Personal data protection

The rules of personal data processing at APOLLO SOFT s.r.o.

1. The purpose of the document

1.1. The purpose of the document is to summarize basic information on the personal data processing rules that we apply and have adopted in order to ensure compliance with Regulation (EU) 2016/679 (hereinafter GDPR).

1.2. We have taken all necessary measures to increase the security and confidentiality of processed data and to meet all prescribed duties under the laws of the Czech Republic.

2. Basic Information

2.1. Our company APOLLO SOFT s.r.o. with its registered office at V Parku 2294/2, 14800 Prague, Czech Republic, registration No. (IČ): 28179781, registered in the Commercial Register administered by the Municipal Court in Prague, Section C, entry No. 266997, acts as a personal data controller with respect to the website visitors, customers, clients, employees and selected contractors.

2.2. In line with GDPR, we process personal data while observing the following principles:

a) Legitimacy, correctness and transparency – We process your data only if there is a legitimate reason (such as a statutory duty, contractual obligation, the protection of our interests, the protection of third party interests, or consent granted by a data subject). We process your data in a transparent manner and we inform data subjects of how their personal data is handled, who can access it and what their rights are.

b) Restricted purpose – We collect your personal data only for specific, explicit and legitimate purposes (see above).

c) Data minimization – We only process personal data to the extent and scope that is necessary for a given purpose.

d) Accuracy – We process only current personal data that reflects the actual state of matters.

e) Restricted storage – We keep your personal data only for a duration that does not exceed the required and statutory periods.

f) Integrity, confidentiality – We have implemented sufficient technical and organizational measures to protect your personal data against random and illegal damage, loss, change and/or unauthorized use of or access to personal data that is being transferred, stored or otherwise processed.

g) Accountability – We can prove our compliance with the principles contained under a) to g) at any time.

2.3. We process most personal data for the purpose of meeting statutory duties and performing contracts with our clients. This includes mainly personal data required for entering into and performing a contract, i.e. identification data and contact information (academic degree, name, surname, address, date of birth (or the national identifier), corporate name, registered office, name, place of business, registration number, e-mail address, bank details).

2.4. When entering into a contract, the data subject is informed of the principles of personal data processing and acknowledges that the Data Controller is entitled to make personal data available to other data controllers or data administrators pursuant to applicable legal regulations.

2.5. If we process data for reasons other than meeting statutory duties, we need explicit, free, specific and informed consent provided by the data subjects. This involves especially personal data processing for the purpose of marketing and the client is always informed of the scope of processing in advance. The provision of such consent is entirely voluntary and the consent may be withdrawn at any time and other rights listed in the consent may be used.

3. Technical and organizational measures

3.1. We have adopted necessary measures to ensure the safety of personal data processing both in its physical and electronic forms. These measures include mainly rules for working with given information systems, making sure that automated personal data processing systems are only used by authorized persons and that such persons can only access personal data that correspond to their authorizations, making electronic records that can identify and verify when, by whom and for which reason personal data has been recorded or processed in another manner, and preventing unauthorized access to data carriers, especially by password protection, access rights, encryption, having technical and organizational measures documentation in place, and increased security by installing locks.

3.2. All employees and persons who can access personal data as part of their work have been duly trained and familiarized with the security and confidentiality rules pertaining to handling processing data.

4. Cookies

4.1. The legal title for the full use data collected from Cookies is consent granted by a user, acquired in a standard manner through correct browser settings. If a device is used by more than one user, the assumption is that the user is aware of the device settings, otherwise he or she would have set them differently.

4.2. Similarly, an end device may be set by an employer at a workplace and employees are aware of this fact even though they may set Cookies differently themselves.

4.3. Consent is not necessary for required Cookies in order to operate the website and internet services.

4.4. Pursuant to GDPR, handing data collected from Cookies qualifies as personal data processing.

5. Transferring data to third parties or third countries

5.1. We transfer personal data to third parties only in cases prescribed by the law (required reports to state administration authorities) or to the required extent, to selected contractors who provide certain services for us that are necessary to provide services for our clients. We have clearly defined contractual relationships with such parties and all our contractors meet required rules for personal data processing to the extent and in line with the parameters required by GDPR.

5.2. Data is transferred to third countries to a clearly defined extent for the purpose of providing services to our clients, but only to selected contractors and all concerned data subjects are always informed of such transfers.

6. Security incident reports

6.1. We have implemented a system of security incident reports. In case of any data leaks, we proceed pursuant to GDPR in order to minimize possible damage and in prescribed instances, we report to the Office for Personal Data Protection (

7. Contact information

7.1. If you believe that we are processing or have processed personal data contrary to privacy protection or contrary to the law, especially if personal data is inaccurate with respect to the purpose of its processing, you can send us your objection or request a clarification. In such instances, do not hesitate to contact us at any time either by phone on +420-702-157-965 or by sending an e-mail to