This privacy policy is applicable to all activities of profid, hub by profid and of any other brands operated by ProFid.

This privacy policy is governed by the Czech Republic’s second data protection act. This Personal Data Processing Act 2019 No. 110/2019 Coll. is the implementation of the EU legal framework: GDPR, Data Protection Directive 2016/680 (LED) & PNRD.

This policy covers how ProFid treats personal data that we collect, receive and control, including data related to past use of ProFid’s products and services.

Personal data is data about you that is personally identifiable like your first and last name, address, email address, or phone number, and that is not otherwise publicly available.

ProFid controls personal data within the scope of the services that profid, hub by profid or any other brand operated by ProFid provide, supported by its marketing activities.

In its responsibility of Data Controller, ProFid ensures that data subjects’ rights according to the GDPR and the Personal Data Processing Act 2019 No. 110/2019 Coll. are observed.

Your data shall be used for purposes of the execution of the financial services by ProFid.

The legal basis for the processing of the data for the purpose of the execution of financial services is your consent given in the service agreement, to which this privacy policy is an addendum.

The provision of personal data necessary for the execution of the financial services provided by ProFid is a contractual requirement. The provision of data for such purpose is the obligation of the data subject. If you do not provide the data, ProFid cannot fulfil the obligations from the mentioned agreement.

Occasionally, we may also use personal data to contact you to take part in market research surveys, so that we can measure customer satisfaction and continuously improve our services. Your personal data can also be used, among other things, for the purpose of sending out mass newsletters.

At times we may be required by law or legal process to disclose your personal information. In cases when disclosure is necessary for the public interest, we may respond positively as well.

Under article 28 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and article of 28 (7) Regulation (EU) 2018/1725 of the European Parliament and of the Council you have the right of access, rectification, erasure (right to be forgotten) and transfer (portability) data concerning you. In addition, you can request a restriction or object the processing of your data. You can exercise these rights by sending a mail to the following address: info@profid.cz. To modify your data, please contact us.

For information on the use that will be made of the data, you can send your request to the email address info@profid.cz. If you grant consent with processing of your personal data to ProFid for the purpose of the execution of financial services, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal may be done by contacting us on the above e-mail address. Please note that withdrawal of your consent could impede our capability of providing you with the contracted financial services but does not release you from your obligations under same agreement.

When you have contacted us via our website or signed up for our newsletter or any other publication, you can unsubscribe at any time by clicking on the unsubscribe link in all our e-mails. Your data may be transferred to third parties located outside of the E.U. (for example, Mailchimp, https://mailchimp.com/legal/).

The EU and the USA have adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU – for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework.

When transferring your data to third countries, ProFid has ensured that appropriate security controls are in place and that all obligations provided by the Regulation are fulfilled.

Lastly, you have the right to lodge a complaint with your national supervisory authority – Office for Personal Data Protection of the Czech Republic (in Czech “Úřad pro ochranu osobních údajů”) seated at Pplk. Sochora 727/27, 170 00 Prague 7-Holešovice, Czech Republic.

CONTACT FORMS

Data transmitted via contact forms, including your contact details, will be stored to process your request or to be available for follow-up questions. This data will not be passed on without your consent.

The data entered in the contact form will only be processed based on your consent (Art. 6 Para. 1 a GDPR). You can withdraw your consent at any time. An informal notification by email is enough for the revocation. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.

Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or there is no longer any need for data storage. Mandatory legal provisions – especially retention periods – remain unaffected.

DATA STORAGE PERIODS

ProFid keeps the data for a minimum period of five years or as long as is necessary to fulfil the purpose of collection or further processing.

STORAGE PERIOD OF CONTRIBUTIONS AND COMMENTS

Posts and comments as well as related data such as IP addresses are saved. The content remains on our website until it has been completely deleted or had to be deleted for legal reasons.

WEBSITES SSL OR TLS ENCRYPTION

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our websites https://profid.cz, https://hub-by-profid.cz, and web applications used for the execution of our services, such as ESO9, for example, use an SSL or. TLS encryption. This means that data that you transmit via these websites cannot be read by third parties. You can recognize an encrypted connection by the “https: //” address line of your browser and by the lock symbol in the browser line.

EXTERNAL LINKS

Our websites may contain hypertext links to other websites. We make no commitment regarding any other site to which you could access via our website, and we would in no way be responsible for the content, operation, and access to these sites.

SERVER LOG FILES

The provider of the websites automatically collects and stores information in server log files that your browser automatically transmits to us. These are:

  • Visited pages on our domains
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.

Personal data will only be transferred to third parties if there is a need for the execution of the contract. Third parties can be payment service providers, for example. A further transmission of the data does not take place or only if you have expressly agreed to this.

The contributions and comments are saved based on your consent (Art. 6 Para. 1 a GDPR). You can withdraw your consent at any time. An informal notification by email is enough for the revocation. The legality of data processing that has already taken place remains unaffected by the revocation.

COOKIES

Our websites use cookies. These are small files that your web browser stores on your device. Cookies help us to make our websites more user-friendly, effective, and secure.

Some cookies are “session cookies.” Such cookies are automatically deleted after the end of your browser session. On the other hand, other cookies remain on your device until you delete them yourself. Such cookies help us to recognise you when you return to our website.

With a modern web browser, you can monitor, restrict, or prevent the setting of cookies. Many web browsers can be configured so that cookies are automatically deleted when the program is closed. Deactivating cookies can result in limited functionality of our websites.

The setting of cookies, which are necessary for the exercise of electronic communication processes, or the provision of certain functions desired by you (e.g. shopping cart), takes place based on Art. 6 Para. 1 lit. f GDPR. As the operator of these websites, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are treated separately in this data protection declaration.

GOOGLE WEB FONTS

Our websites use web fonts from Google. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

By using these web fonts, it will be possible for you to present our website as desired, regardless of which fonts are available locally. This is done by accessing the Google Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This is your IP address and which page you have visited. Google Web Fonts are used based on Art. 6 Para. 1 lit. f GDPR. As the operator of these websites, we have a legitimate interest in the optimal presentation and transmission of our website.

The EU and the USA have adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU – for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework. This applies to data transfers to a third country and therefore, to Google Web Fonts.

You can find details about Google Web Fonts at: https://www.google.com/fonts#AboutPlace:about and further information in Google’s data protection regulations: https://policies.google.com/privacy

GOOGLE ANALYTICS

Our website uses functions of the web analytics service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies.” These are small text files that your web browser saves on your device and enable an analysis of website use. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. The server location is usually the USA.

Google Analytics cookies are set based on Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in analysing user behaviour to optimize our website and possibly also advertising.

IP anonymization

We use Google Analytics in conjunction with the IP anonymization function. It ensures that Google shortens your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. There may be exceptional cases in which Google transmits the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activities and to provide us with other services related to website and internet use. The IP address transmitted by Google Analytics is not merged with other Google data.

Browser plugin

The setting of cookies by your web browser can be prevented. However, some functions of our websites could be restricted. You can also prevent the collection of data regarding your website usage including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plug-in that can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking the opt-out cookie that prevents the collection of your data on future visits to our websites.

You can find details on the handling of user data at Google Analytics in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

Demographic characteristics in Google Analytics

Our websites use the “demographic features” function of Google Analytics. It can be used to create reports that contain information about the age, gender and interests of the website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This is possible via the ad settings in your Google account or by generally prohibiting the collection of your data by Google Analytics, as explained in the section “Objection to data collection”.

YOUTUBE

Our website uses YouTube plugins for the integration and display of video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When calling up a page with an integrated YouTube plugin, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited.

YouTube can assign your surfing behaviour directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find details on handling user data in YouTube’s data protection declaration at: https://policies.google.com/privacy.

INTELLECTUAL PROPERTY

By connecting to our websites, which are the holder of all the intellectual property rights relating thereto, you prohibit yourself from copying or downloading all or part of their contents, unless prior and express authorization of our share.

DATA PROTECTION OFFICER (“DPO”)

ProFid confirms that it has appointed a DPO within the meaning of the GDPR and undertakes to identify the DPO upon request in text form (e.g., by email).

DATA PROTECTION IMPACT ASSESSMENT (“DPIA”)

ProFid undertakes to execute a DPIA in the case when data processing will be “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR article 35(1)).

ProFid undertakes to execute a DPI when we add services or make any other significant change to which, and the way in, we collect, receive and control personal data, or upon a potential change in the lawful base we use to control personal data, that might likely result in a high risk to the rights and freedoms of natural persons.

DATA SECURITY

ProFid is bound by data secrecy, i.e., any persons employed by ProFid in the processing of data on ProFid’s behalf shall commit themselves to confidentiality and not process the data without authorisation.

Companywide awareness

To make sure your personal information remains confidential, we make sure that every ProFid co-worker is aware of, and follows ProFid privacy guidelines, as recorded in this Privacy Policy.

DATA BREACH

In case of a data breach, defined in the GDPR as ‘The destruction, loss, alteration, unauthorised disclosure of, or access to people’s data’, ProFid will report it within 72 hours of becoming aware of it to the local country data regulator and to the people it impacts in case the breach could have a detrimental impact on those who the data is about.

CHILDREN

ProFid does not knowingly solicit personal information from children or send them requests for personal information.

DATA PROCESSORS

Our data processors are:

  • For https://profid.cz and https://hub-by-profid.cz: WP Engine, Irongate House, 22-30 Duke’s Place, London, EC3A 7LP, United Kingdom. See also: https://wpengine.com/legal/privacy/
  • For https://insio.profid.cloud: INSIO software s.r.o., Biskupská 1065/1, 110 00 Prague 1 Czech Republic.
  • For ESO9, ESO9 international a.s., U Mlýna 2305/22, 141 00 Prague 4 – Záběhlice, Czech Republic.
  • For email marketing purposes: ECOMAIL.CZ, s.r.o., Na Zderaze 1275/15, Praha 2, 120 00 Czech Republic.

APPLICABLE LAW

Our websites and their legal notices are subject to Czech law.