Peperle Auto | Personal data protection

Principles of protection of personal data and information about processing of personal data of natural persons
(hereinafter the “Policy”)
of the company: PEPERLE AUTO s.r.o.

Registered office: Bartolomějská 291/11, 110 00 Prague 1 – Staré Město, Czech Republic

Company ID: 056 15 160

E-mail: info@peperle-auto.com, info@peperle-auto.com, news@peperle-auto.com

Telephone contact: +420 286 028 013 , +420 286 028 014

I. Introductory provisions
1. For the purpose of this Policy:

a. Company means PEPERLE AUTO s.r.o., Company ID: 056 15 160, with its registered seat at Bartolomějská 291/11, 110 00 Prague 1 – Staré Město, Czech Republic,

b. User means any person who visits the Company’s website on www.peperle-auto.com (hereinafter the “Company Website”),

c. Partner means the party (Subscriber) which negotiates with the Company within its business activities and which has registered with the Company as a partner on the Company Website by providing the Company with all data required for registration and having fulfilled all other conditions for registration,

d. Data subject means a natural person, to whom the personal data applies.

2. The Company operates an e-shop on the Company Website. Within the e-shop operation, particularly for the purpose of offering goods and concluding purchase contracts, the Company also processes personal data of the data subjects.

II. Personal data and the purpose of its processing
1. Access to the Company Website may be conditioned by providing certain personal data of the data subject. Without inputting the data referred to in the application for registration or in the order as required, the application or order shall not be admitted.

2. The Company collects and processes the following personal data: data identifying a User or a Partner (such as business name / name, surname, registered office / place of business, Company ID, VAT No.), name, and surname of the User’s or Partner’s representative, correspondence and invoicing address and telephone number and the Partner’s website. The e-shop login name and password are also saved on the Company Website.

3. The Company may also collect and process any other personal data concerning the data subject’s identity as information about selection and utilisation of services and goods for the purposes specified below.

4. The Company processes the personal data of the data subject for the following reasons:

i. processing of order and fulfilment of the purchase contract concluded with the Partner, as well as any related contracts,

ii. settlement of complaints and loss events,

iii. performance of a legal obligation (especially for accounting, tax and archiving),

iv. protection of rights and the Company’s protected interests, in particular for the application assessment for the User registration as a Partner of the Company,

v. for marketing purposes as defined in this Policy.

5. The personal data provided may be used by the Company for the purposes specified in Article II (4) (i) to (iv) of the Policy based on legal regulations without the consent of the data subject.

6. The Company also processes the personal data of the data subjects for the purposes of marketing and the commercial offer of goods by the Company to the Partner. Personal data may only be used for this purpose with the consent of the Partner, except in the case of a legitimate interest of the Company. The Partner, as well as the data subject, agree that the email address provided in connection with ordering the goods by a Partner may be used to send commercial messages by the Company to offer similar goods or discounts for future purchases. In other cases, consent must be obtained for the purposes of marketing events, i.e., for sending notifications of offers, or sending a weekly summary of new offers (marketing, analysis and profiling are also included in this purpose with the aim to adapt the offer to the Partner’s needs). This consent to the personal data processing is completely voluntary. The data subject may express its opinion against processing, handover, or other use of personal data for marketing purposes at any time by e-mail, or the data subject may withdraw its consent to this type of processing, use or transfer of data. Once we receive the disagreement (or appeal, where appropriate) of the data subject, we will no longer process and use the respective data for marketing purposes.

7. In order to protect its rights and legitimate interests to limit unreasonable material risks, the Company may also collect, without the consent of the data subject, the data needed to verify the creditworthiness or credibility of the Partner from the User or the Partner from publicly available sources, lists, registers including information from social networks and the internet, which they publish about themselves or from their own activities.

III. Personal data protection
1. The Company shall handle all personal data in accordance with the applicable regulations on personal data protection. The Company is the personal data controller. The personal data will be fully secured against misuse. The Company uses the G Suite service of Google Inc. seated at Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”) meeting the conditions of personal data protection. Find out more about how Google accesses your data on https://policies.google.com/privacy?hl=en.

2. The external administrator of the Company Website also has access to the personal data. The administrator is obliged to protect personal data against misuse to the same extent as the Company.

3. Personal data may be transferred:

i. to persons who arrange for and take part in performance of the contract for the Company, for example, to carriers,

ii. to specialised external entities that performs personal data processing for the Company based on the respective personal data processing contract,

iii. to other entities if necessary for protection of the Company’s rights, for example, to persons providing accounting and tax services, to insurance companies in filing insurance claims, to courts and judicial executors.

iv. to state authorities or to other entities, as the case may be, within performance of statutory obligations,

v. to the companies operating within the PEPERLE Group, namely: PEPERLE s.r.o., Bartolomějská 291/11, 110 00 Prague 1, Company ID: 475 46 018,

vi. to other persons/entities based on the Partner’s request.

IV. Data subject’s right to information
1. The data subject has the right to access information about its data stored free of any charge. If the data subject requests information about the personal data processed about it, in particular about the purpose, extent or manner of the personal data processing, the Company is obliged to hand over this information without undue delay, after receiving the request. If the data subject exercises the right to access personal data in electronic form, the Company will also provide the requested information in electronic form, unless the data subject asks for a different manner of providing the information.

2. The data subject also has the right to the portability of its personal data.

3. In the case of a repeated and unjustified request for providing the personal data, the Company is entitled to charge a reasonable fee for the related administrative costs.

4. Where the data subject believes that processing of its personal data is performed by the Company contrary to legal regulations or otherwise contradicts the data subject’s rights, the data subject will have the right to file an objection against the data processing and to request correcting, blocking or deleting such data or to restrict its processing. The Company shall decide on the objection without any delay. If the Company fails to comply with the objection, the data subject may directly address the Office for Personal Data Protection of the Czech Republic.

5. Notwithstanding the foregoing, the data subject may directly address the Office for Personal Data Protection of the Czech Republic with its initiative or complaint.

V. Processing and saving cookies
1. The Company Website uses cookie files as described below.

2. The User or the data subject, where appropriate, acknowledges that the Company uses the Google Analytics service, the provider of which is Google. This service helps analyse the manner of use of the internet store, evaluate traffic, optimise marketing activities, and improve the performance of the Company Website.

3. The above service makes use of cookie files. Cookies are small text information in the form of text files sent by the server and stored on the side of the User using the internet store (e.g. in the computer hard disc, laptop, or smartphone (or on its memory card) – depending on the device used by the User and how the device is set up).

4. Information obtained through cookies is stored on servers used by Google, including those in the United States.

5. Upon the Company’s order, Google will use this information to evaluate the use of the internet store by a Partner, to identify geolocation data, to generate site traffic reports, and to provide other services relating to use of the internet store.

6. By using the Company Website, you agree with using cookies under this Cookies Policy and the basic personal data processing unless you have disabled the use of cookies in your browser settings.

7. By default, most internet browsers and devices available on the market are set up to accept saving cookies. Everyone has the option to define the terms of use of cookies by setting up their own web browser or device. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the possibility of saving cookies – in the latter case, this may affect some of the features of the internet store.

8. Setting up your internet browser or device for cookies is very important from the point of view of your agreement to use cookies in the internet store – pursuant to applicable regulations, such consent can also be expressed by setting up your internet browser or device.

9. If a User disagrees with using cookies in the aforementioned manner, the User should configure the settings of their browser or device for cookies accordingly.

10. The User also notes that the Company’s service providers have their own personal data protection guidelines that are available on the websites of such service providers. You may find out how Google handles data while you use the Company Website on https://policies.google.com/privacy?hl=en

VI. Processing log files
1. While accessing the Company Website, log files are processed with information about access to the website in order to provide and improve our services.

2. Log files are processed without the website User’s consent.

3. The log files are kept for a period set by Google.

4. Processing of the log files will be performed by Google.

5. Within processing the log files, Google shall process the following data, which may (but not necessarily) include the personal data of the Company Website User:

i. The website from which the User visited the Company Website;

ii. IP address;

iii. Date of access and time of access;

iv. Geolocation data;

v. User’s query, if any.

VII. Data processing period
1. Unless otherwise specified in this Policy, the Company shall process:

i. Collected data for the period of registration of the Partner with the Company, or

ii. Data necessary for concluding and performing the contract or data acquired in relation to performing the contract for 10 years after entering into the respective contract. If a dispute concerning the contract performance is pending, the period of dispute shall be extended for the time of the dispute and possible execution of decision, or

iii. Data necessary for performance of statutory obligations (tax or accounting, etc.) for the period of existence of the statutory obligation,

iv. Data on the unsuccessful registration of an applicant for the period of 1 year after filing the registration application.

2. The consent to personal data processing for marketing purposes is valid from its granting for the period of the Partner’s registration with the Company, however until revocation of the consent at the latest.

VIII. Final provisions
1. The Partner, as well as the data subject, acknowledges that the Company will exert every effort to prevent unauthorised personal data processing by the processors, nevertheless the Company is not responsible to the data subject for any damage caused by the unauthorised processing of personal data by the processors.

2. Personal data will be processed in electronic form in an automated manner, in particular by using the G Suite service or by a nonautomated method by the selected employees of the Company.

3. All legal relationships arising from or in connection with the registration or the personal data processing are governed by the legal rules of the Czech Republic, regardless of from where the data was accessed. To resolve any disputes arising in connection with the privacy protection between the Partner, or the data subject, where appropriate, and the Company, the Czech courts shall have the jurisdiction and shall apply the Czech law.

4. The Company may change or amend the text of the Policy. The Company shall inform the Partner about each such change at least 30 days before the change takes effect. If the Partner does not agree with the change in the Policy, the Partner will have the right to request its deletion from the database.

5. This personal data protection policy comes into force on 25 May 2018

Pavel Kozak
Managing Director, PEPERLE Group