FREE CALL:
800 200 201
RULES ON THE PROTECTION OF Personal Data
I. BASIC DATA
1.1 The Administrator of Personal Data is a commercial company operating under the business name ybox24 s.r.o., IČ(CRN): 276 44 669, with the registered office at Kladno, Kročehlavy, Unhošt'ska 2743, Postal Code: 272 01, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 121160 [hereinafter also referred to as the Administrator].
1.2 This Policy [hereinafter referred to as the Policy] regulates the collection and processing of Personal Data of customers by the Administrator when providing a service with the trade mark "ybox24", which means providing short-term storage of movable items in storage boxes located in dispensing facilities operated by the Administrator and marked with the logo "ybox24" [hereinafter also referred to as the Service].
1.3 When processing Personal Data, the Administrator is governed by the applicable legislation, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [hereinafter referred to as the EU Regulation].
II. SPECIFICATION OF THE Personal Data PROCESSED, REASON AND PURPOSE OF THEIR COLLECTING
2.1 If the Customer wishes to use the Service, the Administrator processes the Customer's telephone number, as the Service cannot be used without a telephone number.
2.2 If the Customer communicates with the Administrator when using the Service or in connection with its use by email, the Administrator also processes:
a) the name and surname or company name of the Customer;
b) the Customer's email address;
c) mutual email communication between the Administrator and the Customer.
2.3 If the Customer complains about the Service, the Administrator shall require the Customer to
(and subsequently process) their following Personal Data:
a) the Customer's name and surname or company name;
b) the telephone number from which the Service was ordered;
c) the Customer's email address;
d) the Customer's contact telephone number, if different from the number from which the Service was ordered;
e) the outcome of the complaint procedure and the mutual communication between the Administrator and the Customer.
2.4 The processing of Personal Data referred to in clauses 2.1 and 2.2 of this Policy is carried out by the Administrator solely to perform the concluded contract for the use of the Service. It is, therefore, a reason in accordance with Article 6(1)(b) of the EU Regulation.
Page 1
2.5 The processing of Personal Data referred to in section 2.3 of this Policy is carried out by the Administrator solely to protect its legitimate interests in defending its claims. Therefore, This is a reason per Article 6(1)(f) of the EU Regulation.
2.6 The Administrator only processes Personal Data that it has received from the Customer in its communication with the Customer. The Administrator does not seek or process Personal Data about the Customer that it has learned from public sources or otherwise than from the Customer.
III. PERIOD OF PROCESSING OF PERSONAL DATA
3.1 The Administrator shall process and retain the Personal Data collected pursuant to clauses 2.1 and 2.2 of this Policy for the duration of the Service provision and for six (6) months from the date of termination of the Service. Suppose the Customer is regarded as a Registered Customer within clause 4.2 (a) of the General Terms and Conditions of Provision of the "ybox24" Service. In that case, the Administrator shall process and store the Personal Data obtained pursuant to clauses 2.1 and 2.2 of this Policy for the period during which the Customer is registered in the "ybox24" mobile application and for a period of 6 months from the date on which the Customer has cancelled his/her registration in this mobile application.
3.2 Personal Data obtained pursuant to clause 2.3 of this Policy shall be processed and stored by the Administrator for three (3) years from the end of the complaint procedure.
IV. TRANSFER OF PERSONAL DATA
4.1 The Administrator shall use the Personal Data obtained from the Customer exclusively for its internal use and shall protect it from misuse.
4.2 The Administrator shall not disclose Personal Data obtained from the Customer to other parties, except in the following cases:
(a) The Customer consents to the Administrator disclosing the Personal Data to another person; or
b) the provision of Personal Data to the Administrator's auditors; or
c) providing Personal Data to entities that will provide legal services to the Administrator (collecting unpaid fees for use of the Service, defending against customer claims, and so forth); or
(d) Providing Personal Data to authorised governmental authorities will require such Personal Data when performing their legal duties.
V. CUSTOMER RIGHTS
5.1 In particular, the Customer has the right to:
(a) the right to access their Personal Data and the right to request the Administrator to confirm which of his/her Personal Data is/is not processed by the Administrator – the Customer shall be entitled to request the Administrator to send him/her information as to whether or not his/her Personal Data is processed and, if it is processed, the Customer shall have the right to obtain such Personal Data; the Customer shall also have the right to request further information as referred to in Article 15 of the EU Directive;
Page 2
c) the right to the erasure of their Personal Data - the Customer has the right to request that the Administrator erase their Personal Data if such Personal Data is processed unlawfully;
d) the right to restriction of the processing of Personal Data - the Customer has the right to block their Personal Data if the conditions set out in Article 18 of the EU Regulation are met;
e) the right to data portability - the Customer has the right to obtain the Personal Data concerning them which they have provided to the Administrator in a structured, commonly used and machine-readable format and to transmit such data to another Administrator without hindrance from the Administrator the Customer also has the right to request the Administrator to transmit their Personal Data in a structured, commonly used and machine-readable format to another Administrator, if technically feasible;
f) the right to object - the Customer has the right to object to the processing of his Personal Data based on legitimate or the public interest of the Administrator- in this case, the Administrator is obliged to verify and duly justify whether the legitimate or public interest outweighs the interests of the Customer in the protection of his Personal Data;
g) the right not to be subject to a decision based solely on automated processing, with the exceptions set out in Article 22(2) of the EU Regulation - the Customer has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects or significantly affect them;
h) the right to withdraw consent -- where the Customer has given permission to the Administrator to process their Personal Data, they have the right to withdraw that consent at any time;
i) the right to complain with a supervisory authority -- if the customer believes that the Administrator is unlawfully handling their Personal Data, may complain to the supervisory authority, which is the Office for Personal Data Protection;
j) the right to adequate judicial protection against the supervisory authority - if the Customer has doubts about the correctness of a binding decision of the supervisory authority or if the supervisory authority is inactive, the Customer may claim/defend his/her rights in the administrative courts;
k) the right to adequate judicial protection against the Administrator-- if the Customer believes that the Administrator is violating their rights in the processing of Personal Data, they have the right to judicial protection; the right to be represented by a non-profit entity, organization or association whose statutory objectives are in the public interest and is active in the field of the Customer's rights and freedoms;
Page 3
m) the right to compensation for damages - the Customer the right to compensation for material or immaterial damages suffered as a result of the breach of the Administrator's obligations arising for them from the EU DirectivCustomer
VI. OTHER PROVISIONS
6.1 The contact details of the Administrator are as follows:
Business name: vbox24 s.r.o.
IČ(CRN): 276 44 669
DIĆ(TIN): CZ27644669 .
Registered office: Kladno, Kročehlavy, Unhošt'ska 2743, PSC: 272 01
Registration in the Commercial Register: the Municipal Court in Prague, Section C, Insert 121160
Phone: + 420 800 200 201, +420 602 200 004
Email address: info©yvbox24.cz.
6.2 The Administrator hereby reserves the right to update this Policy if such a need arises.
6.3 Any queries regarding this Policy may be made to the Administrator by email to the Administrator's email address set out in clause 6.1 of this Policy.
VII. SIGNATURE CLAUSE
In Kladno, date : 21.8.2021
________________________________
ybox24 s.r.o.
Petr Stěpánek - Managing Director