Personal Data Protection Policy
The Asseco Central Europe company (“Asseco CE”) is active in all areas where technologies and business merge with everyday life. Our extensive experience gained in all market areas allows us to create reliable and modern products.
Asseco CE makes all efforts to maintain the top standards when it comes to management, communication, and transparency. Our business activities are based on compliance with valid laws and regulations governing privacy and personal data protection.
Asseco CE undertakes to process personal data while protecting it to the maximum possible extent and preserving all rights of the natural persons (data subjects) whose personal data the company processes.
Personal data collection and processing are always carried out in compliance with the principles of lawfulness, transparency, and correctness.
Relevant measures are taken in the areas of organization, processes, and technologies to safeguard protection within personal data processing and to preserve personal data integrity, availability, privacy, and resilience.
Only authorized persons have access to personal data and the data is disclosed to other entities only where it is necessary to comply with legal purposes and/or legitimate interests or based on consent given by data subjects.
Personal data is processed only to the required extent and throughout the required period of time.
The measures are subject to regular audits, efficiency assessments, and improvements.
New requirements resulting from legislation and/or imminent threats are implemented without undue delay.
Any violation of personal data protection is subject to registration and investigation and where such violations affect the rights of data subjects, they are reported to the supervisory authority and also to the data subjects concerned where the risks posed to their rights are high.
Joint controllers of personal data
Asseco CE processes and protects personal data together with the following companies:
- Asseco Central Europe, a.s., registered office: Prague 4, Budějovická 778/3a, 140 00, organization ID no.: 27074358, hereinafter referred to as “Asseco CE CZ”,
- Asseco Central Europe, a.s., registered office: Trenčianska 56/A, 821 09 Bratislava, organization ID no.: 35760419, hereinafter referred to as “Asseco CE SK”.
Purposes and personal data processing methods are determined by individual companies of Asseco CE. Asseco CE companies are joint controllers of personal data in the meaning of Article 26 of the GDPR.
The joint personal data protection limits of Asseco CE companies have been set based on the processes and activities carried out by the companies, their branches, and their workplaces. Personal data protection principles have been set uniformly for all the companies.
The personal data protection concept determines the basic principles of protection of rights of data subjects in connection with personal data processing by Asseco CE. This concept applies fully to all Asseco CE companies, including their headquarters, branches, and employees.
Each Asseco CE company undertakes to comply with personal data protection policies, personal data processing and protection principles, internal regulations, and instructions issued for the entire group in order to protect the personal data it processes or to which it has access within its processes and activities.
Each company is fully responsible, to the extent of personal data processing by the company, for compliance with the requirements determined by legislation and internal regulations of Asseco CE in the area of personal data protection. The management of each company is responsible for implementation of measures and audits concerning compliance with relevant requirements.
Personal data processing and protection principles
Personal data and period of processing
We collect personal data in compliance with the European legislation governing the area of personal data protection and, in particular, with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). We keep records concerning personal data processing activities and act as the controller of such personal data.
We process personal data based on legislative and contractual purposes, legitimate interests, or based on consent given by data subjects.
We collect the personal data serving for unequivocal identification of natural persons, personal contact data allowing communication, and other information related to provided services and activities. Contact data means, in particular, addresses, telephone numbers, e-mail addresses and other detailing information provided to us.
We process personal data throughout the period of time determined by legal regulations as concerns the processing based on legal requirements; throughout the periods of time defined based on individual legitimate interests; and throughout the period of time specified in the consent form where data processing is carried out based on consent. After the end of the determined period of time, we stop processing of relevant personal data and the data is then subject to anonymization or deletion and destruction.
Personal data collection
We collect personal data from data subjects within negotiations carried out by our employees in order to conclude a business deal or provide a service; upon entering into a contract or order and within their execution; and/or based on other legal grounds.
Personal data is obtained also from other data controllers based on data subjects´ consent to personal data disclosure.
Purposes of personal data processing
We process personal data for our internal needs, to safeguard protection of our rights and legitimate interests, to assess activities, to monitor the services provided by us, to enhance customer satisfaction, and to extend the portfolio of our products and services.
We process personal data for the purposes related to the products and services supplied by us and in order to secure all activities related to implementation of ordered projects and services.
Furthermore, personal data is processed also for business purposes, for the purposes of development of new products, in order to inform customers about our new products and services, and to enhance our offers for our customers.
Personal data protection
Personal data processing is carried out in compliance with the requirements concerning maximum protection of the personal data subject to processing against unauthorized access, unauthorized transfer, loss or destruction, and/or another possible abuse. Personal data processing is subject to security related inspections and technological mechanisms.
Inspections and audits are carried out both internally and externally as concerns our customers in respect of compliance with the processes intended to ensure physical and technical security and security of processes.
The persons working with personal data abide, within fulfilment of their work duties or contractually defined tasks, by the confidentiality obligation set out based on the relevant contractual relationship. The confidentiality obligation survives the end of their employment or contractual relationship with us.
Disclosure and provision of personal data
Personal data is disclosed only within fulfilment of legal obligations or based on the consent given by the data subject concerned.
Categories of personal data recipients are as follows:
- public authorities and government bodies,
- contractual partners who carry out processing on our behalf based on contracts with relevant provisions concerning personal data processing; we always require provisions of guarantees concerning the technical and organizational measures safeguarding protection of transferred personal data within processing and compliance with contractually set processing principles;
- other controllers based on the order given by the data subject concerned or with their consent.
Personal data transfers are carried out always in compliance with the personal data protection requirements and rights of data subjects, while applying technical measures and measures intended to safeguard security of procedures.
Personal data processing based on consent
As concerns the processing based on informed consent, data subjects may freely decide whether they give or refuse to give their consent to the extent suggested by us. Within processing of the personal data obtained based on consent we are bound by the scope of the consent.
The consent may be withdrawn at any time in the same way as it has been given or by filing an application using the contact data specified below.
In case of consent grant refusal or withdrawal of already given consent, we stop processing of the personal data concerned as soon as possible subject to our technical and organizational possibilities.
The consent to personal data processing may be given again at any time.
Right to access to personal data
A data subject may request the information about his/her personal data registered, processed, and kept by us. We will prepare and provide, without undue delay, the relevant information for the data subject in an agreed manner that ensures protection of the data subject´s rights.
Personal data rectification
Based on a notice or request for a change in the personal data, we will rectify our records without undue delay. If we establish, based on your own activities, that the personal data is not true or up to date, we notify the relevant data subject about the need to rectify it and if the data subject concerned fails to confirm it, we will delete the data kept by us.
Procedure for filing an objection and consent withdrawal and other requirements
Data subjects may enforce their objections against personal data processing, withdraw their consent, request a change in the consent scope, and raise a question or requirements concerning the area of personal data protection by contacting us via e-mail to the below specified address, in writing using our mailing addresses, or personally at the reception desk of any of our companies where there are forms available for enforcements of rights or reporting of violation of personal data processing principles or protection.
Data subjects may file objections or complaints also with the supervisory authority (Office for Personal Data Protection of the Slovak Republic).
Obligation to provide information
The policy, concepts, and principles of personal data processing and protection are available at the website of Asseco CE.
All our employees are familiarized with the obligations related to and the principles of personal data processing and protection via regular obligatory trainings. Personal data protection forms part of contractual relationships.
Contact data of Data Protection Officer
Data Protection Officer in Asseco CE, a.s. Česká republika [email protected], +420 703 821 417
Data Protection Officer in Asseco CE, a.s. Slovenská republika [email protected], +421 904 802 487
Use of cookie files within the website of the Asseco company
Purpose of the policy
The policy applies to all websites of the Asseco CE company, the sites within the global domain www.asseco-ce.com owned by the Asseco CE company, and other websites operated by the Asseco CE company of the Asseco Central Europe Group, which are hereinafter referred to only as Asseco websites.
This personal data protection policy defines the type and manner of collection of information via Asseco websites and the purpose of its processing.
The Asseco CE company declares that Asseco CE websites are operated with the maximum care, in compliance with the technical know-how rules, professional approach, valid legal regulations and the European legislation governing the area of personal data protection, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU L. 2016 no. 119/1).
We highly respect the privacy of user visiting our websites.
We archive the inquiries sent to our server in compliance with the best practice principle applied by a majority of web service providers. It means that we have public IP addresses that users make use of to view the information provided within our services. The viewed sources are identified by URL addresses and the following:
- inquiry arrival time,
- time necessary to send a reply,
- client station name – identification is carried out using a relevant protocol,
- information about the errors that occurred within a session,
- URL address of the site visited by the user prior to visiting our site (referrer link) – where the company´s site is visited via a reference link,
- information about the browser version.
Regardless of the above stated, there may be circumstances under which provision of a required service or execution of a process requires information about the user other than the information specified above, including personal data. In such a case, the user will be informed about the need to disclose certain information, including personal data, and the purpose of use of the information. The user may make a voluntary decision concerning disclosure of their personal data. The request for completion and sending of a form/questionnaire is always accompanied by the information about the type of personal data and the purpose of its collection.
The disclosed data will be processed during the period of time necessary to achieve the purpose of personal data processing unless the law determines otherwise.
If the user provides a third-party data in the form/questionnaire, it is assumed that the user has obtained relevant consent from the person whose data is disclosed.
Users are entitled to request termination of processing of their personal data at any time and in such a case, the relevant data will be deleted.
We declare that through websites of the Asseco company we do not collect, monitor or verify the information about the age of the users visiting them. No information is collected allowing the Asseco companies to determine whether users (including recipients and users of e-mail lists, questionnaire-based surveys, and the persons participating competitions organized using them) have the capacity to enter into legal acts.
- to provide services,
- to adjust the website content to the user´s terminal device, to save individual settings of the user, and to optimize use of websites,
- to improve security through checking possible abuse during the use of websites,
- to obtain aggregate and anonymous statistical data in order to improve functioning of websites,
- to preserve sessions with the user (the websites offering the log-in option for the user) so that the user does not have to log in again with the username and password on each website,
- to allow use of basic functionalities of websites (e.g., information about visited websites so that they can be visited again at the user´s request),
- for marketing and advertising purposes - adaptation of the advertising content displayed on the Asseco websites and other websites based on the user´s choices.
Asseco websites use the following types of cookie files:
- temporary cookies – they are saved only while visiting websites, i.e., until logging out and closing the websites or the browser,
- permanent cookies – those are downloaded into the user´s device and saved until the end of their lifecycle (the time limit is set within the cookie file) or until their deletion by the user.
Cookie settings are individual for each internet browser. Each user may either accept cookies, switch this option off, or restrict acceptance of cookies to a certain level within their device. We would like to draw your attention to the fact that the manner of acceptance of cookies may affect the comfort within the use of websites and as a result, some websites may be displayed insufficiently or incorrectly.
To manage cookies, select a browser and make relevant settings:
Unless you change cookie settings, the files will be downloaded into your terminal device and therefore Asseco CE will save user data in the terminal device and have access to it.
Accessibility of websites
Websites of the Asseco company may contain links to websites of other entities. The Asseco CE company cannot influence personal data protection policies of such entities and therefore, it is not responsible for their personal data processing and protection policies.
All personal data provided by the use via the websites of the Asseco company may be used for marketing and PR purposes only where users give their consent to receiving commercial information.
Recruitment of employees
Websites of the Asseco company may be used within recruitment of new employees, interns, or partners for Asseco CE or other companies of the Asseco CE group. The personal data obtained in this way is used for only within recruitment processes and to hire new employees. By completing the job application form, the user gives their consent to participation in the recruitment processes carried out by the Asseco CE company. The consent applies to all the documents submitted within recruitment. The data is processed throughout the term of consent. The consent may be withdrawn at any time.
Disclosure of information to clients and partners
The personal data and information obtained through the websites of the Asseco company may be used by Asseco CE companies for development and management of business relationships with users, i.e., partners or clients. In particular, commercial information, information about products, marketing information or information about partners´ programs may be sent. The companies in the Asseco CE group reserve the right to disclose the information to other higher-ranking affiliated companies in order to provide services where disclosure of such information is possible based on granted consent.