Principles of personal data processing

Personal data controller and data subject

The personal data controller is STATECH s.r.o., Org. ID: 274 02 975, with registered office at Počapelská 346, 277 01 Dolní Beřkovice, registered in the Commercial Register at Prague Municipal Court, Section C, File 111021 (“controller”). The controller may be contacted in writing at the specified address or via email at privacy@statech.cz.

The data subject is a natural person who provides their personal data to the data controller based on a rental agreement, purchase agreement, service agreement or other agreement concluded with the controller or based on consent to process personal data when subscribing to the newsletter distributed by the controller. The data subject may also be a natural person whose personal data the data controller obtains from other lawful sources. Furthermore, the processing may also relate to contracts concluded with legal entities if they contain personal data of the natural persons representing them or persons authorised to execute the contract.

Scope of personal data processing

The controller processes personal data in the scope provided by the data subject or in the scope obtained from other lawful sources by the controller. This primarily involves their given name, surname, date of birth, place of residence, place of business, identification number, tax ID number, email address, phone, signature, positioning data (GPS in vehicles owned by the controller), audio-visual records from the CCTV system and personal data obtained from cookies.

Purpose of personal data processing

The controller processes the personal data of the data subject for the purposes of delivering on the agreements concluded between the data subject and the controller (aerial work platform rentals, sales and service), to comply with legal obligations and for direct marketing purposes (offering the controller’s products and services), including sending commercial communications within the meaning of Act No. 480/2004 Coll. on Specific Information Society Services. The controller only distributes business correspondence when the data subject has subscribed to the newsletter or if the controller has obtained detailed electronic contact details for the data subject during the sale of its products or services. The data subject may easily unsubscribe from the newsletter by sending an email to privacy@statech.cz.

Determining the necessity of processing

The controller shall protect the privacy of the data subject’s data, and therefore only processes that personal data necessary for the defined purposes of processing.

Legal basis for processing personal data

The legal basis for processing for direct marketing purposes is consent from the data subject to the processing of their personal data (subscribing to the newsletter) or the legitimate interests of the controller (whereby electronic contact details are obtained in connection with the sale of the controller’s product or service under Act No. 480/2004 Coll.). 

In other instances, the legal basis for processing is the performance of an agreement, to protect the legitimate interests of the controller (protect property, apply rights under an agreement within litigation, etc.) and to comply with legal obligations.

Period of personal data processing

If personal data is processed to perform an agreement, the controller shall process this personal data for the duration of the contractual relationship and for an additional 10-year period, given the length of the statute of limitations concerning compensation for damage or injury. If personal data is processed to comply with a legal obligation, the controller shall process this personal data for the period laid down in legislation. If personal data is processed based on consent from the data subject, the controller shall process this period data for a 10-year period, unless consent to such personal data processing is revoked at any time in such period. This has no prejudice on the controller’s obligation to process personal data for the period laid down in applicable legislation and in accordance therewith.

Revocation of consent to personal data processing

If the data subject provides the controller with consent to personal data processing, they may revoke such consent at any time and at no charge by sending an email to privacy@statech.cz. Revocation of consent has no prejudice against the lawfulness of processing based on consent issued before it is revoked. Revocation of consent has no impact on the personal data processed by the controller on a legal basis other than consent (i.e. processing to perform an agreement, legal obligations or other reasons specified in valid legislation).

Access to personal data

The controller has access to the personal data of data subjects, along with certain third parties, processors, who provide suitable guarantees and whose processing complies with the obligations under valid legislation and who ensure suitable protection of the rights of data subjects. Personal data processors include the operators of GPS devices installed on aerial work platforms owned by the controller (to protect the controller’s property, a legitimate interest) and companies focused on collecting receivables (collections agencies). Personal data processors may also be a company in a group of enterprises performing the same activities as the processor (disclosure within a group), whereby in such case this personal data shall only be disclosed within European Union member states. The processor shall not provide personal data to any third countries or international organisations (except for Google Analytics cookies, see below). 

Proof of identity of the data subject

The processor may require that data subjects provide proof of their identity to restrict unauthorised access to personal data.

Rights of data subjects concerning personal data

Data subjects have the following rights with respect to personal data: 

a) the right to revoke consent at any time; 

b) the right to rectification of personal data;

c) the right to restrict processing of personal data;

d) the right to object to processing in certain cases;

e) the right to data portability;

f) the right to access personal data;

g) the right to be informed if personal data protection is compromised in specific cases;

h) the right to erasure (the right to be forgotten) in specific instances; and 

i) other rights laid down in the Personal Data Processing Act and the GDPR (Regulation No 2016/679).

What does it mean when a data subject has the right to object?

Under Article 21 of the GDPR, a data subject has, inter alia, the right to object to the processing of their personal data if such processing is performed based on a legitimate interest, including processing for direct marketing purposes. Objections addressed to the controller shall be sent via email to: privacy@statech.cz. If a data subject raises an objection to processing for direct marketing purposes, the personal data controller shall no longer process such data in the given scope.

More information concerning such right is contained in Article 21 of the GDPR.

Right to file a complaint

A complaint regarding the processing of personal data by the controller may be filed by the data subject with the supervisory authority, which is the Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague, www.uoou.cz. Alternatively, the data subject has the right to seek judicial protection from a competent court.

Obligation to provide personal data

The data subject provides its personal data on a completely voluntary basis. The data subject is under no obligation to provide such data. There is no threat of any penalty for not providing personal data. However, if a data subject chooses not to provide its personal data to the controller, no contract involving the controller and the data subject may be concluded or performed. It is completely within the competencies of the data subject to decide to enter any contractual relationship with the controller or not.

Personal data protection

All personal data is secured using standard procedures and technologies. However, it is not objectively possible to completely guarantee the security of personal data. Therefore, it is impossible to provide a 100% guarantee that no third party will gain access to such personal data, it cannot be copies, published, modified or destroyed by defeating the controller’s security measures. Within this context, the controller commits to regularly conduct vulnerability checks of the system and to ensure it has not been subject to attack, and to apply such security measures that may be reasonably demanded of the controller to prevent unauthorised access to the provided personal data and that provide sufficient protection given the current level of technology. All accepted security measures are regularly updated.

GPS on aerial work platforms and the Q.Drive application

GPS monitoring devices are installed on all aerial work platforms owned by the controller to monitor their movements and to protect the controller's property. Aerial work platform positioning data obtained from GPS devices are processed by the GPS system operator (processor), who provides suitable guarantees and the processing of which meets the conditions under valid legislation and secures suitable protection for the rights of data subjects. The data controller does not connect any aerial work platform positioning data to any identifiable natural persons (data subjects). 

The controller uses the Q.Drive application to monitor the movement of its vehicles. Details concerning personal data processing that is conducted through this application are contained in the privacy policy contained right in the application.

Monitoring of the controller’s site

The controller monitors its site and facility with a CCTV system that keeps temporary video recordings.

Cookies

The controller uses cookies on its websites that are saved on the data subject’s devices. Cookies are small files that make a website more functional, customise website content to meet the needs of data subjects, and remember selected settings.

The operators of advertising systems operated on these websites also use cookies that are stored on the data subject’s devices. The controller uses the Google system for remarketing activities. Data from remarketing is exclusively used for segmentation of visitors for the purposes of presenting more relevant advertising materials. Segments are created using several general patterns of visitor behaviour.

Information gathered from Google Analytics cookies used to analyse site traffic and remarketing purposes are sent to Google, which is headquartered in the USA (a third country). The transfer of personal data to these companies is based on standard contractual clauses. Google uses such information for the purposes of evaluating the use of websites and creating activity reports from such sites for the controller. The information is also used to provide other services related to activity on the site and the use of the Internet in general. Google may provide such information to third parties if required by law or if such third party processes this information for Google.

The Google Analytics service is an expansion of the related advertising functions provided by Google, specifically: Google Display Network impressions, remarketing (showing content network ads based on viewed products) and extended demographic reports (reporting anonymous demographic data).

If a data subject does not want to provide anonymous data on Internet usage to Google Analytics, they may use the plugin provided by Google. Data will no longer be transmitted once installed in your browser and activation. More information on the processing and use of data is provided in Google’s terms and conditions.

Standard browsers (Safari, Internet Explorer, Firefox, Google Chrome and others) support cookies. Data subjects may delete individual cookies manually, block cookies or prohibit their use or simply block or allow cookies for individual websites using their browser settings. Data subjects may also use the help or other features provided with their browsers for more information. If a data subject’s browser is configured to accept cookies, the controller will operate under the assumption that such consent is for the use of standard cookies from the controller’s server.

The controller will not associate the data obtained from cookies with any other data and shall handle this data in a way that does not allow specific persons to be identified.

The controller uses temporary cookies and persistent cookies on its websites. Temporary cookies are only stored on the given device until the browser is closed. Temporary cookies allow information to be saved when navigating from one site to another and eliminate the need to repeat the entry of certain data. Persistent cookies enable the identification of a data subject’s device on frequently visited websites and the modification of site content to match the user’s interests, but do not allow for the identification of a specific individual. The information obtained from cookies is stored in a completely unanimous manner and is not associated with any other data.

The following table shows how the controller uses the individual types of cookies:

Publisher / Cookie name

Type

Retention

Description

php
(PHPSESSID)

Necessary for the functionality of the site

Temporary

Serves to improve site functionality (remembering the selected settings, etc.)

Google Analytics
(_ga,_gid)

Analytical, marketing

90 days Persistent

Used to distinguish individual users. The cookie is refreshed every time data is sent to Google Analytics.


Cookie settings

You can adjust which cookies with the following settings will be used on this page.

Necessary technical cookies

These cookies are essential for your movement on the website and the use of all functions, such as setting privacy preferences, logging in or filling out forms. Without these cookies, it would not be possible to properly provide the services required when using our site. Necessary cookies do not require the user's consent according to the relevant legal regulations. You can also configure your web browser and block the necessary cookies, but you may not be able to use all the features of the site as you wish.

Performance cookies

These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our site. They help us identify which sites are the most popular and which are the least, and see how visitors navigate the site, which helps us optimize your experience. All information that these cookies collect is aggregated and therefore anonymous. If you do not enable these cookies, we will not be able to use your data in this way.

Advertising cookies

These cookies (also called targeted or promotional cookies) are used to display advertisements on third-party sites that would be more relevant to your person and your interests. They are also used to limit ad views and measure the effectiveness of ad campaigns.