General Data Protection Regulation

I. General Provisions

1. The controller of personal data, in accordance with Article 4 (7) of the Regulation (EU) 2016/678 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter „GDPR“) is the CNW computer network s.r.o., Identification Number 25604082, with registered office at Vaníčkova 315/7, Praha 6, 160 00 (hereinafter: „the controller“).

2. Contact

  • address: Olympijská 1/1913, 169 00 Praha 6
  • email: info@cnw.cz
  • telephone: +420 225 391 500

3. “Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

II. Sources and categories of processed personal data

1. The controller processes personal data which you have provided or personal data which the controller obtained within the performance of your order.

2. The controller processes your identification and contact data and data necessary for the performance of the contract.

III. Statutory cause and purpose of personal data processing

1. Statutory cause for personal data processing includes

  • Performance of contract concluded between you and the controller in accordance with Article 6 (1) (b) of the GDPR,
  • Your consent with the processing of personal data for the purpose of direct marketing (particularly sending of business communications and newsletters) in accordance with Article 6 (1) (a) of the GDPR and Section 7 (2) of the Act No. 480/2004 Coll., on Certain Information Society Services in case there was no order of goods or services.

2. Purpose of personal data processing includes

  • The performance of your order and performance of rights and obligations resulting from the contractual relationship between you and the controller; at order, personal data is required which is necessary to perform the order successfully (name and address, contact data), provision of personal data is a mandatory requirement to conclude and perform a contract and without providing personal data, the contract cannot be concluded and the controller cannot perform it,
  • Sending business communications and performing other marketing activities.

3. The controller does not perform individual decision-making in the sense of Article 22 of the GDPR.

IV. Data storing period

1. The controller stores data

  • For a period strictly limited to the performance of rights and obligations resulting from the contract between you and the controller and the application of claims resulting from said contractual relationship (no more than 15 years after the termination of the contractual relationship),
  • For a period before consent to process personal data for marketing purposes is revoked, no longer than 5 years, if personal data is processed based on consent.

2. After the storing period ends, the controller will delete said personal data.

V. Recipients of personal data (controller’s subcontractors)

1. Recipients of personal data are persons who

  • Participate in the delivery of goods/services/payments based on the contract,
  • Participate in provision of services’ operation,
  • Provide marketing services.

2. The controller does not intend to transfer personal data to a third country (non-EU country) or to an international organisation.

VI. Your rights

1. As defined in the GDPR you have

  • The right to access to your personal data in accordance with Article 15 of the GDPR,
  • The right to have your personal data corrected in accordance with Article 16 of the GDPR, or to limit their processing in accordance with Article 18 of the GDPR,
  • The right to have your personal data deleted in accordance with Article 17 of the GDPR,
  • The right to raise an objection against the processing in accordance with Article 21 of the GDPR,
  • The right to the transferability of data in accordance with Article 20 of the GDPR,
  • The right to revoke consent to the processing in written or electronic form at the controller’s address or email stated in Article III of these Terms and Conditions.

2. Furthermore, you have the right to file a complaint with the Personal Data Protection Office if you believe your right to protection of personal data has been breached.

VII. Measures for protection of data

1. The controller declares they have taken all appropriate technical and organisational measures to provide protection of personal data.

2. The controller adopted technical measures to secure data storages and storage of data in the physical form.

3. The controller declares that only persons authorised by them have access to the personal data.

VIII. Final provisions

1. By sending an order via the online order form, you confirm you have read the terms of personal data protection and you accept them in full.

2. You consent to the present Terms and Conditions by checking agree in the online form. By checking agree, you confirm you have read the terms of personal data protection and you accept them in full.

3. The controller reserves the right to change the present Terms and Conditions. A new version of Terms and Conditions shall be published on the controller’s website or will be sent to the email address you have provided to the controller.