These privacy and data protection principles (hereinafter the “Principles”) are the basic principles governing the LAC, s.r.o., Topolová 933, 667 01 Židlochovice, Czech Republic, VAT: 46903470 (hereinafter the “Company”) in the collection and processing of personal data. These Principles implement the Company’s rights, and obligations arising in particular from the following generally binding legal regulations:

Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”):

1. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”);
2. Act No. 480/2004 Coll., on certain Information Society Services and on the Amendments to some Acts (Certain Information Society Services Act), as amended (hereinafter as the “Certain Information Society Services Act”); and
3. Act No. 127/2005 Coll. on Electronic Communications and on the Amendment to Certain Related Acts (Electronic Communications Act), as subsequently amended (hereinafter the “Electronic Communications Act”).

These Principles apply to all persons visiting the Company’s websites http://www.lac.cz (hereinafter the “Websites”), whether or not these persons are in a contractual relationship with the Company.
 

What are personal data

Personal Data, in accordance with the GDPR, shall mean any information about a designated or identifiable natural person (not a legal person). In principle, therefore, it is any information that, whether on its own or in combination with other information, can serve to identify a particular individual (hereinafter the “Personal Data”).
 

What personal data does the comany process

The Company may collect the following information about you:
 

1. Personal data that you communicate to the Company yourself

Such Personal Data is, in particular, information that you provide in a completed registration, order, or other form or communicated to the Company by e-mail, telephone, fax, or other similar device. You may also provide the Company with personal information [during competitions], [by submitting a product or service review], [booking training places] or [by sending a general inquiry]. This includes your first name, surname, mailing address, e-mail address, phone number, bank account details, selected payment method, etc.
Your Personal Data will be processed by the Company for the following purposes:

- providing the service, product, or information you are interested in;
- if you are an existing customer also to provide information about other services or products similar to those that were the subject of your previous purchase;
- if you are a new customer, the Company will send you business messages and offers of products and services only if you have given your express explicit consent to the Company;
- assessment and evaluation of your job application.
 

2. Personal information that the Company collects on your behalf

When visiting our Website, the Company may collect some information necessary to ensure the proper and convenient operation of the Website. This information may consist of the Internet Protocol (IP) data used to connect your computer to the Internet, your registration information, browser type and version, time zone settings, browser plug-ins, your visit information, including a valid Uniform Resource Locator (URL), the path to and from the Website (including date and time), the products you viewed or searched for, response times, download errors, the length of visits to certain pages, site visit interaction information (such as scrolling, clicks, and mouse locations), or the way of leaving the page.
 
These Personal Data are used by the Company to administer and improve its Websites and for internal operations, including problem solving, data analysis, testing, research, statistical purposes, and recording the frequency of previews. These Personal Data can also be used to measure ad performance and provide relevant advertising.
 

Providing personal information

Personal data that the Company acquires may be transferred (within the group of [●], i.e. the related parties of the Company;) and to third parties (hereinafter the “Processors”) who assist the Company in performing its contractual obligations by mediating certain services (e.g., delivery services). The Company only passes Personal Data to those Processors who provide guarantees of an adequate level of security of your Personal Data and process these Personal Data solely on the basis of a Personal Data Processing Agreement.
In this sense, the Company may transmit Personal Data to the following Processors:

1. External contractors and suppliers to meet the Company’s contractual obligations;

2. Payment service providers and payment processors in order to secure the transfer of funds and the implementation of payment transactions;

3. Providers of postal and delivery services for the purpose of delivering products or services offered by the Company;

4. Website administrators.

Under certain circumstances, the Company may be required to provide your Personal Data to third parties (e.g. law enforcement agencies) in accordance with the generally binding legal regulations.
 

Means of personal data protection

In order to protect and minimise the risk of unauthorised access to Personal Data, the Company has adopted organisational and technical measures.
These include:

1. Internal organisational restrictions limiting the range of persons authorised to come into contact with Personal Data; and
2. Ensuring the technical security of the servers and the Company’s Websites against unauthorised access.

Persons in contact with Personal Data are instructed on the privacy policies and are bound by secrecy when processing them.
 

Length of pesonal data retention

The Company keeps personal data for as long as is strictly necessary to perform its contractual obligations and for the fulfilment of the obligations that the Company derives from the applicable legal regulations. Personal data that is processed with your consent is retained by the Company only for the duration of the purpose for which the consent was granted.
Once the legitimate reason for processing your Personal Data has expired, the Company will destroy these Personal Data and any existing copies thereof.
 

Cookies

The Company uses cookies for the operation of its Websites. Cookies are small-scale text files (hereinafter “Cookies”) sent from the Company’s server to your browser that are re-sent to the Company’s server upon your return to the Website. Cookies allow the Company to recognise your browser, to remember information about your previous activity on the Website, and to customise the content of the Website to suit your needs.
The company uses the following types of Cookies:

1. First-party cookies that enable the basic operation and functionality of the Website and without which the content of the Web pages could not be properly displayed. This type of Cookies can be used by default without your prior consent. When setting up your browser, however, you can disable the storing of any Cookies at any time;
2. Technical Cookies that allow for the analysis of your use of the Website, enable secure sign-up, remember the progress of filling your order, store your registration data, and the contents of your shopping cart. This type of Cookies can be used by default without your prior consent. When setting up your browser, however, you can disable the storing of any Cookies at any time;
3. Ad cookies that allow the display of a targeted ad, share the Websites on Social Networking sites, or post comments on products. To use this type of Cookies, your prior consent is required by the applicable law. You can grant this to the Company by clicking on the following link I AGREE.

Cookies can be removed using your browser settings. It can also be set up so that Cookies are not automatically saved. However, if you block, disable, or otherwise reject certain Cookies, the Website may not display properly, or you may not be able to use certain Web Services or features.
 

Rights of data subjects

In connection with the processing of your Personal Data by the Company, you are entitled to the following Personal Data protection rights:

1. The right to withdraw your consent to the processing of Personal Data, when the processing is based on such consent;
2. The right to request access to your Personal Data and information about what Personal Data is processed by the Company;
3. The right to correct inaccurate Personal Data and also to supplement incomplete Personal Data;
4. The right to delete the processed Personal Data;
5. The right to limit the processing of Personal Data;
6. The right to obtain the Personal Data you have provided to the Company in a structured, commonly used, and machine-readable format, and the right to pass this information to another person;
7. The right to be informed of a Personal Data breach;
8. The right to object to the processing of Personal Data; and
9. The right to file a complaint with the Supervisory Authority, i.e. the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Prague 7, or a data box at qkbaa2n.

The above rights and possible complaints may be filed with the Company as the Data Controller in writing to the address below or by email to the following e-mail address info@lac.cz.
LAC, s.r.o., Topolová 933
667 01 Židlochovice

These Principles are valid and effective as of May 25, 2018.