ZA Rental
O nás pozadí

Terms and conditions

I. INTRODUCTION

We, Zuluf auto s.r.o., ID: 06937802, with our registered office at Na Vartě 66, 250 69 Máslovice, have prepared these personal data processing principles and procedures to inform you about how we collect, process, use, and protect your personal data, thereby helping to protect your privacy. All handling of your personal data is carried out in accordance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), Act No. 127/2005 Coll., on Electronic Communications, as amended, and Act No. 480/2004 Coll., on Certain Information Society Services, as amended. Through this document, we aim to clarify the most important concepts and processes we use to protect your personal data and answer questions you may have regarding its collection, processing, and storage.

II. SUPERVISION

We take pride in following all established and binding rules and security measures when handling your personal data. We hope that situations leading to dissatisfaction with our conduct will not arise. However, should you disagree with the way we process your personal data, you may contact: The Office for Personal Data Protection (ÚOOÚ) Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic Tel.: +420 234 665 111 Web: www.uoou.cz

III. PRINCIPLES

When processing your personal data, we adhere to the following principles:

  • Principle of Lawfulness: We process your data in accordance with legal regulations and based on at least one legal title.

  • Principle of Fairness and Transparency: We process your data openly and provide information on how it is processed and to whom it is disclosed. This includes our duty to inform you in case of a serious security breach.

  • Principle of Purpose Limitation: We collect your data only for clearly defined purposes.

  • Principle of Data Minimization: We process only data that is necessary, relevant, and adequate for the intended purpose.

  • Principle of Accuracy: We take reasonable steps to ensure your data is regularly updated or corrected.

  • Principle of Storage Limitation: We keep your data only for the time necessary for the specific purpose (e.g., the duration of marketing consent). Once the purpose or period expires, data is deleted or anonymized.

  • Principle of Integrity and Confidentiality: We protect your data from unauthorized or unlawful processing, loss, or destruction using technical and organizational measures.

  • Principle of Accountability: We are responsible for and must be able to demonstrate compliance with all the above conditions.

IV. CONTACTS FOR INQUIRIES

Should any part of this document be unclear, or if you have any questions or comments regarding the protection of your personal data, please contact us: a) In person or in writing at our registered office address. b) Electronically at: info@zulufauto.com

V. PERSONAL DATA

Personal data is information that allows us to identify you. It is information attributable to a specific person. Anonymous or aggregated data that cannot be linked to you is not considered personal data. We categorize personal data into:

  • Basic data: e.g., name, surname, date of birth, ID card number, email, phone number, address.

  • Special categories of personal data: Sensitive data, such as information about your health.

  • Specific categories: A detailed overview can be found in Article XV – Data Categories.

VI. LEGAL TITLES FOR PROCESSING

We obtain and handle your personal data exclusively to the extent necessary. Providing data is voluntary; however, for certain services (e.g., a car rental agreement), providing data is a requirement to fulfill the contract. The main legal titles for processing are:

  • Consent: Given for specific purposes (e.g., newsletters). We ensure consent is separate, clear, and requires an active opt-in.

  • Performance of a Contract: Necessary for concluding and fulfilling a contract or pre-contractual measures (e.g., an order).

  • Compliance with a Legal Obligation: Necessary for us to fulfill our legislative duties as a controller.

  • Legitimate Interest: Necessary for our legitimate interests, except where such interests are overridden by your rights and freedoms.

  • Protection of Vital Interests / Public Interest: Used in exceptional circumstances to protect life or fulfill tasks in the public interest.

VII. METHOD OF PROCESSING

The Controller (and its processors) processes personal data manually (in printed and electronic form) and electronically via automated means.

VIII. REASONS FOR PROCESSING

Examples of situations where we require your data:

  • Car Rental/Purchase: Title: Performance of a contract.

  • Insurance Mediation: Title: Performance of a contract.

  • Marketing: Title: Consent (or legitimate interest for certain business communications).

  • Essential Cookies: Title: Legitimate interest for website functionality.

IX. DATA PROTECTION

We use technical and organizational measures to ensure security, including:

  • Physical access control: Secured storage locations and electronic monitoring after hours.

  • Controlled entry: Password protection and multi-factor authentication for systems.

  • Access control: Measures to prevent unauthorized reading, copying, or deletion of data.

X. YOUR RIGHTS

  • Right to Information: To know our identity and the purpose/legal title of processing.

  • Right of Access: To know if and what data we process about you.

  • Right to Rectification: To request correction of outdated or incorrect data.

  • Right to Erasure ("Right to be Forgotten"): To have data deleted if the purpose has expired, consent is withdrawn, or processing is unlawful.

  • Right to Object: To object to processing based on legitimate interest or for direct marketing.

  • Right to Data Portability: To receive data in a machine-readable format for transfer to another controller (for automated processing based on consent/contract).

  • Right not to be subject to automated decision-making: The right to request human intervention in decisions (e.g., credit scoring).

XI. CONTROLLER AND PROCESSOR

As the Controller, we determine the purpose and means of processing. If a data breach occurs that poses a high risk to you, we will notify you and the supervisory authority. A Processor handles data on our behalf based on a written contract ensuring compliance with legislation.

XII. TRANSFER OF DATA ABROAD

We do not transfer personal data to countries outside the EU/EEA.

XIII. DATA SUBJECT

A data subject is exclusively a natural person (individual). These regulations do not apply to legal entities (companies, cooperatives, etc.).

XIV. GLOSSARY OF TERMS

  • Sensitive Data: Data of a private nature (e.g., health or biometric data).

  • Cookies: Small text files used to record visit settings.

  • Legitimate Interest: Interests of the controller that do not override the subject's rights.

  • Personal Data: Information about an identifiable person.

  • Controller: Entity determining the "why" and "how" of processing.

  • Processor: Entity processing data for the controller.

XV. DATA CATEGORIES

  • Identification data: Name, ID/Passport number, date of birth, nationality, signature, etc.

  • Contact data: Address, phone number, email, social media handles.

  • Copies of documents: Copies of ID, Driver's License, Passport, etc.

  • Biometric data: Signature, photos.

  • Transactional data: Bank account number, transaction history.

  • Technical product data: VIN, license plate, service history, vehicle color.

  • Network identifiers: IP address, Mac address, cookies, browser info.