Privacy Policy

Introductory provisions, copyright

The owner and operator of the website www.colas.cz is COLAS CZ, a.s., with its registered office at Rubeška 215/1, Vysočany, 190 00 Praha 9, ID No.: 261 77 005, registered in the Commercial Register maintained by the Municipal Court in Prague, file No.: B 6556 (hereinafter referred to as the "Company").

The Company owns all copyrights to all content placed by the Company on the www.colas.cz website (hereinafter referred to as the "Site").

Links to other sites

The Site may contain links to sites over which the Company has no control. Therefore, this statement does not apply to links that redirect users from the Site to information and services of external parties. The Company assumes no responsibility for the actions and practices of the operators of such sites.

General information on the personal data processing

What is personal data?

Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the "Regulation"), means any information about an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, a network identifier and one or more specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.

Depending on the specific situation, personal data may include, but is not limited to, the name and surname, address, telephone number or e-mail address of the individual (natural person). Personal data does not include information such as the number of users of a website.

Compliance with data protection legislation

In its capacity as a data controller, the Company always processes certain personal data of its customers and their representatives, suppliers and their representatives, job applicants and its employees on the basis of valid legal grounds. As a data controller, the Company determines the purposes and means of the processing of personal data and establishes measures relating to the processing of personal data, in particular the security of personal data. In processing personal data, the Company shall act strictly in accordance with the relevant legislation, in particular the Regulation. The Company has adopted internal guidelines that contain appropriate technical and organizational measures for the protection of personal data handled by the Company. The Company's employees are obliged to maintain confidentiality of personal data and of technical and organizational measures whose disclosure would compromise the security of personal data.

Security surveillance cameras

The company operates a business activity in the field of road construction and is engaged in the construction, reconstruction, repair and other works on roads and bridges, as well as the construction and reconstruction of utility networks and railway structures. The company also mines stone and produces crushed aggregates, modified asphalts and asphalt mixes. In the course of its business, the Company monitors its premises and the premises of its quarries, packing plants and buildings (the "Premises") by means of CCTV cameras (the "CCTV System"). The premises monitored by the CCTV System are marked with signs indicating that the CCTV System is monitoring the premises.

The processing of personal data is represented by capturing video footage by cameras located in the monitored premises and storing it on a storage medium located in a cable-connected external data storage device. The recording is carried out by the so-called infinite loop system, where after the camera storage medium is full, the next recording is stored in place of the oldest one. This ensures that old recordings are destroyed by overwriting them with newer recordings. The retention period of image recordings is set for each purpose within the records of the activities of the CCTV system and the Company's technical and organisational arrangements for the period necessary to ensure the Company's legitimate purpose in accordance with the Regulation.

The Company's CCTV systems are operated to protect the Company's property and the life and health of persons on the Premises. CCTV systems may also be used to control the entry or exit of employees and any unauthorised persons to the Premises and, where appropriate, to facilitate the identification of perpetrators of crimes committed against the Company's property or its employees by the Company's customers, its employees or persons entering the Premises without authorisation. The camera recordings may also be used to record the execution of construction as part of the construction and installation documentation of the construction, where persons (= figure views) on the construction may be accidentally photographed and recorded. The processing of personal data is thus only linked to a specific, explicit and legitimate purpose within the meaning of Article 5(1)(b) of the Regulation and is carried out within the scope of Article 6 of the Regulation.

The cameras are always set up in such a way as to avoid excessive intrusion into the privacy of persons. It is excluded to use the camera system in parts of the premises intended for purely private activities. The operation of CCTV systems in the Premises may result in the capture of images of faces of individuals and passing vehicles, including number plates. The images recorded by the cameras are not transmitted abroad. In the event of a suspicion of a crime, the relevant part of the image recording may be copied and, depending on the situation, forwarded to law enforcement authorities, a court or other authorised body and/or the head of the Company's legal department, who will then decide on the use of the recording. A record of operational events (repairs, failures, security breaches, etc.) of the CCTV system is kept by an authorised employee of the Company, who is the employee in charge of the relevant premises.

Drone operation

The company operates drones to capture audio-visual footage for internal use (mainly of buildings). The operation of drones is not intended for monitoring of persons. Drones are operated in accordance with the rules for the operation of unmanned systems and in accordance with the Regulation. The drone, pilot and other Company personnel are properly identified and tagged at all times. Drones are always operated within a defined area and with regard to the actual situation on the ground (minimising the area to be scanned and optimising the route). The drone's cameras are always set up to avoid excessive interference with the privacy of other persons. Persons moving in the defined area for drone operation are always familiarised with the course of aerial work in accordance with the rules for the operation of unmanned systems and the Regulation. Radiometric and multispectral data do not allow functional identification of persons. The company has taken technical and organisational measures to protect the records kept. Individuals may exercise the right to access, rectify, object to or delete their personal data. The record is always kept in a secure manner, access to it is audited and it is kept for as long as necessary to ensure the Company's legitimate purpose in accordance with the Regulation.

Cookies

Cookies are small text files, trackers that store or retrieve information in your browser when you visit our website, regardless of the type of device you use (computer, smartphone, tablet, etc.).

Cookies can be used for various purposes: remembering your language preferences, providing an ID to track your navigation for analytics or advertising purposes, etc.

We may only store cookies on your device if they are strictly necessary for the website to provide its basic functions. We need your permission (consent) to store all other types of cookies.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our site.

Data subjects and purposes of the processing of personal data

Customers, suppliers and their representatives

The Company processes personal data of customers, suppliers and their representatives (natural persons) to the extent necessary for the negotiation and performance of the contract it enters into with them for the purpose of providing its products and services or receiving products and services. The Company obtains the personal data processed directly from these data subjects.

Job applicants

The Company processes personal data of job applicants for the purpose of organising and evaluating the selection procedure for recruiting new employees. The Company obtains the processed personal data directly from these data subjects.

In this case, the legal reason for the processing of personal data is the selection procedure (i.e. the negotiations for the conclusion of an employment contract or one of the agreements for work outside the employment relationship following the applicant's application for participation in the selection procedure); beyond the specific selection procedure, the personal data of the job applicant is processed only with his/her consent.

Employees

The Company processes personal data of employees to the extent necessary to fulfil its legal obligations (e.g. the obligation to withhold or pay taxes, keep records for health insurance and social security purposes, etc.). The employee is obliged to provide such data to the Company; failure to do so would constitute a violation of the law on the part of the employee and/or the Company and the possibility of sanctions by the relevant state authorities.

Beyond the performance of legal obligations, the Company processes personal data of employees for the purposes of pursuing its legitimate interests or the performance of the contract concluded between the Company and the employee, in particular for the purpose of maintaining the Company's employee database, employee training, and the creation and implementation of employee programs, preparation of promotional materials and the Company's magazine "Via COLAS" (which is also publicly available on the Site), information on Company events, recording the use and cost of the Company's construction machinery and trucks and company vehicles, protection of the Company's property, or securing the access of authorized persons to the Company's premises (in particular through CCTV systems).

In other cases, the Company processes personal data only with the consent of employees, and employees are free to choose whether or not to give their consent. The Company will not penalise any failure to give consent.

Whistleblowers under the Whistleblower Protection Act

The company processes the personal data of whistleblowers in accordance with Act No. 171/2023 SB., on the protection of whistleblowers (hereinafter referred to as "ZOCH"), for the purpose of fulfilling its obligations arising from this Act.

The Company obtains the processed personal data directly from the data subjects and they are processed to the extent that they are communicated to the Company by the data subject.

The purpose of the processing is the reception, assessment and registration of notifications according to the ZOCH, which takes place fundamentally while maintaining the confidentiality of the notifier's identification.

Recipients of personal data

The Company provides the personal data processed by it only to partners with appropriate technical and organizational measures in place to protect data and to comply with other obligations under the Regulation. The Company's partners have access to personal data only to the extent necessary for the performance of their tasks. Thus, in some cases, the Company provides personal data to its parent company COLAS SA and to external partners providing the Company with services related to the management of software and applications used for processing personal data, the search for job applicants, the publication of the company magazine "Via COLAS", the provision of employee benefits, the archiving of documents, the installation of camera systems and GPS applications used in the Company's construction machines and trucks and service vehicles, and also the provision of occupational health services and training for the Company's employees.

The Company does not provide personal data to other persons for remuneration in any case.

Transmission of personal data abroad

The Company may transfer personal data to other countries in the European Union, in particular where the servers on which the personal data is stored are located outside the Czech Republic. The Company does not transfer personal data outside the European Union and outside the scope of the Regulation. Thus, the transfer of personal data to other countries does not affect the legal status of data subjects.

Storage of personal data

The Company retains personal data only for the time necessary to fulfil the purpose of processing it in accordance with the rules set out below:

• personal data of customers/suppliers and their representatives and, where applicable, personal data provided by the Company's customers in connection with the provision of products and services by the Company shall be retained for the duration of the contractual relationship with the Company and, to the extent necessary, also after its termination until the expiry of the relevant limitation periods in the event of any claims arising from the contractual relationship or for the period necessary to comply with legal obligations;
• the personal data of unsuccessful job applicants are retained only for the duration of the selection procedure in the context of the recruitment of new employees, unless the applicant concerned has consented to the longer retention of his/her personal data;
• personal data of employees are retained for the duration of the employment relationship and thereafter for the statutory archiving periods or until the expiry of the relevant limitation/prescription periods in the event of any claims arising from the employment relationship or for the period necessary to comply with legal obligations.

Withdrawal of consent to the processing of personal data

If the Company processes personal data on the basis of the data subject's consent, the data subject has the right to withdraw his or her consent to the processing of personal data at any time. He or she may do so by sending a notice to the address of the registered office or any premises of the Company or by sending an e-mail message, using the option in the web application or by any other appropriate means.

If consent to the processing of personal data is withdrawn, the personal data provided will be deleted, unless the data can be processed without the consent of the person concerned on the basis of applicable law. However, the withdrawal of consent will not affect the processing of personal data until the consent has been withdrawn.

Other rights of data subjects

Depending on the specific situation, each data subject (i.e. customers/suppliers and their representatives, job applicants or employees of the Company) may have additional rights under the Regulation, i.e. in particular:

• the right of access to personal data, i.e. the right to obtain confirmation from the Company as to whether or not personal data relating to the data subject is being processed and, if so, the right to obtain access to such personal data and information about:

• processing purposes;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed;
• the intended period of storage of the personal data or the criteria used to determine that period;
• the existence of a right to request the Company to rectify or erase personal data or to restrict processing and/or to object to the processing of personal data;
• the right to lodge a complaint with a supervisory authority;
• the source of the personal data if it is not obtained from the applicant;
• the implementation of automated decision-making, including profiling, and information concerning the procedure used, as well as the relevance and expected consequences for the applicant;
• the transfer of personal data to countries outside the European Union (so-called third countries) or to an international organisation and the appropriate safeguards for the processing of personal data provided in connection with the transfer.

The data subject shall also have the right to receive a copy of the personal data processed. However, this right shall not adversely affect the rights and freedoms of other persons.

• the right to rectification of personal data if their personal data is inaccurate;

• the right to erasure of personal data ("right to be forgotten") if one of the following grounds applies:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• consent to the processing of personal data is withdrawn and there is no further legal basis for the processing;
• there are legitimate objections to the processing of personal data;
• the personal data have been unlawfully processed;
• the personal data must be erased to comply with a legal obligation binding on the Company;
• the personal data has been collected in connection with the offer of information society services to the child.

• the right to restrict processing in the following cases:

• the accuracy of the personal data is denied, for the time necessary for the Company to verify the accuracy of the personal data;
• the processing of the personal data is unlawful, but instead of erasure of the personal data, a restriction on its use is requested;
• the Company no longer needs the personal data for the purposes of the processing but the applicant requires it for the establishment, exercise or defence of legal claims;
• an objection to processing has been raised in the case of processing of personal data for the purposes of the legitimate interests of the Company, pending verification that the legitimate interests of the Company outweigh those of the objector.

• the right to data portability, i.e. the right to obtain the personal data concerning him/her in a structured, commonly used and machine-readable format and the right to transmit such data to another controller (or to request that the data be transmitted directly by the Company to another controller) if the processing of personal data is based on consent or a contract and is carried out by automated means;

• the right to object, i.e. the right to object to the processing of personal data for the purposes of the Company's legitimate interests; and

• the right to lodge a complaint with the Office for Personal Data Protection or, where applicable, with the competent authority of another EU country.

Any data subject may exercise their rights by contacting the Company using the contact details below.

How to contact us

In case of any questions, comments or for the purpose of exercising the rights of the data subject, you can contact the Company at the above address, telephone number +420 286 003 511 or e-mail colas@colas.cz or at the address of any other premises of the Company.

This translation serves for informative purposes only. The Czech version of the text is legally binding.