The purpose of the Personal Data Processing Policy for O2 Customers, adopted by O2 Czech Republic a.s. Company ID 601 93 336, VAT Reg. No. CZ60193336, registered office Za Brumlovkou 266/2, 140 22 Praha 4 ‑ Michle (“Policy”and “O2”), is to inform data subjects about the processing of their personal data by O2 as the controller in the course of providing services, selling goods at O2 brand stores and e-shop, when visiting websites operated by O2 and in communication with potential customers, for what purposes and how long O2 processes this personal data in accordance with applicable legal regulations, to whom and for what reason O2 may transfer the personal data, and also inform the data subjects of the rights they have in relation to the processing of their personal data.
This Policy applies to the processing of personal data of potential customers, customers (including former customers) and, as appropriate, their representatives or contact persons, users of services, those interested in services and goods, and visitors to websites operated by O2 ("Customer"), always in the scope of personal data corresponding to their position towards O2.
This Policy is published in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation” or “GDPR”) in order to ensure that O2, as the controller, meets the obligation to provide information as per Article 13 and 14 of the GDPR.
This Policy is of an informative nature and therefore is not part of a contract for the provision of electronic communication services.
A. Categories of personal data
Personal data is any information relating to a natural person that O2 is able to identify. In connection with the provision of services and the sale of goods, O2 may process the following categories of personal data.
1. Basic personal identifying data and addresses
Data necessary for the conclusion and performance of the contract. Such data includes:
- academic title
- name and surname
- company name
- social security number (if the social security number has not been assigned for any reason, the date of birth)
- IČO, DIČ numbers (Company ID, VAT Registration No.)
- permanent address
- address of registered office or place of business
- billing address
- the numbers of the identification documents submitted and copies thereof (any data not required for the provision of the service will be blacked out on copies of documents)
- identification information of the customer's representative or contact person designated by the customer
- payer identification data
- bank details
- contract and handwritten signature (in paper or digital form including signature metadata
In the case of one-off contracts, the scope is limited to basic identification data. In the case of prepaid services, only personal identification and address data that the customer voluntarily discloses to O2 are processed and such data is not authorized in any way.
2. Contact details
- contact phone number
- contact e-mail
- social network addresses
3. Information on purchased goods, services, use of services and payment discipline
- type and specification, or tariff, of the service or goods provided
- volume of services provided and their price
- customer segment
- information about payment discipline
- information from the Solus debtors´ register, the Insolvency Register, the Execution Register
4. Operational and location data
Data processed for the purposes of transmission of messages over electronic communications networks, billing purposes (telephone calls, data transmission, short text messages and other services provided by O2), purposes of resolving any disputes arising from the provision of the service and the purposes of compliance with O2's statutory obligations. These include:
- calling number
- called number
- data connection address (e.g. IP address or URL address)
- date and time of the connection
- IMEI of the end device
- number of units
- duration of the connection
- number, name, and location of the network endpoint
- type of internet access
5. Other data generated in connection with the provision of services, including data from the end device
This data is generated when providing non-electronic communications services when using applications O2, browsing of O2 websites or websites to which it is referred to during O2´s sendings or when providing electronic communications services beyond the data needed for transmission of a message. Data generated by networks when providing electronic communications services beyond operational and operational-location data, which is necessary for the resolution service quality disputes, evaluation and improvement of network and service quality and for network maintenance.
6. Data from communication between O2 and the Customer
Data generated during communication related to the provision of services and goods between O2 and the Customer. This data includes written records of personal communication with the Customer in the store or other direct contact with the Customer, electronic communication with the Customer and records of telephone calls, chat and video chat between the Customer and O2.
7. Camera recordings from O2 brand stores and O2 premises
O2 places cameras in O2 brand stores and O2 premises to protect the legitimate interests of O2. Areas where cameras are located are always marked with a warning.
8. Data processed with your consent
The processing of such data is not necessary for the performance of the contract or legal obligations or for the protection of legitimate interests of O2 but their processing will allow O2 to improve its services, focus on what customers are really interested in, and possibly inform customers about offers that are suitable for them. Such data is processed only with consent of the Customer and may be processed for as long as this consent is valid. The data includes:
- data obtained from marketing surveys (processed for O2 customers based on their consent with the processing of their personal data for commercial purposes)
- data on usage behaviour and operational and localization data (processed for O2 customers based on their consent with the processing of their personal data for commercial purposes)
- contact information in case the Customer is not O2 customer (processed based on marketing authorization address)
- records of behaviour on O2 websites or O2 applications obtained from the end device if it is not processing necessary for provision of information society service actively requested by the user (they are processed on the basis of consent granted on relevant website or in application)
- data obtained during registration on the website for the services for people with hearing and sight impairment (Linka pro neslyšící a nevidomé) for the purposes of providing this service, and personal data obtained in the course of the service of the helpline
- identification document in digital identification of the data subject
- a video recording of the data subject´s resemblance processed in connection with the digital identification of the data subject in application Moje O2
B. Purposes, legal reasons and lead times for the provision of personal data
The extent of the processed data depends on the purpose of the processing. For some purposes, data may be processed directly on the basis of a contract, O2's legitimate interest or the law (without consent), for others consent is required.
1. Processing for the purpose of contract performance, legal obligations and O2's legitimate interests
Providing personal data necessary for the performance of the contract, fulfilment of O2's legal obligations and protection of the legitimate interests of O2 is mandatory. Without the provision of personal data for these purposes, it would not be possible to provide the service. We do not need consent to process personal data for these purposes; however, it is possible to object to the processing of personal data in the legitimate interest of O2. Processing due to performance of a contract and compliance with legal obligations cannot be refused.
There are mainly the following specific purposes:
- ensuring the operation and protection of electronic communications networks (performance of a contract)
- provision of electronic communications services, payment transactions, provision of other services (performance of a contract)
- billing for services (performance of a contract)
- compliance with statutory tax obligations (compliance with legal obligations)
- purposes stipulated by special laws for the needs of criminal proceedings and for fulfilling the duty of cooperation with the Police of the Czech Republic and other state authorities (compliance with legal obligations)
- exchange of data between network operators and providers of electronic communications services to ensure interconnection; and network access, billing (performance of the contract)
- operation of CCTV and monitoring systems at O2's premises to prevent damage (legitimate interest of O2)
- sending of commercial communications and direct marketing (especially telemarketing, application notifications, targeting not requiring consent) of products and services of O2 (legitimate interest of O2)
- sending of questionnaires O2 Satisfaction (legitimate interest of O2)
- proof of confirmation of the will of the data subject and validity of the legal act in case of a dispute (determination, execution or defense of legal claim)
- evaluation of customer behaviour in the use of services and payment discipline for the purpose of prevention receivables that may have an impact on O2's decision-making on the terms of concluding further contracts with the Customer in cases where the decision to conclude or not to conclude another contract is not automated (legitimate interest of O2)
- debt collection and other customer disputes (legitimate interest of O2)
- recording and monitoring of calls to the customer line (performance of the contract)
- customer identification processes (performance of the contract)
- obtaining evidence in the event of the need to defend the rights of O2, including business monitoring (legitimate interest of O2)
- debtors’ register (legitimate interest of O2)
- records of misuse of electronic communications networks and services (legitimate interest of O2)
Personal data for these specific purposes are processed to the extent necessary for the fulfilment of these purposes and for the time necessary to their achievement or for a period directly set forth in the legislation. Personal data is deleted or anonymized afterwards. The basic deadlines for the processing of personal data are available below.
For service customers, if they have fulfilled all their obligations to O2, O2 is entitled to process their basic personal, identification, contact, service data and data from their communication with O2 in the customer database for the purpose of its protection for a period of 4 years from the date of termination of the last contract with O2 and for the purpose of ensuring the sending of commercial communications and direct marketing for a period of 2 years from the date of termination of the last contract with O2.
When goods are purchased from O2, O2 is entitled to process basic personal, identification and contact details of the Customer and information about the goods, as well as communication between the customer and O2, for 4 years from expiry of the warranty period for the goods in question.
When negotiations are held between O2 and a potential customer about a possible contract that have not led to a conclusion of the contract, O2 is authorized to process the personal data provided for a period of 3 months from the relevant negotiations.
Invoices issued by O2 are archived in accordance with Section 35 of Act No. 235/2004 Coll., On Value Added Tax for 10 years after their issuance. Due to the need to prove the legal reason for issuing invoices, contracts with customers are archived for 10 years from on the day of termination of the contract.
Personal data necessary to provide special disability (ZTP or ZTP/P) discounts pursuant to Section 3 of Act No. 127/2005 Coll. On Electronic Communications is processed for a period of 5 years from the provision of the appropriate discount, or until the time when it is not possible to legally challenge the amount of the state subsidy in compensation for the discount discounts, whichever is longer.
For debtors, O2 retains personal debt-related information for 4 years after the debtor is deleted from the SOLUS Register due to a legitimate interest in defending claims related to the transfer of the debtor to the SOLUS Register.
Camera recordings from brand stores and O2 premises and around O2 buildings are processed for a maximum of 90 days from the date of the camera recording.
Pursuant to Section 90 (3) and (4) of Act No. 127/2005 Coll., On Electronic Communications, O2 is obliged to store service operation data until the end of the period during which the amounts billed or the electronic communications service provided can be legally challenged through a complaint. For this purpose, O2 processes in accordance with Section 64(8)-(10) and Section 129(3) of Act No. 127/2005 Coll., On electronic communications, service operation data for a period of 3 to 6 months, unless a longer period is required. O2 can also process service operation data until the resolution of the dispute is final by way of a decision on the objection against the settlement of the dispute or while the claim can be legally enforced.
Pursuant to Section 97(3) of Act No. 127/2005 Coll., On Electronic Communications, O2 is obliged to store operational and location data that is generated or processed in the course of its public communication networks and in the course of the provision of its publicly available electronic communications services. Upon request, the data must be provided without delay to law enforcement authorities, to the Police of the Czech Republic for the purposes of the proceedings initiated searching for a specific wanted or missing person, identifying a person of unknown identity or dead bodies found, preventing or detecting specific terrorist threats or screening of a protected person, and to the Security Information Service for the purposes and subject to the conditions laid down in a special legal regulation, and to the military intelligence services for the purposes and in compliance with the conditions laid down in a special legal regulation, and to the Czech National Bank for purposes and subject to the conditions laid down in a special legal regulation.
2. Processing of O2 customer data with consent for commercial purposes
O2 processes personal data of a Customer for commercial purposes with the Customer’s consent. For the period from 25 May 2018, O2 collects a new consent with processing of personal data for commercial purposes, which, if granted by 24 May 2018, is effective from 25 May 2018.
All the categories of data listed in Section A of this Policy may be processed with consent for commercial purposes (with the exception of signature and copies of identification documents) for as long as O2 is authorized record such data for the purpose of providing services, complying with legal obligations and protecting their legitimate interests, until the withdrawal of consent.
With consent with processing of personal data for commercial purposes, O2 processes the Customer's personal data for the purpose of relevant targeting of advertising O2 or third-party products or services to specific customers (when processed beyond the direct marketing) and for the distribution advertising of O2 or third-party products or services by reaching the Customer. Reaching of the Customer takes place by telephone, in writing (including invoice attachments), by any means of online advertising or in the form of direct commercial communications through electronic communication using contact details and service numbers.
O2 sends commercial messages advertising O2 or third-party products or services on behalf of O2 as the sole promoter and sender of the commercial message, and in the case of advertising of third-party products and services, O2 does not transfer any personal data to third parties which order advertising space from the position of advertisers. Up-to-date list of third parties in whose favor offers are being distributed by O2 (advertisers) can be found available here.
For the relevant targeting of advertising offers and for the purpose of business strategic planning, O2 creates and stores data about customer behaviour when using O2 services and products of customers who grant their consent and creates and stores anonymized behavioural analysis.
Providing consent for commercial purposes is voluntary and can be revoked at any time by the customer. This consent remains valid for the period of use of O2 products and services and for the following 4 years thereafter or until the Customer withdraws it.
If the Customer withdraws consent for commercial purposes, this does not affect the processing of the Customer’s personal data by O2 for other purposes and on other legal grounds in accordance with this Policy.
If the Customer allows the use of the service to other users different from the person of the Customer, confirms in the consent that the Customer has the authority to grant consent with the processing of personal data for commercial purposes also in relation to any such users.
3. Processing the data of data subjects who have given their consent to being contacted with marketing offers via electronic means of communication
For potential customers who have not yet entered into a contract with O2 for provision of services or the purchase of a product, and have given their consent to being contacted for marketing purposes via electronic means through electronic means of communication (potential customers), O2 processes, with their consent, for the period specified in the consent, contacts made available by the potential customer for offering O2 services and products and is entitled to approach potential customers through these contacts with commercial offers.
4. Processing of personal data from end devices
In the event that O2 is authorized to process data from end devices, it is also entitled to combine this data with other data it processes about the user of the website or application if it has a legal basis (consent or legitimate interest).
5. Processing of data subjects' data for the purpose of providing service for people with hearing and sight impairment
For Customers of services provided by O2, O2 processes personal data subject to the Customer’s consent for the purpose of provision of services for people with hearing and sight impairment (Linka pro neslyšící a nevidomé). Personal data of data subjects who have consented to the processing of personal data for people with hearing and sight impairment is processed upon registration for this service. Services for people with hearing and sight impairment (Linka pro neslyšící a nevidomé) cannot be provided without such consent.
6. Automated processing of the identification document of data subject for the purpose of verifying its authenticity within the digital identification
If the data subject consents to the automated processing of the identification document, this processing is carried out for the purpose of extracting the data from the document and assessing the authenticity of the identification document. Without consent, this processing will not take place. Once the authenticity of the identification document has been verified, the data that are not required for the performance of the contract are deleted.
7. Processing of a video recording of a data subject's resemblance for the purposes of automated assessment of a match between the resemblance of the subject presenting the identification document and the photograph on the identification document
In the case of the data subject's consent to the taking of a video recording of his or her resemblance and the automated assessment of the match between his or her resemblance and the photograph on the identification document that he or she presents in connection with digital identification, this processing shall take place for the purpose of assessing the liveness of the data subject presenting the identification document and for the purpose of verifying that the identification document is presented by the same data subject as the data subject on the identification document presented. After the assessment of the resemblance-photo matching has been carried out, the video recording shall be deleted.
C. Transfer of personal data to other controllers
Pursuant to Section 20z and Section 20za of Act No. 634/1992 Coll., On Consumer Protection for the Purpose of Protecting Rights and Statutory Interests of Sellers and Consumers, O2 has the right to transfer, without the consent of the data subject, data indicating the creditworthiness, payment discipline and creditworthiness of the data subject with registers that serve to reciprocally inform sellers about consumers' capacity and willingness to fulfil their obligations. This transfer also applies to relationships incurred in the course of the business or other self-employed activity of the data subject. O2 participates in the registers of natural persons and of self-employed and independent traders operated by SOLUS (“Registers”), to whom O2 transfers information.
The Registers contain a database of data subjects who have breached the contractual obligation to pay duly for the service provided, and O2 is entitled to screen them for the purpose of verification and evaluation of the payment discipline of the data subject, without the consent of the data subject, both upon the establishment of the contractual relationship and, if necessary, at any time during the term of the contract.
More information can be found in the document "INSTRUCTIONS on SOLUS Registers" available at www.o2.cz and www.solus.cz.
As part of its statutory duties, O2 transfer personal data to the government authorities, other authorities and organizational units of the state according to applicable legislation.
Within some other activities, such as networking, access to other operators' networks, mutual billing, sales of receivables, issuing telephone directories, or making payment transactions, O2 transfers personal data to recipients as separate personal data controllers. A list of these controllers is available here.
D. Processors of personal data
In fulfilling its duties and contractual obligations, O2 relies on professional and specialized third-party services. When these contractors process personal data transferred from O2, they have the status of personal data processors and process personal data only as part of instructions from O2 and may not use it otherwise. These contractors are mainly debt collectors, experts, lawyers, auditors, IT systems administrators, online advertising or sales agents. O2 carefully selects each such contractor and enters into a personal data processing agreement with them, in which the processor undertakes strict obligations to protect and secure the personal data.
The processors are companies established both in the Czech Republic, a member state of the European Union or a state which is one of the so-called safe states. The transfer and processing of personal data in countries outside the European Union always takes place in in accordance with applicable legislation.
E. Method of personal data processing
O2 processes personal data manually and automatically. O2 keeps track of all activities, both manual and automated, in which personal data is processed.
F. Commercial communication
Commercial communication of O2 or third parties is clearly marked with the abbreviation OS or other appropriate designation from which it is clear that that the message is commercial communication within the meaning of the relevant legislation. It is always clear from commercial communications sent by O2 that they are sent on behalf of O2 and how they can be prevented.
G. Telephone directory service
At the Customer 's request, O2 will publish the Customer’s contact information in its own directory service (if O2 provides it) or in the directory service or a printed telephone directory of other providers, if these providers request the Customer’s contact details. The application can be made when the subscription contract is concluded or later at the O2 brand store or in the online self-service Moje O2. Corrections of details in the printed telephone directory can only be carried out when the directory is being re-edited. It is possible to request that the contact details in the printed telephone directory indicate that the customer wishes to be contacted with marketing offers.
H. Information on the rights of data subjects in relation to the processing of personal data
If the data subject is an identifiable natural person for O2 and proves their identity to O2, the data subject has the following right. These rights must be exercised in a way that is intended for the exercise of a particular right and not to the address Data Protection Officer. Applications made in violation of these principles will not be considered. Stated rights may also be exercised only in relation to personal data which, beyond any doubt, is the data of the applicant.
1. Right of access to personal data
According to Article 15 of the GDPR, the data subject has a right of access to personal data, which includes the following rights:
- obtain confirmation that their personal data is being processed;
- obtain information on the purposes of the processing, categories of personal data concerned, any third-party recipients of the personal data to date or in the future, duration of the processing, and the existence of the right to request the controller to correct or delete personal data concerning the data subject, restrict the processing or to object to this
- processing, the right to lodge a complaint with the supervisory authority, and all available information about the sources of the personal data, if not obtained directly from the data subject, the fact that automated decision-making, including profiling, is being performed, and information on appropriate safeguards for data transfers outside the EU,
- obtain a copy of personal data, provided that the rights and freedoms of others are not adversely affected.
In the event of a repeated application, O2 is entitled to charge a reasonable fee for a copy of the personal data. For O2 flat-rate customers, the best way to apply is by sending an email to firstname.lastname@example.org from the contact email registered in the online self-service MojeO2 or at an O2 brand store.
In the event that the exercise of the right with respect to personal data could result in certain categories of personal data adversely affecting the rights and freedoms of third parties (e.g. when it is not clear that traffic and location data belongs to the applicant, especially for flat-rate subscribers with multiple mobile numbers or flat-rate subscribers who may let other users use the service, if a recorded call to a call centre involves O2 employees), the application in the scope of these data categories cannot be granted in accordance with the opinion of the Office for Personal Data Protection No. 6/2013. In addition, O2 does not provide documents such as contracts or invoices that the Customer has demonstrably already received from O2.
In view of the above, prepaid customers cannot exercise the right to a copy of their personal data. All personal data that O2 under the right of access to personal data can provide with respect to possible risks to third-party rights can be found in the online self-service application.
2. Right to rectification
According to Article 16 of the GDPR, the data subject has the right to rectify inaccurate personal data, which O2 will be processing about the Customer. The Customer is also obliged to notify O2 of changes in their personal data and to prove that the change has occurred. At the same time, the customer is obliged to provide assistance to O2 if it is found that personal data processed by O2 is not accurate. O2 will make corrections to the personal data without undue delay, subject to the technical feasibility. The most appropriate way to request a correction of personal data is at an O2 brand store. It is also possible to make a request by emailing email@example.com.
3. Right to erasure
Pursuant to Article 17 of the GDPR, the data subject has the right to have their personal data erased, unless O2 can prove legitimate reasons for the processing of such personal data. O2 has security mechanisms in place for automatic anonymization or deletion of personal data when it is no longer required for the purpose for which it was processed. If the data subject nevertheless considers that their personal data has not been erased, the most appropriate way to request erasure is by emailing firstname.lastname@example.org.
4. Right to restrict processing
Pursuant to Article 18 of the GDPR, the data subject has the right, until a complaint is resolved, to restrict processing if they challenge the accuracy of personal data, the reasons for their processing or if they object to the data processing, by making a request in writing to the registered office of O2.
5. Right to notify rectification, erasure or restriction of processing
According to Article 19 of the GDPR, the data subject has the right to be notified by O2 in the event of rectification, erasure or restriction of processing of personal data. If personal data is rectified or erased, O2 will inform each individual recipient, except where this proves impossible or requires disproportionate effort. Upon the data subject’s request, O2 may provide information about these recipients.
6. Right to portability of personal data
Pursuant to Article 20 of the GDPR, the data subject has the right to request from O2 their personal data concerning which they have provided to O2 in connection with a contract or with a consent, and which is processed automatically by the company, in a structured, commonly used and machine-readable format, and the right to request the transfer of such data to another controller if the person acting on behalf of the relevant controller is duly nominated and can be authorized. In the event that the exercise of this right could adversely affect the rights and freedoms of third parties, the application cannot be granted. The most appropriate way to make a request is by email to email@example.com.
7. Right to object to the processing of personal data
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of their personal data for the purposes of O2’s legitimate interests. Unless O2 can prove that a legitimate reason for processing that outweighs the interests or the rights and freedoms of the data subject exists, O2 will terminate the data processing without undue delay.
The most appropriate way to submit an objection is to send it to O2's registered office or by email to firstname.lastname@example.org.
8. Right to revoke consent to personal data processing
a. Consent to the processing of personal data for commercial purposes may be revoked at any time after has become effective. The revocation must be made by the subscriber, respectively primary administrator or administrator, in an explicit, clear and specific expression of intent, either by calling the customer service line, at an O2 brand store (not applicable to prepaid customers), in the online self-service MojeO2 in the "Settings" section or in the MojeO2 application (not applicable to prepaid customers).
b. Consent to being contacted for marketing purposes given by a potential customer to a specific electronic contact may be withdrawn at any time by contacting the customer service line or in the manner specified in a commercial message.
c. Consent to the processing of personal data for the purpose of registering and providing the services for people with hearing and sight impairment can be withdrawn at any time after it becomes effective. The application must contain the applicant’s express, comprehensible and certain will, and be made either by phone at 800 142 142 or by email at email@example.com.
e. Data processing for application notification purposes can be prevented via settings on the device.
f. The data subject may not consent to automated processing of the identification document for the purpose of extracting the data on the document and assessing the authenticity of the identification document, in which case the data subject may visit an O2 brand store where manual identification is possible without automated processing.
g. The data subject does not have to consent to the taking of a video recording of his/her resemblance and the automated evaluation of his/her liveliness and comparison of his/her resemblance with the photograph on the identification document presented by him/her, in which case he/she may visit an O2 brand store where this automated processing does not take place.
9. Refusal to receive commercial communications and direct marketing of O2 products and services
O2 customers may refuse the sending of commercial communications and direct marketing of O2 products and services on the basis of O2's legitimate interest at any time. The method of refusing commercial communications and direct marketing of O2 products and services varies depending on the type of service used. If the customer uses the customer service line for this purpose, they must always clearly state in relation to which service they are requesting the opt-out.
The flat rate subscriber, respectively the primary administrator or the administrator of the flat fate subscriber, may refuse by an explicit, clear and specific expression of intent, either over the phone at the customer service line, at an O2 brand store, in the online self-service MojeO2 in the "Settings" section or in the MojeO2 app.
The subscriber of prepaid electronic communications services may refuse by an explicit, clear and specific expression of will, either by telephone at the customer service line, at an O2 brand shop or in the online self-service MojeO2 in the "Settings" section.
The subscriber of the O2TV digital TV subscription service can refuse by an explicit, clear and specific expression of will on the customer service line.
A customer who has ordered a prepaid SIM card via the website and has provided electronic contacts on the website as part of the order may make refusal for these contacts by making an explicit, clear and specific expression of intent to the customer service line.
If the customer changes his/her mind, he/she may, after opting out of receiving commercial communications and direct marketing of O2 products and services, consent to receiving commercial communications and direct marketing of O2 products and services through the above channels. The text of the consent to receive commercial communications and direct marketing of O2 products and services is available at https://www.o2.cz/servis/souhlasy/gdpr-marketing-souhlas-o2p-1.
10. Refusal to send O2 Satisfaction questionnaires
O2 customer may refuse sending of O2 Satisfaction questionnaires based on O2's legitimate interest at any time by contacting https://spokojenost.o2.cz/odhlaseni-z-pruzkumu.
11. Sending application notifications
The sending of app notifications for O2 apps can be controlled in the settings of the endpoint device on which they are installed.
12. Automated individual decision-making including profiling
The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling that would have legal or similar effects on the data subject. O2 declares that it does not make automated decision-making without the components of human judgment which would have legal consequences for data subjects.
10. Right to contact the Office for Personal Data Protection
The data subject has the right to contact the Office for Personal Data Protection (www.uoou.cz).
Data Protection Officer
Contact details for the Data Protection Officer:
O2 Czech Republic a.s., Data Protection Officer, Za Brumlovkou 266/2, 140 22 Praha 4 – Michle, firstname.lastname@example.org
Please note that it is always necessary, in connection with exercising the rights of data subjects, to verify the identity of the data subject under Articles 15 to 22 of the GDPR and the legitimacy of their request. To this end, we advise to always follow the specific method set out in this Policy for the exercise of the given right, and not to send requests to the Data Protection Officer.