Privacy Policy

The ANECT a.s. Company Privacy Policy

The ANECT a.s. company is one of the leading ICT security suppliers and which also provides hybrid and cloud solutions. Protection of your privacy, when processing your personal data is, very important for ANECT a.s., and therefore we put great emphasis on it.

The ANECT a.s. company, based at Purkyňova 646/107, 612 00 Brno – Medlánky, IČ 25313029, registered with the Regional Court in Brno, Section B, Insertion 2113, hereby issues this ANECT a.s. Company Privacy Policy (hereinafter “Policy”) as a personal data controller according to the General Data Protection Regulation No. 2016/679 (hereinafter “GDPR”).

Within this Policy, we will explain how we work with your personal data, which we obtain and subsequently process mainly in relation to the sale of our products, when providing services, during communication with customers and, last but not least, through the use of our www.anect.com website. Further on in this Policy, we will explain how we process your personal data when organising seminars and events, when using the ANECT-GUEST Wi-Fi network and when operating our CCTV.

During the hiring process, ANECT a.s. processes personal data of job applicants. For this purpose, ANECT a.s. cooperates with the L.M.C. company (www.jobs.cz), which is a personal data processor and with whom ANECT a.s. has concluded an appropriate contract on processing personal data. Detailed information on processing personal data can be always found in the “Career” section of every listed hiring process. The link to the “Career” section is: https://anect.jobs.cz.

For hiring process purposes, ANECT a.s. cooperates with employment agencies. The employment agencies provide job applicants more detailed information on personal data processing. At the moment when data is processed by the ANECT a.s. company, the ANECT a.s. company will inform the applicant on processing their personal data.

2. BUSINESS PURPOSES

In relation to selling products and providing services, the ANECT a.s. company will process your personal data in the scope necessary for handling a given contract, providing related services, and handling your potential queries related to purchased products or services. The following table summarizes relevant information on processing your personal data.

Processing purpose	Business purposes: ● Processing personal data in order to sell products and provide services. ● Providing services for purchased products and services. ● Handling queries related to purchased products and services.
Data subjects	● Customers ● Business partners
Personal data scope	Billing information: ● First and last name. ● Degree (if provided). ● Mailing address (for legal entities or sole traders: address of a given company; for natural persons: mailing address provided by the customer) ● E-mail address. ● Phone number. Additional identification and contact data: ● Job title. ● Organization’s name. ● IČO (Company Registration Number) ● Seat or place of business address. Banking information: ● Bank account No (if payments are handled via e-banking) Business information: ● Information on purchased products and/or services. ● Information obtained when communicating with and answering queries of current customers and business partners related to selling products and services.
Processing legal title	● Performance of contract. ● Legal obligations (for invoices: tax liability)
Processing method	● Automated. ● Manual.
Processing period	● Contracts – for the contract duration + 3 years since the contract has been terminated (for the purpose of potential legitimate requirements from the controller). ● Invoices – according to appropriate tax regulations (currently: 10 years). ● Handling queries – until the query has been dealt with and subsequently 3 years according to the Civil Code, for the purpose of potential legitimate requirements from the controller.
Recipients	● Subjects participating in performing the contract (if a product or service is provided in cooperation with another subject, e.g. a supplier) ● Delivery services (e.g. the Czech post, courier services) related to performing the contract ● Financial auditors (if the data is requested by a financial auditor)
Processors	● Yes (when providing training courses for customers and business partners).
Passing on personal data abroad	● No data is passed on abroad, except when it is needed to ensure services for a purchased product or a service from a producer located abroad.

3. HANDLING YOUR CLAIMS

When handling your claims, the ANECT a.s. company processes your personal data. The following table summarizes relevant information on processing your personal data.

Processing purpose	Handling claims: ● Handling claims related to purchased products or services.
Data subjects	● Customers ● Business partners
Personal data scope	Identification and contact details (for handling claims): ● First and last name. ● Degree (if provided). ● E-mail address (if the claim is dealt with electronically). ● Mailing address (if there is a request to deal with the claim via post). ● Phone number. Additional provided data: ● When handling a claim related to purchased products or services, additional personal data may be processed if needed for handling the claim (e.g. bank account number, job title, etc.).
Processing legal title	● Fulfilment of legal obligations (claims – due to our responsibility for defects).
Processing method	● Automated. ● Manual.
Processing period	● Provided data is stored for the period when a claim is being handled and subsequently for the period necessary for exercising controller’s rights and claims, which means for the duration of relevant limitation or preclusive periods.
Recipients	● Delivery services (in order to handle a claim, e.g. the Czech post, courier services), customs service, any other subject who we exercise our claim against.
Processors	● No.
Passing on personal data abroad	● Yes, personal data may be passed on abroad in relation to handling your claim request.

4. VISITING OUR WEBSITE

For operating its website, ANECT a.s. uses so called cookies (electronic communications metadata). More detailed information on cookie use can be found here: https://www.anect.com/en/eu-cookie/.

5. ORGANIZING SEMINARS AND EVENTS

ANECT a.s. is entitled to process personal data acquired through registration forms for organized seminars and events on ANECT a.s. website (registration for a given seminar or event).

The following table summarizes relevant information on processing your personal data in relation to registrations for seminars or events.

Processing purpose	Organizing seminars and events: ● Handling registrations for organized seminars and events. ● Publishing photos from organized seminars and events. ● Handling queries related to organizing seminars and event.
Data subjects	● Customers. ● Business partners. ● Third parties (e.g. participants of seminars and events).
Personal data scope	Identification and contact details (for handling claims): ● First and last name. ● Degree (if provided). ● E-mail address. Additional data: ● Additional personal data which a subject provides in relation to organization of a seminar and event, e.g. a phone number so that the subject can be contacted, job title, and company name.
Photos	Photos: ● Photos from organized seminars and events. Information on publishing photos from organized seminars and events: ● Photos taken at ANECT’s a.s. seminars and events are placed in Zonerama cloud photo albums by the ZONER software, a.s. company, with which ANECT a.s. has concluded a processing contract. The servers of the ZONER software, a.s. company are located in the Czech Republic. Only participants of a given seminar or event are granted access to such an photo album; they are sent a protected password. The participants of a given seminar or event are only granted the right to view the photos in the album. ● Photos from seminars are, under certain circumstances, published by ANECT a.s. on the public profiles of the ANECT, a.s. company on social networks: LinkedIn, Facebook, YouTube, Twitter. ● When photos are published on public profiles of the ANECT a.s. on social networks, the photos are selected in such a way unreasonable invasion of privacy of depicted people is avoided.
Processing legal title	● Performance of contract in case of paid seminars. ● Legitimate interest of the controller for organizing registration for seminars and events.
Processing method	● Automated. ● Manual.
Processing period	● Five years in relation to organizing a given seminar and event. ● Ten years for photos published from seminars and events.
Recipients	● Event ticket distributors, if they are used for ticket distribution. ● Business partners (e.g. sponsors participating in organizing a given seminar or event). ● Hotel and accommodation providers (if accommodation is provided).
Processors	● Zoner software, a.s. for photos.
Passing on personal data abroad	● Yes, personal data may be passed on abroad (e.g. when requested by business partners, or sponsors in relation to confirmation of their participation in organizing a seminar or event).

6. ANECT-GUEST WI-FI NETWORK

The ANECT-GUEST Wi-Fi network provides the possibility for guests to connect to the wireless network. This host network only provides access to the public Internet. The following table summarizes relevant information on processing your personal data in relation to providing access to the ANECT-GUEST Wi-Fi network.

Processing purpose	ANECT-GUEST Wi-Fi network operation: ● Providing access to the ANECT-GUEST Wi-Fi network. ● Logging in (guest’s contact details in the scope of: first and last name, company are logged), recording time spent on the public Internet (start and end of the session) and recording URLs of visited Internet websites.
Data subjects	● Guests of the ANECT a.s. company (e.g. customers, business partners, participants of seminars organized by the ANECT a.s. Company, lecturers).
Personal data scope	Identification and contact details (for handling claims): ● First name. ● Last name. ● Company. Additional data: ● Recording time spent on the public Internet (start and end of the session). ● Recording URLs of visited Internet websites.
Processing legal title	● Legitimate interest of the controller to ensure the security of electronic communication networks and information.
Processing method	● Automated.
Processing period	● Provided data is stored for 1 year. ● Subsequently this data is automatically erased.
Recipients	● No personal data is passed on except on legitimate requests from law enforcement authorities.
Processors	● No.
Passing on personal data abroad	● No, data is not passed on abroad.

7. CCTV SYSTEM

ANECT a.s. operates a CCTV system. The following table summarizes relevant information on processing your personal data in relation to recording video by CCTV.

Processing purpose	CCTV system: ● Security and property protection (property protection against theft, company property protection, personal protection, namely of company employees, and also protection against illegal or criminal activities).
Data subjects	● Customers and business partners entering the ANECT a.s. company’s premises. ● Third party persons entering the ANECT a.s. company’s premises.
Personal data scope	Recorded video: ● Personal data from the CCTV system in the form of recorded video is processed. Individual recorded takes will be used to identify individuals in accordance with the hereinabove mentioned purpose of processing data to ensure security and property protection. ● The scope of processed personal data will only involve recording individuals in certain exactly specified locations. Such places are marked with pictograms and are located in all entrances to the company premises.
Processing legal title	● Legitimate interest of the controller to ensure security and property protection.
Processing method	● Automated. ● Manual (if individual video records need to be browsed).
Processing period	● Recorded video is stored for 14 days. ● If there exists a suspicion a criminal act has been committed, selected video records are copied out and stored for the period necessary to investigate the case (or for the period legitimately requested by law enforcement authorities.)
Recipients	● No personal data is passed on except when legitimately requested by law enforcement authorities.
Processors	● No.
Passing on personal data abroad	● No, data is not passed on abroad.

8. XTENDISE

ANECT a. s. operates the XTENDISE web application which makes it easier for administrators to administer the Cisco ISE system and the environment where 802.1X technology is deployed (hereinafter referred to as the “XTENDISE” service). The XTENDISE service helps IT administrators and helpdesk workers administer Cisco ISE without the necessity to undergo training for Cisco ISE. This service enables carrying out routine activities relating to the administration of network devices and handling non-authenticated devices. During the XTENDISE service operation, personal data is processed in the following scope:

Purpose of processing	· Personal data is processed only for the purpose of pre-contract negotiation and performance of contracts for the XTENDISE service use.
Data subjects	· The contact persons of customers using the XTENDISE service.
Scope of personal data	· The personal data of customer’s contact persons is processed in the following scope: name, surname, email address, and phone number if required. The personal data will be processed in accordance with the above purpose of personal data processing.
Legal title of the processing	· The controller’s legitimate interest, which is the fulfilment of the customer’s requirements for the XTENDISE service provision, in particular execution of orders or performance of contracts for the XTENDISE service provision.
Method of processing	· Manual (if individual personal data needs to be browsed).
Processing period	· Personal data is retained for a period of authorized use of the XTENDISE service by the customer and 6 months after expiry of this period (based on a concluded order or contract for the XTENDISE service provision); afterwards the data will be fully anonymized.
Recipients	· The personal data is transferred only to third parties that are engaged in the XTENDISE service development and operation, and the personal data is also transferred based on a legitimate request from law enforcement authorities. · The pseudonymized personal data is transferred for automated processing as part of Google Analytics.
Data Processors	· YES, third parties in a contractual relationship with ANECT a. s. engaged in the development and operation of the XTENDISE service.
Cross-border transfer of personal data	· YES, the personal data is transferred to other countries, the personal data is retained in the European Union (hereinafter referred to as the “EU”). Personal data is not transferred to non-EU countries.

9. CLASHING

ANECT a.s. operates a unique concept of employee training in the field of information and cyber security CLASHING in the form of an educational gaming platform provided from the cloud (hereinafter referred to as the “CLASHING” service). The CLASHING service involves the processing of personal data to the following extent:

Purpose of processing	· Building security awareness of the customer’s employees in the field of cyber security according to the applicable terms and conditions for the provision of the CLASHING service.
Data subjects	· Contact persons and employees of customers using the CLASHING service · Other persons involved in the performance of the provision of the CLASHING service to customers.
Scope of personal data	· Personal data of contact persons and employees of the customer are processed in the following scope: name, surname, email address, or telephone number. The personal data will be processed in accordance with the above purpose of processing personal data to ensure the protection of security and property.
Legal title of the processing	· Legitimate interest of the controller consists of the fulfilment of the customer’s requirements for the provision of the CLASHING service, in particular of the fulfilment of the concluded order or contract for the provision of the CLASHING service.
Method of processing	· Automated, · Manual (if it is necessary to browse individual personal data).
Processing period	· Personal data is stored for the period of legitimate use of the CLASHING service by the customer and 6 months after its termination (according to the concluded order or contract for the provision of the CLASHING service), after which it will be completely anonymised.
Recipients	· There are only transfers of personal data to such third parties that are involved in the development and operation of the CLASHING service and also transfers of personal data based on a justified request by law enforcement authorities. · Pseudonymised personal data is transmitted for automated processing within Google Analytics.
Data Processors	· YES, third parties in a contractual relationship with ANECT a.s. involved in the development and operation of the CLASHING service.
Cross-border transfer of personal data	· YES, personal data is transferred abroad, in such case personal data is stored in the European Union. There is no transfer of personal data outside the EU.

10. CLASHING EDU

ANECT a.s. operates a unique employee education concept called CLASHING (see clause 9.) that is also suitable for children of employees / primary school and/secondary school students (hereinafter referred to as ‘CHILDREN’) in the field of CLASHING EDU information and cyber security in the form of an educational gaming platform provided from the cloud (hereinafter referred to as the ‘CLASHING EDU’ service). During the CLASHING EDU service operation, personal data is processed to the following extent:

Purpose of processing	· Building security awareness of CHILDREN in the field of cyber security according to the valid terms and conditions for the provision of the CLASHING EDU service.
Data subjects	· Contact persons of the customer’s employees and CHILDREN using the CLASHING service. · Other persons involved in the provision of the CLASHING EDU service.
Scope of personal data	· Personal data of the contact persons of the customer’s employees and of the CHILDREN are processed to the following extent: name, surname, email address, Personal data will be processed in accordance with the above purpose of processing personal data to ensure the protection of safety and property.
Legal basis of processing	· The processing of personal data by the controller is necessary for the fulfilment of a task carried out in the public interest of the controller consisting in the fulfilment of the requirements of the customer or persons linked with the customer for the provision of the CLASHING EDU service, in particular in the fulfilment of the concluded purchase order or contract for the provision of the CLASHING EDU service
Method of processing	· Automated, · Manual (if individual personal data needs to be browsed).
Period of processing	· Personal data is retained for a period of authorised CLASHING EDU service use by the customer or a person linked with the customer, and 12 months after expiry of this period (based on a concluded order or the contract for the CLASHING EDU service provision); afterwards the data will be fully anonymised.
Recipients	· The personal data is only transferred to third parties that are engaged in the CLASHING EDU service operation, and the personal data is also transferred based on a legitimate request from law enforcement authorities. · The pseudonymised personal data is transferred for automated processing as part of Google Analytics.
Processors	· YES, third parties having a contractual relationship with ANECT a.s. engaged in the operation of the CLASHONG EDU service.
Transfer of personal data to other countries	· YES, the personal data is transferred to other countries; the personal data is retained in the European Union. Personal data is not transferred to non-EU countries.

11. SECURITY OF YOUR PERSONAL DATA

ANECT a.s. is aware of the paramount importance to protect your personal data. ANECT a.s. has implemented appropriate technical and organizational measures. Given the ever-growing development of modern technologies, ANECT a.s. always closely watches the most recent trends and adjusts its personal data protection accordingly.

ANECT a.s. has obtained the Information Security Management Systems (ISMS) certification according to the ISO/IEC 27001 norm. The Information Security Management Systems is an organized set of organizational and controlling measures defined by the ČSN ISO/IEC 27001:2013 norm, which are based on procedural approach and aiming at maintaining measures and tasks defined in the Privacy Policy of the ANECT a.s. company and other internal regulations at a level corresponding to current risks and needs for securing ANECT’s a.s. information and information systems. The information security system is fully incorporated into the company management system.

12. WHAT ARE YOUR RIGHTS?

As a data subject, you have the following rights:

Right to access personal data: If you want to ask if ANECT a.s. processes your personal data, you have the right to obtain information whether such data is processed and, if that is the case, you have the right to access such data.
Right to rectification of inaccurate data and to update incomplete data: If you assume ANECT a.s. processes inaccurate data about you or you want to update your personal data, you have the right to request such a rectification or update of your personal data.
Right to erasure (“right to be forgotten”): If you request your personal data to be erased, ANECT a.s. will evaluate your request and we will erase your personal data provided that: a) your personal data is no longer necessary for the purposes why it was collected or processed in another way; b) processing such data is illegal; c) you object to processing such data and there are no prevailing legitimate reasons to process your personal data; or d) the legal obligation to process your personal data has been revoked in the EU or national law.
Right to restriction of personal data processing: If you request a restriction of processing your personal data, ANECT a.s. will make your data inaccessible or it will take all necessary steps in order to ensure the proper exercise of this right.
Right to personal data portability: You have the right to request we pass on your personal data, processed via an automated method (in an electronic form), to another controller in a structured, commonly used and machine-readable form. The right to personal data portability can be used on the condition ANECT a.s. processes your personal based on a contract or consent to the processing of personal data, and on the condition it is technically feasible. If, by exercising this right, the rights and freedoms of other individuals might be affected, ANECT a.s. will not be able to meet your request.
Right to object: If you exercise your right to object to your data being processed and ANECT a.s. acknowledges your requests as legitimate, it will cease processing your personal data without unnecessary delay. If your data is processed for the purposes of direct marketing, you can object to your personal data being processed at any time; in such a case, your personal data will no longer be processed for these purposes.
Right to appeal to the Office for Personal Data Protection: You have right to appeal with your complaint to the supervisory authority: the Office for Personal Data Protection, based at Pplk. Sochora 27, 170 00 Praha 7, the Czech Republic.

13. INFORMATION ON PROCESSING YOUR REQUEST

Protecting your privacy and your personal data is a priority for us. We will evaluate your request without unnecessary delay, but always considering the technical capabilities of the ANECT a.s. company.

We will process your requests free of charge. But we would also like to inform you that in case of repeated or clearly unjustified requests (“harassing use of data subject rights”) to exercise hereinabove rights, ANECT a.s. is entitled to charge an appropriate fee for exercising a given right, or to eventually reject your request. In such a case, you will be informed about such a decision.

14. HOW CAN YOU CONTACT US?

If you have any question regarding your personal data protection, you can contact us:

Via email to gdpr@anect.com. To increase the speed of processing your request, please use “REQUEST – PERSONAL DATA PROTECTION” as the subject of your email.
Or via letter to Technologický Park, budova A, Purkyňova 646/107, Brno – Medlánky, 612 00 or Prime Office Building, Lomnického 1742/2a, Praha 4 – Pankrác, 140 00. To increase the speed of processing your request, please write “PERSONAL DATA PROTECTION” on the envelope.

15. POLICY EFFECTIVE DATE

This Policy is effective as of 21 January 2019 and it will be subject to regular updates. The valid version can always be found at: http://www.anect.com.