Protection of personal information
Declaration on Protection of Personal Data
Protection of your personal data is important for us. NEXT s.r.o., with its registered office at Potoční 404, Budyně nad Ohří, Identification no.: 14892162, (hereinafter referred to as “NEXT” or “Bezpečnostní dveře NEXT”) is committed to protecting the personal data provided to it.
On this webpage, you can find information on the why, when and how we process personal data at NEXT and on the types of personal data that we process. You can also find here information on how you can contact us if you have any questions regarding the processing of your personal data and on how to correct your personal data.
We further undertake to implement all necessary measures enabling us to prevent the misuse of the personal data that you provide to us. We will process your personal data only in cases where there are legal grounds for the processing of personal data.
In certain circumstances, we may amend and update this Declaration on Protection of Personal Data. Therefore, we recommend that, in your own interest, you revisit this webpage in order to ensure that you always have current information about its content.
Basic terms and information
What is personal data?
The term “personal data” refers to every item of information about an identified or identifiable natural person (subject of data). An identifiable natural person is a natural person who can be directly or indirectly identified, particularly by means of a link to a certain identifier (name, surname, identification number, network identifier) or to one or more elements of such natural person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
Special category of personal data
This involves only a new designation of sensitive personal data. It pertains to such personal data that can cause you difficulties in society, at work or at school or can cause you to suffer discrimination. Such personal data usually pertain to racial or ethnic origin, political opinions, religious affiliation or union membership. This may also refer to processing of genetic data, biometric data for the purpose of singular identification of a natural person and data on a given natural person’s health condition, sex life or sexual orientation.
Subject of data
A subject of data is a natural person to whom personal data pertain and who can be identified or is identifiable based on personal data.
Administrator of personal data
The personal data administrator is a natural person or legal entity that determines the purposes and means of processing personal data and is primarily responsible for processing. Unless stated otherwise in these principles or in the terms and conditions of a particular product, it applies that NEXT is the administrator of personal data.
Processor of personal data
The personal data processor is a natural person or legal entity that processes personal data for the administrator on the basis of the administrator’s instructions.
Processing of personal data
Personal data processing is any operation or set of operations that is executed with personal data or sets of personal data with or without the use of automated processes such as collection, recording, arrangement, organisation, structuring, adjustment or alteration, search, viewing, use, and making such data accessible by means of transfer, dissemination or other means of making data accessible, arrangement or combination, restriction, deletion or destruction of such data.
Which legal regulation governs the processing of personal data?
The processing of personal data is governed particularly by Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”). In some case where such is allowed by the GDPR, national regulations can stipulate different rules. This is governed by Act No. 101/2000 Coll., on Protection of Personal Data.
When is it possible to process personal data?
For legal processing of your personal data, at least one of the conditions set forth in Article 6 of the GDPR must be fulfilled. In the event that this involves a special category of personal data, at least one of the conditions set forth in Article 9 of the GDPR must be fulfilled. In both cases, the principles of personal data processing set forth in Article 5 of the GDPR must be complied with.
Processing of personal data at NEXT
Why do we process your personal data?
We are the leading Czech manufacturer of security doors and supplier of products and equipment that help to protect your home (security films, security systems, etc.). Some of your personal data are necessary for preparing offers of our products and for concluding contracts when our services are ordered. You do not have to provide other personal data that are not absolutely necessary for provision of ordered products and services. However, if you decide to share such data with us, we can do more for you.
Which personal data do we process?
In the table below, you can see which personal data we need to know for the use of particular services.
- Name
- Surname
- Telephone number or numbers
- E-mail address or address
- Residential address/billing address
- Installation address (if different from the billing address/residential address)
Beyond the framework set forth above, processing of any other personal data may occur if you voluntarily provide such data to us. We reserve the right to destroy unsolicited personal data. We will inform the subject of personal data about that procedure.
Place of personal data storage
The place of personal data storage comprises NEXT’s operations facilities, specifically at the addresses Na Pankráci 79, Prague 4; Potoční 404, Budyně nad Ohří; Cukrovarská 33/21, Prague 9; Slévárenská 22, Ostrava; Mlýnská 9a, Brno; Pod Všemi svatými 6, Plzeň; Foerstrova 1682/3a, Hradec Králové; Komenského 26, Bratislava.
Sharing of personal data
NEXT (NEXT s.r.o. - Identification no.: 14892162, NEXT Security & Communications, s r.o. - Identification no.: 493 58 928, NEXT Plzeň, s.r.o. - Identification no.: 626 23 788, NEXT Brno s.r.o. - Identification no.: 253 41 308, NEXT Security Ostrava, s.r.o - Identification no.: 253 87 791, NEXT Hradec Králové s.r.o. - Identification no.: 632 19 000, NEXT Dvere, s.r.o. - Identification no.: 444 01 558) comprises a group of companies of which the controlling entity is NEXT s.r.o., Identification no.: 14892162. These companies can conduct processing of customers’ personal data in the role of processor.
Processors can conduct processing of personal data for NEXT on the basis of a contract on processing of personal data, i.e. with guarantees of organisational and technical security of such data and with definition of the purpose of processing, whereas processors may not use data for other purposes.
So that we are able to ensure effective operation of the company, we must share some of your personal data with our partners (external accounting firms, information system administrators and, as the case may be, government institutions). This particularly pertains to: name, surname, address (billing address and installation address), e-mail address.
Security of personal data
Technical, organisational and other measures
We strive to ensure that your personal data processed by NEXT have the maximum degree of security. For this purpose, we have implemented a range of technical and organisational measures that protect personal data against unauthorised and illegal processing and against inadvertent loss, destruction and damage.
We comply with the principal of minimisation of personal data. We process only the information about you that we absolutely need or information that you provide to us with your consent beyond the framework of absolutely necessary processing.
Period of personal data processing
The longest period of duration of personal data processing we apply at NEXT in relation to you is ten years from the date when the legal relationship between the data subject and NEXT terminated. The above-mentioned period arises from Act No. 89/2012, the Civil Code, as amended, or, as the case may be, Act No. 235/2004 Coll., on Value Added Tax, as amended. The reason for such processing is legal obligation or the legitimate interest of NEXT. Upon expiry of this period, all of your personal data will be deleted.
Other period of personal data processing
If you reach out to our contact centre with questions or in the case of ordinary communication with us, we will delete your personal data much earlier than in the time period stated above. We will retain your personal data only for the necessary period of time that we require for fulfilment of the purposes set forth in these principles of personal data protection or for the purpose of fulfilling obligations mandated by law.
Cookies and other tracking technologies.
What are cookies?
Cookies are small text files that websites store on your computer or mobile device at the moment when you start to use those websites. Cookies serve for remembering your preferences and actions that you perform on websites (e.g. login data, language, font size and other display preferences) so that, for a certain period of time, you do not have to re-enter those data. Our cookies do not identify individual users; they only identify the device that you are using by means of a randomly generated identification code.
Why does NEXT use cookies and other tracking technologies?
Cookies and other tracking technologies may be used on our website and applications for various reasons, e.g. for the purpose of website operation, analysis of visitation rates or for advertising purposes. Therefore, we use cookies and other tracking technologies so that we can improve the quality and efficiency of our services.
More information about cookies, prohibition of cookies
More information on what cookies are, how they work and how to manage or delete them is available here: www.next.cz/cookies
Exercise of data subjects’ rights
Right to information
We comply with the principle of transparency of personal data processing. In accordance with this principle, we are committed to providing data subjects with information about which of their personal data we process.
If you would like to know which of your personal data we process, you can request such information via e-mail at osobniudaje@next.cz.
We would like to inform you that if we are not able to verify your identity electronically or if we have legitimate doubts about your identity, we will request that you present your identification card at the NEXT s.r.o. location at Na Pankráci 79, Prague 4. Only in that way can we ensure that we will not provide your personal data to someone who is impersonating you.
We will handle your request in the shortest possible time. Depending on the complexity and scope of your request, such handling may take up to several weeks.
Right to correction
If you determine that any of your personal data that we process are inaccurate or out-of-date, please inform us of such fact here. In such a case, we also require that you present your identification card at the NEXT s.r.o. location at Na Pankráci 79, Prague 4. Only in this way can we ensure prevention of unauthorised alteration of your personal data.
In some case, we cannot carry out correction of personal data. This especially involves cases when your inaccurate or out-of-date personal data (e.g. maiden name) are contained in tax documents that we archive in accordance with the law.
Withdrawal of consent to the processing of personal data and the right “to be forgotten”
It is possible to restrict the further processing of your personal data that is conducted on the basis of consent to personal data processing at any time. It suffices to withdraw your consent to such processing.
You can also exercise your right “to be forgotten”. In such a case, we will delete all of your personal data that we process, with the exception of cases when processing is conducted for the purpose of fulfilling legal obligations or for reasons of our legitimate interest. In this case, we require the data subject’s identification before we carry out deletion of personal data.
Updating of the principles of personal data protection
We keep these principles of personal data protection updated and in accordance with the applicable legal regulations. For this reason, these principles may be amended from time to time. We request that all of our clients pay an appropriate degree of attention to these principles.
Responsibility for personal data processing
NEXT s.r.o. is responsible for the processing of your personal data. The administrative body that conducts supervisory activities in the area of personal data in the Czech Republic is the Office for Person Data Protection.