1. INTRODUCTORY PROVISIONS
1.1. These Data Protection Rules (‘Rules’) of the company CE Online Systems s.r.o., with registered office at Prague 10 – Hostivař, Sodomkova 1579/5, postcode 10200, company registration number: 242 09 813, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, entry no. 17856 (‘Provider’) regulate the rights and obligations of the contractual parties in the area of protection of data related to a Contract for the Provision of Services “Snackhost” (‘Service’ and ‘Contract for the Provision of Services’) concluded between the Provider and another natural or legal person (‘User’).
1.2. The Rules form an inseparable part of a Contract for the Provision of Services. Terms used in the Rules have the same meaning as the same terms used in a Contract for the Provision of Services (including the Terms of Business).
2. PROTECTION OF SAVED AND TRANSMITTED DATA
2.1. The Provider shall not have access to the content of non-public data belonging to the User saved within the Cloud Server Service on the Provider’s server. The Provider shall not control such non-public data belonging to the User saved within the Cloud Server Service. Members of the Provider’s user support shall not have access to physical servers used by the Provider to provide the Cloud Server Service.
2.2. The Provider shall have access to the content of the User’s data saved within the Cloud Hosting Service on the Provider’s server. The Provider shall not carry out preventative control of the content of non-public data belonging to the User saved within the Cloud Hosting Service. The Provider undertakes to treat as confidential the data saved by the User in this way.
2.3. The Provider does not save user passwords or personal SSH keys.
2.4. The User acknowledges that the Provider shall keep for a period of six (6) months operational and localisation data relating to the Service within the meaning of the directive of the European Parliament and of the Council 2006/24/ES dated 15 March 2006 on the Retention of Data Generated or Processed in Connection with the Provision of Publicly Available Electronic Communications Services or of Public Communications Networks and Amending Directive 2002/58/ES. The Provider shall provide operational and localisation data exclusively to public authorities and in accordance with generally binding legislation.
3. PROTECTION OF THE USER’S PERSONAL DATA
3.1. Personal Data of the User who is a natural person is protected by generally binding legislation.
3.2. The User consents to the processing of the following personal data: forename, surname, email address, date of birth, telephone number, the User’s IP address and other personal data inserted by the User into the User Account (collectively ‘Personal Data’).
3.3 The User consents to the processing of Personal Data by the Provider for the purposes of maintenance of the User Account, for the purposes of performing obligations arising from a Contract for the Provision of Services, and for the purposes of sending commercial communications. The User confirms that the provided Personal Data is accurate and that it has been explained to the User that the provision of Personal Data is voluntary. A refusal to provide consent with the processing of Personal Data in the full extent according to this clause is not a condition which would, on its own, prevent a conclusion of a Contract for the Provision of Services.
3.4. The User consents to the processing of Personal Data by the Provider’s contractual registrars for the purposes of its inclusion in central registers of domain names and for the purposes of its being made accessible via the internet in central registers of domain names from the moment of a registration of a domain name. The User consents to the processing of Personal Data by certifying authorities. The User consents to the handover of Personal Data abroad to the Provider’s contractual registrars or certifying authorities. The User’s Personal Data shall otherwise not be handed over to third parties. However, the Provider may authorise a third party as a processor to process the User’s Personal Data.
3.5. The User acknowledges that s/he is obliged to provide correct and true Personal Data (when registering, in their User Account) and that s/he is obliged to amend the User Account with any changes of their Personal Data without undue delay.
3.6. Personal Data shall be processed for an indefinite period of time. Personal Data shall be processed in electronic form in automatic manner or in print form in non-automatic manner.
3.7. In the event that the User suspects that the Provider or processor (clause 3.4) are processing the User’s Personal Data contrary to the protection of the User’s private and personal life or contrary to the law, in particular if the Personal Data is inaccurate in relation to the purpose of its processing, the User may request that the Provider or the processor provides an explanation and request that the Provider or the processor rectifies the situation.
3.8. If the User requests information relating to the processing of their Personal Data, the Provider is obliged to provide such information. The Provider is entitled to demand adequate reimbursement for the provision of information according to the previous sentence not exceeding the necessary costs of the provision of such information.
4. PROTECTION OF PERSONAL DATA OF THIRD PARTIES
4.1. In connection with the operation of the Service, the Provider may (at the User’s instigation) process personal data of natural persons saved by the User within the Service. The contractual parties are aware of the fact that, in these circumstances, the User acts as a personal data administrator and the Provider is in a position of a processor of personal data. For these reasons, the Contract for the Processing of Personal Data contained in this clause (clause 4) of the Rules forms a part of the contractual relationship between the Provider and the User.
4.2. For the purposes of a Contract for the Provision of Services, personal detail is information relating to natural personals which is protected by the Personal Data Protection Act and which has been saved on the server within the Service by the User or another person (‘Personal Data of Third Parties’).
4.3. By this Contract, the User authorises the Provider to process Personal Data of Third Parties.
4.4. The User shall process Personal Data of Third Parties in accordance with the Personal Data Protection Act. The User undertakes to obtain the consent of all data subjects with the processing of their Personal Data within the Services. The User acknowledges that should the Provider discover that the User is breaching duties laid down by the Personal Data Protection Act, the Provider shall notify the User of this fact without undue delay and terminate the processing of Personal Data.
4.5. Without the User’s prior consent, the Provider may not hand over Personal Data of Third Parties to other persons.
4.6 Personal Data of Third Parties shall be processed for as long as a Contract for the Provision of Services is effective and further for a period which is necessary for the protection of the Provider’s legitimate interests but no longer than for the period prescribed by generally binding legislation.
4.7. The Provider undertakes to adopt basic measures preventing unauthorised or accidental access to Personal Data of Third Parties, its alteration, destruction or loss, unauthorised transmission, its unauthorised processing or other misuse of Personal Data of Third Parties.
4.8. The Provider shall ensure that their employees and other persons handling Personal Data of Third Parties are aware that such data must be treated as confidential and not be disclosed to third parties.
5. SENDING OF COMMERCIAL COMMUNICATIONS AND SAVING OF COOKIES
5.1. The User consents to the sending of information relating to the Provider’s services or business to the User’s emails address, as well as to the sending of the Provider’s commercial communication to the User’s emails address.
5.2. The User consents to the saving of so-called cookies on their computer. In the event that it is possible to perform the Provider’s obligations arising from a Contract for the Provision of Services without cookies being saved on the User’s computer, the User may withdraw their consent pursuant to the previous sentence at any time.
In Prague on 1/1/2016,
CE Online Systems s.r.o.