Personal Data Processing Policy

Document No.:     VF Q-3R4-03

VF, a.s., Company ID  25532219, with registered office at Svitavská 588, 679 21 Černá Hora, registered at the Regional Court in Brno under the reg. no. B 2681 (hereinafter referred to as “VF”), when processing personal data follows the rules set out in this Personal Data Processing Policy in order to ensure effective protection of personal data and prevent its misuse. 
VF is 100% owner of VF, s.r.o. (Company ID 314 42 552, with registered office at M.R. Štefánika 9, 010 02 Žilina, Slovak Republic). These companies work closely together and share some administrative, personnel, and IT resources and form the VF Group (hereinafter referred to as the “VF Group”).
The personal data processing rules stated in this policy correspond to the obligations imposed on us when processing personal data by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “the GDPR”).
Through this policy, we also inform about the facts and rights that we must inform in accordance with the GDPR, thereby ensuring sufficient transparency and openness in the processing of personal data. 
This policy sets out the procedures and principles on the basis of which we process personal data. For further information or clarification, please contact our Data Protection Coordinator. 

​​​1.  Collection of Personal Data

1.1 Reasons for Collecting Personal Data

We collect and process personal data only when it is necessary for:
a)    performance of contracts;
b)    provision of services;
c)    compliance with statutory requirements;
d)    protection of vital interests of subjects;
e)    the purposes of our legitimate interests, unless the interests or fundamental rights and freedoms of data subjects take precedence.

1.2 Sending for Direct Marketing Purposes

One of the legitimate interests may be the processing of personal data for the purpose of direct marketing – sending commercial communications. This means that we may send information or offers of similar products or services to clients who have purchased a product or used a service from us. The sending of commercial communications can be canceled at any time via the link contained in the commercial communication sent or via the contact email below. 

1.3    Consent

In other cases, we can obtain and process personal data only with your express and free consent. The consent can be revoked at any time through the contact details provided in this policy. The specific terms and conditions for the use of personal data after granting consent are always set out in each individual consent. 

1.4    Obtaining Personal Data

VF Group does not obtain personal data from publicly available sources, but always only from subjects or third parties that cooperate with VF and have obtained personal data in accordance with the GDPR. When using personal data, VF Group always follows this policy and the GDPR.
We either explicitly request personal data, or we can obtain it as part of a registration for the services provided, as part of concluding contracts, or when using the services provided. We also collect some personal data automatically – for example, by using cookies when visiting websites. 
We will always inform you of the specific reason for processing your personal data either directly in the contract you enter into, in the terms of the service provided, or in this policy.

2    Use of Personal Data

We use personal data primarily to provide services, to enable us to enter into a required contract, to perform a contract, to comply with legal requirements, or to notify you of changes to services. We also use personal data to improve services and products.

3    Transfer of Personal Data to Other Persons

3.1    Transfer of Personal Data

We will not disclose personal data to anyone except as described in this policy.
Personal data will be accessible by employees who are authorized to handle it. All employees who will have access to personal data are bound in writing to confidentiality, so they are not allowed to disclose it to anyone. These employees are also carefully selected, have been familiarized with the internal rules on the protection of personal data, and have been properly trained to know how to handle personal data and under what conditions it may be processed. 
We will transfer personal data to certain third parties where necessary. These parties are called processors. VF is responsible for ensuring that these processors provide appropriate safeguards for the processing of personal data. We choose all processors responsibly. At the same time, processors are contractually obliged to comply with data protection obligations, which contractually ensure that personal data is adequately protected and minimize the risk of misuse. 

3.2    Third Parties to Whom Personal Data May Be Transferred

Here are the categories of persons to whom we may transfer personal data and who may have access to personal data:

Categories of Recipients Purpose of Transfer of Personal Data
Legal advisors Use of legal advice
Accounting and tax advisors Use of accounting and tax advice
Marketing specialists Use of marketing services
IT service providers IT administration and user application administration
Website administrator Website administration
Providers of online tools Use of the tools to improve service quality and customer experience
Service providers for sending out communications Ensuring sending commercial and other communications
Carriers Shipping of ordered goods
Carriers Provision of subcontracting for the ordered service 


Companies of the VF Group mutually share information, including personal data. However, the companies ensure sufficient guarantees of personal data protection. 
We may share personal information with other third parties to prevent crime and reduce risk where required by law and where we consider it appropriate, in response to legal process, or to protect the rights or property of VF Group, partners, or data subjects.

3.3    Transfer Outside the EU

Personal data is not transferred to countries outside the European Union or to international organisations except for the purpose of improving data backup and protection and in situations expressly set out in this policy. 

4    Automatic Individual Decision-Making and Profiling

The VF Group does not carry out any automated individual decision-making or profiling when processing personal data.

5    Duration of Personal Data Processing

The VF Group processes personal data only for the necessary period of time. If the personal data is no longer needed for the purposes of processing, it is erased immediately.
If the VF Group processes personal data based on consent, the processing period is specified in this consent. 
If the VF Group processes personal data as a result of statutory provisions, it processes it for the period of time required by law. In the event that the law requires the archiving of certain data, this personal data is archived for the required statutory period. 
In the event that the VF Group processes personal data for the purpose of concluding or fulfilling a contract or providing a service, it processes the data for 10 years after the termination of the contract or the provision of the service. During this period, personal data is processed only for the purpose of settling any legal claims or conducting legal proceedings. The period of 10 years corresponds to the maximum limitation period during which claims can be brought before a court. 

6    Your Rights

6.1    Right to Information

You can contact us at any time to confirm whether we are processing your personal data by using the contact details below. If we process your personal data, you have the right to access the following information:
a)    for what purpose we process your personal data and what categories of personal data we process;
b)    who are the recipients and processors of your personal data;
c)    for how long will your personal data be stored and, if it is not possible to determine this period, the criteria used to determine this period;
d)    for which personal data you can request erasure or restriction of processing or object to the processing;
e)    about the right to lodge a complaint with the supervisory authority;
f)    about the sources of your personal data;
g)    whether we use automated individual decision-making or profiling.

If you ask us to do so, we will provide you with a copy of your personal data that we process. If you request further copies, we may charge you a fee at the cost incurred. If you make your request electronically, copies will be provided to you in electronic form as well, unless you request another form. However, we have the right to require that you verify your identity to ensure that your data is not disclosed to an unauthorized person.
We will endeavour to provide you with your data as soon as possible, depending on the scope required, but not later than within 30 days.

6.2    Right to Rectify

If you find that some of your personal data that we have is inaccurate, incorrect, or incomplete, you have the right to have your personal data rectified or supplemented without undue delay after you inform us. 

6.3    Right to Be Forgotten – Right to Erasure

You have the right to have us delete your personal data without undue delay if:
a)    your personal data is no longer needed for the purposes for which it was collected;
b)    you revoke your consent;
c)    you object to the processing;
d)    we processed your personal data unlawfully;
e)    it is required to comply with a statutory obligation;
f)    the personal data was collected in connection with the offer of information society services.
However, we will not erase your personal data even for the above-mentioned reasons if there is one of the reasons according to Article 17(3) of the GDPR. 
If your personal data has been disclosed or transferred to third parties, we will also ensure that this personal data is erased, if it is technically possible and feasible.

6.4    Right to Restriction of Processing

You have the right to have us restrict the processing of your personal data if:
a)    you tell us that your personal data is inaccurate until we check the accuracy of the personal data;
b)    we process your personal data unlawfully, but you ask us to restrict its use instead of erasing it;
c)    we will no longer need your personal data, but you will require it to establish, exercise, or defend your legal claims;
d)    you have objected to the processing until we check the legitimacy of your objection.
During the processing limitation period, your personal data may only be stored. Otherwise, it may only be processed based on your consent, for the purpose of establishing, exercising, or defending legal claims, or for reasons of public interest. 

6.5    Right to Object

You have the right to object to the processing of your personal data if we process it for direct marketing purposes. You must send us your objection in writing or by email to the email address below. If you object to the processing for the purpose of direct marketing, we will no longer process your personal data to this extent, unless we demonstrate serious legitimate reasons for such processing that take precedence over your interests or rights and freedoms, or for the establishment, exercise, or defence of your legal claims. 

6.6    Right to Data Portability

If you so request, VF Group will provide you with your personal data in a structured, commonly used format so that you can provide it to another controller. Where technically possible, you may request that VF Group transfers your personal data directly to a controller you designate. 

6.7    Right to Lodge a Complaint

You may lodge a complaint regarding the processing of your personal data or non-compliance with the GDPR with the supervisory authority at any time.

7    Measures in Place

The VF Group has put in place personnel, organisational, and technical measures to minimise the risk to your rights and freedoms and for the protection of your personal data. To this end, the VF Group has trained its employees who come into contact with personal data. All personal data in physical form is secured against unauthorized access. For personal data stored in electronic form, security standards are observed and the data is also secured against unauthorized access. The VF Group conducted a risk analysis to prevent risks and ensured that appropriate risk mitigation measures were implemented.   

8    Personal Data Protection Coordinator

The VF Group is not obliged to appoint and has not appointed a Personal Data Protection Officer. However, it has appointed a Personal Data Protection Coordinator who is responsible for data protection. You can contact the Personal Data Protection Coordinator regarding any matter relating to personal data and exercising your rights. You can contact the Personal Data Protection Coordinator by email at

9    Contact Details

In case of any requests, requirements, comments, or uncertainties, you can contact us by email at or in writing at  the VF headquarters.

10    Final Provisions

This policy was adopted on 21 May 2018. VF may change this policy as long as it remains in compliance with the law and the GDPR. We will inform you of any changes to this policy on the website. 

cz | en | ru