Lynax s.r.o. seeks to protect privacy and personal data. We handle personal data exclusively in accordance with applicable legislation.
We undertake to take all measures to prevent misuse of the personal data provided by you. We will process your personal data only if we have a legal title to do so.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
If we process personal data on the grounds of our legitimate interests, these legitimate interests result, in particular, from a separate contractual arrangement with the customer–data subject. In addition, our legitimate interests include simulating products and services to help you choose the best product; managing customer relationships to provide you with all services related to the management of the product or service, or to resolve your requests, wishes, complaints, etc.; preventing and detecting fraudulent activities and preventing non-compliance with the law; preventing money laundering, financing of terrorism and embargoes; processing surveillance footage to eliminate illegal conduct and maintain the protection of people and assets, testing software and hardware changes; researching and developing products and services and analysing market development, analysing anonymised data for historical, statistical and scientific purposes.
LEGAL BASIS FOR PROCESSING
The legal basis for the processing of personal data is, in particular, the applicable legal regulations of the Czech Republic and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR). In terms of Czech legislation, this includes, in particular, Act No. 253/2008 Sb., on selected measures against money laundering and financing of terrorism, as amended (this Act requires identifying and checking customers), Act No. 89/2012 Sb., the Civil Code, as amended, and Act No. 127/2005 Sb., on electronic communication, as amended.
CATEGORIES OF PERSONAL DATA
Lynax s.r.o. does not process special categories of personal data unless expressly agreed in an agreement or other legal document; in this case, the legal basis for the processing of such data will be discussed.
RECIPIENTS AND PROCESSORS OF PERSONAL DATA
Lynax s.r.o. may or must provide personal data, in particular, to the following categories of recipients:
- public authorities and other entities if required by an applicable legal regulation or ordered by a decision of administrative or judicial authorities;
- accounting and tax advisors or legal representatives;
- insurance companies and other entities in the event of an insurance claim if this obligation arises from a concluded insurance policy;
- postal and communication service providers and electronic communication service providers;
- payment service providers and payment processors;
- other individuals and entities if it stems from the nature of services and products provided or if the data subject instructed us to do so or if necessary on the grounds of the legitimate interests of Lynax s.r.o.
We retain your personal data only for as long as necessary and archive the data according to statutory time limitations stipulated by law.
The longest period of processing personal data that we apply to you is ten years from the date of termination of the contractual relationship between the data subject and Lynax s.r.o. or ten years from the end of the tax period in which the performance was provided. The above-specified period of processing follows from Act No. 89/2012 Sb., the Civil Code, as amended, or Act No. 235/2004 Sb., on value-added tax, as amended. The reason for such processing is the statutory obligation or legitimate interest of Lynax s.r.o. Upon expiry of this period, all your personal data will be deleted unless another legal reason for a longer processing period arises during the processing period or unless an unforeseen legitimate interest of Lynax s.r.o. arises.
We have in place strict internal rules that justify the legality of retaining personal data.
We retain the personal data that we process with your consent only for the duration of the purpose for which the consent has been granted.
YOUR RIGHTS RELATED TO PERSONAL DATA PROTECTION
We process your personal data transparently, legally, and properly. As a data subject, you have the right to contact us at any time to obtain information on the processing of your personal data. You have:
- The right to access your personal data – you have the right to request a copy of your personal data that Lynax s.r.o. processes about you;
- The right to rectify your personal data – if you believe that the personal data that we have on record about you is inaccurate or incomplete, you have the right to request its update or completion;
- The right to erasure of personal data (right to be forgotten) – you have the right to request the erasure of your personal data if it is no longer necessary for the purpose for which it was processed, if you have withdrawn your consent to its processing, if it has been processed unlawfully, if it must be deleted to comply with a legal obligation, or if it has been collected in connection with an offer of an information service company;
- The right to restriction of personal data processing – you have the right to request the restriction of processing if you contest the accuracy of your personal data, if the processing is unlawful but you oppose the erasure of such personal data, or if requested by you, we can process your selected personal data even if it is no longer necessary for the purpose for which you provided it to Lynax s.r.o. (e.g. in connection with pursuing a claim before the court for which you need the personal data processed), or if you have objected to processing where it is not clear whether our legitimate interests override your legitimate interests;
- The right to data portability – in the case of automated personal data processing that is based on a concluded agreement or your consent, you have the right to data portability, which will be provided to you in a commonly used and machine-readable format used by Lynax s.r.o.;
- The right to object to the processing of personal data – you may object to the processing of personal data at any time. Similarly, you may object to processing if we process your personal data for direct marketing purposes. In this case, we will no longer process your personal data for this purpose;
- The right to withdraw your consent to the processing of personal data – if you have consented to the processing of your personal data for purposes that require consent, you have the right to withdraw your consent at any time. The processing of personal data that occurred before the consent withdrawal is lawful.
We will respond to your requests to exercise your rights without undue delay within one month of receiving your request. However, this time limit may be extended by another two months if necessary. We will always inform you about such an extension, including the reason for it. We will communicate with you through your preferred channel (email, letter). Please note that before processing your request, we are entitled to verify your identity using a reliable method to ensure that the information is provided to the authorised data subject.