Přeskočit na obsah
ROLLS‑ROYCE MOTOR CARS PRAGUE

Privacy Policy

Through this Privacy Policy (hereinafter referred to as the “Policy”), we inform data subjects whose personal data we process about all processing activities and about the principles for protecting the privacy of data subjects.

1. Responsible persons

Personal data controller:
Rolls-Royce Motor Cars Prague – CarTec Exclusive Cars s.r.o., ID: 04014006, with registered office at Průběžná 80, Prague 10, 100 00
Contacts for exercising your rights: Telephone: +420 226 889 089, E-mail: info@rolls-roycemotorcars-prague.cz
(hereinafter also referred to as “we”; “us”; “our” or “us”)

2. Basic terms

GDPR:
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, effective from 25 May 2018.

Personal data:
Personal data, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), means any information relating to an identified or identifiable natural person (i.e. the data subject = you).

Specific personal data:
Specific personal data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning a natural person’s health, sex life, or sexual orientation.

Data subject = You:
A data subject is an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller:
A controller within the meaning of Article 4(7) of the GDPR means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. We act as a controller in relation to your personal data.

Processor:
A processor within the meaning of Article 4(8) of the GDPR means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Supervisory Authority:
The Supervisory Authority in the Czech Republic is the Office for Personal Data Protection (hereinafter referred to as the “OPO”).

Risky processing:
Risky processing means processing that is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or involves the processing of special personal data or personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.

Automated individual decision-making, including profiling:
Automated individual decision-making, including profiling, generally means any form of decision based on automated processing of personal data, i.e. without human intervention, consisting, inter alia, of evaluating certain personal aspects relating to the data subject, in particular for the purpose of analysing or estimating or analysing or predicting aspects concerning his or her performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

3. Categories of subjects, processed personal data, purpose, legal basis and processing period

We process personal data for a clearly defined purpose:

Categories of data subjectsPurpose of processing personal dataLegal basis and personal data processedProcessing time
Our customersFulfillment and implementation of contracts concluded with customersThe legal basis is the performance of the contract.
Identification data (name, surname), contact data (delivery address or permanent address, e-mail, telephone), accounting data (credit card number, bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects).
For this purpose, personal data may be processed for the duration of the contractual relationship and the warranty period.
Exercising claims from contractual relationships after termination of the contractThe legal basis is our legitimate interest in the right to recover receivables, compensation for damages and other claims that may have arisen during the duration of our contractual relationship.
Identification data (name, surname), contact data (delivery address or permanent address, e-mail, telephone), accounting data (bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects) are necessary after the termination of the contract for handling complaints, recovering receivables and other contractual obligations from contracts concluded between us and these data subjects.
For this purpose, personal data may be processed for a period of four years from the termination of the contractual relationship, or in the case of legal proceedings for the entire duration of the proceedings.
Fulfilling our accounting and tax obligationsThe legal basis is the fulfillment of a legal obligation imposed on us by legal regulations such as the Accounting Act or the Value Added Tax Act.
Identification data (name, surname), contact data (delivery address or permanent address, e-mail, telephone), accounting data (bank account number and other information on tax documents).
For this purpose, personal data may be processed for up to 10 years from the end of the tax period in which the service provided to the customer took place.
Dissemination of business communications in the form of professional information and reports, marketing materials, offers of our goods or servicesThe legal basis is our legitimate interest in providing and offering you similar services or goods that meet your needs, based on our mutual business relationship.
The processing of customers’ identification and contact personal data is carried out for the purpose of distributing commercial communications.
For this purpose, personal data may be processed for the duration of the contractual relationship.
Website visitorsStatistics before data anonymization, displaying advertisements for our services or goodsThe legal basis is our legitimate interest in the sense of a) improving our services and focusing on what really interests you; b) offering you similar services or goods that meet your needs based on your access to our website.
Identification data (name, surname), contact details (address, e-mail, telephone), IP address and cookies.
For this purpose, personal data may be processed for a period of 6 months.
Sending a response to a website visitor’s questionThe legal basis is the performance of the contract or your consent
Identification data (name, surname), contact data (address, e-mail, telephone), IP address and cookies, query submitted via the form.
For this purpose, personal data may be processed until the inquiry from the contact form is processed, but no longer than 30 days or the period for which your consent to processing lasts.
Newsletter subscribersRegular sending of business communications by emailThe legal basis is the consent you gave us when registering for the newsletter.
Identification data (first and last name), contact information (email).
For this purpose, personal data may be processed until consent is withdrawn.

4. Period of processing of personal data

We store personal data only for the period necessary for the purpose of their processing – see the table above. After this period, personal data may be stored only for the purposes of the state statistical service, for scientific purposes and for archiving purposes.

5. Recipients of personal data and transfer of personal data outside the European Union

In justified cases, we may transfer your personal data to other entities (hereinafter referred to as the “recipients”).

Personal data may be transferred to the following recipients:

6. Cookies

When you first visit our website, our server sends a small amount of data to your computer and stores it there. Each time you visit the website, your browser sends this data back to the server. This small file is called a “cookie” and is a short text file containing a specific string of characters with unique information about your browser. We use cookies to improve the quality of our services and to better understand how people use our website. That is why we store user preferences in cookies and use them to track user trends and how people behave on our website and how they browse it.

Most browsers are set to accept cookies. However, you can set your browser to block cookies or to notify you when cookies are sent. However, some services or features will not function properly without cookies.

Our websites use “first-party” cookies, i.e. cookies used only by our websites (hereinafter referred to as first-party cookies) and “third-party” cookies (i.e. cookies originating from third-party websites). We use first-party cookies to store user preferences and data needed during your visit to the websites (e.g. the contents of your shopping cart). We use third-party cookies to track user trends and behavior patterns, target advertising with the help of third parties – web statistics providers. Third-party cookies used to track trends and behavior patterns are used only by our websites and the web statistics provider, and are not shared with any other third party.

7. Principles of personal data processing

Lawfulness
We process your personal data in accordance with applicable legal regulations, in particular the GDPR.

Consent of the data subject
We process personal data only in the manner and to the extent to which you have given us your consent, if consent is the title of the processing.

Minimization and limitation of personal data processing
We process personal data only to the extent necessary to achieve the purpose of their processing, and for a period not longer than is necessary to achieve the purpose of their processing.

Accuracy of processed personal data
We process personal data with an emphasis on their accuracy, using available measures. And we process updated personal data using appropriate means.

Transparency
Through these Principles and the contact person, you have the opportunity to familiarize yourself with the manner in which we process your personal data, as well as their scope and content.

Purpose limitation
We process personal data only to the extent necessary to fulfill the specified purpose and in accordance with this purpose.

Security
We process personal data in a manner that ensures their appropriate security, including their protection by means of appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.

8. Automated individual decision-making and profiling

When processing personal data, there is no automated individual decision-making, not even on the basis of profiling.

Your rights as a data subject

Right to access personal data
You have the right to request from us access to personal data concerning you. In particular, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed by us, and to be provided with further information about the data processed and the method of processing in accordance with the relevant provisions of the GDPR (purpose of processing, categories of personal data, recipients, planned storage period, existence of your right to request rectification, erasure, restriction of processing or right to object, source of personal data and right to lodge a complaint). If you request it, we will provide you with a copy of the personal data we process about you, free of charge. In the event of a repeated request, we may charge a reasonable fee for providing a copy corresponding to the administrative costs of processing.

To gain access to your personal data, please use your user account or the contacts specified in this policy.

Right to withdraw consent to the processing of personal data, if the processing is based on consent
You have the right to withdraw your consent to the processing of personal data that we process based on this consent at any time.

You can withdraw your consent through your user account or the contacts specified in this policy.

Right to rectification, restriction or erasure
If you find that the personal data we hold about you is inaccurate, you may request that we correct this data without undue delay. If this is reasonable in the specific circumstances of the case, you may also request that the data we hold about you be supplemented.

You can request correction, restriction of processing or deletion of data through your user account or the contacts specified in this policy.

Right to erasure of personal data
You have the right to request that we erase personal data concerning you processed by us without undue delay in the following cases:

You can request erasure in these cases through your user account or the contacts specified in these principles.

The right to request erasure of personal data does not apply in situations where processing is necessary

For the exercise of the right to freedom of expression and information;

You can find out whether there are reasons for the impossibility of exercising the right to erasure through your user account or the contacts specified in these principles.

Right to restriction of processing of personal data
You have the right to restrict the processing of your personal data, in cases where:

During the period of restriction of processing of your personal data, we may process your personal data (with the exception of storage) only with your consent, or for the establishment, exercise or defence of our legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. As stated above, you can request the restriction of processing via your user account or the contacts specified in this policy.

Right to object to processing
You have the right to object to the processing of your personal data in the following cases:

You can object via your user account or the contacts specified in this policy.

Right to data portability
In case we process your personal data based on your consent or because it is necessary for the performance of a contract concluded between us, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, if the personal data are processed by us. You have the right to transmit this data to another data controller or to request that we provide this data directly to another data controller, if technically feasible. You can obtain your personal data via your user account or the contacts specified in this policy.

Right not to be subject to any decision based solely on automated processing, including profiling
We do not use personal data for automated decision-making.

Right to obtain information about a breach of your personal data
If it is likely that a breach of our security will result in a high risk to your rights and freedoms, we will notify you of this breach without undue delay. If appropriate technical or organizational measures have been used to process your personal data, for example to ensure that it is unintelligible to an unauthorized person, or if we have taken additional measures to ensure that the high risk does not materialize, we do not have to provide you with information about the breach.

Right to file a complaint with a supervisory authority
If you believe that the processing of your personal data violates the obligations set out in the GDPR, you have the right to file a complaint with a supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection.

This Privacy Policy is effective from 25.5.2018.

Where to find us Showroom / Service

Rolls‑Royce Motor Cars Prague -
CarTec Exclusive Cars s.r.o.
Průběžná 80
100 00 Praha 10

Phone: +420 226 889 089

E-mail: info@rolls-roycemotorcars-prague.cz

Opening hours: Po-Pá 9:00 – 18:00

Contact