Personal data processing information in our company ČEZ Distribuce, a. s.

Introduction

Dear Customers and Business Partners,

this document informs you of the terms and conditions of processing your personal data in our company and of the manner and scope of our personal data processing within the CEZ Group. We also inform you in this way of the protection of personal data and of your rights related to their processing.

Our company, together with other managed companies, is a member of the ČEZ Group, headed by the managing entity ČEZ, a. s.

When processing your personal data in the CEZ Group, we act in compliance with European Union legislation, particularly compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), which comes into force on May 25, 2018 as a direct effective legal regulation also in the legal order of the Czech Republic, and also compliance with the relevant intrastate legal regulations, particularly the Personal Data Processing Act.

Privacy and personal data protection is important for us. This information about personal data processing (hereinafter “Information”) specifies the personal data collected by the CEZ Group member companies from you or about you through communication with you in connection with use of the products and services they provide to you. Or in connection with other business relations between you and, if applicable, which personal data they obtain from other entities or sources and how they use these data.

Besides this summary information, you will also find some details of the processing of your personal data in the documents, which we provide to you within the scope of mutual communication, or which will be displayed for you on the websites used by the CEZ Group companies to ease and speed up communication with you.

Personal data controller

The controller of your data is always the CEZ Group company to which you provided or that obtained them from you for fulfillment of one or more purposes. The company you are a customer or business partner usually controls your data. Of you are a customer of several CEZ Group member companies, each of these companies controls your personal data related to its product, service or other business relationship.

If the Controller of your personal data is company ČEZ Distribuce, a. s., ID No: 24729035, having its registered office at Teplická 874/8, 405 02 Děčín – Děčín IV–Podmokly, incorporated in the Commercial Register at the Municipal Court in Ústí nad Labem under File No. B 2145 (hereinafter “ČEZ Distribuce” or “Our company”), you will find more detailed information about processing of your personal data below.

We process your personal data only to the extent that enables us to provide you with the services that you are interested in and ensure professional service. Respectively only the data necessary for our correct mutual business cooperation. And also to enable us to fulfill our legal obligations and ensure protection of our justified interests. For this reason, we collect and process your data mainly as users of our services, and our business partners, including potential future customers and business partners who are interested in our services or in business cooperation with us, or who we have contacted with our offer. According to the concrete situation, we also process the data of, for instance, the representatives of legal entities, including the members of the statutory bodies and staff. In some cases, the scope of personal data is also directly determined by generally binding legal regulations.

Of the categories of personal data, our company processes primarily identification and address data, possibly also camera records, audiovisual records, etc.

Basic data

In our company we consider basic data in particular to be:

  • the identification data: title, name, surname, date of birth, and if applicable, the identity card number, birth registration number or ID No.;
  • the contact data: permanent or temporary residential address, mailing or other contact address, address of the service point, telephone number, e-mail address.

Additional data

We also process data, which are closely related to the way in which you use our services, or the data that you provide to us during use of our services or that you create otherwise. Alternatively data that exists by virtue of our business cooperation. We consider such data to be particularly:

  • Bank account number, information about the customer’s payment morale, customer number, EAN, business partner number, signature information obtained on the basis of readings taken from measuring devices, operating and localization data, IP address, cookies, data boxes ID and other personal data arising from fulfillment of a concrete contract or relevant legal regulation.

You are negotiating our service

When you negotiate a product or service with us or you are only interested in it, you provide us with basic data or additional data necessary for us to jointly conclude a contract, or for us to be able to assess if we can provide you with the service and if so, which one.

You are using our service

Use of our service includes e.g. the connection to the electricity distribution system. As a controller, in these cases we process the personal data that you have provided to us within the framework preparation and conclusion of a contract for a given service and also the data that we assigned to you for easier processing of your data in the information systems (for instance, the client’s identification number, identification number of the provided device, etc.) as well as the data that we acquired within the scope of fulfillment of the contracted contract (for instance, which we had on record or measured).

You are communicating with us

We also obtain your personal data when you communicate with us. There is no difference in whether you communicate with us electronically, by post, by phone, during a personal visit, or perhaps via a data box. If the personal data obtained in this manner apply to a service provided by us, our company is the controller of the provided data.

If camera recordings are made in our buildings, your personal data, if any, are controlled by CEZ Distribuce or by the CEZ Group member company, which operates these camera systems. When using our websites and applications, your data are processed by the company that is indicated in the given part of the electronic channel (for instance, the foot of the website) as its operator or the service provider.

Are you negotiating with a company other than the ones concerned with your action

We make an effort to ease access to our services as much as possible for you and for this reason, we offer the option to negotiate or operate and manage them as well as communicate about them also via companies other than our company. These cases include for instance the situations when you negotiate a contract on joint electricity supply services. In such case, part of your data, particularly the basic data necessary for your identification and authentication are also processed by the company with which you are negotiating.

ČEZ Distribuce processes personal data primarily for the purposes of compliance with duties stipulated by special legislation. Act No. 458/2000 Coll., on business conditions and public administration in the energy sectors and on amendment to other laws, as amended (the “EA”), also requires that our company, as the electricity distribution system operator is obliged, according to the provisions of Section 25 of the EA, to ensure a reliable operation, maintenance and development of this distribution system and furthermore to provide distribution system services among other things.

Therefore, our company uses the acquired personal data particularly for the following purposes:

  • Conclusion and performance of contract;
  • Ensuring interconnection and access to the distribution systems;
  • Ensuring operation activities and keeping technical records;
  • Settlement of property and legal relationships related to the operation of the distribution system;
  • Accounting and tax purposes;
  • Identification of abuses of distribution systems or services, e.g. finding, preventing and removing any unauthorized consumption of electricity and preventing losses in the distribution system;
  • Ensuring the financial settlement of contractual relationships, including any collection of receivables;
  • Providing access to localization data and calls to emergency line numbers;
  • Compliance with legal obligations, including crisis management, protection of confidential information or ensuring the operation of critical information infrastructure;
  • Protection of property and persons and safety of significant elements of the distribution system;
  • Keeping customer records;
  • Keeping the records of business partners.

In practice, you will most frequently encounter the following situations in which your personal data is processed:

 

Our company obtains your personal data mainly from you within the scope of negotiation of a contract and also during its fulfillment, or from third parties mediating such negotiations.

Our company will always notify you when it is necessary to provide personal data for provision of a specific service and on the contrary, also when this is voluntary, but provision of such personal data makes mutual communication between you and our company easier and thus significantly increases the efficiency of the rendering of services.

We can also get your personal data from public records or from the state administration authorities. In specific cases, we can get your personal data also from non-public records on the basis of applicable legal regulations.

For the purpose of the legitimate interest in the safe operation of the distribution system, the safety of persons and property, our company monitors and records communication with you (mainly telephone calls on the telephone line for reporting breakdownd). We always notify you of this fact in advance.

The details of sources of your personal data that we process are given in the following examples.

Our company processes your data manually and automatically. During automated processing of your data, we however do not use automated decision-making, which could affect your rights.

Protection of your data in our company are organizationally and technically secured in compliance with the applicable legal regulations. We require a comparable level of security of your personal data also from all our personal data processors.

For the above-stated purposes, besides our companies and their staff, your personal data may also be processed by some other CEZ Group member companies or other data subjects outside the CEZ Group as processors. We provide your data to these companies or data subjects only when they are fulfill the organizational and technical conditions we have defined for ensuring their appropriate protection. And further that they are bound by written contract to comply with the negotiated conditions for processing of your personal data and ensuring their stipulated protection. 

The reason for provision of your data to these companies or subjects as processors is usually the fact that they use the knowledge, procedures or technologies with the necessary professional level, which makes it possible for them to more effectively achieve some of the above-stated processing purposes and at the same time also ensure the necessary protection of your personal data.

Your personal data may also be provided on the basis of a justified request to third parties with authority to seek provision of such personal data, for instance, various state authorities.

Our company shares your basic data, or information about services and data from our communication with some other CEZ Group member companies. We act in this manner mainly to protect our rights and justified interests. We need to share the data not only for our security and risk management, but also to maintain the integrity and update of your data and the expediency and quality of service within the scope of Customer identification and authentication, customer relationship management and for your use of the services. Thanks to this, we can serve and fulfill your requests in a broader network of selected ČEZ Group member companies.

An important objective of our company is to protect and secure your personal data. We use various technologies, procedures and processes to protect your personal data from unauthorized access, use and publishing. We, for instance, process the provided personal data on computer systems and keep them in data storage systems with restricted access, which are located in guarded buildings. For transmission of highly classified personal data (for instance, bank account numbers or passwords) in the Internet environment we use encryption to protect them.

The personal data collected by our company are processed and stored exclusively in the territory of the Czech Republic.

The personal data processed by our processors are stored exclusively in the territory of the European Union.

Our company keeps your personal data for the period necessary to provide the services, completion of the required transactions or other necessarily purposes, such as fulfillment of our legal duties, contractual obligations, solution of disputes and legal enforcement of negotiated agreements. These needs differ depending on the type of the product or service provided, or other type of agreed contractual relationship, and for this reason, the real period for which we keep the information may vary significantly.

When handling your personal data for specific purposes, we respect the data minimization rules. We thus collect those of your personal data that we really need for a specific purpose. At the same time, we set strict internal archiving rules, which ensure that we do not keep such data for longer than we are authorized.

Almost for all contractual relationships, we must ensure documentation of the calculation and payment of tax, arising from the legal regulations on VAT and the related tax procedure. According to these legal regulations, we are obliged to keep tax documents and records containing detailed data related to the provision of selected services for a period of 10 years after expiry of the tax period in which the performance was realized. Thus, we are generally obliged to keep most of the basic data and information about the services on the basis of these legal regulations.

In exceptional cases, for instance, during litigation, our company may keep the documents containing your personal data for a longer period in order to protect our justified interests. This mainly happens in a case where we would have to present evidence in litigation, administrative or enforcement proceedings (with regard to the statutory limitation period according to the current Civil Code, for instance, in connection with provision of warranty, possibly with respect to the statutory limitation periods of the Criminal Code).

Our company strives for transparency and fair processing of your personal data, and ensuring their proper protection, always in compliance with applicable laws and regulations. For us to be able to reassure you about our responsible approach to handling your data, we are ready to quickly and professionally respond to your legitimate demands, which enable you to verify our responsibility when handling your data and possibly help us rectify deficiencies if they exceptionally occur in this aktivity. 

  • If the personal data processing is based on your consent, you have the right to revoke your consent to future processing at any time;
  • You have the right to request us as the data controller to provide you with access to your personal data and more detailed information about their processing;
  • You have the right to request us to correct your inaccurate or incomplete personal data;
  • You have the right to request us to provide you with your personal data in the normally used and machine readable format, which allows their provision to another controller, if we obtained them on the basis of your consent or in connection with conclusion and fulfillment of a contract, and they are automatically processed;
  • You have the right to object to processing of some or all your personal data;
  • You have the right to request restrictions on processing in specified cases;
  • You have the right to request us to delete your personal data if we no longer have any legal reason for their further processing; and
  • You have the right to lodge a complaint to the Office for personal data protection. 

When processing your personal data, we do so on the basis of appropriate legal titles that allow us to provide you with services, to ensure the operation of our company, fulfill our contractual and legal obligations, ensure the protection and security of our systems and our customers, or to fulfill other justified interests of our company as described in the above-stated parts of the Information, or we process your personal data based on your consent.

In spite of all efforts at maximum comprehension of this document, you have probably found words or terms that you have never encountered before. Or you are not sure that you correctly understand their meaning.

For this reason, based on our experience we provide you with a glossary of terms, which can help us better avoid mutual misunderstanding.

 Glossary of terms

Group

The CEZ Group represents the legal relationship between multiple CEZ Group companies (controlled companies) subject to a unified control by ČEZ, a. s. (controlling company), with which they form the concern on the basis of the unified control. For more detailed information see www.cez.cz

Justified interest

The interest of the controller or a third party, for instance, in a situation in which the data subject is the controller’s client.

Personal data

Information about a specific, identifiable person.

Recipient

The person to whom the personal data are provided.

ČEZ Group

The CEZ Group is a corporation of companies around the parent company ČEZ, a.s., mainly engaged in the energy sector, linked to this parent company, mainly through equity investments. For more detailed information see  www.cez.cz

Service

Any service, which ourcompany offers to you, including our services offered on-line and their support.

Controller

An entity that determines the purpose and resources for processing of personal data; and may also decide on delegation of their processing to another entity in the role of a processor.

Data subject

A live natural person whose personal data are the subject of processing.

Purpose

The reason for which the controller uses your personal data.

Processing

An activity by which the controller or processor performs when handling the personal data.

Processor

An entity that processes personal data for the controller.

Over time, there may be a change in the legislation governing the rules and conditions for the processing and protection of your personal data, or a change in our conditions, procedures and methods of processing and protection of your personal data. We will keep you informed about them at all times by updating this information provided the given change will not require us to notify you also through individual communication (letter or electronic message).

If you have a request or complaint relating to the processing of your personal data or a query for the person responsible for processing of personal data our company, please, contact us via our web form. We shall respond to your request, queries or complaints as soon as possible, but at the latest within one month of their delivery. If we shall not be able to respond to your request in time because of the complexity of its solution or a large number of requests from other persons, we shall notify you about the necessary extension of the period.

Our Data Protection Officer is Mgr. Petr Brázda LL.M. He can be contacted at the address: ČEZ, a.s., Duhová 2/1444, 140 53 Prague 4, or via the web form. For more details on how to contact the Data Protection Officer, description of his mission and competence to resolve your rights, visit the web site Data Protection Officer.