This document describes how the data you entrust to our website is processed. Our company is aware of the importance of the protection of personal data. We therefore pledge to take all necessary steps to prevent the misuse of your personal data entrusted to this website. We will only process your personal data for the purposes that we inform you about or agree to and only for the necessary period of time.
GDPR IMA 180523 / Released on: 23.5.2018
The administrator of personal data entrusted to this website is:
IMA s.r.o.
Na Valentince 1003/1
150 00 Prague 5
CRN 45277397 (hereinafter referred to as “administrator”)
The field of personal data processing is governed by the following legislation:
For the lawful processing of your personal data, at least one of the conditions listed in Article 6 of GDPR must be fulfilled. In case of a special category of personal data, at least one of the conditions listed in Article 9 of GDPR must be fulfilled. In both cases, the principles of personal data processing set out in Article 5 of GDPR must be respected.
You can find up-to-date information on personal data protection here: GDPR and ÚOOÚ.
Allow us to explain some basic terms that are used in the field of personal data protection.
Cookies | A Cookie refers to a small amount of data that the web server sends to your browser, which then stores it on your computer, tablet, or other device that you use to access the website. With each subsequent visit to the same server, the browser sends the data back to the Web server. Cookies are commonly used to distinguish individual users, save user preferences, etc. They are also used to let the server know what pages you already went through, so that it is for example able to return you to previous page. Cookies can also be set on the server side. Cookies as such do not constitute an executable code and are not dangerous to your computer but may constitute a means of interfering with your privacy. |
Supervisory authority concerned | The supervisory authority concerned with personal data processing, because: a) the administrator or processor is established in the territory of the member states of this supervisory authority; b) data subjects residing in the member states of that supervisory authority are or are likely to be substantially affected by the processing, or c) a complaint has been lodged with it |
Supervisory authority | An independent public authority established by a member state pursuant to article 51 of GDPR. |
International organizations | Organizations and their subordinate entities subject to international law or other subjects established by or on the basis of an agreement between two or more countries. |
Processing restrictions | Marking of stored personal data in order to limit their processing in the future. |
Personal data | Any information on an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier, such as name, ID number, location data, network identifier or one or more specific elements of physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. |
Personal data security breach | A security breach leading to accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access to transferred, saved or otherwise processed personal data. |
Profiling | Any form of automated processing of personal data consisting in their use to evaluate certain personal aspects related to a natural person, in particular to analyse or estimate aspects related to his or her work performance, economic situation, personal preferences, interests, reliability, behaviour, place of residence or movement. |
Cross-border processing | a) Processing of personal data done in connection with activities of establishments in more than one member state of the administrator or processor in the Union, if that administrator or processor is established in more than one member state; or b) Processing of personal data taking place in connection with activities of a single establishment of the administrator or processor in the Union but which will or is likely to substantially affect data subjects in more than one member state. |
Recipient | A natural or legal person, public authority, agency or other body to whom personal data is provided, whether or not a third party. However, public authorities which may obtain personal data as part of a specific investigation in accordance with member state law shall not be considered as recipients; processing of such personal data by these authorities must comply with the applicable data protection rules for the purposes of processing. |
Pseudonymization | Processing of personal data in such a way that it can no longer be assigned to a particular data subject without the use of additional information, provided that such information is kept separately and is subject to technical and organizational measures to ensure that it cannot be assigned to any identified or identifiable natural person. |
Relevant and reasonable objection | An objection to the draft decision in order to assess whether there has been a breach of the GDPR or whether the intended act in relation to the administrator or processor is in accordance with the GDPR, which clearly demonstrates the materiality of risks arising from the draft decision as regards the fundamental rights and freedoms of data subjects and, where appropriate, the free movement of personal data within the Union. |
Data subject consent | Any free, specific, informed and unequivocal expression of will by which the data subject gives his or her consent to the processing of his or her data by declaration or other clear form of confirmation. |
Administrator | A natural or legal person, public authority, agency or other body which, alone of jointly with others, determines the purposes and means of processing personal data; if the purposes and means of such processing are determined by the Union or a member state law, this law can determine the administrator concerned or the specific criteria for its designation. |
Third party | A natural or legal person, public authority, agency or other body which is not a data subject, administrator, processor or person directly subject to the administrator or processor, authorized to process personal data. |
Health data | Personal data related to physical or mental health of a natural person, including data on provision of health services indicating his or her state of health. |
Processing | Any operation or set of operations with personal data or personal data files that is carried out by or without the assistance of automated procedures, such as collection, recording, arrangement, structuring, storage, adaptation or alteration, finding, consulting, using, making available by transferring, sharing or any other form of disclosure, sorting or combination, restriction, deletion or destruction. |
Processor | A natural or legal person, public authority, agency or other body that processes personal data for the administrator. |
This website processes several categories of personal data.
We respect the principle of minimalism, therefore for each processing purpose we limit the scope of the data processed to only the data that is necessary for processing for that particular purpose.
The basic purposes of processing of your personal data entrusted to us through this website are as follows:
There is no automatic individual decision-making on the part of the administrator/processor within the meaning of Article 22 of GDPR or individual profiling.
In addition to our employees, your personal data may be accessed by employees of companies that manage and develop the website for the administrator and provide technical support for its internal IT system.
With all such entities, the administrator concludes a contract for the processing of personal data within the meaning of Article 28 of GDPR.
The administrator does not intend to pass your personal data to a country outside the EU or an international organisation.
We respect the principle of transparency contained within GDPR with regards to processing personal data. In accordance with this principle, we are ready to provide you with information about what personal data we process and for what purposes.
Please note that we are obliged to properly verify the identity of the applicant or submitter and document this verification. If there is any doubt as to the identity of the data subject who makes a request for information on the processing of personal data, exercises any of data subject’s rights or gives the administrator a suggestion, we may ask the data subject to provide additional information necessary to confirm his or her identity.
More detailed information about your rights given to you by the GDPR can be found here: Rights of Data Subjects.
Our company does everything we can to keep your personal information secure. If you have any questions, suggestions or complaints regarding the processing of personal data by our company, please contact the person responsible for GDPR at privacy@ima.cz.
The company has not appointed a Data Protection Officer because it is not obliged to do so on the basis of the nature of its activities.
For more detailed information about GDPR and your rights, see www.uoou.cz.
Our supervisory authority with whom you can lodge a complaint if you are not satisfied with our approach to meeting your requests or how we treat your personal data, is:
Úřad pro ochranu osobních údajů (Office for Personal Data Protection)
Pplk. Sochora 27
170 00 Praha 7
As the field of data protection and corresponding legislation evolves dynamically, we will regularly check the compliance of these policies with legislation and established practice. This text may see updates on the basis of these checks.
Subscribe to our newsletter and keep up to date with what is new at IMA and in the field.
Design Jakub Carda / Development Digital Depo