AAA Auto s.r.o., ID no.06898327, based at Dopraváků 874/15, Čimice, 184 00 Praha 8,
Mototechna Group s.r.o., ID no.26194716, based at Dopraváků 874/15, Čimice, 184 00 Praha 8,
AUTO DISKONT s.r.o., ID no.27215733, based at Černovická 1183/38, Černovice, 618 00 Brno,
Service Plan SE, ID no.02213214, based at Sokolovská 428/130, Karlín, 186 00 Praha 8,
Mototechna Servis s.r.o., ID no.49447483, based at Otrokovice - Kvítkovice, Zlínská 260, PSČ 76502,
Mototechna Drive s.r.o., ID no.07024720, based at Dopraváků 874/15, Čimice, 184 00 Praha 8,
AURES APPS s.r.o., ID no.0702465, based at Dopraváků 874/15, Čimice, 184 00 Praha 8,
AURES LAB s.r.o., ID no.07024754, based at Dopraváků 874/15, Čimice, 184 00 Praha 8
AUTOCENTRUM AAA AUTO a.s., ID no.47918101, based at Panónska cesta 39, Bratislava 851 04,
AUTO DISKONT s.r.o., ID no.35899620, based at Šenkvická cesta 14/F, Pezinok 902 01
AUTOCENTRUM AAA AUTO Kft., ID no. 13-09-109247, based at 2151 Fót, Fehérkő utca 1,
Service Plan Kft., ID no. 13-09-112999, based at 2151 Fót, Fehérkő utca 1,
AAA AUTO Kft., ID no. 13-09-117176, based at 2151 Fót, Fehérkő utca 1.
AUTOCENTRUM AAA AUTO sp. z o.o., ID no. 0000117693, based at Piaseczno, 05-500 Piaseczno ul. Okulickiego 3
AAA AUTO sp. z o.o., ID no. 0000207260, based at Piaseczno, 05-500 Piaseczno ul. Okulickiego 3
AURES Properties sp. z o.o. ID no. 0000815434, based at Katowice, 40 - 053 Katowice ul. Barbary 21
These Principles apply for all companies in the Holding.
Joint controllers
The joint controllers in the other countries in which the AURES group operates are:
AUTOCENTRUM AAA AUTO a.s., ID No. 47918101, based at Panónska cesta 39, Bratislava 851 04,
AUTO DISKONT s.r.o., IČ 35899620, se sídlem Šenkvická cesta 14/F, Pezinok 902 01
AUTOCENTRUM AAA AUTO Kft., reg. no. 13-09-109247, based at 2151 Fót, Fehérkő utca 1,
AUTOCENTRUM AAA AUTO Sp. z o.o., reg. no. 0000117693, based at Piaseczno, 05-500 Piaseczno ul. Okulickiego 3
In the Czech Republic, the company you’ve entered into/are negotiating your contract with may also be a joint controller of your personal data
Information about the Data Protection Officer (DPO)
Mgr. Lenka Zajíčkovácontact address: Dopraváků 723/1, Praha 8, 184 00e-mail:
The Data Protection Officer is appointed jointly for the entire AURES group, i.e. for all companies in the concern and all countries in which the group operates.
Categories of personal data
We process only the personal data you provide in connection with buying or selling vehicles or using our other services (e.g. website, Garage service/application).
These are usually following details:
Identification details:
first name, surname, title, birth registration number or date of birth, permanent address, type and number of proof of identity (identity card, number of passport or other similar document), the country or authority it was issued by, and its expiry date, signature – for entrepreneurs also their tax identification number and ID No. In other words, all the personal data with which we clearly and uniquely identify you.
Contact details
contact address, telephone number, e-mail address and other similar information. This is the personal data we can use to contact you.
Creditworthiness details (ability to pay) and credibility:
personal data we can process with your consent and which we need to offer you our partners’ services in the intermediation of finance, insurance and other services.
Details of sales of goods and services used:
data on the goods or services we have provided you with or have discussed with you (e.g. records of telephone calls, other communication records, information about the car that is subject to our contract – concluded or negotiated – such as VIN and registration number), data obtained in connection with you visiting our website - IP address, cookie files or other online identifier (for more see – Art.).
Legal basis for the processing
In certain cases we process your personal data with your consent, while in other cases we do not need your consent to do so. This is generally the case when data has to be processed to enable us to comply with our contractual or statutory obligations or for the purpose of protecting our rights and legitimate interests.
We may therefore process your data on the basis of the following titles:
The main under which we must process your personal data in order to comply is:
Act No. 89/2012 Coll., the Civil Code
Act No. 563/1991 Coll., on Accounting
Act No. 235/2004 Coll., on Value Added Tax
Act No. 634/1992 Coll., on Consumer Protection
Act No. 257/2016 Coll., on Consumer Loans (this act defines the rights and obligations in relation to the provision and mediation of consumer loans),
Act No. 253/2008 Coll., on Certain Measures to Combat Money Laundering and the Funding of Terrorism (this law makes it compulsory to identify and check clients)
preparation of a business case – the collection and processing of personal data needed to draft the terms of deal;
managing relations with customers and potential customers to enable us to provide you with all the information and services associated with a purchase of our goods or services or to handle your queries, requests, complaints, etc.;
simulating products and services to enable us to help you choose the most suitable product, e.g. in securing funding;
sending the messages, notifications and confirmation needed to realize the deal;
direct marketing (including offering the relevant services and products to existing customers);
the transfer of personal data within the Holding for internal administrative purposes (including the processing of personal data of customers or employees), reporting and creating analytical models on the basis of aggregated and anonymised personal data;
the prevention and detection of fraud, the prevention of legislative non-compliance; the prevention of money laundering and the funding of terrorism, embargos;
processing camera recordings to prevent illegal activity and to protect people and property;
testing software changes;
research and development of products/services and analyses of market developments;
analyses of your data and data on goods and services to enable business to be offered with the appropriate parameters;
processing analyses of aggregated (anonymised) data for historical, statistical and scientific purposes to ensure network and information security (i.e. the ability of the network or information system to withstand random incidents and unlawful or malicious conduct) to prevent unauthorised access to the network and information and the dissemination of malicious code, and to prevent attacks and damage to computer systems and electronic communication systems.
Handling of personal data
We process personal data manually and using automated electronic systems (e.g. using software or applications). In order to protect personal data we have implemented technical, organisational and staffing security measures the effectiveness of which is checked on a regular and systematic basis.
We do not process personal data in a manner that would result in automated decision-making.
Recipients and processors of personal data
Your personal data may be processed by the controller, or by our external co-workers and processors.
We carefully select the entities that work with us on the basis of guarantees ensuring technical and organisational protection of the personal data we provide. Personal data may only be processed on our behalf by processors, and solely on the basis of a contract on the processing of personal data.
In this regard the controller may provide your personal data for legitimate purposes to the following recipients:
companies that are part of ;
external co-workers and suppliers for the performance of contracts,
vehicle inspection stations for the purpose of technical or registration checks on vehicles for which we have a purchase contract with you;
persons to whom we contract out certain technical services or operators of the technology we use for our services;
marketing and research agencies for marketing processing or surveys and for offers of business, services and products of members of the Holding and selected business partners;
operators of advertising systems in connection with targeted advertising;
operators of technical solutions enabling us to show you only content and advertisements that are relevant to you;
payroll processors;
HR agencies, providers of training courses and motivational programmes;
providers of services necessary for our activities (administrative activities, training activities, archiving, legal consultancy, etc.);
providers of postal and communication services and electronic communications services;
security agencies for the purpose of protecting people and property;
debt collection agencies and law firms for the purpose of recovering receivables;
executors in order to exercise related claims;
regulators and administrative authorities for surveillance purposes in accordance with special legislation.
Transfer of personal data to third countries
Your personal data transferred to third countries outside the EU.
Duration for which personal data is processed
We store your personal data solely for the necessary amount of time and archive for the amount of time stipulated by the legislation. Data on completed transactions and customers is stored for 10 years from the date you enter into the contract with us.
We process personal data for the duration of the legal title entitling us to process your personal data. If we process your personal data on the basis of our legitimate interest and no transaction has occurred between us, we process your personal data for 2 years from the date we obtain it.
After the legal title ceases to apply we delete the relevant personal data. We store the personal data that we process with your consent solely for the duration of the purpose for which consent was granted. Unless the consent specifies otherwise, this is generally for 2 years.
Your rights in connection with the protection of personal data
We process your personal data in a transparent and correct manner and in accordance with the legislative requirements. However, you also have the right to contact us at any time to obtain information about how your personal data is processed or in order to exercise any of the following rights associated with personal data.
Right to access to personal data
You have the right to ask us whether we process your personal data, and if we do, you have the right to obtain from us that personal data and information about how we process it. The first copy of the personal data we process will be provided free of charge; we may charge you a reasonable fee for further copies, which will correspond to the administrative costs associated with processing your request.
Right to correct personal data
If you assume that your personal data that we process is imprecise or incomplete, you have the right to request that we update or supplement it.
Right to delete personal data (right to be forgotten)
You have the right to request that your personal data be deleted, if:
it is no longer needed for the purpose for which it was processed,
you have revoked your consent to the processing of that data,
the data has been processed unlawfully,
you file an objection against the processing of your data and there are no prevailing reasons for processing it,
data must be deleted to comply with the legal obligations stipulated in the EU law or laws that apply to us,
your data has been collected in connection with the offer of an information society service.
This does not apply if your personal data has to be processed
for exercising the right to freedom of expression and information,
to comply with a legal duty requiring your data to be processed,
for archiving purposes in the public interest,
for the determination, enforcement or defence of our legal claims.
Right to restrict the processing of personal data
You have the right to request restrictions on processing, if
you claim your personal data is imprecise, or
if your personal data is processed unlawfully, but you refuse to allow that personal data to be deleted and want merely to restrict the processing of your data, or
we no longer need your data for purposes for which it was processed, but you request that we provide it in order to determine, enforce or defend a legal claim, or
you have filed an objection against the processing of your data, yet it is unclear whether our legitimate interest outweighs your legitimate interests.
Right to the portability of personal data
In the case of the automated processing of personal data based on a contract or the consent you have granted us, you have the right to the portability of such data, which will be provided to you in a structured, commonly used and machine-readable format.
Right to file an objection against the processing of personal data
At any time you may file an objection against our processing of personal data on the grounds of our legitimate interest, including profiling. You may also file an objection against processing in situations where we process your personal data for the purposes of direct marketing. In such a case we will no longer process your personal data for this purpose.
Right to revoke consent to the processing of personal data
If you have granted us your consent to the processing of personal data for purposes requiring consent, you have the right to revoke that consent at any time. The processing of personal data before consent was revoked is legal.
Right to file a complaint with the supervisory authority
You have the right to file a complaint with the supervisory authority (Office for Personal Data Protection) if you assume that the processing of your personal has breached the rules governing the protection of personal data.
Office for Personal Data Protection:
Pplk. Sochora 27
170 00 Praha 7
Czech Republic
telephone: +420 234 665 111
Exercising of rights
All requests relating to the protection and processing of your personal data may be sent using the contact form .
We will respond to any request relating to your rights without undue delay within 30 days of receiving the request. However, if necessary this deadline may be extended by a further two months. We will always inform you of any such extension, as well as the reasons for it. we will communicate with you in the manner you prefer (e-mail, letter).
Personal data of employees and job applicants
This part of the Principles concerns our processing of the personal data of our employees and job applicants in our company or the Holding. The details given in section , , and apply accordingly.
Scope of personal data we process about employees and job applicants
We collect and work with personal data we need to perform our duties as an employer.
We process particularly the following personal data relating to employees or job applicants:
Identification details:
full name, date and place of birth, birth registration number,
Contact details:
permanent or temporary address, delivery or other contact address, telephone number, e-mail address,
Further personal data of the employee:
photographs, bank account number, identity card number, driver’s licence number, passport number (for foreign nationals), information about education and previous work experience, title, details of health insurance company, marital status, number of children, crime-related information,
Details relating to the employee’s family members:
first name, surname, date of birth or birth registration number of spouse, residential address of spouse, name and address of spouse’s employer; full name of child, birth registration number of child.
Special categories of personal data (“sensitive personal data")
Some of the above data is classed as special categories of personal data. The term special categories of personal data means data considered sensitive for the data subject and which is subject to extra protection when processed. The legality of processing such data in terms of labour law and the employer’s activities is based on a general regulation, and thus the consent of the data subject is not required. Special categories of personal data including health-related data, as well as photographs, copies of identity cards or passports, genetic and biometric data, information about the criminal record of the data subject.
Purposes and titles for the processing of personal data
The legality of processing is based on the following titles:
Consent of the data subject,
Performance of contract,
Protection of the rights and legitimate interests of the employer
Compliance with legal and regulatory obligations.
The legality of processing special categories of personal data (sensitive data) is based on the following titles:
Consent of the data subject,
Compliance with obligations and the enforcement of the special rights of the controller in the field of labour law,
Determination, exercise or defence of legal claims.
Data is generally processed for the individual purposes under a single title, even though titles may be cumulative for certain purposes for which personal data is processed.
Processing of personal data without the need for the consent of the data subject
Personal data is processed for the performance of the employer’s activities on the basis of the title. These activities include the processing of personal data for the purpose of:
selection procedures,
performance of an employment contract (including compliance with obligations) under the Labour Code
HR and payroll agenda,
work management, planning and organisation,
equality and diversity in the workplace, work health and safety,
protection of the employer’s assets,
the enjoyment of employment-related rights and benefits,
termination of employment.
Personal data is processed for the performance of the employer’s activities on the basis of the title and the performance of the controller’s obligations and special rights in the field of labour law. These activities include the processing of personal data for the purpose of:
tax, i.e. calculation of monthly tax advances, statement of the income tax payer under the Income Tax Act,
pension, sickness and health insurance under the Pension Insurance Act, the Sickness Insurance Act and the Public Health Insurance Act,
screening of international sanction lists according to the Act on the Implementation of International Sanctions.
Processing on the basis of the title. In this case we process the personal data of employees and job applicants for the purpose of:
protecting and implementing our rights and legal claims, protection of intellectual property rights, trade secrets, protection of our good name and reputation,
preventing and revealing crime,
ensuring the health and safety of employees and job applicants,
passing the personal data of employees to other companies in the Holding for internal administrative purposes.
Processing personal data with the consent of the data subject
The processing of personal data for any purpose other than that specified in Art. , is only permitted with the consent of the data subject.
The provision of such consent is voluntary, although in certain cases it may be required for a right to be exercised. The employee or job applicant has the right to refuse to provide consent or may revoke it in writing at any time. The revocation of consent does not affect the legality of processing data on the basis of consent granted before it was revoked.
We store the personal data of job applicants who did not succeed in the selection procedure, with their consent, for the purpose of offering them the chance to participate in another selection procedure.
Duration for which personal data is processed
We pay special attention to storing the personal data of job applicants and employees, or former employees, partly due to the fact that certain laws stipulate a minimum length of time for which personal data must be stored. After their employment terminates we then carefully assess what documents and data must be stored and what may be disposed of without undue delay.
Duration for which job applicants’ personal data is processed
We process and store the personal data of job applicants for the duration of the selection procedure, for at most 6 months from when such data is provided by the job applicant. If the applicant’s consent is provided, we also keep personal data for the purpose of offering them the chance to participate in another selection procedure, and for a period of 5 years from when such personal data is provided. Otherwise, we safely delete or destroy job applicants’ personal data.
Duration for which employees’ personal data is processed
We process and store employees’ personal data for at least the duration of their employment. After their employment terminates we keep a personal file with the personal data of former employees for a further 10 years, to enable us to effectively defend our rights and interests if necessary.
Special regulations specify a different minimal storage time for specific documents containing personal data, as mentioned above. These are particularly copies of registration documents (stored for 3 years), accounting documents (stored for 5 years), records of social security insurance and contributions to the state employment policy (stored for 10 years), and payroll sheets or accounting records containing information needed for pension insurance (stored for 50 years). Records of the results of searches for a person in international sanction lists are stored for 10 years.
Source of data
We obtain the data we process primarily from the subjects of the relevant personal data. However, we may also obtain personal data from other sources in order to verify that the data we have is complete and true.
We process personal data provided to us particularly during selection procedures and when concluding employment contracts (or non-employment work agreements) and during such contracts or agreements, either directly from the job applicant or through a collaborating HR agency. References for job applicants may be provided with the consent of the applicant by his or her current or former employer.
We obtain job applicants’ personal data from public profiles on social networks, or from publicly available records registers (e.g. the commercial register, trade register).
Handling of personal data
The activities of the employer, particularly evaluating suitable job applicants, involves profiling, which means the automated processing of personal data with the aim of predicting the behaviour of a particular person, on the basis of a profile made up of that person’s qualities, characteristics and preferences. Profiling is particularly essential in order to enable us to recruit the candidate that best suits our needs and requirements.
We do not process personal data in a manner that would result in automated decision-making.
Website and cookies
Webtracking
In order to improve the services we offer to our customers and to ensure the full functionality of our website we collect and store certain data and other information (other information does not mean personal data). These data and other information are used to assess user activity on our website for statistical purposes. All personal data is processed in anonymised form.
We use our internal Data Science department to process data for statistical purposes; this tracks data relating to products offered on the Holding website, to enable it to be optimally adapted to customers.
In order to provide you with the most user-friendly experience when using our website, we also use the services of based at Rohanské nábřeží 678/29, postcode 186 00, Prague - Karlín and based at Stroupežnického 3191/17, Smíchov, 150 00 Prague (). Tracking technology helps us to understand how you use the services on our website to enable us to make the site intuitive and simple to use. It also lets us know which goods and services you are most interested in, to enable us to offer them to you more easily.
When you visit our website we collect and store the necessary data using the tracking codes installed our website (). These tools connect our website to your browser, which sends the following information about your use of our website:
Request (this is the name of the file for the client’s request), e.g. www.vzorek.cz/index.html;
Browser type / browser version (e.g. Internet Explorer, Chrome, Firefox );
Browser language (e.g. Czech);
Your operating system (e.g. Windows XP, Windows 10, iOS);
Browser window internal resolution;
Screen resolution;
Activation of JavaScript;
Java on/off;
Cookies yes/no;
Colour depth;
Referrer URL (the URL from which you visit our site);
User’s IP address.
Timestamp giving the date and time the website was accessed;
Number of click-throughs;
We may also obtain information from the content of completed/uncompleted forms (text boxes that need to be filled in, e.g. login name and password. In these cases the information acquired is whether the given form was “filled in” or “not filled in”).
Blocking the storage of data during Webtracking
Beyond the scope of Czech law we offer users of our website the option to block the storage of their anonymous user data to prevent such data from being collected in the future. Our website provides the corresponding number of cookies for blocking webtracking (one cookie for each consent). These cookies will ban any future webtracking for the specific tracking services. This ban will last until you delete these cookies, although for a maximum of 1 year, at which point you will again be request to allow or refuse cookies. For more information about cookies see section .
Use of conversion tracking
Conversion cookies on our website track orders and registrations made after clicking on an advertisement on a third-party website or when visiting the site via one of our links on a third-party website. This tracking enables us to best adapt Holding advertisements to our customers. It also connects links, their assessment and use for billing purposes. Conversion cookies do not contain personal data, and so cannot be used to identify the customer. The third-party website provider only receives data on the total number of users who have clicked the advertisement or purchased its product.
IP address (internet protocol address)
The IP address is transmitted every time a request is sent to the web server, to enable the server to know where to send the response. Each customer receives a dynamic IP address from their internet service provider (“ISP”) the moment they connect to the internet. The ISP may therefore determine the specific customer to whom that particular IP address was allocated.
IP addresses are stored on our server to enable us to determine, through further information obtained from the ISP, the identity of a user connected to the internet. We therefore do not permanently store IP addresses which could be used to identify specific users. Your IP address is used solely for recognising individual logins to our website and also as a means of protecting against cyber-attacks.
Log files
Every time you visit the group’s website your web browser sends information about your user data, which is stored in protocol files, or server log files. Data transfers that are stored in this way contain the following data: the date and time of your visit to the website, the URL of the website you visit, the IP address, the referrer URL from which you arrived at our website, the amount of data transferred and information about the user agent sent by your browser (and sometimes the type and version of your browser and operating system).
Log files are assessed to enable us to detect errors more easily and to eliminate them as quickly as possible. They also enable us to manage server capacity and further improve the services we offer.
Cookies
We use cookies on our website. Cookies are small text files containing brief information which may be stored on your computer when you visit our website. Cookies may only contain the information we send to your computer, meaning your personal data is not read. If you consent to the use of cookies, there is no connection with other data, unless you have granted your explicit consent.
Consent to the use of cookies is not required to visit our website. However, we would like to point out that the Garage function and personalised business offers are only possible if you allow cookies.
Cookies may be stored on your computer for various lengths of time. Certain cookies are limited just to your session (“session cookies”). This means they only exist when your web browser is running, and when it is closed they are automatically removed. Other cookies are known as “persistent cookies”. These cookie files remain in your web browser after you close it until the designated date, or until they are manually deleted by the user. These cookies serve to identify the user every time the web browser is opened and you browse the internet. Cookie files in no way affect the technical use of your computer and do not contain viruses.
On our website we use the following cookies:
cookie files needed for the operation of the website, which are essential to ensure full functionality when using our website; these are referred to as technical cookies [AURES];
cookie files which are not completely essential for website functionality, although the use of these cookies makes for a better user experience and makes it easier to browse the site. These cookies are used to improve the offer of our products (e.g. limiting the load, logging into Garage [AURES];
evercookie (to distinguish between existing and new customers [AURES, Google, Exponea];
You can block cookies in your browser settings (you can also block the use of any third-party cookies). However, if you do so, certain features of the website may be inaccessible or blocking cookies could impair the user experience.
Map of branches
On our website you can search for branches of the Holding. Your IP address is transmitted when using the branch search. For the use of IP addresses, refer to section of these Principles.
We use maps from Google Maps for our branch search. When using this option for the branch search Google stores its cookie files on your computer. We therefore recommend that you also read the Google terms for the use of cookies and its privacy policy. You can block these cookie files in your browser settings.
You can also search for a branch of the AURES Holdings group using the browser on your mobile device using positional data. You can enter the term you are searching for (postcode/place) or can search based on your current location. If you decide to search based on your current location, your browser will determine your location in the standard way, after which a security question will appear asking whether you agree to the service or not.
If you allow us to use information about your current location, when you search for a branch we use information about your position based on information sent from your mobile device. We use this information solely to locate you on the map and to display our nearest branch.
By deactivating the positional location service on your mobile device (see telephone settings) you can completely prevent your current location from being detected, or you may choose to share this information only with selected mobile applications using a location service.
The administrator is responsible for using the relevant cookies is given in brackets.
FAQ
Am I obliged to provide my personal data? What if I do not provide any personal data?
You have the right to ask us whether we process your personal data, and if we do, you have the right to obtain from us that personal data and information about how we process it. The first copy of the personal data we process will be provided free of charge; we may charge you a reasonable fee for further copies, which will correspond to the administrative costs associated with processing your request.
Personal data is provided on a voluntary basis. However, as regards the extent to which we are obliged to collect, process and store the personal data of our clients (see , certain personal data must be provided to enable us to sell our goods or provide our services.
The provision of the rest of your personal data is entirely at your discretion, and is not required for us to sell you goods or provide you with our services.
Processing your personal data, often only in anonymised form, where we are completely unable to identify you as a specific user, enables us to constantly improve our services and develop new services. If you do not grant us your consent, assuming that your consent to allow us to process your data is necessary, or if you later revoke that consent, it may happen that we will no longer be able to provide you with some of our services, or will not be able to provide them fully or to the desired standard.
Other
Changes to these Principles
We are entitled to make occasional changes to these Principles. All changes and the current wording of the Principles will be available on this page.
Territoriality
These Principles apply in the individual countries in which the companies of the Holding operate. The approach to the protection of personal data may vary slightly from country to country, so these Principles also include local annexes. The local conditions applicable for your jurisdiction can be found here. This ensures compliance with the requirements for the protection of personal data regardless of where you operate.