Principles of personal data protection

issued by the company Montáže Brož s.r.o., company ID No.: 25955934, with its registered office at No. 36, 533 41 Pravy, registered in the Commercial Register maintained by the Regional Court in Hradec Králové, file number C 17372, as a controller of personal data (hereinafter “We” or the “Company”), within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”),

We inform you (hereinafter “You”), as a user of the website about the below described collection of personal data and privacy policy:

You will learn more in the text below, in particular:
1. What types of your personal data will be processed by us;
2. For what purposes and how do we process your personal data;
3. To whom can we transfer your personal data;
4. How long will we process your personal data, and
5. What are your rights in connection with protection of your personal data.

In case you need any explanation of the text, an advice or you need to discuss further processing of your personal data, you can contact us at any time at the e-mail address:


I. Processing of Personal Data of Children

Our website is not intended for children under the age of 16 years. We do not process personal data of children below the age of 16 years.

II. Scope and Method of Processing of Personal Data

When you contact us via the website, you may be asked to fill in certain details about yourself or your company. Such data may be in particular:

a. name and surname,
b. date of birth
c. business name,
d. residence address,
e. telephone number or
f. e-mail address

We do not track your activity on our website (with exception of cookies – please refer to the next sentence), therefore we receive only your personal data that you explicitly provide us with.

On our website we use cookiesthat monitor users’ behaviour (i.e. short text files created by a web server and stored in your computer by a browser – hereinafter the Cookies”), in particular the following types of Cookies:
Google Analytics
The Company can carry out profiling – within the scope of human resources management activities (only in relation to the employees). Except as permitted by the applicable legal regulations, the Company will not use your personal data to make decision solely on the basis of automated processing including profiling which would have legal consequences in relation to you or would otherwise have any significant effect on you.


III. Purposes of Processing

We use the data you have provided to us solely in accordance with the purposes of processing specified in your individually given consent to the processing of personal data. All personal data are processed in a lawful and transparent manner and only adequate, relevant and necessary personal data are required in relation to the purposes for which they are processed.

The consent to personal data processing (please refer to the previous paragraph) is our contractual requirement and it is a condition for:

a) in case of job candidates – your registration as a job candidate in our Company andin future possiblyconclusion of an employment contract or any contract for work performed outside an employment relationship between you and the Company,

b) in case of other natural persons (except for job candidates) – negotiations regarding the potential other contractual relationship between you and the Company, or, as the case may be, conclusion of a particular agreement.

As to the possible processing of your personal data for the ancillary purposes, you may grant us your consent, but you are not obliged to do so (please refer to the wording of the relevant consent), andif you do not grant your consent for these ancillary purposes, it will not have any effect on our other mutual relationships.

IV. Who Has Access to Your Personal Data

We, as a controller, will process your personal data. For the above specified purposes, we may transfer your personal data to our sub-contractors, so that they can process personal data on our behalf. Personal data may be transferred to the following entities:

• providers of accounting, tax and legal advisory services,
• entities providing server, web, cloud or IT services to the Company, or, as the case may be, business partners of the Company.
You can request an up-to-date list of particular recipients of your personal data at any time at this e-mail address:

We can also transfer your personal data to the business partners, all of them are, however, located in the territory of the European Union, the European Economic Area or Switzerland (these countries together hereinafter as “EU/EEA), so that all your rights under the GDPR are guaranteed, as this regulation applies also in these countries.

No personal data is transferred to the third countries, i.e. outside the territory of EU/EEA.

V. Period for which Personal Data are Processed

We will process your personal data:

• for the period specified in the consent to the processing of personal data (in case solely your consent constitutes a legal title of processing), or

• for the period for which we provide you our services or perform an agreement concluded between us, or necessary to perform archiving or other statutory obligations pursuant to the relevant applicable legal regulation, such as an act on accounting, act on archiving and records, or act on value added tax, etc. (in case of other legal tiles for processing of personal data, e.g. compliance with statutory obligations, legitimate interest of the controller, etc.).

VI. Information about Personal Data Protection Measures in the Company

The protection of personal data within the Company is regulated by the internal directive of the Company setting forth the basic principles of personal data processing and related procedures (including procedures for ensuring the exercise of rights of the data subjects), which is one of organisational measures for ensuring the security of personal data within the meaning of Art. 32 of the GDPR.

Further, based on an analysis of the current state and evaluation of compliance with the GDPR (including the control of cyber security) – the Company introduced technical and organisational measures to protect personal data, in particular by using appropriate technical and IT solutions, such as:

• compliance with the principles of safe personal data storage (internal directive)
• two-factor authentication (protection against theft or unauthorised use of login data)
• encryption of end devices BitLocker (protection against theft of end devices)
• using firewall and antivirus programmes,
• regular testing, assessment and evaluation of an effectiveness of the introduced technical and organisational measures,
• etc.

VII. Your Rights Resulting from Processing of Personal Data

In connection with processing of your personal data by us, you have the following rights:
a) right of access to personal data;
b) right to rectification;
c) right to erasure (“right to be forgotten”);
d) right to restriction of processing;
e) right to object to processing; and
f) right to lodge a complaint regarding the processing of personal data.

Your rights are explained below to help you to get a precise idea of their content.

You can exercise all your rights by contacting us at the e-mail address or by completing the relevant form on our website. The dedicated employee coordinating the agenda of personal data protection in the Company is: Luboš Novák, contact e-mail:

You can lodge a complaint at the supervisory authority, The Office for Personal Data Protection– please refer to

The right of access means that at any time you have the right to request from us a confirmation as to whether or not your personal data are being processed, and where that is the case, information about the purpose and scope of the processing, to whom the personal data will be disclosed, the period for which the personal data will be processed, whether you have the right to request rectification or erasure of personal data or restriction of processing of personal data, or to object to such processing, information about the source of the personal data and whether or not we use automated means of processing while processing your personal data, including profiling, targeting etc. You are also entitled to receive a copy of your personal data, while the first copy shall be free of charge, for any further copies we may charge reasonable fee based on administrative costs. Download Form.

The right to rectification means that at any time you can request from us the rectification or completion of your personal data if these data are inaccurate or incomplete.

The right to erasure means that we are obliged to delete your personal data if they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, personal data have been unlawfully processed, you object to the processing and there are no overriding legitimate grounds for the processing, or we are obliged to do so based on a statutoryobligation. Download Form.

The right to Restriction of Processing means that until we resolve any disputed questions regarding the processing of your personal data, we have to restrict processing of your personal data to storing and we can process your personal data only for the establishment, exercise or defence of legal claims. Download Form.

The right to Object means that you can object to processing of your personal data that we process for direct marketing purposes or for the legitimate interest. In case you object to processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes. Download Form.

These Principles of Personal Data Protection shall be effective as of May 25, 2018.