as well as information on what rights individuals have in relation to the processing of their personal data. This Policy applies to the processing of personal data of customers, their representatives or contact persons as appropriate, users of the services, those interested in the services and goods of the Company and visitors to the websites operated by the Company, always to the extent of the personal data corresponding to their position in relation to the Company. This Policy is effective as of 1 October 2022 and is issued in accordance with Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data, and Act No. 110/2019, the Personal Data Processing Act ("Regulation" or "GDPR") in order to ensure the Company's information obligation as a controller pursuant to Article 13 of the GDPR.
Personal data is any information relating to a natural person that the company is able to identify. In connection with the provision of services and sale of goods, the following categories of personal data may be processed by the Company.
1. Basic personal identification data and address data
Such data is necessary for the conclusion and performance of a contract. In particular, the following personal data:
- academic degree
- first and last name
- name of the business company
- birth number (if for any reason the birth number has not been assigned, then the date of birth)
- registration number, tax identification number
- address of permanent residence
- address of the registered office or place of business
- billing address
- numbers of the submitted identification documents and their copies identification data of the customer's representative or contact person, the customer's designated contact person
- identification details of the payer of the bill
- bank account
In the case of contracts for one-off sales of goods, the scope is limited to basic identification details.
2. Contact details
- contact telephone number
- contact email
- social networking addresses
3. Details of services received, service usage and payment behaviour
- type and specification of service provided
- volume of services provided and their cost
- customer segment
- payment behaviour information
4. Other data generated in connection with the provision of services
This data is generated in the provision of services that are not electronic communications services or in the provision of electronic services.
5. Data from communications between the company and the customer
This data is generated in communications related to the provision of services and goods between the company and the customer. This includes records of face-to-face communications with the customer in stores or other direct contact with the customer, written and electronic communications with the customer, and records of telephone, chat and video chat communications between the customer and the company.
6. Data processed on the basis of your consent
The processing of this data is not strictly necessary for the performance of the contract or legal obligations or the protection of the Company's legitimate interests, but the processing of this data will enable the Company to improve its services, to focus on what customers are really interested in and, where appropriate, to inform customers about offers that are suitable for them. This data is only processed if consent is given and may be processed for as long as that consent is valid. This includes:
- data obtained by marketing surveys (processed for customers of services on the basis of consent to the processing of personal
data for commercial purposes)
- data on the use of services, products, benefits and bonuses and typical behaviour in the use of services (they are processed on customers
of the company's services on the basis of consent to the processing of personal data for commercial purposes
- contact data
- records of behaviour on websites managed by the company obtained from cookies in the case of enabling cookies in the
web browser (they are processed to improve the operation of websites operated by the company, internet
advertising and, in the case of consent to the processing of personal data for commercial purposes, these data are processed together with
other personal data for this purpose)
The scope of the data processed depends on the purpose of the processing. For some purposes, data may be processed directly on the basis of a contract, legitimate interest or on the basis of law (without consent), for others only on the basis of consent.
1. Processing for the performance of a contract, the performance of legal obligations and the protection of legitimate interests of the company
The provision of personal data necessary for the performance of a contract, the performance of legal obligations and the protection of legitimate interests is mandatory. Without the provision of personal data for these purposes, it would not be possible to provide the services. We do not need consent to process personal data for these purposes. The processing for the performance of the contract and the fulfilment of legal obligations cannot be refused.
For customers of the company's services, the company is entitled, if they have fulfilled all their obligations towards the company, to process in the customer database their basic personal, identification, contact, service and communication data with the company for a period of 5 years from the date of termination of the last contract with the company.
In the case of purchase of goods from the company, the company is entitled to process the customer's basic personal, identification, contact data, data about the goods and data from the communication between the customer and the company for a period of 4 years from the date of expiry of the warranty period for the goods.
In the case of negotiations between the company and a potential customer on the conclusion of a contract, which did not result in the conclusion of a contract, the company is entitled to process the personal data provided for a period of 3 months from the relevant negotiations.
Invoices issued by the company are in accordance with Section 35 of Act No. 235/2004 Coll, on value added tax are archived for 10 years from their issue. Due to the necessity to prove the legal reason for issuing invoices, customer contracts are also archived for 10 years from the date of termination of the contract.
2. Processing of data of customers of the Company's services with their consent for business purposes effective from 25 May 2018 (effect of the Regulation)
We process personal data of customers of the Company's services with their consent for business purposes. For the period from 25 May 2018, the company is charging a new consent for commercial purposes effective after this date. The effective date of the consent to the processing of personal data for commercial purposes is in the text of the consent.
The provision of consent for commercial purposes is voluntary and may be withdrawn by the customer at any time after 25 May 2018. This consent remains valid for the duration of the use of the goods and services and for the following 4 years thereafter or until revoked by the customer. For business purposes, all categories of data listed in section A of this document (except for signatures and copies of identification documents) may be processed on the basis of consent for as long as the Company is entitled to record such data for the purposes of providing the services, fulfilling its legal obligations and protecting its legitimate interests, but no longer than until the consent is withdrawn or until 4 years have elapsed from the date of termination of the contract for services provided by the Company, unless the customer withdraws consent earlier. If the data subject withdraws his/her consent, this shall not affect the processing of his/her personal data by the Company for other purposes and under other legal titles, in accordance with this Data Processing Policy.
The customer of the Company's service, in the event that he/she allows users to use the service, confirms in the context of giving consent to the processing of personal data for commercial purposes that he/she is entitled to give consent in respect of data relating to users of the service other than the customer.
3. Processing of cookies from websites operated by the Company
In the event that the subject has cookies enabled in his/her web browser, we process behavioural records about him/her from cookies placed on websites operated by the Company, for the purpose of ensuring better operation of the Company's websites and for the purpose of the Company's Internet advertising.
The Company uses the professional and specialized services of other entities in the performance of its obligations and duties under contracts. If these suppliers process personal data transferred from the Company, they have the status of data processors and process personal data only within the framework of instructions from the Company and may not use it otherwise. This includes, in particular, the collection of outstanding debts, the work of experts, lawyers, auditors, IT systems management, internet advertising or commercial representation. The company carefully selects each such entity and enters into a personal data processing contract with each of them, in which the processor has strict obligations to protect and secure personal data.
The processors are companies based both in the Czech Republic and in a member state of the European Union or in so-called safe countries. The transfer and processing of personal data in countries outside the European Union is always carried out in accordance with the applicable legislation.
The company transfers personal data to the administrative authorities and authorities established by the applicable legislation in the performance of its legal obligations.
The company processes personal data manually and automatically. The Company keeps records of all activities, both manual and automated, in which personal data is processed.
For commercial communications of the Company or third parties, the Company uses the abbreviation OS or other appropriate designation which makes it clear that the said communication is a commercial communication within the meaning of applicable law. It is always clear from commercial communications sent by the company that the company is the sender. We may send commercial communications to either customer contacts based on the legitimate interest of the company, and only until you have opted out, or based on your explicit consent to the processing of personal data for marketing and commercial purposes. In the commercial communications sent, there is also a contact to opt-out of receiving these communications.
According to the Regulation and the Act, from 25 May 2018, the data subject has the following rights if he/she is an identifiable natural person for the company and proves his/her identity.
1. Right of access to personal data
According to Art. 15 of the GDPR, the data subject will have the right of access to personal data, which includes the right to obtain from the company:
- confirmation as to whether it processes personal data,
- information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be made available
, the intended duration of the processing, the existence of the right to request from the controller the rectification or erasure of personal data
relating to the data subject or the restriction of their processing or to object to such processing, the right to lodge
a complaint with a supervisory authority, any available information about the source of the personal data, unless obtained from the data subject, the fact that automated decision-making, including profiling, is taking place, appropriate safeguards in the event of a transfer of the data
outside the EU,
- if the rights and freedoms of others will not be adversely affected, a copy of the personal data.
In the event of a repeated request, the company will be entitled to charge a reasonable fee for a copy of the personal data.
The right to confirmation of the processing of personal data and to information will be exercised in writing to the address of the company's registered office.
2. Right to rectification of inaccurate data
According to Article 16 of the GDPR, the data subject will have the right to rectification of inaccurate personal data processed about him/her by the company. The customer of the company, also has the obligation to notify changes to his personal data and to provide evidence that such a change has occurred. He/she is also obliged to provide the Company with cooperation if it is found that the personal data we process about him/her is not accurate. We will carry out the rectification without undue delay, but always taking into account the technical possibilities. A request for rectification of personal data may be made to the address of the company's registered office.
3. Right to erasure
According to Article 17 of the GDPR, the data subject will have the right to erasure of personal data relating to him or her, unless the company demonstrates legitimate grounds for the processing of such personal data. The company has set up mechanisms to ensure the automatic anonymisation or erasure of personal data when they are no longer needed for the purpose for which they were processed. If the data subject considers that his or her personal data has not been erased, he or she may contact us in writing at the address of the company's registered office.
4. Right to restriction of processing
According to Article 18 of the GDPR, the data subject will have the right to restriction of processing until the complaint is resolved if he or she contests the accuracy of the personal data, the grounds for processing or objects to the processing, in writing to the address of the company's registered office.
5. Right to notification of rectification, erasure or restriction of processing
According to Article 19 of the GDPR, the data subject will have the right to be notified by the company in the event of rectification, erasure or restriction of the processing of personal data. If the rectification or erasure of personal data occurs, we will inform the individual recipients, except where this proves impossible or requires disproportionate effort. Upon request of the data subject, we may provide information about these recipients.
6. Right to portability of personal data
According to Article 20 of the GDPR, the data subject will have the right to the portability of the data concerning him or her that he or she has provided to the controller in a structured, commonly used and machine-readable format, and the right to request the company to transfer this data to another controller.
If a data subject provides us with personal data in connection with a service contract or on the basis of consent and the processing is carried out by automated means, he or she has the right to obtain such data from us in a structured, commonly used and machine-readable format. If technically feasible, the data may also be transferred to a controller designated by you, provided that the person acting on behalf of the respective controller is duly designated and can be authorised.
In the event that the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be granted. The request may be exercised at the Company's branded outlets upon proof of the legitimacy of the request.
7. Right to object to the processing of personal data
According to Article 21 of the GDPR, the data subject will have the right to object to the processing of his or her personal data on the grounds of legitimate interest of the company.
If the company fails to demonstrate that there is a compelling legitimate ground for the processing that overrides the interests or rights and freedoms of the data subject, the company will terminate the processing without undue delay based on the objection. The objection may be sent in writing to the address of the company's registered office.
8. Right to withdraw consent to the processing of personal data
Consent to the processing of personal data for business purposes effective as of 25 May 2018 may be withdrawn at any time after that date. The revocation must be made by an explicit, comprehensible and specific expression of will, either by telephone on the customer service line, at the company's shop or at the company's headquarters.
The processing of data from cookies can be prevented by setting the web browser.
9. Automated individual decision-making, including profiling
The data subject has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects on him or her or similarly significantly affect him or her. The company states that it does not carry out automated decision-making without the influence of human judgement with legal effects on data subjects.
10. Right to contact the Data Protection Authority
The data subject has the right to contact the Data Protection Authority (www.uoou.cz).
Matters not expressly covered by this Policy are governed by Act No. 110/2019, the Personal Data Processing Act.
This Personal Data Processing Policy is effective as of October 1, 2021 and may be updated from time to time. The current version can always be found on the website.