Information Customers

Information for customers according to Articles 13 and 14 of the GDPR

In accordance with Art. 13 and 14 of the GDPR and on the basis of the relevant provisions of the Personal Data Processing and Privacy Policy (https://www.aspena.com/personal‑data‑protection/ ), Aspena, s.r.o., company ID No.: 607 51 185, with its registered office in Brno, Veveří, Gorkého 64/15, Postal Code 602 00, registered in the Commercial Register under Insert No. C 19243, kept by the Regional Court in Brno, as the personal data controller (hereinafter referred to as the “Company”), informs the Company’s Customers about the processing of personal data:


1.   Company name and contact details

Aspena, s.r.o., company ID No.: 607 51 185, with registered office in Brno, Veveří, Gorkého 64/15, Postal Code 602 00, e‑mail: gdpr@aspena.cz.


2.   Data Protection Officer

The Company is not obliged to appoint a Data Protection Officer.


3.   Purposes and legal grounds for personal data processing

  • For the purposes of processing personal data under the GDPR, a Customer of the Company is a natural person who:

            a) provides the Company with their personal data for the purpose of using the Company's services,

            b) is authorised to act on behalf of the Customer's legal entity for the purpose of using the Company's services and provides the Company with their personal data for this purpose.

  • The Company obtains personal data about the Customer in the following ways:
  • directly from the Customer by means of an e‑mail order or a form on the Company's website, as well as during a personal visit to the Company's premises or a personal meeting with the Customer,
  • from publicly available records (e.g. commercial register, trade register, etc.) or social networks, provided that in this case the Customer is asked for consent to the processing of personal data.
  • The Company processes the collected personal data of the Customer both automatically and manually.
  • The Company processes the Customer's personal data in accordance with the GDPR for the following purposes, proceeding on the basis of and within the framework of the legal grounds for processing personal data listed below:
  • implementation of pre‑contractual arrangements, or implementation of measures taken prior to the conclusion of the contract at the request of the Customer ‑ in the event that the establishment of a legal relationship with the Company is initiated by the Customer (legal grounds pursuant to Art. 6(1)(b) of the GDPR),
  • customer's consent to personal data processing ‑ in the event that the Company initiates the establishment of a legal relationship with the Customer, prior consent is required for the processing of the Customer's personal data during the pre‑contractual phase (legal grounds pursuant to Art. 6(1)(a) of the GDPR),
  • performance of the contract to which the Customer is a party ‑ in particular the Customer’s identification and contact data, conditions of performance of the contract, information necessary to change the content of the contract, rights and obligations from liability for defects (legal grounds under Art. 6(1)(b) of the GDPR),
  • fulfilment of the legal obligations applicable to the Company, which is an accounting entity and a tax entity, and for this reason keeps documents and accounting documents that may contain the Customer's personal data; as well as the fulfilment of the Company's legal obligations from liability for defects (Art. 6(c) of the GDPR),
  • fulfilment of the Company's legitimate interests ‑ in particular judicial or extrajudicial recovery of debts from the Customer, sending newsletters to the Customer, improving the services provided, business development, processing of sales statistics by the Company (Art. 6(f) of the GDPR).


4.   Categories and sources of the personal data concerned, if not obtained directly from the Customer

  • The Company obtains the personal data of Customers either directly from the Customer or from publicly available sources (commercial register, trade register and other public records), and also uses information voluntarily published by the Customer on social networks.
  • If the personal data are not obtained directly from the Customer, the Company hereby notifies that it will process the following personal data about the Customer in accordance with the GDPR: identification and contact data in the following scope: name, surname, address, e‑mail address, telephone number, VAT number and operational data (e.g. payment data, data obtained by performing the contract).
  • The Company processes the Customer's special personal data only if they are the subject of the order. In this case, the Company is in the position of a processor of personal data for the Customer (e.g. if the translated document includes information on health).


5.   Legitimate interests of the Company

In particular, the Company uses the following legitimate interests in the processing of personal data:

  • marketing ‑ sending newsletters to the Customer entered in the Company's IS in order to maintain and increase awareness of the Company's services,
  • debt recovery ‑ judicial or nonjudicial recovery of any claims against the Customer,
  • improvement of the services provided and business development, sales statistics, etc. ‑ the Company constantly strives to improve the services provided on its own initiative and on the basis of suggestions from the Customer, while maintaining the least possible interference with the personal data protection rights of individuals.


6.   Recipients of personal data

The Company reserves the right to disclose the Customer's personal data to the Company's employees, if necessary for the performance of their work duties, as well as to processors with whom the Company has concluded a contract for the processing of personal data (e.g. for accounting, IT and marketing services), and possibly to other persons and institutions in accordance with legal regulations, in particular to state authorities and other public authorities on the basis of a legal obligation to provide personal data.
If the personal data of the Customer or third parties appear in the subject of the order (e.g. in the translated document), the Company has the status of a processor of such personal data and handles the personal data exclusively according to the Customer's instructions stipulated in the contract with the Customer. In such cases, the Company reserves the right to transfer the personal data contained in the subject of the order to another processor, while maintaining the security of such personal data.


7.   Transfer of personal data to a third country or international organisation

The Company does not intend to transfer personal data to a third country outside the EU or an international organisation.


8.   Period of storing personal data

The Customer's personal data will be retained by the Company for the duration of the contract with the Customer or for 10 years from the entry of the Customer's personal data into the Company's IS. After the termination of the contract with the Customer, the Customer's personal data will be retained to meet legal obligations under the relevant laws (in particular in accounting and tax matters) and at the same time for a period of 10 years from the execution of the last order due to the above‑mentioned legitimate interests of the Company.


9.   Customer's rights to processed personal data

The Customer may exercise the following rights in relation to their personal data with the Company by sending an e‑mail to gdpr@aspena.cz:

  • right of access to personal data,
  • right to rectification,
  • right to erasure,
  • right to restrict processing for a certain period of time,
  • right to portability,
  • right to object to processing on the grounds of legitimate interest.


10.   Right to withdraw consent

If the processing of personal data is based on consent, the Customer may withdraw this consent at any time by e‑mail at gdpr@aspena.cz.


11.   Right to file a complaint

The customer has the right to file a complaint with the Office for Personal Data Protection if they believe that the processing of their personal data has violated the GDPR.


12.   Legal/contractual requirement to provide personal data

The provision of the Customer's personal data is primarily a contractual requirement. The consequence of the Customer's failure to provide personal data is the failure to conclude the contract.


13.   Automated decision‑making including profiling

The Customer's personal data is not subject to automated decision‑making or profiling.