We understand that our visitors, users and anyone who navigates our website (collectively, “Users”) value their privacy. This document contains important information regarding the principles we follow when processing personal data.
All processing of personal data is always carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Provider´s identification and contact information:
AVANT investiční společnost, a.s.
Hvězdova 1716/2b, 140 00, Praha 4 – Nusle
+420 267 997 795
Data protection officer:
The Provider has appointed a Data Protection Officer to assist in addressing data protection issues. If necessary, the User can contact the Officer directly. The Data Protection Officer is available to handle queries regarding personal data or to provide further information on data protection:
|+420 267 997 795|
Transfer of personal data to a third country or international organization:
The Provider will not transfer personal data to third countries or international organizations within the meaning of Article 44 et seq. of the GDPR.
Automated individual decision-making and profiling:
The Provider will not carry out profiling or automated individual decision-making.
The supervisory authority in the place of the Provider´s registered office is the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: firstname.lastname@example.org, tel.: 234 665 125.
The Provider qualifies only as the data controller.
PROVIDER – DATA CONTROLLER
The Provider acts as the data controller in relation to the personal data of persons who send the Provider a request to be contacted via the Provider´s web form.
What personal data are processed by the Provider, for what purpose and on what legal basis?
Sensitive personal data
As the data controller, the Provider will not process personal data of Users belonging to special categories of personal data pursuant to Article 9 of the GDPR.
How long are personal data processed by the Provider?
Personal data are processed only for as long as there is a legal reason to store them, subsequently the data are deleted promptly.
Personal data processed for the performance of obligations arising from special legal regulations are processed by the Provider for the period of time specified by the relevant legal regulations. This includes, for example, statutory data retention or documentation obligations. These are in particular data retention obligations arising from civil, commercial or tax laws. When the retention obligation expires, personal data will be deleted promptly.
Other personal data are processed for: 2 months
In order to secure the User´s data against unauthorized or accidental disclosure, the Provider uses reasonable and appropriate technical and organizational measures.
The Provider will ensure that if servers are located in a data center operated by a third party, similar technical and organizational measures are implemented by that third party.
All data are located only on servers located in the European Union or in countries that ensure protection of personal data in a manner equivalent to the protection provided by the legislation of the Czech Republic.
The Provider has implemented the following data security procedures: Technical measures consist in the application of technologies that prevent unauthorized access to the User´s data by third parties, in particular the use of firewalls, updated antivirus programs, etc. For maximum protection, the Provider uses data encryption. Operational systems in which personal data are processed and operational premises where personal data are processed are protected physically and electronically, in particular by means of controlled entry and access of employees, physical protection by persons as well as technical (mechanical means) and electronic security systems. The organizational measures consist of a set of rules of conduct for employees and are incorporated into the Provider´s internal regulations, which are considered confidential for security reasons. The procedures are based, inter alia, on minimizing the number of persons who have access to and who can handle personal data. All employee access to, and handling of, personal data are monitored and recorded.
RIGHTS OF USERS
Each User has:
- the right of access to personal data: The User has the right to obtain confirmation from the Provider as to whether or not the personal data concerning him/her are being processed and, if they are, the right to access such personal data and the following information: (a) the purpose of the processing; (b) the categories of personal data concerned; (c) the recipients to whom the personal data have been or will be disclosed; (d) the planned data retention period; (e) the existence of the right to request from the controller the rectification or erasure of the personal data or the restriction of their processing, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) any available information on the source of the personal data, unless obtained from Users; (h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to obtain a copy of the personal data processed.
- the right to rectification of personal data: the User has the right to request the Provider to correct inaccurate personal data concerning him/her without undue delay or to complete incomplete personal data.
- the right to erasure of personal data: the User has the right to request the Provider to erase the personal data concerning him/her without undue delay if: (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the User withdraws the consent on the basis of which the data were processed and there is no further legal basis for the processing; (c) the User objects to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data must be erased to comply with a legal obligation under European Union or Member State law; (f) the personal data were collected in connection with the offer of information society services. However, the right to erasure shall not apply where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defense of legal claims and in other cases laid down in the GDPR.
- the right to restriction of processing: the User has the right to request the Provider to restrict processing in any of the following cases: (a) the User contests the accuracy of the personal data, for the time necessary to allow the Provider to verify the accuracy of the personal data; (b) the processing is unlawful and the User refuses to erase the personal data and requests instead to restrict its use; c) the Provider no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defense of legal claims; d) the User objects to the processing until it is verified that the legitimate grounds of the Provider override the legitimate grounds of the data subject.
- the right to object to processing: the user has the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her which are processed on grounds of legitimate interest. In this case, the Provider will not further process the personal data until it demonstrates compelling legitimate grounds for the processing which override the interests or rights of the Users or for the establishment, exercise or defense of legal claims.
- the right to data portability: the User has the right to obtain the personal data concerning him/her that have been transmitted to the Provider in a structured, commonly used and machine-readable format and the right to transmit these data to another controller, if: a) the processing is based on consent and b) the processing is carried out by automated means. In exercising his/her right to data portability, the User has the right to have personal data transmitted directly from one controller to another, if technically feasible.
- the right to lodge a complaint with the supervisory authority: If the User believes that the Provider does not process his/her personal data lawfully, he/she has the right to lodge a complaint with the supervisory authority. The contact details of the supervisory authority are listed above.
- the right to be informed about the rectification or erasure of personal data or restriction of processing: the provider is obliged to notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this is impossible or requires disproportionate effort. If the User so requests, the Provider will inform the User of these recipients.
- the right to be informed in the event of a data breach: if a particular data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of the breach without undue delay.
- the right to withdraw consent to the processing of personal data: if the processing of a part of the personal data is based on consent, the User has the right to withdraw his/her consent to the processing of personal data at any time in writing, by sending his/her disagreement to the e-mail address: email@example.com.
The text in a cookie file is often made up of a series of numbers and letters that uniquely identify the User´s computer, but do not provide any specific personal information about the User. A cookie usually contains the name of the domain from which it was sent, information about age and an alphanumeric identifier.
The Provider´s website automatically identifies the User´s IP address. The server records all this information in an activity file, which allows subsequent data processing. The Provider also records the request from the browser and the time of the request, the status and the amount of data transferred within this request. It also collects information about the browser and computer operating system used and their versions. It also records the web pages from which you accessed the Provider´s website. The IP address of your computer is stored only for the period of time the website was used and then only for as long as necessary. After the expiration of these periods, the IP address is deleted or anonymized by truncation.
Type of cookies and similar technologies
Technical cookies and similar technologies: based on its legitimate interest, the Provider uses technically cookies that are necessary for the operation of the website and to ensure its functionality. These cookies may be persistent or session cookies. A persistent cookie remains on your hard drive even after you close your browser. Persistent cookies may be used by the browser during subsequent visits to the Provider´s website. Persistent cookies can be deleted. Session cookies are temporary and are deleted once the browser is closed. These data are used by the Provider to operate the website, in particular to identify and resolve errors, to determine the use of the website and to make adjustments or improvements. These purposes are based on the Provider´s legitimate interest in the processing of the data pursuant to Article 6(1)(f) of the GDPR.
The User can set his/her browser to block these cookies. The Provider warns that in this case certain parts of the website will not work.
The Provider uses the WebStorage listed in the table below in the same manner and for the same reasons.
With the User´s permission, the Provider uses additional cookies:
Analytical cookies and similar technologies: these cookies help the Provider to analyze how Users use the website. They may be used, for example, to measure and improve the performance. For example, these cookies allow to determine how the User arrived at the website, whether directly, through a search engine or via a link on a social network. In addition, the Provider learns how long Users stay on the website and what links they click.
These cookies are set on the User´s device only if he/she gives his/her consent to do so during his/her first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Analytical cookies can be refused at any time by simply making the appropriate change in the Detailed Cookie Settings.
The Provider uses the WebStorage listed in the table below in identical manner and for the same reasons.
Advertising cookies and similar technologies: advertising cookies allow advertising to be displayed based on the User´s preferences. They can be used, for example, to allow the Operator to create a profile of the User´s interests and to display relevant advertisements to the User.
These cookies are used on the User´s device only if he/she gives his/her consent during his/her first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Advertising cookies can be refused at any time by simply making the appropriate change in the Detailed Cookie Settings. If the User does not give his/her consent, he/she will not receive content and advertisements tailored to his/her interests.
The Provider uses the WebStorage listed in the table below in identical manner and for the same reasons.
any other cookies/similar technologies if they are listed in the table below.
To obtain and manage the User´s consent, the Provider uses the CookiesLišta.cz platform from Soft Evolution s.r.o., ID No.: 46982230, Martinice 100, 594 01 Velké Meziříčí. The platform collects device information, browser information, anonymized IP address, date and time of visit, URL requests, web path and geographical location. This allows the Provider to inform the User about the Provider´s web environment and to obtain, manage and document the User´s consent. The legal basis for data processing in this case is Article 6(1)(c) of the GDPR, since the Provider is legally obliged to provide proof of consent in accordance with Article 7(1) of the GDPR. The data will be deleted as soon as they are no longer needed for logging and there are no legal requirements for retention. For more information on data protection at the platform provider, please visit: https://www.cookieslista.cz.
Third-party cookies may also be placed on the Provider´s website. The Provider uses the following cookies:
|Processor||Cookies designation||Personal data||Purpose of processing||Legal basis||Duration of processing|
|Technical cookies/similar technologies|
|AVANT investiční společnost, a.s.||dcb_dsv||no||Consent to cookies processing.||legitimate interest||local repository / 365 days|
|AVANT investiční společnost, a.s.||dcb_config||no||Configuration of consent to cookies processing.||legitimate interest||local repository / 365 days|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||cookiePreferences||no||Registration of user´s cookies settings.||user’s consent||2 years|
|AVANT investiční společnost, a.s.||pll_language||no||Configuration of web language.||legitimate interest||Session|
|Analytical cookies / similar technologies|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_ga||no||ID for user identification||user’s consent||2 years|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_ga_||no||ID for user identification||user’s consent||2 years|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_gid||no||Id for user identification for 24 hours after last activity||user’s consent||24 hours|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_gat||no||Monitoring of number of requests of Google Analytics server when using Controller´s Google marks||user’s consent||1 minute|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_dc_gtm_||no||Monitoring of number of requests of Google Analytics server||user’s consent||1 minute|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||AMP_TOKEN||no||Contains token ID used for scanning client ID from AMP Client ID service.||user’s consent||30 seconds to 1 year|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_gat_gtag_||no||Configuration and obtaining of monitoring data.||user’s consent||1 hour|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||_gac_||no||Contains information relating to user´s marketing campaigns. These are shared with Google AdWords / Google Ads, when Google Ads and Google Analytics are connected.||user’s consent||90 days|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utma||no||ID for user identification and relations.||user’s consent||2 years after last activity|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utmt||no||Monitoring of number of requests of Google Analytics server.||user’s consent||10 minutes|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utmc||no||Used only for old versions of Urchin Google Analytics, not for GA.js. Used for identifying new relations and visits at the end of relation.||user’s consent||End of relation (browser)|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utmv||no||Information for website developers is received via _setCustomVar in Google Analytics. Cookie contains new updates and new messages on Google Analytics server.||user’s consent||2 years after last activity|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utmx||no||Identification whether user is included in test A / test B with multiple variables.||user’s consent||18 months|
|Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States||__utmxx||no||Determination of end of test A / test B with multiple variables involving the user.||user’s consent||18 months|
Browser cookies settings
Most web browsers accept cookies automatically. However, it is possible to block or remove them.
The User´s browser automatically reports certain information each time the Provider´s website is viewed. The servers automatically record certain information that the web browser sends each time the website is visited. These server logs (“log files”) may include information such as the web request, IP address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, number of pages viewed and the order of those pages, amount of time spent on certain pages, date and time of the request, and one or more cookies allowing unique identification of the browser.
The Provider uses social networks in order to communicate with customers, prospective customers and users who are logged in and to inform them about its offers.
The Provider advices that these platforms and their functions are used by the User at his/her own risk, in particular with regard to the use of interactive features (e.g. commenting, sharing, rating). The Provider bears no responsibility for the handling of these personal data and points out that personal data may be processed outside the European Union.
Last update: 14 February 2022