CzechToll s.r.o. PRIVACY POLICY

CzechToll s.r.o., registered office at: Argentinská 1610/4, Holešovice, 170 00 Prague 7, Czech Republic, Company Reg. No.: 06315160, registered in the Commercial Register kept by the Municipal Court in Prague under file no. C 280083 (hereinafter referred to as the “company”) hereby in accordance with Article 12 et seq.  Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR“) shall inform data subjects and other persons on the performed processing of personal data and compliance with the principles of protection of processed personal data.

What is the purpose of this Policy?

Our company places great emphasis on the protection of collected and further processed personal data. In support of this, we inform in this Personal Data Processing Policy (hereinafter referred to as the “Policy“) data subjects and other persons about what personal data we collect and how we handle them. This Policy applies to all data subjects anywhere in the world.

What personal data do we process?

On the basis of the Contract for the Supply and Provision of Comprehensive Services of the ETS Operation concluded on 20 September 2018 with the Road and Motorway Directorate of the Czech Republic, registered office at: Na Pankráci 546/56, 145 05 Prague 4, Czech Republic, Company Reg. No.: 65993390 (hereinafter referred to as the “RMD ” and the “ETS Contract”), our company is the supplier and the provider of comprehensive services for operation of the Electronic Toll System (hereinafter referred to as “ETS”) in the Czech Republic.

In order to fulfil the obligations arising from the ETS Contract, our company is obliged to process a considerable amount of personal data, in particular of owners, operators and drivers of toll-liable vehicles, or of their employees and agents. To ensure an appropriate level of personal data protection, on 11 February 2019 a contract on the processing of personal data was concluded, pursuant to Article 28(3) of GDPR, between the RMD as the personal data controller and our company as the personal data processor.

In order to perform the ETS Contract, we process the following categories of personal data:

  • Identification, address and contact details of owners, operators and drivers of vehicles registered in the ETS and, where appropriate, their employees and agents;
  • Information about vehicles registered in the ETS;
  • Information about the toll payment method in relation to a relevant vehicle;
  • Information about the postpay terms agreements concluded between the RMD and a vehicle operator;
  • Information about bank guarantees or other securities issued to secure any future claims arising from the ETS;
  • Location (positioning) information of vehicles registered in the ETS;
  • Information about toll transactions in the ETS;
  • Information about toll payments made and billing in the ETS;
  • Information about discounts granted on toll payments within the ETS;
  • Information about ETS toll payment exemption;
  • Information relating to filed and settled claims, complaints and suggestions;
  • Login and other related data of a user registered in MYTOCZ.EU mobile application (hereinafter referred to as the “Mobile Application”).

In order to ensure fulfilment of the obligations arising from the ETS Contract and to carry out normal operating activities of our company, we further process:

  • Identification, address and contact details of our contractors and their contact persons;
  • Identification, address and contact details of our customers and their contact persons.

How do we process personal data?

We process automated and manual personal data collected for the purpose of performing the ETS Contract, but we do not profile data subjects. The processing of personal data for the purpose of performing the ETS Contract is primarily in the form of collection and recording of personal data, storage and structuring of personal data, searching, use and deletion of personal data and in the form of transfer of personal data to the RMD.

How do we protect personal data we process?

The processing of personal data is always based on the requirements of effective legal regulations, in particular GDPR and Act No. 110/2019 Coll. on Personal Data Processing (hereinafter referred to as the “Adaptation Act”). All personal data collected and further processed are protected against their accidental or unauthorised destruction, loss, modification or disclosure to a third party. We have implemented and adhere to appropriate technical and organisational measures to protect the processed personal data, in particular all our employees and contractual partners involved in the processing of personal data shall be obliged to maintain confidentiality and we have internally set processes to ensure constant confidentiality, integrity, availability and resilience of our systems. We do not pass processed personal data to a third country or international organisation.

What are the purpose and the legal title of personal data processing?  

Personal data collected under the ETS project are generally processed for the purpose of the proper operation of the ETS, in particular for the purpose of registering, charging, collecting and enforcing tolls, deposits and related fees for the use of toll roads, in accordance with the following legal titles:

  • performance of the ETS Contract;
  • compliance with the legal obligations arising from legal regulations, especially Act No. 13/1997 Coll. on Roads, as amended, Act No. 56/2001 Coll. on the Conditions for Operating Vehicles on Roads as amended, Regulation of the Government No. 240/2014 Coll. and Decree of the Ministry of Transport No. 470/2012 Coll .;
  • performance of tasks in the public interest or in exercise of the public authority entrusted to the RMD as a contracting party to the ETS Contract in respect of toll collection;
  • performance of Postpay Terms Agreements concluded by the RMD with vehicle operators (data subjects);
  • a consent by data subjects (when using the Mobile Application and when cookies are enabled).

We do not use personal data collected and processed within the ETS project for any other purpose and do not process it in any other way than in accordance with the ETS Contract.

We process the personal data of our suppliers and customers collected outside the ETS project based on the legal titles of the performance of an agreement concluded with a data subject and the compliance with the obligations stipulated by the law (especially the accounting and tax legislation).

How long do we process personal data?

Personal data collected within the ETS project are processed and stored by our company only for a time that is necessary. The time limit for the processing personal data is when the last of the following events arises:

  • termination of the ETS Contract, or related contracts concluded between our company and the RMD (or termination of activities based on these contracts);
  • termination of the contractual relationship concluded between the RMD and a data subject within the ETS, or expiry of the limitation period for possible exercise of the parties’ rights under this contractual relationship;
  • expiration of the mandatory period for archiving documents containing personal data in accordance with applicable legal regulations.

Personal data collected for other purposes shall be processed for the duration of the contractual relationship with a contractor or a customer (or until the expiry of the limitation period for the possible exercise of rights by the contractual parties ensuing from this contractual relationship), but always for at least the necessary time stipulated by the law.

To whom may personal data be transferred?

The processed personal data may be transferred to:

  • government entities in cases stipulated by the law;
  • personal data processed under the ETS Contract also to other entities participating in the ETS operation, i.e. in particular to our subcontractors (they are always obliged to protect the processed personal data to at least the same extent as our company).

Websites and Mobile Application

We use the so-called cookies and Google Analytics tools within the Mobile Application, our company website available at czechtoll.cz and the ETS project website available at mytocz.eu, especially in order to improve the content of the websites, measure their traffic, target ads, and customise their display to a specific visitor. Cookies are small text files containing short data that can be stored on your computer when you visit the websites specified above. Cookies can only contain information that we send to your computer; therefore, your personal data is not retrieved. At the same time, the use of cookies does not specifically link to other data unless you explicitly consent to this on our website.

Cookies can be stored on your computer for any period of time. Some types of cookies are limited by the duration of the session, i.e. they exist only until the web browser is shut down and are then are automatically deleted. Other types of cookies remain in the web browser even after its shut-down until a specified date, or until they are manually deleted by the user (according to these cookies, the user’s computer can be identified when the web browser is restarted). The storage of cookies can generally be disabled in the web browser settings (it is also possible to disable the use of third-party cookies). If you do so, some features of the website may be unavailable or the rejection of the cookies may affect user experience. We always use cookies in accordance with the requirements of effective legislation, in particular GDPR and the Adaptation Act.

As part of the Mobile Application, we use, among other things, access to the camera, gallery and local storage of your mobile device to insert necessary attachments within selected ETS processes (especially when registering vehicles), solely based on  your consent provided during the Mobile App installation. All attachments sent from your mobile device are user-controlled, i.e. the Mobile Application does not send any background data from the repository unless the user provides such data as part of the standard use of the Mobile Application.

Data Protection Officer

If you have questions regarding the processing of your personal data by our company, please contact the Data Protection Officer at the following contact details:

JUDr. Jakub Jeřábek
Data Protection Officer
mailing address: CzechToll s.r.o., Argentinská 1610/4, Holešovice, 170 00 Praha 7
e-mail: jakub.jerabek@czechtoll.cz
telephone number: + 420 248 248 888

How can you exercise your GDPR guaranteed rights?

According to GDPR, you are entitled to exercise the following rights in relation to the RMD as the personal data controller in respect of the ETS operation: the right of access to personal data, the right of rectification or deletion of personal data, the right to limit personal data processing, the right to portability of personal data. You are also entitled to object to the processing of personal data. If processing personal data for the purpose of performing the ETS Contract, our company is only in the position of a processor of the processed personal data.

In other cases of personal data processing where our company is in the position of the personal data controller (i.e. when processing the personal data of our contractors, customers and contact persons), you are entitled to exercise the right of access to personal data, the right of rectification or deletion of personal data, the right to limit the processing of personal data and the right to portability of personal data or to object to the processing of personal data directly with our company. You can also withdraw your consent to the processing of personal data you have provided to us (Mobile App, the use of cookies) directly from our company.

You can exercise the rights guaranteed by GDPR with our company in the following ways:

  • by filing in paper form with an officially certified signature of the applicant delivered to the following address: CzechToll s.r.o., Pověřenec pro ochranu osobních údajů, Argentinská 1610/4, Holešovice, 170 00 Praha 7;
  • by filing in electronic form with an advanced electronic signature of the applicant delivered to the e-mail address jerabek@czechtoll.cz;
  • by filing in electronic form delivered to the data box of CzechToll s.r.o., data box ID 4jsnv78.

If you believe that the processing of personal data by the company has violated the law, you can file a complaint with the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Praha 7.

This Policy is valid and effective as of 18 October 2019

CzechToll s.r.o.

© 2020 CzechToll - Privacy policy
Design by KRAFT digital