Privacy Policy

1. Introduction

The company Auto Průhonice a.s., ID No.: 28448430, with registered office at K Chotobuzi 333, 251 01 Čestlice, registered in the Commercial Register kept by Municipal Court in Prague, Section B, Insert 14583 (hereinafter referred to as "Company"), has prepared this "Privacy Policy" (hereinafter referred to as "Principles"), to inform you about how we collect, process, use and protect your personal information to help protect your privacy.

We carry out all operations with your personal data in accordance with the applicable legislation, in particular s(e):

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of of natural persons with regard to the processing of personal data and on the free movement of personal data movement of such data ("the Regulation"),
  • Act No. 127/2005 Coll., on electronic communications, as amended by as amended, and
  • Act No. 480/2004 Coll. on certain information society services, as amended.

In these Principles we would also like to provide you with information on the most commonly used terms and processes to protect your personal data we use. At the same time, we will explain your rights under the Regulation in relation to their collection, processing and storage.

and answer any questions you may have in relation to the collection, processing and storage of your personal data.

2. Supervision

In any handling of your personal data, we comply with all established and binding rules and security measures and we hope that they will not situations arise where you are dissatisfied with our treatment of you.

In the event that you do not agree with the way we process your personal data, you can contact:

Data Protection Authority
Pplk. Sochor 27, 170 00 Prague 7
tel.: 234 665 111

3. Personal data processing policy

We consider the protection of personal data to be a very important part of our business and we therefore pay great attention to it. We assure you that we will treat your personal data is handled with due care and in accordance with the applicable legal regulations and we protect your personal data to the maximum extent possible in accordance with high technical level.

When processing your personal data, we comply with the following Regulation the following principles:

3.1 Legality

We must always process your personal data in accordance with the law and on the basis of at least one legal ground (for more details see chapter 5.1 ).

3.2 Fairness and transparency

We must process your personal data openly and transparently and provide provide you with information about how it is processed, together with information about to whom the personal data will be disclosed to (for more details see chapter 7 This includes the obligation to notify you in cases of serious breaches of security or leakage of personal data, we must inform you of this (see Chapter 6 ).

3.3 Purpose limitation

Personal data must be collected for specified and legitimate purposes and must not be processed in a way incompatible with those purposes (for more details see chapter 5.1 and chapter 5.2).

3.4 Data minimization

The processing of personal data must be proportionate, necessary and relevant in relation to the purpose for which it is processed.

3.5 Accuracy

Your personal data must be accurate and kept up to date where necessary. To do this all reasonable steps are taken to enable us to ensure regular updating or correction of your personal data (for more details see section 7 ).

3.6 Storage limitations

The storage of your personal data is carried out only for the necessary period of time, in form that permits your identification for the purposes for which it is they are processed (for example, consent for the processing of personal data for marketing purposes, unless this consent has been given before the expiry of that period revoked).

Once the period for processing or the purpose of processing has passed, your personal data we will delete it or modify it so that it is not linked to your person (anonymisation process).

3.7 Integrity and confidentiality

This principle requires us to adopt such technical and organisational safeguards of your personal data to prevent its unauthorised or unlawful processing, loss or destruction. For these reasons, we adopt numerous technical and organizational measures, while ensuring that your personal data is accessible to only selected employees have access to your personal data.

3.8 Liability

Responsibility is embodied in the obligation to be able to demonstrate compliance with all of the above of the conditions listed above.

4. Basic key terms
4.1 Processing of personal data

Processing is any operation or set of operations that is performed on personal data or sets of personal data, with or without the assistance of automated procedures, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, arranging or combining, restricting, erasing or destroying.

However, processing within the meaning of the General Regulation shall not be construed as any treatment of personal data. The processing of personal data must be regarded as already a more sophisticated activity, not a random one, which the controller with personal data is carried out by the controller for a specific purpose and from a specific perspective systematically.

4.2 Personal data and their breakdown

Personal data is any information about you as a person that we can identify you directly or indirectly, in particular by reference to a particular identifier, such as name, identification number, location data, network identifier or to one or more specific physical, physiological elements, genetic, psychological, economic, cultural or social identity.

Personal data is not anonymous or aggregated data, i.e. data that we cannot uniquely link to your person.

With regard to the definition of the breadth of the term "personal data", we may can be divided into two basic groups, namely:

(a) basic personal data, which are, for example, name, date birth, ID card or other document number, location data, network identifier, etc.

(b) Special categories of personal data, which are data of a very personal nature, such as physical, physiological, genetic, psychological, economic, cultural or social identity. The processing of this data is necessary for us to fulfil our obligations and exercising the special rights of the controller or the data subject in the field of employment law and social security and social protection law.

An overview of what personal data we include in the above categories, please see chapter 5.2.

If you want to know when and under what conditions you can know the scope of our we process personal data about you, or if you want your personal data that we process, please familiarise yourself with chapter 7 which explains the different procedures and their conditions.

4.3 Who is the data subject

The data subject is exclusively the natural person to whom the personal data relate. However, a personal data subject is already e.g. the e-mail address of an employee of a legal entity of the legal entity, typically in the form .

The data subject is not a legal entity (for example, a commercial companies, cooperatives, associations, etc.). Data relating exclusively to a legal person is therefore not personal data.

4.4 Controller

The controller is defined as the entity that determines the purposes and means of the processing personal data and is primarily responsible for the processing. The controller of your personal are the following companies of the VOLVO Group:

Auto Průhonice a.s. with registered office at K Chotobuzi 333, 251 01 Čestlice, ID No: 28448430, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 14583 and its subsidiary Auto Průhonice a.s., Dejvice branch, Podbabská 17, Prague 6 - Dejvice and Auto Průhonice a.s., Stodůlky branch, Šafránkova, 155 00 Praha 5 - Stodůlky,

Auto Cardion s.r.o. with registered office at Heršpická 788/9, 639 00 Brno-Štýřice, ID No: 04156854, registered in the Commercial Register maintained by the Regional Court of Court in Prague, Section C, Insert 88475 and

Volvo Car Czech Republic s.r.o. with registered office at K Chotobuzi 333, 251 01 Čestlice, ID: 63981726, registered in the Commercial Register maintained by Section C, Insert 39848.

(hereinafter collectively referred to as "Regulators").

The following VOLVO Group companies act as Authorities to you of your personal data.

The Regulators or a specific Regulator processes your personal data either to:

  • on the basis of your consent, to the extent set out in this consent (for example, for marketing purposes), or
  • without your consent, for example for purposes arising from our business activities such as statutory obligations, obligations under contracts etc., but may also process it for its own intended purposes, e.g. for its own legitimate interests, provided that those interests do not override the interest in the protection of your fundamental rights and freedoms as a natural person.
4.5 Processor

The processor is the person to whom we, as controller, transfer your personal data. A processor can therefore only carry out processing operations on personal data that operations that we have authorised them to carry out or that result from the activity for which the processor has been authorised by us.

This includes, for example, our business partners, typically external marketing agencies, who send you sales and marketing communications on our behalf.

5. Legal titles for the processing of personal data, their reasons and processing methods
5.1 Legal titles for processing personal data

Legal grounds for processing personal data means the controller's authority to to process your personal data. Thus, the legal grounds are the necessary prerequisite for us to be able to talk about legitimate and lawful processing of your personal data.

We may process personal data for different purposes, and for each purpose we need a legal basis for processing personal data. Processing of personal data is always linked to the purpose on the basis of which the legal basis is determined of the processing. It is possible that "one" personal data (or some aggregate) will be processed by us for different purposes, and these purposes may, over time arise or cease to arise, without this constituting an obligation on the personal data to destroy. An obligation to destroy personal data will arise where we cease to have the last legal basis for processing your personal data.

You provide us with your personal data voluntarily.

Personal data may be processed if at least one of the following is present legal grounds:

  1. granting consent,
  2. performance of a contract,
  3. fulfillment of a legal obligation,
  4. legitimate interest.

The following may also be used as the title for processing your personal data legal grounds:

  1. protection of the vital interests or interests of another natural person,
  2. public interest,

On the basis of the legal titles listed under points 2 to 4, we may use your personal data for the purpose of concluding and performing contracts for the purchase and use of our goods and services.

If we process your personal data on the basis of the legal title referred to in point 1, this will be in particular where you give us a marketing consent or use our website without also being our customer.

5.1.1 Consent

Consent is the free, specific, informed and unambiguous expression of your will, by which you give us a statement or other manifest acknowledgement of your consent to processing of your personal data. It is an active and voluntary expression of your will, which you must not be forced to give.

You always give us your consent for one or more specific purposes of processing that is defined in the consent. To obtain consent to processing your personal data, the following rules must be met:

a) we will always collect consent from you for the processing of your personal data individually, so your consent will not be part of the text of the contract or other agreement,

b) the text of the consent will always be clear,

(c) consent will always be given only if you actively act, so no fields in the consent form will be filled in for you in advance,

d) you will give consent separately for each processing purpose.

5.1.2 Performance of the contract

We need your personal data for the purposes of entering into a contractual relationship whose to which you are a party, or for the performance of measures taken before conclusion of the contract at your request.

5.1.3 Performance of legal obligations

We need to process your personal data here in order to comply with a legal obligation imposed on us as a data controller.

5.1.4 Legitimate interest

The processing of your personal data is necessary for the purposes of our legitimate interests or the interests of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the subject requiring protection personal data.

5.1.5 Protection of vital interests

In these cases, the processing is necessary for the protection of vital your vital interests or those of another natural person

5.1.6 Public interest

This processing title may be used when processing your personal data that we are obliged to carry out for the performance of our task carried out in public interest, or in the exercise of official authority, which we, as controller entrusted with.

5.2 Examples of processing of personal data

In chapter 5.1 we have listed the legal titles of possible processing of your personal data. We would now like to set out examples of the situations in which we will most often request your personal data and the title for which we will do so:

Activity Name

Legal title of personal data processing

Ordering and buying a passenger car

conclusion and performance of the contract or performance before conclusion of the purchase contract


conclusion and performance of the contract or performance before the conclusion of the service contract and the provision of the service

Arranging financing

performance before the conclusion of the relevant contract (for example creditworthiness assessment) and performance under the contract for the purposes of financing the purchase of a passenger car and from that contract the mutual rights and obligations arising from

Arranging insurance

conclusion and performance of the insurance contract

Downloading and using the mobile app

entering into and performance under the contract for the use of the app

Marketing purposes

giving consent for the purpose of sending commercial communications

Storage of cookies necessary for the functioning of the web of the website

our legitimate interest, as the storage of cookies is necessary for the proper functioning of the website


Protecting the interests of data subjects and fulfilling legal obligations, as protection against cyber threats is a fundamental prerequisite for the secure operation of services, is linked to with monitoring the status of the vehicle and other components and this obligation is imposed on us in certain cases by legal regulations

5.3 Method of processing personal data

Details of the ways in which we process your personal data can be found at website .

6. Security and data protection

As the data controller of your personal data, we are responsible for compliance with all obligations and policies related to the protection of personal data. In order to secure your personal data, we follow technical and organisational measures.

These measures include:

Name of the measure

Description of the measure

Physical access control

We store all data to protect access to them. The locations and areas where data is stored are secured by technical means (for example, chip cards, keys, electronically lockable doors, etc.)

Controlled input

To any system holding personal data we do not allow anyone to enter without entering the appropriate password or two-factor authentication. Personal data can be accessed by only authorised persons, to the extent necessary for the performance of their work activities.

Access control

Measures are taken to prevent unauthorised reading, copying, alteration, removal from the system or otherwise tampering with the data.

Creating pseudonyms

We process personal data by modifying them, thanks to that is not attributable to a specific person (this is so-called pseudonymisation).

Transfer control

All handling of personal data in the event of their electronic transmission, we protect it so that during the unauthorised reading, copying, modification or deletion.

In the event of a security breach of your personal data, which of course, we do our utmost to prevent, we are obliged to include this fact in 72 hours to notify the Data Protection Authority.

However, if the breach of security of your personal data would constitute a significant risk, we are obliged to notify you as well, provided that you we have up-to-date contact details for you.

7. Your rights

The Regulation gives data subjects certain rights. Their purpose is to balance the relationship between the controller and the data subject.

If you send us a request under Chapter 7.1 to Chapter 7.8, it must be information about the measures taken is provided without undue delay and in in any event within one month of receipt of the request. The time limit may be extended by two months in exceptional cases, of which you must be notified our side as administrator, to inform you, including the reasons for the extension, in within one month of the request.

In the following chapters, you can get acquainted with your individual rights.

7.1 Right of access to personal data

This right, based on your active request, allows you to obtain from us as the controller, information (confirmation) as to whether or not your personal data are being processed and, if they are, you have the right to access these personal data and you have the right to obtain the following information:

  • the purposes of the processing,
  • categories of personal data concerned,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed,
  • the intended period for which the personal data will be stored,
  • the existence of a right to request the controller to rectify or erase personal data, the right to object,
  • the right to lodge a complaint with a supervisory authority,
  • all available information about the source of the personal data, unless obtained from the data subject,
  • the fact that automated decision-making, including profiling, is taking place.

We will fulfil this obligation by sending you a "sjetin" by us of the personal data we process, or we will tell you that no personal data are not subject to processing and we do not process your personal data.

7.2 Right to rectification

The right allows you to ask us to amend any of your personal data that we process if there has been any change to it (for example change of surname, change of address, etc.).

As a data controller, it is not our responsibility to actively determine whether the personal data we collect about you is up-to-date, incorrect or inaccurate, however, if you bring this to our attention, it is our obligation to deal with your comment or request for correction. For compliance the same conditions, you also have the right to ask us to complete your personal data.

7.3 Right to erasure (right to be forgotten)

This right "to be forgotten" constitutes an obligation for us as the controller to erase personal data if at least one condition is met:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • the data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing,
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • the personal data must be erased to comply with a legal obligation,
  • personal data have been collected in connection with the offer of services of information society services pursuant to Article 8(1) of the Directive.

The right to erasure shall therefore only apply in the enumerated cases, i.e. when a given circumstance occurs.

The right to erasure is not an absolute right that would give the data subject the possibility to to request the erasure of personal data at any time and in any situation. It is not possible, for example, to under the right to be forgotten, to request the destruction of all personal data, e.g. when termination of employment or the provision of financial services, as the controller is subject to are subject to obligations to continue to retain certain personal data.

7.4 Right to restriction of processing

You have the right to have us restrict the processing of your personal data, in any of the following cases:

(a) you contest the accuracy of the personal data, for the period necessary for us to we can verify the accuracy of the personal data;

(b) the processing is unlawful and you refuse to erase the personal data and request instead requesting instead that their use be restricted;

(c) the controller no longer needs the personal data for the purposes of the processing, but you requires it for the establishment, exercise or defence of legal claims;

(d) you have objected to processing under Chapter 7.7 until it is verified that the controller's legitimate grounds override your legitimate grounds.

If the processing has been restricted on the grounds set out in points (a) to (a) above, you may request that the processing be limited to the following. (d), the personal data may be processed, with the exception of their storage only with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State State.

7.5 Notification obligations regarding rectification or erasure of personal data or restriction of processing

The controller shall notify the individual recipients to whom the personal data have been disclosed to, any rectification or erasure of personal data or restriction processing carried out in accordance with Chapter 7.2 , Chapter 7.3, and Chapter 7.4 , except where it proves impossible or required unreasonable effort. The controller shall inform the data subject of these recipients, if the data subject so requests.

7.6 Right to data portability

If you ask us to transfer your personal data to another controller, it is our obligation to provide and transmit the data to them in a structured manner, commonly used and machine-readable format, if technically practicable.

In doing so, the common conditions for the application of the right to portability:

  • personal data are processed on the basis of consent or contract,
  • processing is carried out by automated means, i.e. processing which is carried out exclusively by technical means on the basis of a predetermined algorithm and without any human intervention.
7.7 Right to object

If your personal data is processed on the basis of a legitimate interest (for example, for the purpose of entering into a contract, protecting our property, etc.), you may exercise your right to object. The legal title "Legitimate interest" is set out in chapter 5.1.4 and includes:

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • processing is necessary for the purposes of the legitimate interests of the controller or a third party.

You may also object if your personal data is processed for direct marketing purposes.

In justified cases, after your objection has been accepted, your personal data will be will be deleted and we will no longer process them.

7.8 Right not to be subject to a decision based solely on automated decision-making

This right ensures that you will not be subject to a decision based on solely based on automated processing, including profiling, which is intended to has legal effects on you or significantly affects you in a similar way. This includes ensuring that legal effects (e.g. the conclusion of a contract) are not decided by automated procedures without human assessment.

Please see your rights further detailed at

8. Rules for sharing your personal data
8.1 Sharing personal data within the European Union

Within the European Union, the principle that the free movement of personal data is not a the protection of natural persons with regard to the processing of personal data restricted or prohibited. Nevertheless, in order to transfer personal data, we must have legal reason to transfer them.

In order for us to share your personal data with a processor within the European Union, we make sure that it must be:

  • sharing personal data for a specific purpose (for example, preparing a marketing campaign),
  • transferring only clearly specified and necessary personal data,
  • transfers made on the basis of a duly concluded contract for the processing of personal data,
  • sharing carried out by secure means (encryption, pseudonymisation, etc.).
8.2 Sharing of personal data outside the European Union

The transfer of personal data to a country outside the European Union must comply with the rule that sufficient legal protection must be provided in the recipient country At the same time, it must be ensured that we also have a legal basis for the transfer.

If we were to transfer your personal data outside the European Union, then the transfer of personal data would be made on the basis of so-called binding corporate rules that we follow for one-off or collective transfers of personal data to a controller located outside the European Union.

In order for us to share your personal data with a processor outside the European Union, we make sure that it must be:

  • sharing personal data for a specific purpose (for example, preparing a marketing campaign),
  • transferring only clearly specified and necessary personal data,
  • transfers made on the basis of a duly concluded contract for the processing of personal data,
  • sharing carried out by secure means (encryption, pseudonymisation, etc.).
9. Cookies

To differentiate individual computers and to individually set some services, we use cookies or other similar network identifiers.

9.1 What are cookies?

Cookies are small text files that our servers store using web browser to individual computers, tablets, or smart phones. Cookies can be thought of as the memory of a web page that, according to the next time a user visits the same computer. Some of these cookies are necessary for your site to function properly and some of these cookies help us improve the website or help us enable us to offer a better user experience.

Cookies are not used to collect any sensitive personal information.

9.2 Types of cookies

We use the information we collect through cookies for the following applications:





Access to information



This is a technical cookie

For the duration of the session

Usage depends on your browser settings. Turn off functional cookies may result in the loss of some functionality website.

compared_cars, favorite_cars

Providing services or remembering settings in order to ensuring maximum comfort during the client's visit.


Cookie consent settings.



Used to identify unique users and its expires after 24 hours.

24 hours

We use the website for analytical purposes. This allows us to see which pages have the most visitors and where error messages are appearing to ensure that our services match your needs as closely as possible possible. May use a set of cookies to collect information and generate reports on usage website without Google's learn any personally identifiable information individual visitors.


Used to identify unique users and expires after 2 years.

2 years

session state cookies



Ensuring ad delivery or retargeting, preferences of store users.

6 months

These cookies are linked to services provided by other third party companies. These include, for example, buttons "Like" and "Share". With their help, we can connect you to social networks. Use of these cookies is up to you. Turning them off will be a signal, to stop offering you some of our services.


Providing ad delivery or retargeting, prevention fraud

1 year


Ensuring ad delivery or retargeting

1 year


2 years


to save user preferences

7 days


10 seconds



2 weeks



1 year


90 days


Other third party cookies


Saving and counting page views

30 min.

We use cookies set by third parties for various services (e.g. site analytics, advertising purposes, peer linking of our site to partner sites). Measurement Media usage: we track how much and what kind of advertising you receive you have seen to determine whether you clicked on an ad.


Saving and tracking if the browser tab is active

For the duration of the session


Storing a unique user ID

1 year


Providing protection from hackers


Channel ID

9.3 Deleting cookies

More information about enabling and disabling cookies and deleting them can be found in the Help function of your browser.

9.4 Consent to cookie settings

Here you can modify your consent to the setting of cookies: Edit settings

10. Contact us for any questions or concerns

If you are unclear about any part of this Statement, or if you have any questions or comments about the protection of your personal data, please do not hesitate to contact our Data Protection Officer Company: , or at .

11. Categories of personal data

The following is an overview of the different categories of personal data and a breakdown of the specific data we classify under them.

Personal Data Group Name

What data are recorded in this group

Biometric data:

biometric data (signature, photo)

Other identification and contact details of the employee:

employee card number, access rights / ID2 / user id, work email accounts, work phone number, passwords within internal IT systems, access/logins to internal IT systems - VPN connections, employee data from group


photography, video

Physical characteristics:

Any physical characteristics (hair color, eye color, height, weight, etc.)

Trading history:

Transactions and contracts including related information, supply/demand business opportunities, subject, date, place of transaction, reminders, information on trading in Group

Evaluation and related communication:

Employee feedback, survey responses, complaints / suggestions / proposals / requests / questions and their handling, service requests, evaluation records, internal sanctions, self-assessments, personal objectives and KPIs

Identification data:

first name, last name, maiden name, title before / after name, gender, language, place of residence, place of permanent residence, date and place of birth, date of death, nationality / nationality, person identifier (assigned by the company), type of document, diplomatic passport number, national ID number ID number, Tax ID number, social security number, social security number, number driving licence number, passport number, validity document, date and place of issue of the document, photograph from ID card, login to the application, date of creation date of entry/cancellation, employee number, employer, job title, signature

Communications, interactions and profiles derived from this data:

chat (instant messaging), conversation, email communication, behaviour or surfing/clicking/searching and listening/viewing related to the Internet /email /media /applications, information obtained through feedback / surveys / comments / suggestions / complaints in relation to the controller, consent / disagreement with the type or form of communication

Contact details:

mailing address, workplace address, telephone number, fax number, e-mail address, data box, contact social media data

A copy of a personal document or other public document:

copy of ID card, copy of passport, copy of ZTP, ZTP/P, copy of driving licence, copy of copy of diplomatic passport, copy of technical licence, copy of birth certificate number

Location data:

GPS-based localization data, beacon technology, location data derived from other operations (e.g. payments card at the merchant's premises)

Salary and similar data:

salary / remuneration, wage compensation, average earnings, bonuses / benefits, deductions from wages, method of sending wages, expensing, private account number, consumption of internal resources, insurance, taxes and deductions, tax declaration taxpayer, tax returns and documents, asset details employees

Business Profile:

VIP designation and similarly, intention to buy the car (when, what, financing), interest in test drive, solvency

Descriptive data:

Social status (student/employed/unemployed/no income), job function and experience, skills, education, qualifications, lifestyle, habits, leisure and travel, membership of e.g. charities or voluntary organisations organisations, information about the area where the data subject lives, information about housing, significant moments in the subjects' lives (moving house, obtaining a driving licence), health code insurance card, firearms licence (yes/no), left/right handed, number EHIC card number, preferred dealer, copy of proof of incapacity certificate, segmentation

Risk profiles:

cyber risk, AML risk, anti fraud risk, CFT risk, embargo risk, PEP, other security risk

Network identifiers:

Mac address, IP address, device fingerprint/Device Fingerprint, Cookies or similar technology Browser information

Technical product data:

VIN, license plate number, information on how the item is used (e.g. vehicle), vehicle ownership information, maintenance information / service visits, technical description of the item (e.g. colour vehicle)

Transaction details:

Bank account number, debit/credit card number, authorization/power of attorney, transaction date, transaction amount

Data on the course of study:

class, major, grades, student evaluation, experience

Details of family and other persons:

Marriage, civil partnership, marital status, number of children, household information, child's name and surname, date child's date of birth, information about another person (relationship and other relationships)

Internal control and investigation data:

internal investigation records, whistle blowing cases blowing, internal system logs, logs related to Internet usage/traffic, logs related to the use of e-mail services/traffic, logs related to usage telecommunication resources / traffic

Data on performance of work activity:

job position, cost centre, supervisor, working hours & public holidays, vacation, sick leave, maternity/parental leave, career breaks, attendance, events, calendar, home office, teleworking, information on travel and other changes to work relationship, daily schedule/timesheets, entrusted facilities, and other values, ICT assets, hours worked, training completed, access rights, work log book accidents, performance of work activities for a third party, received and donations made

Health data:

physical health, mental health, risk situations and risky behaviour, Disability, Disability/P, blood group, data on health care, sex life or sexual orientation

Data relating to criminal convictions and criminal or related security measures:

data relating to criminal convictions and criminal offences or related security measures

Camera footage:

CCTV footage

Input device records:

records from input devices

CVs, cover letters and selection records :

CV, motivation letter, records and results of selection of the procedures

12. Further information

Further information on data protection can be found at: [4]