Facebook

DATA PROTECTION NOTICE

Latest update: 25 May 2018

1. GENERAL INFORMATION

Partner in Pet Food CZ s.r.o. (”Company”) processes information in connection with third parties, contact persons of its contracting partners and other individuals including e.g. consumers (who are hereinafter referred to collectively as ”individuals”) which information qualifies as ”personal data” as defined in point 1 of article 4 of the General Data Protection Regulation No 2016/679 of the EU (“GDPR”).
This Data Protection Notice (”Notice”) provides information regarding the processing of these personal data and the rights and remedies of the individuals.
Contact details of the Company:
The registered seat of the Company: Bucharova 1423/6, 158 00 Praha 13
The Company identification number: 241 67 819
The Company is registered in the Commercial Register maintained by the Municipal Court in Prague under file no. C184949
The telephone number of the Company: + 420 234 111 111
The e-mail address of the Company: info@ppfeurope.com
The website of the Company: http://www.ppfeurope.com/

2. UPDATES AND AVAILABILITY

The Company reserves the right to modify this Notice unilaterally with effect subsequent to such modification, subject to the limitations provided for in the laws and with advance notification to the individuals in due time, if necessary. The Company may modify this Notice especially when it is required upon changes in the laws, the practice of the data protection authority, business needs or employees’ needs, any new activity involving personal data processing or any newly revealed security exposures. Upon request, the Company will send a copy of the latest updated version of this Notice to individuals.

3. SPECIFIC DATA PROTECTION TERMS

In certain cases, specific privacy-related terms and conditions may also be applicable of which the individuals who are affected by them will be duly notified. Such specific terms and conditions are provided for in connection with the operation of electronic surveillance systems (i.e. cameras), the entry-control systems operated at the entryways to the offices of the Company, and about cookies that are used on the website of the Company.

4. PURPOSE, LEGAL BASIS AND SCOPE OF PROCESSING

The table below describes the scope of the processed personal data, the purposes, the legal basis, the duration of the processing and the scope of the persons authorised to have access to the data are described. Where a purpose of processing is required for pursuing a legitimate interest of the Company then the Company will make available the balancing test of the underlying interests upon a request submitted to one of the contact details of the Company above. The Company wishes to draw the attention of the individuals to their right of objection to the processing of their personal data due to a cause related to their own situation any time where the processing is based on legitimate interest including the case where the processing takes the form of profiling. In such a case, the Company ceases processing the personal data unless it can prove that the processing has to be continued due to compelling legitimate reasons which override the interests, rights and freedoms of the individuals or which relate to the submission, the enforcement or the protection of legal claims. If personal data is processed for the purpose of direct marketing, individuals may at any time object to the processing of their personal data for that purpose, including profiling, if connected to direct marketing.
Where this Notice indicates the relevant limitation period as the duration of data storage, then event which interrupts the limitation period shall extend the term of the data processing until the new date when the underlying claim may lapse.

 

Purpose of the processing Legal basis of the processing Scope of processed data Duration of storage, access rights, data transfers
Allowing participation in promotions and advertising campaigns (including prize games organised by the Company) – in accordance with the applicable terms and conditions of participation Article 6 1. a) of the GDPR – voluntary consent of the individual given in the course of his/her participation in the promotion or advertising campaign in accordance with the applicable terms and conditions of participation. The individual may withdraw his/her consent any time. Such withdrawal will not affect the legitimacy of the data processing carried out on the consent granted prior to the withdrawal.

Without the consent, the individual cannot participate in the given promotion, advertising campaign or prize game.

 The scope of participating persons and the personal data are determined on a case by case basis, in accordance with the applicable terms and conditions of participation (e.g. name, residential address and the chosen gift, vote cast in a public voting game open for the public etc.). The duration of processing is determined on a case by case basis, in accordance with the applicable terms and conditions of participation taking into account the closing date of the promotion or advertising campaign and the time required for the delivery of the prizes, where applicable.
Authorised persons having access to the data within the Company: determined on a case by case basis, in accordance with the applicable terms and conditions of participation. Unless determined otherwise, the persons having tasks in relation to the promotion or advertising campaign are authorised to have access to the data.
Sending out advertisements and newsletters by email   Article 6 (1) a) of the GDPR – voluntary consent of the individual and Section 7 of the Act no. 480/2004 Coll., on Certain Information Society Services – an explicit consent of the individual is necessary in order to send out advertisements and newsletters by email with exception of sending out advertisements or newsletters in connection with a sale of a product or services to customers. In such a case, the Company may send out advertisements or newsletters related to products or services similar to the products and services bought by the customer under a condition the customer has a clear, easy and free of charge option to block receiving any further advertisements or newsletters by the Company.
Consents may be withdrawn at any time, without limitation and reasoning, free of charge. Such withdrawal will not affect the legitimacy of the data processing carried out with the consent prior to the withdrawal. Without consent, the Company is not permitted to send out advertisements and newsletters by email.
Name and email address of recipients. If an individual withdraws consent, then personal data has to be deleted.
Authorised persons having access to the data within the Company: persons sending out advertisements and newsletters.
Making records of and recordings at Company events Article 6 1. a) of the GDPR (voluntary consent of the individual).
The individual may withdraw his/her consent any time. Such withdrawal will not affect the legitimacy of the data processing carried out on the consent granted prior to the withdrawal.
Without the consent, no recordings can be made.
The consent is not required if the records and/or recordings are made or used to exercise or protect other rights or legally protected interests of others as well as when the records or recordings are reasonably made or used for scientific or artistic purposes and for print, radio, television or similar coverage while not conflicting with legitimate interests of individuals (Section 88 et seq. of the Act no. 89/2012 Coll., the Civil Code (“Civil Code”).
Making photos or videos at events organised by the Company (portraits of individuals). With the consent of the individuals, the photos or videos may be published in the intranet as well as on external media of the Company (e.g. the LinkedIn site of the Company) or on other media likewise (e.g. Company leaflets or brochures). The recording will be deleted if the individual so requested. In case of recordings which have been made public, however, the right of withdrawal can only be exercised until the time when such materials appear publicly. For instance, where photos have appeared publicly, third parties might copy and/or save them outside the control of the Company.
Authorised persons having access to the data within the Company: until the recordings have appeared publicly, such recordings are handled by the HR Department.
Recordings which have been made publicly available on the intranet of the Company, can be seen by all members of the Company’s personnel.
The materials appearing on the LinkedIn site of the Company and on any internet or other media are public.
Sending invitations to events organised by the Company Article 6 1. f) of the GDPR (processing of the data is needed for pursuing the legitimate interests of the Company).
The legitimate interest: successful and efficient organisation of events.
Contact details of the persons whom the Company intends to invite: the names of the participants and the organisations they represent and other data they may provide in connection with their participation (e.g. anticipated time of arrival, preferred presentation or other event, etc.). Unless the individual objects to the processing of his/her data, contact details can be used also after the event for sending out invitations to events organised by the Company or on other occasions for seeking contact. The Company stores the data for 3 years after the last contact made with the individual.
Authorised persons having access to the data within the Company: employees of the Marketing Department
Processing the personal data of contact persons representing contracting partners and/or involved in contract performance / verification of performance (i.e. day by day implementation of  contracts). This includes e.g. the processing of postal addresses of contact persons, their payment instructions or the sending official notifications through the contact details and information regarding contractual obligations to be fulfilled. It depends whether the contract is concluded with the individual (e.g. a private entrepreneur) or with other undertakings; it is Article 6 1. b) of the GDPR where the contract has been concluded directly with the individual and the purpose is the implementation of the contract, or it is Article 6 1. f) of the GDPR – pursuing the legitimate interests of both the Company and those of the contracting partner: fulfilling the obligations, exercising the contractual rights and synchronising cooperation between the contracting parties.
The exchange of personal data is required under the contract; without them, the Company is unable to conclude the contract and/or implement it.
The contact details (i.e. e-mail addresses, telephone numbers, mobile phone numbers, telefax numbers) of the contact persons representing the contracting partners and/or involved in contract performance / verification of performance, and any other activity of or communication between the contracting parties which includes any kind of personal data (e.g. communication received from a contact person or any other person acting on behalf of a contracting partner).
The personal data are either provided to the Company by the contracting partner, or the individuals themselves.
The data are stored for the whole period of the contractual relationship.
After the termination of the contractual relationship, the data will be stored with the Company for as long as required by the respective legal regulation (e.g. tax, accounting) and for as long as the Company requires the data for the purposes of establishment, exercise or defense of legal claims.
Authorised persons having access to the data
within the Company: in the competent areas that are affected by the subject matter of the contract.
Processing the personal data of contact persons representing contracting partners and/or involved in contract performance / verification of performance in connection with compliance issues or any other activity needed to enforce contract performance including seeking remedies in order to enforce the rights arising from the contracts The legal basis of processing data is the legitimate interest of the Company (Article 6 1. f) of the GDPR). The legitimate interest: handling compliance issues or any other activity needed to enforce contract performance including seeking remedies in order to enforce the rights arising from the contracts. The contact details (i.e. e-mail addresses, telephone numbers, mobile phone numbers, telefax numbers) of the contact persons representing the contracting partners and/or involved in contract performance / verification of performance, and any other activity of or communication between the contracting parties which includes any kind of personal data (e.g. communication received from a contact person or any other person acting on behalf of a contracting partner).
The personal data are either provided to the Company by the contracting partner, or the individuals themselves.
The data are stored for the whole period of the contractual relationship.
After the termination of the contractual relationship, the data will be stored with the Company for as long as required by the respective legal regulations (e.g. tax, accounting) and for as long as the Company requires the data for the purposes of establishment, exercise or defense of legal claims.
Authorised persons having access to the data
within the Company: in the competent areas that are affected by the subject matter of the contract.
Handling customer and other requests received by the Company Article 6 1. f) of the GDPR (processing is needed to pursue the legitimate interests of the Company and those of its customer).
The legitimate interest: handling customer and other requests, responding to inquiries, and the mutual performance of the obligations arising from customer contracts.
The personal data affected by the customer and other requests that are received by the Company, the contact data of the customers and other people (i.e. names, addresses, e-mail addresses, telephone numbers) and the records of the actions done in relation to the request. 3 years after answering the request (Statute of limitations under the Civil Code).
Authorised persons having access to the data
within the Company: Customer Service – ”CS”.
The Company transfers the data within its company group:
Partner in Pet Food Polska SP.z.o.o.
ul. Szamocka 8,Warsaw 01-748, Poland
telephone No: +48 22 569 24 10,
info.pl@ppfeurope.com,
Partner in Pet Food Hungária Kft.
H-2040 Budaörs, Puskás Tivadar utca 14., Hungarytelephone No: +36 1 801 02 03;info@ppfeurope.comPartner in Pet Food SK s.r.o.
Kračanská cesta 40, 929 01 Dunajská Streda, Slovakia
telephone No: +421 31 559 13 65; info@ppfeurope.com
Partner in Pet Food NL B.V.
Wijchenseweg 132 6538 SX Nijmegen, Holland telephone No: +31 24 34 35 910; info@ppfeurope.com
Legal basis of the data transfer: Article 6 1. f) of the GDPR (the data transfer is needed for pursuing the legitimate interests of the Company and its group companies). The legitimate interest: using the knowledge of the company group for more efficient processing of customer and other requests and sharing the relevant experience to serve customers better.
Handling consumer requests received by the Company

In most cases, consumer requests (e.g. inquiries, comments or complaints) are forwarded to the Company by its contracting partners (e.g. Lidl, Tesco, etc.). The Company may respond to such requests directly or assist the contracting partners in the preparations of their responses.
In case a request is received through social media (e.g. Facebook) then the terms and conditions of the social media service provider for data processing and use may also be applicable.

Article 6 1. f) of the GDPR (processing is needed for pursuing the legitimate interests of the Company and those of its contracting partner).
The legitimate interest: handling consumer requests is in the legitimate business interest of both the Company and its contracting partner. In addition, handling consumer requests (related to claims of defects) is also a legal requirement for the contractual partner pursuant to the Act no. 634/1992, Coll., on the Consumer Protection. The Company provides assistance at this so accelerating the process of responding to consumer requests and processing consumer complaints and enhancing the same with the information in its possession.
The personal data affected by consumer requests that are received by the Company, contact data of the contact persons acting on behalf of consumers and the contracting partner (names, addresses, e-mail addresses, telephone numbers), the content of the claims (complaints), requests presented by the consumers as individuals and the records taken on actions. 5 years after answering the request (Section 6:22 (1) of the Hungarian Civil Code – claims lapse in 5 years). The records taken on the consumer complaint and the response to it have to be stored also for 5 years (Section 17/A. (7) of the Hungarian Consumer Protection Act).
Authorised persons having access to the data
within the Company: Customer Service . ”CS”. The Company transfers the data within its company group:
Partner in Pet Food Polska SP.z.o.o.
ul. Szamocka 8,Warsaw 01-748, Poland
telephone No: +48 22 569 24 10,
info.pl@ppfeurope.com,
Partner in Pet Food Hungária Kft.
H-2040 Budaörs, Puskás Tivadar utca 14., Hungarytelephone No: +36 1 801 02 03;info.pl@ppfeurope.comPartner in Pet Food SK s.r.o.
Kračanská cesta 40, 929 01 Dunajská Streda, Slovakia
telephone No: +421 31 559 13 65; info@ppfeurope.com
Partner in Pet Food NL B.V.
Wijchenseweg 132 6538 SX Nijmegen, Holland telephone No: +31 24 34 35 910; info@ppfeurope.com
Legal basis of the data transfer: Article 6 1. f) of the GDPR (the data transfer is needed for pursuing the legitimate interests of the Company and its group companies). The legitimate interest: use of the knowledge of the company group for more efficient processing of consumer requests and sharing the relevant experience to serve consumers better.

 

5. DATA PROCESSSORS

The contracting partners engaged by the Company for carrying out tasks related to data processing operations are listed below. Such contracting parties act as ”data processors” i.e. they process the personal data defined in in this Notice on behalf of the Company.
The Company should use only data processors providing sufficient guarantees, in particular in terms of expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of the GDPR, including for the security of processing. The particular tasks and liabilities of the data processor are stipulated in the data processing agreement made between the Company and the data processor. After the completion of the processing on behalf of the Company, the processor should, at the choice of the Company, return or delete the personal data, unless there is a requirement to store the personal data under Union or Member State law to which the processor is subject.

Data processor Tasks
Contracting partners participating in promotions and advertising campaigns (including prize games organised by the Company) The details of the data processor and its tasks are indicated in the terms and conditions of participation in the given promotion.
External IT service providers of the Company Hosting services, system administration tasks, on-site support to end-users, maintenance of computers, managing user accounts and permitting installations, operation of servers, checking backups, domain administration.
Partner in Pet Food Polska SP.z.o.o.
ul. Szamocka 8,Warsaw 01-748,Poland telephone No: +48 22 569 24 10,info.pl@ppfeurope.com,Partner in Pet Food Hungária Kft.
H-2040 Budaörs, Puskás Tivadar utca 14.,Hungarytelephone No: +36 1 801 02 03;

info@ppfeurope.com

Partner in Pet Food SK s.r.o.
Kračanská cesta 40, 929 01 Dunajská Streda,

Slovakia telephone No: +421 31 559 13 65;

info@ppfeurope.com

Partner in Pet Food NL B.V.
Wijchenseweg 132 6538 SX Nijmegen,

Holland telephone No: +31 24 34 35 910;

info@ppfeurope.com

IT services on the basis of an indefinite-term service agreement.
E.g.: efficient central arrangement of IT services, the operation of the IT systems, preparation of security back-up saves, protection of the company-wide network and preparations for data loss incidents. IT support of processes related to access and leaving of employees, manage user accounts, set permissions, blocking access of user accounts, archiving email accounts, remote deletion of mobile phones.
Screen sharing, online meeting, web conferencing service providers  The Company may share the personal data listed in this Notice when it is using screen sharing, online meeting, web conferencing service during its day-to-day communications. In the course of the services, personal data may be processed in countries outside the EU which do not provide for the same level of data protection as the GDPR. LogMeIn, Inc., and its wholly owned subsidiary, LogMeIn USA, Inc. (collectively “LogMeIn”) participate in the EU-U.S. Privacy Shield Framework regarding the collection, use and retention of personal information from EU member countries. LogMeIn also receives some data via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses (a model data transfer agreement in the form approved by the EU Commission), which is available at the contact details of the Company.

Further information:

https://www.logmeininc.com/legal/privacy-shield and https://www.logmeininc.com/gdpr/gdpr-compliance.

6. TECHNICAL AND ORGANISATIONAL DATA SECURITY MEASURES

The Company protects the personal data it processes primarily by restricting the access to the information and by the unambiguous regulation of the rights to use them. Only such persons may have access to the systems and instruments used for processing the personal data referred to in this Notice whose access is required in order to fulfil the above-mentioned purposes and who are authorised to exercise such access. These persons include e.g. designated team members or departments (e.g. to user data that are required for the use of the Company’s IT systems, it is the IT Department authorised to have access).
The Company ensures the safe and legitimate use of the devices which it makes available (including Company-owned computers, laptops and mobile phones), the e-mail boxes and the Internet and the desirable level of consciousness of the employees related to such use by applying the following measures:

  • The Company expects that the devices which it made available and which have access to the Internet as well as the e-mail boxes are used by the employees with specific user names and passwords, adequately complex and up-dated at regular intervals.- The Company expects that the devices which it made available and which have access to the Internet as well as the e-mail boxes are used by the employees with specific user names and passwords, adequately complex and up-dated at regular intervals.
  • The Company protects all its systems and devices by fire walls, antivirus software and spam filters. In addition, the Company operates an intrusion protection system (so-called IPS) which enables the detection, blocking and logging of illegitimate attempts of access to the computers systems of the Company.- The Company protects all its systems and devices by fire walls, antivirus software and spam filters. In addition, the Company operates an intrusion protection system (so-called IPS) which enables the detection, blocking and logging of illegitimate attempts of access to the computers systems of the Company.
  • The Company makes available safe wired and wireless network access for all devices.- The Company makes available safe wired and wireless network access for all devices.
  • Remote access to the systems and software of the Company for any device is possible only through safe connection (VPN) by using specific user names and passwords, with mitigation of chances of accidental access (including illegitimate access by the use of stolen or lost devices)- Remote access to the systems and software of the Company for any device is possible only through safe connection (VPN) by using specific user names and passwords, with mitigation of chances of accidental access (including illegitimate access by the use of stolen or lost devices)
  • The IT Department of the Company carries out regular software and system up-dates and back-up saves of data in accordance with its own internal regulations.

As regards the physical protection of data and electronic documents, the Company owns locked server rooms and procures in that access to a particular document is reserved to adequately authorised persons only (e.g. access to HR documents is reserved to the HR Department).

7. DATA PROTECTION RIGHTS AND REMEDIES

7.1 Data protection rights and remedies

The detailed rights and remedies of the individuals are set forth in the applicable provisions of the GDPR (especially in articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80, and 82 of the GDPR). The summary set out below describes the most important provisions and the Company provides information for the individuals in accordance with the above articles about their rights and remedies related to the processing of personal data.

The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the individual, information may also be provided orally, provided that the identity of the individual is proven by other means.

The Company will respond without unreasonable delay and by no means later than within one month of receipt to the request of an individual whereby such person exercises his/her rights about the measures taken upon such request (see articles 15-22 of the GDPR). This period may be, if needed, extended by further two months in the light of the complexity of the request and the number of requests to be processed. The Company notifies the individual about the extension also indicating its grounds within one months of the receipt of the request. Where the request has been submitted by electronic means, the response should likewise be sent electronically unless the individual otherwise requests.

In case the Company does not take any measure upon the request, it shall so notify the individual without delay but by no means later than in one month stating why no measures are taken and about the opportunity of the individual to lodge a complaint with the data protection authority and to file an action with the courts for remedy.

7.2 The individual’s right of access

(1) The individual has the right to obtain confirmation from the Company whether or not personal data concerning him/her are being processed. Where the case is such, then he/she is entitled to have access to the personal data concerned and to the following information:

a) the purposes of the processing;

b) the categories of personal data concerned;

c) the recipients or categories of recipient to whom the personal data have been or will be disclosed including especially recipients in third countries and/or international organisations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the right of the individual to request from the Company rectification or erasure of personal data or restriction of processing of personal data concerning  the individual or to object to such processing;

f) the right to lodge a complaint with a supervisory authority;

g) where the personal data are not collected from the individual, any available information as to their source.

(2) Where personal data are forwarded to a third country, the individual is entitled to obtain information concerning the adequate guarantees of the data transfer.

The Company provides a copy of the personal data undergoing processing to the individual. The Company may charge a reasonable fee based on administrative costs for requested further copies. Where the individual submitted his/her request in electronic form, the response will be provided to him/her by widely used electronic means unless otherwise requested by the individual.

7.3 Right to rectification

The individual has the right to request that the Company rectify inaccurate personal data which concern him/her without undue delay. In addition, the individual is also entitled to have incomplete personal data completed e.g. by a supplementary statement or otherwise.

7.4 Right to erasure (’right to be forgotten’)

(1) The individual has the right that when he/she so requests, the Company erase the personal data concerning him/her without delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Company;

(b) the individual withdraws consent on which the processing is based, and is no other legal ground subsists for the processing;

(c) the individual objects to the processing and there are no overriding legitimate grounds for the processing;

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject;

(f) the collection of the personal data occurred in connection with offering services regarding the information society.

(2) In case the Company has made the personal data public and then it becomes obliged to delete it as aforesaid, then it will, taking into account the available technology and the costs of implementation, take reasonable steps including technical steps in order to inform processors who carry out processing that the individual has initiated that the links leading to the personal data concerned or the copies or reproductions of these be deleted.

(3) Paragraphs (1) and (2) shall not apply to the extent that processing is necessary, among other things, for:

a) exercising the right of freedom of expression and information;

b) compliance with a legal obligation which requires processing by Union or Member State law to which the Company is subject;

c) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

d) the establishment, exercise or defence of legal claims.

7.5 Right to restriction of processing

(1) The individual has the right to obtain a restriction of processing from the Company where one of the following applies:

a) the accuracy of the data is contested by the individual, for a period enabling the Company to verify the accuracy of the personal data;

b) the processing is unlawful and the individual opposes the erasure of the personal data and requests the restriction of their use instead;

c) the Company no longer needs the personal data for the purposes of the processing, but the individual requires them for the establishment, exercise or defence of legal claims;

d) the individual has objected to processing based on the legitimate interest of the Company pending the verification whether the legitimate grounds of the Company override those of the individual.

(2)Where processing has been restricted under paragraph (1), such personal data shall, with the exception of storage, only be processed with consent of the individual or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

(3)The Company informs the individual whose request has served as grounds for the restriction based on the aforesaid, before the restriction of processing is lifted.

7.6 Notification obligation regarding rectification or erasure of personal data or restriction of processing

The Company will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Company informs the individual about those recipients if he/she so requests.

7.7 Right to data portability

(1) The individual has the right to receive the personal data concerning him/her, which he/she has provided to the Company in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company, where:

a) the processing is based on consent or on a contract; and

b) the processing is carried out by automated means.

(2)In exercising the right to data portability pursuant to paragraph 1, the individual shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(3)Exercising the aforesaid right shall not contravene to provisions concerning the right to erasure (‘right to be forgotten’) and, further, this right shall not harm the rights and freedoms of others.

7.8 Right to object

(1) The individual has the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her for the purposes of legitimate interests. The Company will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual or for the establishment, exercise or defence of legal claims.

(2) Where the processing of personal data serves direct marketing purposes the individual is entitled to object to the processing of personal data regarding him/her for such purposes, including profiling, in so far as the latter relates to direct marketing.

(3) In case the individual objects to the processing of personal data with the aim of direct marketing, then the personal data can no longer be processed for this purpose.

(4) In connection with the use of services related to information society, the individual may refer to his/her right of objection, with deviation from the directive 2002/58/EC, by means of automated devices based on technical prescriptions.

(5)Where personal data are processed for scientific or historical research purposes or statistical purposes, the individual, on grounds relating to his/her particular situation, has the right to object to processing of personal data concerning him/her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

7.9 Right to lodge a complaint with a supervisory authority

The individual has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of the alleged infringement if he/she considers that the processing of personal data relating to him/her infringes the GDPR. In the Czech Republic,, the competent supervisory authority is the The Office for Personal Data Protection (in Czech: Úřad pro ochanu osobních údajů) – www.uoou.cz; Pplk. Sochora 27, 170 00 Praha 7, Czech Republic telephone: + 420 234 665 111; e-mail: posta@uoou.cz)

7.10 Right to an effective judicial remedy against a supervisory authority

(1) The individual has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning him/her.

(2) The individual has the right to an effective judicial remedy where the supervisory authority which is competent does not handle a complaint or does not inform him/her within three months on the progress or outcome of the complaint lodged.

(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

7.11 Right to an effective judicial remedy against the Company or the processor

(1) The individual, without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, has the right to an effective judicial remedy where he/she considers that his/her rights under the GDPR have been infringed as a result of the processing of his/her personal data in non-compliance with the GDPR.

(2) Proceedings against the Company or a processor shall be brought before the courts of the Member State where the Company or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the individual has habitual residence. Information on the competent courts is available at https://portal.justice.cz/Justice2/Uvod/Soudy.aspx.