INFORMATION
1) processing of personal
data of the customers is acceptable, for instance, in the following cases: a) processing is necessary for the performance of the
agreements whose party is a data subject, or to undertaking activities upon the
data subject's request before entering into the agreement=no consent required,
only the need to inform (as specified in information not requiring selection by
the customer); b) processing is necessary for goals resulting from legally
justified interests of the administrator or a third party, unless these
interests are overridden by interests or basic rights and freedoms of the data
subject, requiring personal data protection, in particular when the data
subject is a child = direct marketing of own products or services and enforcing
claims under conducted business operations (see item 5 below)= no consent from
customers is required, c) with prior consent of the data subject. It relates to
other purposes, e.g. newsletters; marketing of services of associated/external
entities; sale of database; use of an opinion, etc. = a consent is required.
2)
a separate requirement to obtain the customer's consent results also from the
Act on Electronic Provision of Services, including sending of newsletters= a
consent is required.
3) GDPR provides
for specific conditions for obtaining consent, including:
a) the administrator
must be able to demonstrate that the data subject expressed his/her consent for
processing of his/her personal details.
b) should the consent be expressed by a
written statement that applies also to other issues, a request for consent must
be presented in a manner expressly distinguish them from other issues, in an
understandable and easily available form, in clear and simple language. A part
of such statement of the data subject violating GDPR is not binding;
c) the
data subject has the right to withdraw his/her consent at any time. Withdrawal
of the consent does not affect the lawfulness of processing made on the basis
of the consent prior to its withdrawal. The data subject is informed of this
fact, before expressing the consent. Withdrawal of the consent must be equally
easy as its expression,
d) when assessing whether the consent was provided
voluntarily, it is considered to the possibly greatest extent whether, among
others, the performance of the agreement, including provision of service, is
not dependent on the consent to data processing, if personal data processing is
not necessary for the performance of this agreement.
4) it is unlawful to
acknowledge the consent to personal data processing for marketing purposes as
identical with the consent to obtaining information and offers as defined by
the Act on Electronic Provision of Services. The consent to personal data
processing for marketing purposes should not be confused with the consent to
obtain commercial information via an e-mail. These are two different consents
regulated by two different legal acts. The need to obtain the consent to obtain
commercial information via an e-mail results from the Act on Electronic
Provision of Services. On the other hand, in situations when personal details
of our customers are to be used for marketing purposes of associated/external
entities, for such action their consent expressed on the basis of GDPR should
be obtained. And though both these acts stipulate that the consent may not be
presumed from the declaration of will with a different content, sending commercial
information electronically is a different action than the use of data for
marketing purposes via route other than electronic,
5) a different situation
is, however, when the customer has an agreement with a company whose services
he/she uses. In such case no consent is required to process personal data for
the purposes of marketing of OWN PRODUCTS AND SERVICES OF SUCH COMPANY. The
basis for the use of personal details is a legally justified interest of the
data administrator. This means that – in order to promote own products and
services – you may use personal data of your customers without their
permission, provided that such action does not violate rights and freedoms of
data subjects.
Used original parts for JAWA and CZ 
Used original parts for JAWA and CZ 
