Principles of personal data protection and processing

By sending any contact, registration or other form on the website, the user confirms that he has read and agrees with the principles of personal data protection and processing.

Through this principles of personal data protection and processing (hereinafter referred to as the  "Principles"), we inform the data subjects whose personal data we process of all processing activities and principles regarding the privacy protection of you as the data subjects.

I.    Basic summary

1.    The company key & spark s.r.o. as the operator of the  website (hereinafter referred to as the "website") and the controller (at the same time) processes your personal data as it is necessary to establish contact with you, to provide its services and conducting its business, to improve its services, to send notifications, offers and promotions, and further the processing of your personal data is necessary for the fulfilment of public law obligations of this company and for marketing purposes of the company.

2.    Identity of the controller: key & spark s.r.o., IČ: 10998233, with its registered office at Vršovická 1525/1d, Vršovice, 101 00 Prague, Czech Republic, registered in the Commercial Register kept by the Municipal Court in Prague under file no. C 352049 (hereinafter referred to as the "controller”).

3.    Contact details of the controller: delivery address: Tresnova 480, 252 43 Pruhonice, Czech Republic, email:, telephone: +420 739 547 964

4.     The controller did not appoint a data protection officer.

II.    Categories of processed personal data

1.    Personal data provided directly by you. The controller processes personal data that have been provided directly by you and for the purposes listed below in Article IV the following categories of personal data are processed:
•    name/first name and surname of the subject, or other communicated data used for unambiguous and unmistakable identification of the data subject (e.g. address of permanent residence/registered office, ID number, VAT number, date of birth)
•    data enabling contact with the data subject (contact address, telephone number, e-mail address, IP address, etc.),
•    also descriptive data (bank details), if necessary for the intended purpose,
•    history of delivered services,
•    and other data necessary for the performance of the purposes specified by the controller.

III.    Legal basis for personal data processing

1.    The legal basis for the processing of your personal data is the following:

(i)    processing is necessary for the negotiation of a contract or for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract within the meaning of Article 6 par. 1 letter b) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (hereinafter referred to as the "regulation");
(ii)    processing is necessary for compliance with a legal obligation to which the controller is subject, within the meaning of Article 6 par. 1 letter c) of regulation, in particular compliance with the obligations imposed on controller by generally binding legislation;
(iii)    processing is necessary for the purposes of the legitimate interests pursued by the controller (e.g. to provide direct marketing and sending of business communications and newsletters, to improve its services);
(iv)    you have giv
en your consent to the processing of your personal data (e.g. for sending of business communication and newsletters in the event that there has been no previous use/ordering of the controller's services).

IV.    Purpose of personal data processing

1.    The purposes of processing of your personal data vary, however, these are mainly the following purposes for which your personal data are processed:

(i)    sending a response to a user's/visitor's request/question or contacting the user/visitor;
(ii)    the performance and realization of the contract concluded between you and the  controller, including the settlement of any claim/complaint or implementation of measures by the controller prior to the conclusion of such a contract and the performance of related public law obligations by the controller;
(iii)    sending business communications in the form of email newsletters containing the offer of provided or advertised products and services, news, and other marketing activities made by controller;
(iv)    improving the quality of the provided services and focusing on what the user/visitor of the website is really interested in, offering the customer similar services or goods that meet his needs, based on access to the controller's website;
(v)    improving the website as such and maintaining its security.

V.    Time of storage of personal data

1.    Your personal data will be stored and processed only for the time strictly necessary for the purpose of their processing. In the event that you enter into a contract with the controller, your personal data will be processed for the duration of the rights and obligations under the contract, as well as for the time necessary for archiving purposes under the relevant generally binding legal regulations.

2.    Commercial communications are sent for the entire period of time for which lasts the consent with their sending, i.e. until the moment when the sending of commercial communication is unsubscribed, or until an objection is raised against the processing of your personal data for this purpose.

VI.    Recipients of personal data and transferring of personal data outside the European Union

1.    In justified cases, the controller may pass your personal data to other entities (hereinafter referred to as the "recipients"). Personal data may be transferred to the following recipients:

(i)    the processors who process your personal data for the controller for the purposes, in the manner and under instructions of the controller and the relationships with which they are treated in accordance with the requirements of Article 28 of the regulation;
(ii)    persons who administer the software used by the controller, solely for the purpose of administering and technical support for those programs;
(iii)    persons who provide services and goods to controller and process your personal data for controller within them (e.g. persons providing marketing services);
(iv)    the persons to whom the controller's business may be transferred in the future;
(v)    the controller's employees, the contractors working with the controller and selected third parties;
(vi)    analysts and search engine providers assisting controller in improving and optimizing the website;
(vii)    public authorities and other entities as required by applicable law (e.g. police, financial authorities or other competent authorities);
(viii)    other entities in the event of an unforeseen event in which the disclosure of data is necessary to protect life, health, property or other public interest or to protect the rights, property or safety of the controller.

2.    The controller uses personal data recipients/processors in third countries outside the EU to provide certain services (especially cloud and mailing services). This means that in these cases your personal data is transferred to third countries outside the EU. However, the transfer always takes place in accordance with the applicable legislation, especially in accordance with Articles 45 to 49 of the regulation, and in any case the protection of your personal data is ensured. 

VII.    Principles of personal data processing 

Your personal data is processed by the controller:
1.    in a lawful, fair and transparent manner - we process your personal data in accordance with applicable law, in particular in accordance with the regulation. Through this Principles and the contact provided here, you have the opportunity to become acquainted with the way we process your personal data, as well as with their scope and content.
2.    only for the stated purposes - we process personal data only to the extent necessary to fulfil the specified purpose and in accordance with this purpose.
3.    only in the necessary amount - we process personal data only to the extent necessary to achieve the purpose of their processing.
4.    only for the time necessary for the purposes for which they are processed.
5.    using technical and organizational security of personal data so that they are protected against unauthorized or unlawful processing and against accidental loss, destruction or damage.

VIII.    Securing of personal data

1.    The processing of personal data shall be carried out manually or automatically by means of computer technology, but both in compliance with all security principles and measures for the management and processing of personal data. For this purpose, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, change, destruction or loss of personal data, unauthorized transfers, processing and other misuse of personal data.

2.    All entities to which personal data may be disclosed respect your right to privacy and are required to comply with applicable data protection legislation.

IX.    Automated individual decision-making and profiling

1.    Your personal data will not be used for an automated decision-making including profiling in the sense of Article 22 of regulation.

X.    Rights of data subjects

1.    The right to access to your personal data  (article 13 of regulation);

2.    The right to rectification  (article 16 of regulation); 

3.    The right to object to processing (article 21 of regulation); 

4.    Right to restriction of processing (article 18 of regulation);

5.    Right to data portability (article 20 of regulation)

6.    Right to erasure (‘right to be forgotten’) (article 17 of regulation)

7.    Right to revoke consent to the processing of personal data - in cases where the processing of your personal data is based on your consent, you have the right to revoke your consent at any time, without prejudice to the lawfulness of processing based on consent given before its revocation. You can revoke consent through the contact provided in this Principles. Also at the bottom of each e-mail with a business message/newsletter we will provide you with a link to unsubscribe from receiving our promotions, news or other marketing activities.

8.    You may exercise all of your rights set forth in this Article X paragraphs 1 to 7 above through the controller contacts specified in this Principles.

9.    Right to lodge a complaint with a supervisory authority -  if you believe that the processing of your personal data has been violated or is violated the regulation, you have, inter alia, the right to lodge a complaint with the supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection (in Czech: Úřad pro ochranu osobních údajů), with its registered office at Pplk. Sochora 27, 170 00 Prague 7, phone: +420 234 665 111, e-mail:, data box: qkbaa2n, 

10.    With any comments regarding the processing of personal data or in case of exercising your rights, you can contact the controller by e-mail at:, or on the telephone number: +420 739 547 964

XI.    Final provisions

1.    The controller may continuously change, update or modify the principles of personal data protection and processing. The new version of the principles will be published by the controller on his website.