Information on personal data processing in the company
Charter Advisory s.r.o.
- This information on personal data processing contains information on how personal data is handled within the activities of the company Charter Advisory s.r.o., company registration number: 03235076, with registered seat K letišti 1040/10, 161 00 Praha 6, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 229114 (hereinafter referred to as “Charter Advisory”).
- These rules govern the principles of personal data processing contact persons and customers who contact Charter Advisory for the purpose of services mediation (hereinafter referred to as “customer”).
- Charter Advisory serves as an administrator with regard to personal data processing. Within the scope of Charter Advisory activities, personal data could be passed on to the third parties, especially, if the purpose is to fulfil contractual obligation (e.g. carriers and airport representatives, etc.).
- Charter Advisory can also use a so called processors to process personal data. These subjects can process personal data only on the basis of a processing contract and for the purposes and by means, which shall be determined by Charter Advisory and they cannot extend them without further consent.
2. Legal basis for personal data processing
- Charter Advisory processes personal data on the basis of several legal reasons, that are distinguished according to the status of the personal data subject towards Charter Advisory.
- Charter Advisory processes personal data particularly to fulfil the purpose of the contract concluded by Charter Advisory with the personal data subject as a customer or on the basis of which the services should be provided by Charter Advisory and that the agreed services could be provided (processing according to the Article 6 paragraph 1 letter b) GDPR). Personal data are thus processed for the purpose of providing agreed service (other services under the contract, profiling of the customer for the purpose of providing discounts or other benefits) including the application of any potential claims made by you against final service provider.
- With regard to the character of the provided services, the Charter Advisory services cannot be provided without providing following personal data by the subject in the form of:
- name and surname,
- permanent residence address,
- number of identity document (passport, identity card), expiry date and country of issuance,
- date of birth,
- gender and biometric data (weight, height) (in case of air transport).
- Within their activities, Charter Advisory can be contacted by potential customers for the purpose of demand (e.g. preparation of quotation or contract, etc.). In this case, Charter Advisory is processing personal data for carrying out measures taken before concluding the contract at the request of the data subject, so called future contract performance (processing according to the Article 6 paragraph 1 letter b) GDPR).
- Charter Advisory also processes personal data for the purpose of performing legal obligations that are imposed on them by the legislation of the Czech Republic (processing according to the Article 6 paragraph 1 letter c) GDPR). I case of crisis situation - mainly realted to repatriation and humanitarian flights, Charter Advisory is entitled to provide personal date to embassies and governmental entities, that are coordinating and granting permissions to the flight.
- With regard to the character of the provided services, personal data can be further processed in order to protect the vital interests or interests of another natural person in the form of ensuring highest possible protection of life, health, alternatively property (processing according to the Article 6 paragraph 1 letter d) GDPR).
- Personal data are processed for the purposes of the legitimate interests pursued by Charter Advisory, that are defined as (a) a protection of the Charter Advisory rights arising from the concluded contract in case of breach or (b) if any claim related to concluded contract is made against Charted Advisory by the data subject. Personal data can thus be processed for the purposes of legal defence, potential judicial or execution proceedings (processing according to the Article 6 paragraph 1 letter f) GDPR). In case of concluding a service contract, the provided e-mail address will also be used for direct marketing purpose. In this context, each data subject shall have the right to object according to Article 21 GDPR against personal data processing by reason of legitimate interests specified above.
- Charter Advisory also processes personal data on the basis of given consent granted in written, electronic or other recordable form (processing according to the Article 6 paragraph 1 letter a) GDPR The extent of personal data processed in this way is described in more detail in the Article 3 of this information. This section mainly refers to personal data subjects who have not concluded a service contract.
- Based on the consent, personal data are processed for marketing purposes, particularly in the form of sending offers of Charter Advisory and business partners of Charter Advisory. The consent is also provided for the purposes of customer profiling in order to offer discounts or other benefits from Charter Advisory which will best match customer profile.
- If personal data of the third parties are provided to Charter Advisory, it is the duty of the data subject to inform any person it concerns and ensure the person accepts these terms of personal data protection, or inform the person properly about personal data processing by Charter Advisory.
3. Categories of personal data processed
- In case a service contract has been concluded, following personal data are usually processed:
- passport information / information about similar ID card, event. copies thereof,
- date of birth,
- telephone number/s,
- e-mail address/es,
- social media account/s information,
- biometric data (namely weight, hight) (C),
- IP address associated with you,
- Personal data that are sensitive are marked with the letter “(C)”. Sensitive personal information are processed only if it is necessary for providing relevant service.
- In case the service contract has not been concluded, the following personal data are processed:
- e-mail address/es,
- social media account/s information,
4. Period of personal data processing
- In case of personal data for processing of which the data subject has given the consent, such personal data are processed for the period for which the consent has been granted.
- In case of personal data that are processed under other relevant provisions of GDPR, such data are processed for the period necessary to achieve or fulfil the legal reason for processing (e.g. provision of the agreed service, for the period necessary to prove to the competent authorities of the Czech Republic the provision of the service according to accounting and tax regulations and for the period necessary to protect the rights in the event of breach of contract, etc.) in all cases, however, always, at least, for the limitation period regarding potential claims arising from concluded contract or in relation to the concluded contract.
5. Method of personal data processing
- Personal data are processed electronically in the Charter Advisory electronic system, or in the electronic system of the persons to whom these personal data will be transferred on the basis of a processing contract.
- Personal data can also be processed in the form of a tangible document (a document on the paper or similar tangible medium) that shall be stored in the Charter Advisory secure file cabinet.
- Charter Advisory has implemented measures to maximize personal data protection from their misuse or loss. All persons on the side of Charter Advisory who come into contact with personal data have been properly trained and screened for this purpose. The archive of paper documents is secured against the invasion of unauthorized person. The archive is secured by locks and other physical protection security measures. Electronically processed personal data are stored in a secured database.
6. Transfer of personal data abroad
- With regard to the character of provided services by Charter Advisory, personal data can be transferred to the other Member States of the European Union and to the third countries (i.e. to countries outside the European Union). In case of personal data transfer to the third countries, Charter Advisory acts on the basis of a contract concluded with the recipient of personal data which shall contain a standard contractual clause in the form required by European Union legislation. Personal data will be transferred only to the necessary extent.
7. Rights of data subjects
- Personal data subject shall have the following rights in relation to the processing of personal data:
- Where the data subject has given his consent to the personal data processing in the form of consent, the data subject shall have the right to withdraw the consent granted. The withdrawal of the consent can be made by written notice sent by post to the address of the Charter Advisory's registered office or electronically to e-mail address [email protected] (name, surname, date of birth and permanent residence address of the data subject who is withdrawing the consent must be stated in the withdrawal), by clicking on the appropriate link situated in the foot of each commercial notice or in the user profile settings. In relation to the withdrawal of the consent, the data subject takes into consideration that Charter Advisory remains authorized to process personal data if the purpose of the processing is based on a reason foreseen by GDPR other than consent. At the same time, the data subject must be aware that in the event of withdrawal of the consent, the lawfulness of the personal data processing resulting from the granted consent is not affected in any way. Thus, even after the withdrawal of the consent, personal data processing by Charter Advisory shall be considered as lawful during the period of validity of the consent.
- The right to request the access to personal data to the extend according to Article 15 GDPR.
- The right to rectification of provided personal data according to Article 16 GDPR.
- The right to require the erasure of personal data according to Article 17 GDPR.
- The right to require the restriction of personal data processing according to Article 18 GDPR.
- The right to personal data portability to another controller according to Article 20 GDPR.
- The right to lodge a complaint against Charter Advisory as a personal data controller, with a supervisory authority, The Office for Personal Data Protection (https://www.uoou.cz/) (Article 77 GDPR).
- If the data subject decides to exercise any of the abovementioned rights, Charter Advisory is obliged to identify the data subject, i.e. to verify whether the exercise of rights is requested by the person whose personal data we process.
8. Do you process my sensitive personal data?
- In case of sensitive personal data, such data are processed only if they have been provided to Charter Advisory by the data subject and/or if they have been published by the data subject, or if their processing is necessary to protect the vital interests or those interests of another natural person. In other cases, if they happen, such sensitive personal data are processed only on the basis of the consent given.
- If you have any comments regarding personal data processing or in case of exercising your rights you can contact Charter Advisory as follows:
- e-mail: [email protected]
- telephone number: +420 775 677 029