Skip to Content
CEZ Distribuce

Glossary of terms and abbreviations

Cookies

A short text file that is sent to the browser by the website visited. It allows a website to record information about your visit, such as your preferred language and other settings. This can make your next visit to the site easier and more productive. Cookies are important. Without them, browsing the web would be much more difficult.

Supervisory Authority

The authority in the Czech Republic is established as the Office for Personal Data Protection ("OPPD") by the Personal Data Processing Act. It is entrusted with the competences of the central administrative authority for the protection of personal data to the extent provided for by this Act and other competences provided for by special legislation.

Energy Act ('EA')

Act No. 458/2000 Coll., on the conditions of business and the exercise of state administration in the energy sectors and on amendments to certain acts, as amended.

CEZ Concern

A business group declared pursuant to Section 79(3) of Act No. 90/2012 Coll., (the "EA"), headed by the controlling person, ČEZ, a. s., and including other controlled persons. An overview of the Information on personal data processing of all CEZ Group companies is available here.

GDPR Regulation

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal data (hereinafter referred to as "PII")

Any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Protection Officer

The person appointed for the entire CEZ Group and selected companies of the CEZ Group pursuant to Article 37 of the GDPR. The Data Protection Officer ("DPO") has independent responsibility for a defined area of personal data protection for CEZ Group and selected companies of the CEZ Group and is a partner in dealing with the DPO and data subjects. In particular, the DPO is responsible for protecting the interests of data subjects.

Recipient

The natural or legal person, public authority, agency or other entity to whom personal data is disclosed, whether or not it is a third party. The recipient has the legal, contractual or other authority to process the personal data. This includes other controllers or processors such as tax, administrative or regulatory authorities. However, public authorities which may obtain personal data in the context of a specific investigation in accordance with the law of a Member State are not considered recipients; the processing of such personal data by those public authorities must comply with the applicable data protection rules for the purposes of the processing.

CEZ Group

The ČEZ Group is a grouping of several companies around the parent company ČEZ, a. s., operating primarily in the energy sector, linked to this parent company mainly through equity holdings. Further information is available here.

Personal data controller

The legal entity (ČEZ Distribuce, a. s.) which determines the purpose and means of processing personal data, carries out the processing and is responsible for it. The Controller may authorize or entrust the processing of personal data to a Processor.

Data Subject (hereinafter referred to as "DSP")

The natural person to whom the personal data relates. A data subject shall be deemed to be identified or identifiable if his or her identity can be established, directly or indirectly, on the basis of one or more personal data.

Adequacy test

An assessment of a data subject's request by the Data Controller where the data subject's request is manifestly unfounded or unreasonable, in particular because it is repetitive. Requests may be considered manifestly unfounded if, for example, they are completely lacking in justification at first sight (where justification is necessary) and it is not possible to assess even by interpretation what the data subject is concerned about (an example would be an objection to processing pursuant to Article 21(1)(a) of Directive 95/46/EC). In particular, requests may be considered manifestly disproportionate if they are unreasonably repetitive or numerous. This cannot be generalised and must always be considered in the context of the case. The manifest unreasonableness or disproportionality of the request shall be documented and justified by the Controller in a communication informing the data subject and the Data Protection Officer of the refusal of the request. This justification shall be documented by the Controller and stored for possible inspection by the Supervisory Authority.

ZZOÚ

Act No. 110/2019 Coll., on the processing of personal data, as amended.

Processing of personal data

Any operation or set of operations with personal data or sets of personal data which is carried out with or without the aid of automated procedures, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.

Processor of personal data

A natural or legal person, public authority, agency or other entity that processes personal data for the Controller.

Special categories of data (sensitive data)

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person.