for Customers, Business Partners, Job Applicants and Other External Persons in ERA a.s.
ERA a. s. being the operator of this website regards the protection and confidentiality of your personal data as very important. We process and use your personal data in compliance with the Czech legislation's provisions (Personal Data Processing Act No. 110/2019 Coll., As amended) and the European legislation (European Parliament and Council Regulation (EU) 2016/679).
The controller of personal data within the meaning of the national as well as European legislation is:
ERA a. s.
530 03 Pardubice IV-Pardubičky
Company ID: 60916427, Taxpayer ID: CZ60916427
The data controller obtains your personal data primarily from you in connection with the participation in the recruitment of new employees, in the negotiation of the contract and in connection with the performance of contracts. In addition, the data controller may obtain your personal data from publicly available sources (such as the Commercial and Trade Register) or the relevant government authorities.
We maintain a major part of the personal data we process about our customers and other business parties in connection with the offer and subsequent provision of our services. In an overwhelming majority of cases, these are basic contact details such as name, surname, address, phone number and email address, or other personal data associated with the contractual relationship (e.g., bank account number, customer account number, etc.). Without these details, we cannot communicate with you and ensure the full performance of our services resulting from a properly concluded contract. In these cases, therefore, it is exclusively the use of a legal title for the processing of personal data based on a contract.
In certain cases, the legal regulations and legislation of the Czech Republic impose a duty on us to process your data. This typically concerns the keeping of data in compliance with the statutory requirements for accounting and tax records. Such processing is necessary to fulfil the legal obligation applicable to the controller or the legitimate interest of the controller in the storage of such data.
In some cases, the data controller may also process personal data in connection with the enforcement of the controller's claims. As this is processing based on a legitimate interest, the specific processing time of the data depends on the duration of such purpose.
We take the liberty of sending marketing communications to our customers/partners with offers of our services, information about our products and events of our company either based on the conditions stipulated in Act No. 480/2004 Sb., to regulate some information society services, or based on their consent. If you do not wish to receive such communications or be a subject of the processing for other company marketing activities, please contact us at: email@example.com.
For company promotion, we may also process your photographs. Such processing will always be based on your consent. Therefore, if you do not wish to have any photo processing done, you will be able to reject such processing unequivocally and explicitly.
In case you are our potential customer and you have contacted us using the forms at our website or any other way, we process your personal data to deal with your request only. Electronic types of data (e.g., in the form of an IP address, etc.) can also be processed here.
All the above-mentioned personal data resulting from our mutual communication and interaction are controlled by the internal system of personal data protection in compliance with the legislation in force. Thus, we control the access to personal data, the technical measures for their security and the period of their existence to the maximum possible extent.
We process and keep the personal data of customers and third parties always for the period necessary for ensuring all the rights and obligations resulting from a contract, for the time strictly necessary for the exercise of legal claims and for the period for which we are obliged to keep data in compliance with generally binding legal regulations. In some cases, the legislation directly stipulates the obligation to conclude the contract and its content.
In the case of marketing activities, we process your personal data until the consent to the processing is withdrawn.
If you visit us, please consider that the premises of our company are monitored by camera systems for the protection of the company property and the health of personnel. You are always informed about the use of CCTV systems via information signs located on the affected objects. Thus, we act based on the legal grounds of legitimate interest. The camera recordings are kept for a period of 7 days and are not transferred to third parties except in the case of investigation of damage or bodily harm where we are obliged to transfer the recording to public authorities (e.g., law enforcement agencies).
For the same purpose and based on the same legal grounds we process contact details of our visitors such as name, surname, date of birth, ID card number or name of the company they work in, and registration numbers of their vehicles. We keep this data for one year.
A person visiting our Pardubice site or company branches for the first time is obliged to read basic safety rules and fire safety procedures for guests visiting ERA a.s. during the registration. The person confirms reading the document by his or her signature. Short-term (for negotiation purposes) rules are kept for one month from signing, long-term (more detailed for professional cooperation) rules are kept for one year.
After the given time limits, the personal data provided by you are always legitimately destroyed.
As part of conducting tenders for suppliers of services and activities, we process your personal data based on a legitimate interest, always for a reasonably set period according to the duration of our interest or according to the Public Procurement Act). In the case of a contractual or intermediary relationship, personal data are stored until the termination of the guarantees under the contract or for the time strictly necessary for the exercise of legal claims.
If you are a job applicant, we keep your personal data only for the registration of job applicants based on the legal grounds of the legitimate interest being the recruitment of new employees. We only process that data directly provided by data subjects. These include particularly name, surname, phone number, email address, CV, or LinkedIn link. All personal data obtained from the job applicants are used for internal purposes only for a period of a maximum of three years from receipt. Detailed information on data processing can be found within a specific job position through the Datacruit platform.
ERA a.s. processes employees’ personal data (including special categories data) solely to maintain an employment, personnel, and payroll agenda. Employees become familiar with the following document when commencing their employment: Information on Personal Data Processing – ERA a. s. which is available to all employees on an internal web interface of the company or from their manager. The data controller places significant emphasis on the processing and subsequent security of this data through an appropriate combination of organizational and technical measures.
Employees may also have their personal data processed during epidemics and related emergency measures. This concerns the use of the legal title of fulfilling a legal obligation or necessity for the protection of vital interests and processing in the public interest. The specific processing time depends on the duration of the extraordinary preventive (protective) measures and the time necessary for their evaluation.
Personal data protection applies to former employees too. It is not possible to delete the whole personal file after the termination of employment. As a data controller, the company is obliged to archive certain documents, for example, registration and payroll sheets or accounting documents, for a fixed period to observe the archive periods. However, after the proper expiration of the statutory shredding deadlines, this personal data is properly disposed of.
The data controller processes your personal data, by its employees, who need access to personal data to perform their job duties and who are obliged to maintain the confidentiality of all facts and data which they have learned in the course of their work.
Furthermore, the data processor's employees have access to your personal data only to the extent necessary for the performance of their activities for the controller. We enter into a written agreement on the processing of personal data with all such types of processors, which contains guarantees for the security of your personal data.
The categories of data processors include IT service providers and software suppliers, who also provide us with service support, administration, development, and maintenance of our systems. Furthermore, providers of legal services and consulting, or economic and tax advisors and auditors, including providers of educational services.
The data controller may, under certain circumstances, transfer your personal data to so-called recipients (other controllers, processors) as well as to third parties. Such third parties may include, for example, financial and tax authorities and relevant state administration bodies, in justified cases, e.g., judicial authorities, the Police of the Czech Republic, etc.
If the public authorities request this personal data in a special investigation, then it is a so-called third party.
Your natural right is to obtain information about the data we process about you. You also have the right to have incorrect or out-of-date data rectified or blocked, you have the right to restrict processing and the right to object to processing. In certain cases, you have the right to erasure. Further, at your request, we are obliged to transmit your personal data to a controller/processor of personal data selected by you.
In case you believe we do not handle your data appropriately and in compliance with legal rules, you may lodge a complaint with the supervisory authority which is the Office for Personal Data Protection.
Furthermore, it always applies that it is not possible to conclude a contract without providing the personal data necessary for the performance of the contract and the fulfilment of legal obligations. The processing of personal data for legitimate interests can always be objected to. You also have the right to withdraw your consent at any time. The data controller points out that the revocation of the consent does not affect the lawfulness of the processing based on the consent given before its revocation.
Electronically at: firstname.lastname@example.org
In writing at: ERA a.s., Průmyslová 462, 530 03, Pardubice
Statutory response time: 1-2 months
All personal data obtained from customers and other third parties are used solely for the internal needs of the company; we protect them against abuse, and we do not provide them to third parties without prior notice or direct consent.
An exception is for external companies providing support services to us and public authorities. We may or must provide these entities with your personal data to the minimum extent, for example:
in the investigation of unlawful use of our services or for the needs of court proceedings the data may be transferred to the investigative, prosecuting and adjudicating bodies.
the protection of the company property and health of persons in the company premises.
investigation and registration of extraordinary events, for example during the period of possible control and investigation by the relevant public authorities.
For all other service providers and external persons contractually (e.g., through a concluded processing contract), we require (except public authorities) to process your personal data by our personal data protection conditions and applicable legislation.
The data controller, or the data processor for the controller, processes your personal data primarily in the territory of the Czech Republic, or in the territory of the European Union, where unified personal data protection is guaranteed in each member state. In rare cases, your personal data may also be processed outside the EU, e.g., in an information system whose servers will be located outside the EU. In such cases, we will ensure the consistent selection of a contractual partner who will meet the specific conditions for secure data transmission by applicable legislation or set conditions within the so-called standard contractual clauses.
We will always appropriately inform you about the specific measures and procedures to whom and to which countries personal data is made available / transferred, under what conditions, how that data is protected, and any risks associated with it.
Saving preferences and settings which enable our website to function properly.
Log in and verify. If you do not want to log in and out repeatedly, using cookies enable you not to.
Analysis. Using cookies, we collect data for our analytical tools.
Social networks. You can share some content of our website with your friends.
Despite the above, based on cookies, in most of the above cases, we are not able to identify you at the level of a specific individual.
Specific options and detailed cookie settings are possible using a cookie consent banner, where you can choose what types of cookies we can process from you. Here you will also find detailed information on individual types of cookies.