PERSONAL DATA PROTECTION

Information on processing of customer personal data in connection with purchase of goods and provision of services and potential marketing activities of the company ECONOMY CLASS COMPANY s.r.o.

Activities of the company ECONOMY CLASS COMPANY s.r.o.

I. Activities of the company ECONOMY CLASS COMPANY s.r.o.

1. The scope of business of ECONOMY CLASS COMPANY s.r.o., with its registered office at Na Výhledech 1234/8, Strašnice, 100 00 Prague 10, Company ID No.: 26147289, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert No. 74422 (hereinafter referred to as the “Company”) primarily includes distribution and promotion of sale of products of the JOALIS information method.
2. An integral part of the business activity also involves marketing activities to promote the Company and the goods distributed by it and improving services performed to customers which also includes processing of our customers' personal data.

II. Controller or processor?

1. The company acts as a personal data controller.
2. Our Company informs that it is not obliged to have an appointed data protection officer in terms of the GDPR regulation. Should such data protection officer be required, the Company shall notify its customers and business partners thereof.

III. What do we have to meet to be able to process your data?

1. In its capacity as personal data controller, processing the personal data, the Company is obliged to comply with the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and (the GDPR) and also from the Personal Data Processing Act (hereinafter referred to as the “valid legal regulations”). Our Company regularly checks compliance of its policies with valid legal regulations and takes responsible approach to the execution of such obligations, with emphasis placed on keeping privacy of natural persons and protection of their data. Furthermore, the Company obtains required protection from third cooperating parties which act or may act as personal data controllers or their further administrators, processors or recipients of personal data in connection with personal data processing.

IV. What data about you do we process and for what purposes?

1. The main contact personal data and contractual details concerning our customers are processed for the purpose of conducting the contractual relationship and fulfilling obligations arising from such business relationship.
2. Furthermore, personal data is processed in order to comply with statutory obligations, in particular tax liabilities, obligations towards other administrative or judicial authorities, in relation to inspection authorities, etc.
3. Personal data is also processed on the basis of our Company's legitimate interest, particularly in connection with enforcing legitimate claims of our Company, supporting business activities, marketing, and management of the business relations within the group of companies to which our Company belongs.
4. Our Company processes personal data of customers, specifically for the following purposes:
   1. having dealings concerning conclusion of or amendment to a contract,
   2. performing a contract and providing services,
   3. complying with statutory obligations in connection with a relevant contract if legal regulations envisage compliance with such obligation,
   4. giving account of contractual claims and fulfilment of payment obligations,
   5. complying with accounting and tax liabilities,
   6. recovering receivables and exercising other claims via courts or other independent institutions,
   7. making assessment of customers' solvency,
   8. initial contacting of a customer,
   9. offering similar products and services,
   10. marketing activities, in particular keeping customer records and sending information on innovations concerning
   11. the controller's activities, etc.)
5. Personal data of potential customers is processed in order to enter into a future contractual relationship and sell our Company's goods or services.
6. In its capacity as personal data controller, the Company keeps an electronic database (CRM system) where it records basic personal data and contact details of its customers.
7. The customer personal data may also be processed within our Company's loyalty program, i.e. ECC Club, if the customer becomes its member. EEC Club is related to provision of a number of services and benefits, a bonus system, special discount offers, promotion, etc. In connection with the customer's involvement in the ECC Club, personal data is processed on the grounds of required registration of the customer and his subsequent involvement in a bonus program and concurrent provision of loyalty program-related benefits offered by our Company.
8. Within the CRM system, the customer personal data is processed to the following extent:
   1. Identification data: Name, surname,
   2. Contact details: Residential address, telephone number, e-mail address.
9. As regards legal entities or individuals engaged in business, the following data is processed:
   1. Identification data: Name of the firm, name, surname, Taxpayer ID number, ID number, registered office, place of business,
   2. Contact details: Mailing address, potential invoicing and delivery address, telephone number, e-mail address
   3. Additional personal data: Contact person's name and surname.
10. For the purpose of our Company's marketing promotion and improvement of the services, customers are also sent business communications in the form of information e-mail messages to electronic addresses provided by them and obtained in connection with purchase of goods and services and information bulletins in certain cases (payment of registration fee or involvement in an educational event). Sending business communications by e-mail may be rejected by the customer, easily and at no cost, at any time and the customer is informed of such option in any business communication. In case of cancellation of business communications being sent, the information bulletin is also automatically ceased to be sent unless such bulletin is directly purchased by the customer.
11. When visiting the website operated by our Company it may happen that “cookie” information will be stored on the data subject's computer which will automatically identify the customer during a next visit. For example, cookies allow to adjust a website to meet the data subject's interests or store user names which need not subsequently be entered. If the data subject does not wish the computer to be identified, one has to modify the setting of the Internet browser in a way to remove cookies from the computer's hard disc, block cookies or include a notice prior to cookies being stored.

V. How does your data come into our database?

1. We obtain new data into our database (CRM system) directly from our customers.
2. In our customer database the following data is inserted:
   1. The data obtained from contracts concluded (where our Company is a party to the contract),
   2. The data obtained directly from customers in connection with their involvement in the loyalty program.

VI. What persons have access to your personal data and whom do we transfer it?

1. All personal data is processed by our Company in its capacity as controller.
2. The customer database is not shared with any other personal data controller.
3. On a limited basis, we can share the processed personal data with processors who provide certain activities for us, such as
   1. Providing accounting and tax services,
   2. Providing invoicing services,
   3. Providing law office services,
   4. Providing system support by parent company or any other group company.
4. Contact details of our customers may also be, to a limited extent, shared with companies that provide transportation, storage services or inspection of goods sold, collection and treatment of unconsumed goods sold as well as packaging or with our contractual insurance company, but only to a necessary extent and for a necessary time.
5. IT services related to data processing are provided under our own steam engaging our employees for maximum protection and your privacy. Personal data is processed on the territory of the EU in order to back up and archive data and provide for operability and innovation of the IT system used within our group of companies.
6. Personal data processing for our Company may also be conducted by processors exclusively under a personal data processing agreement, i.e. with guarantees of organizational and technical safeguarding of such data and with the specification of the purpose of processing whereas the processors must not use the data for any other purposes.
7. Personal data may be disclosed in connection with fulfilment of statutory obligations while giving assistance to administrative authorities, in particular investigative, prosecuting and adjudicating authorities, inspection authorities, courts, distrainors, insolvency trustees, etc., always only to the extent provided by law and at their legitimate request.

VII. How long do we store it?

1. Our contractual partners' data are stored in the database throughout the entire duration of the contractual relationship for us to be able to perform the contract and any contractual obligations arising therefrom and exercise rights ensuing from the contract. For the purpose of contract performance, we can process required personal data even without the data subject's consent. In order to archive and fulfil statutory archiving and inspection duties and enforcing legitimate claims by our Company, we retain the data subjects' personal data for a minimum of another 10 years after the termination of the contractual relationship. If legal regulations provide for a shorter period of time for the fulfilment of the archiving or inspection duties, particularly in relation to a tax authority, the data is retained for such shorter period stipulated by legal regulations.
2. The data that is not kept in the CRM system shall be processed for the duration of the contract. In case of your consent being withdrawn, the personal data shall continue to be retained and processed if this is necessary for an effective enforcement of the legitimate claims of the parties or if such obligation arises from legal regulations.
3. If the purpose of processing ceases to exist, all data of the data subjects, or rather the data serving the relevant purpose, shall be deleted from our database.

VIII. What are the rights of individuals in processing their personal data?

1. An individual being the subject of the data that we process has the right:
   1. to have access to personal data under Article 15 of the GDPR,
   2. that the incorrect personal data be rectified under Article 16 of the GDPR,
   3. to request erasure of his personal data under Article 17 of the GDPR,
   4. to object to processing under Article 21 of the GDPR,
   5. to restriction of processing under Article 18 of the GDPR,
   6. to data portability to the extent provided by valid legal regulations under Article 20 of the GDPR,
   7. to file a complaint with the Office for Personal Data Protection – for more detailed information see www.uoou.cz in case that his rights arising from valid legal regulations have been violated.
2. Should you have any queries or requests for explanations concerning personal data protection, do no hesitate to contact us at ecc@joalis.cz or by telephone at + 420 604 247 774.

IX. Consequences of failure to provide personal data

1. Any failure to provide personal data gives rise to impossibility to conclude a contractual relationship and the arising incapacity to perform contractual obligations. Consent to personal data processing, if the same is given from your part, can always be withdrawn at no cost at ecc@joalis.cz or at telephone number + 420 604 247 774, or in writing to be sent to our Company's address.
2. If the consent to personal data processing is withdrawn in connection with our Company's marketing activities, the provision of the services or benefits for which the consent was given will be terminated upon the consent being withdrawn.

X. Transfer of personal data outside European Union

1. No personal data is transferred to any third parties domiciled outside the European Union.