- The Administrator obtains from Data Subjects their address, identification and descriptive personal information for the following purposes and in the following scope:
a) Use of the ČEPS catering facility, to the following extent: first name, last name, title, personal number of the Data Subject;
b) Promotion and advertising, if it involves the processing of personal data of third-party employees who play their role in securing safe and reliable operation, maintenance, and construction of the transmission system, for the purpose of promotion and advertising of ČEPS in print and electronic media, to the following extent: first name, last name, title, an ID photo;
c) Control of access to the ČEPS premises to protect the ČEPS property, to the following extent: first name, last name, title, personal number, an ID photo of the Data Subject, a digital template generated from the hand imprint, which does not allow biometric reconstruction of the imprint ;
d) Record of telephone communication (telephone conversations) with the staff of the control room and technical surveillance centers of ČEPS for the purposes of archiving of operational, dispatching and other instructions and the obtained information essential for securing safe and reliable operation of the Czech transmission system, as well as other transmission systems of the synchronously interconnected area Continental Europe, to the following extent: a voice recording of the call made to a telephone landline of the Administrator's control center and technical surveillance centers;
e) Video surveillance system - ensuring of the physical protection and security of persons and property of ČEPS and documentation of the status of selected transmission system equipment in order to clarify the causes leading to a state of emergency or a state preceding the state of emergency pursuant to the Energy Act, to the following extent: visual recording of persons moving within the premises;
f) Improvement of the internal and external communication – communication with third-party employees who are involved in securing safe and reliable operation and maintenance of
the transmission system (e.g. the personal data processed in the system of crisis communication, emergency plan, telephone books and other ČEPS lists of contacts), to
the following extent: first name, last name, title, an ID photo, phone number and e-mail address, job position;
g) Record of delivered packages - processing of personal data of persons (senders, couriers) for the purpose of physical protection and security of persons and property in connection with
the delivery of letters, parcels or other mailings to the ČEPS premises, to the following extent: first name, last name, personal ID number;
h) Donation Program - processing of personal data of persons who have applied for a donation under the ČEPS donation program and persons whose applications for a donation under
the ČEPS donation program have been approved, to the following extent: first name, last name, postal address, e-mail address, bank account number and bank name;
i) e-Utility report - processing of personal data of applicants for information about the ČEPS technical infrastructure and for the response of the owner of the technical infrastructure, for
the purposes of processing such applications, to the following extent: first name, last name, postal address, e-mail address, mobile phone number, phone number, fax number;
j) Record of property, services, and other performances - processing of personal data of persons who use services, property, or other performances provided by ČEPS, or who are in any way involved in the acquisition or disposal of these performances of ČEPS, for the purpose of control and registration of use of these services, property, or other performances as well as for the purpose of ensuring the fulfilment of legal obligations, damage compensations, or other rights of ČEPS, to the following extent: first name, last name, title, username, telephone number, e-mail address, date of birth, residential address, GPS information about the location of the vehicle owned by ČEPS, a.s., a copy of the driving license, an operational data communication log,
a log of visited IP addresses, IMEI of the device, MAC address of the device, IP address of
the device ;
 only the selected workplaces (e.g. control center) and persons accessing the workplace regularly
 in particular, the data provided in the information system Operational Documentation, use of guest wireless network connections, the data provided in the context of contracting between ČEPS and an employer or customer of the Data Subject, etc.
2. WAYS AND MEANS OF THE PROCESSING
- The Administrator collects and processes personal data collected from Data Subjects mainly through forms of the Administrator or agreements with Data Subjects or their employers. The Administrator collects and processes personal data collected from Data Subjects on
the basis of their given consent and a particular processing instance.
a) Provision of the personal data referred to in Chapter 1, item (d) to the Administrators is mandatory, as it is necessary for the fulfilment of the obligations of the Administrator pursuant to Act No. 458/2000 Coll., on Business Conditions and Public Administration in the Energy Sectors and on Amendments to Other Laws (the “Energy Act”), as amended, specifically § 8 of
the Decree No. 79/2010 Coll. on Dispatch Control of the Power System and the Transmission of Data for Dispatch Control Purposes, as amended. Phone lines of the control center are not public — for security reasons, their numbers are disclosed only to authorized employees of
the contractors, whose job is to follow the dispatchers’ instructions. Failure to provide such data would make it impossible to perform the essential obligations of the Administrator as
a transmission system operator and, therefore, the provision of such data is a necessary condition for the proper performance of the Administrator’s licensed activity. This personal data is processed during the period of the Administrator’s duty to archive or document the obligations resulting from the above regulations.
b) Provision of the personal data referred to in Chapter 1, point (a), (c), (e), (g), (h), (i), (j) is necessary to ensure the security of the transmission system and the protection of rights and legitimate interests of the Administrator in the ordinary conduct of its activities, while fully respecting the right of Data Subjects to the protection of private and personal life. Provision of such data is mandatory (without the consent of Data Subjects). Failure to provide such data would lead to the breach of contractual obligations by the Data Subjects, prohibition of their entry into the Administrator’s premises, factual impossibility to deal with the emergency status, inability to provide the applicant with the information necessary for the design and implementation of the applicant’s projects or disruption of the safe and reliable operation of
the Czech transmission system. The mentioned personal data is stored for a period of validity of a written agreement (including the claim period) concluded between the Administrator or
the persons with whom it forms a group for one part and the company, organization or state authority whose employee, statutory body, subcontractor or a subcontractor’s employee is
a Data Subject, for the other part. In case of doubt or if there is no written agreement made with the Data Subject or with a person who is the employer or customer of the Data Subject,
the personal data are processed during a maximum period set out in the public registry of
the personal data processing on the website of the Office for Personal Data Protection (http://www.uoou.cz) for the relevant purpose of personal data processing by the Administrator.
c) Provision of the personal data referred to in Chapter 1, point (b), (f) is voluntary and it is carried out with the consent of the Data Subject. The purpose of the processing of such data is in the case of purpose (g) to provide a safe wireless Internet access in the Administrator’s premises for devices in the possession of the Data Subjects and in the case of purpose (h) to provide discounted meals in the cafeteria for former employees of the Administrator receiving
a retirement pension. In the case of withholding or withdrawal of consent, these services cannot be provided.
- The personal data referred to in Chapter 1 are processed in both paper and electronic formats for manual and automatic processing. The personal data is stored in electronic form in an electronic database of the Administrator, specifically on hard disks of the servers located in the premises of the Administrator and it is treated with professional care, while respecting common ICT security policies; the data is protected against unauthorized access both from the outside and by an employee who is not authorized to perform any of
the above activities using the mentioned data. The personal data referred to in Chapter 1 item (c) are processed in paper format by storing in a folder kept by the staff of
the respective premises’ reception.
- The Administrator has adopted and implemented technical and organizational measures preventing the unauthorized or inadvertent access to personal data, their alteration, destruction or loss, unauthorized transfer or other unauthorized processing or misuse.
- In the area of automated processing, the Administrator has adopted measures to ensure that systems for the automated processing of personal data are used only by the authorized persons and that these persons have access only to the personal data corresponding to their permission level (through the user permission settings and passwords).
The Administrator also ensured the possibility to make electronic records allowing for verification who, when, and for what reason processed the personal data.
3. TRANSFER AND DISCLOSURE OF PERSONAL DATA
- The personal data is collected and processed by the Administrator and the following processors:
a) SECURITAS ČR, s.r.o., residing at Prague 9, Pod Pekárnami 878/2, Company ID 43872026;
b) EBIS, s.r.o., residing at Brno, Křižíkova 2962/70a, Company ID 45477388;
c) N-GASTRO CZ, a.s., residing at Prague 4, 5. května 1640/65, Company ID 25754572;
d) HRDLIČKA spol. s r.o., se sídlem Tetín, nám. 9. května 45, IČO 18601227;
e) TTC MARCONI s. r. o., se sídlem Praha 10, Třebohostická 987/5, IČO 48591254;
f) COM PLUS CZ a.s., se sídlem Praha 9, Nad Krocínkou 317/48, IČO 25772104.
- The personal data will only be disclosed to competent employees of the Administrator or
the above processors who are required to maintain the confidentiality of the personal data and the measures for their protection. The employees are entitled to treat the personal data based only on specific instructions from the Administrator. The confidentiality obligation shall survive termination of the employment of the employees of the Administrator, recipient, and the above processors.