Privacy Policy

Declaration on the processing of personal data


Personal data is collected on the CST Consulting sro website, both directly from the subject (you fill in the form) and automatically. Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or otherwise collected by the controller and processed in accordance with applicable law or to fulfill the controller’s legal obligations. .

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject. In accordance with Art. 6 par. 1 The GDPR may process the following data without the consent of the data subject:

  • the data subject has given his consent for one or more specific purposes,
  • processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken before the conclusion of the contract at the request of the data subject,
  • processing is necessary to fulfill the legal obligation applicable to the controller,
  • processing is necessary to protect the vital interests of the data subject or of another natural person,
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller,
  • processing is necessary for the purposes of the legitimate interests of the controller concerned or of a third party, except where those interests take precedence over the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

Unless explicitly stated, CST Consulting sro does not pass on the collected personal data to other recipients or administrators.

Below you will find a link to the authorized person in charge of personal data protection at CST Consulting sro, technical information on the processing and security of personal data, as well as an overview of the areas of personal data management and processing by CST Consulting sro, beyond the scope of this website.

Personal data obtained from the subject

You can find the contact form on the website It has several fields. By filling them out and sending the form, you will confirm your consent to the processing of personal data.

The contact form is used by entities that are interested in the services and offers of CST Consulting sro, or are interested in other information about our company.

Personal data:

  • name and surname
  • e-mail
  • phone

The consent of the subject is required to obtain this personal data.

The purpose of obtaining personal data is marketing, user support and establishing business relationships.

The business relationship occurs when sending the order or by filling out and sending the contact form. If there is no contractual relationship, personal data is processed as contact data. The data are stored in the internal databases of CST Consulting sro until you revoke your consent to the processing of data. You can express your consent by filling out and submitting the form.

For specific information on processing and a request for the exercise of additional rights, contact an authorized person, see below on this page.

Personal data obtained for legal reasons

CST Consulting sro keeps and processes personal data to fulfill the legal obligations of the administrator. This includes e.g. personnel, payroll and tax agenda.

Personal data obtained automatically

This information does not allow you to directly identify the person, but in most cases allows you to identify the computer from which the website was accessed. CST Consulting sro uses the information obtained in this way to evaluate the operation of the website and to optimize its activities.

The data automatically collected includes time identifiers, time spent on the site, IP addresses, operating system and browser information, and calculated geolocation information. This information does not allow you to directly identify the person, but in most cases allows you to identify the computer from which the website was accessed.

In some cases, a website stores data on a user’s computer, and can read and change that data when he or she visits again. This is the so-called cookies. Cookies can be basic (system) necessary for the operation of the website, but also third-party cookies.

Cookies are small “files” that are stored on your hard drive. This facilitates navigation and ensures a high level of user comfort of the website. Cookies can be used to determine whether you have already visited our website from your computer. Only cookies on your computer are identified.

More about cookies

Security of personal data

The company CST Consulting sro uses exclusively secure websites for data transmission, with HTTPS protocols. Data is stored on the cloud, not on local computers. Cloud services are provided by certified contractors.

Authorized person for personal data protection

According to the internal analysis (according to the guide of the WP29 working group), the company CST Consulting sro has no obligation to establish the function of Data Protection Officer (within the meaning of Article 37 of the Regulation…).
The managing director of Ing. Is responsible for all matters concerning the protection of personal data. Petr Lédl (Tel .: +420 602 250 984, e-mail:

Please agree to the PERSONAL DATA PROTECTION RULES on this website. Learn how this site handles PERSONAL DATA. You will learn, among other things, about cookies. You express your consent by filling in and sending the contact form.

Your rights in connection with the processing of personal data

In accordance with Art. 12 The GDPR informs the controller, at the request of the data subject, of the data subject of the right of access to personal data and of the following information:

  • the purpose of processing,
  • the category of personal data concerned,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed,
  • the planned period for which the personal data will be stored,
  • all available information on the source of the personal data, if not obtained from the data subject,
  • whether there is automated decision-making, including profiling.

Any data subject who discovers or suspects that the controller or processor is carrying out the processing of his personal data which is contrary to the protection of personal and personal life of the data subject or contrary to the law, in particular if the personal data are inaccurate with regard to the purpose their processing, may:

  • ask the administrator for an explanation,
  • require the administrator to remove the situation. In particular, it may be a matter of blocking, correcting, supplementing or deleting personal data,
  • if the data subject’s request pursuant to paragraph 1 is found to be justified, the controller shall immediately rectify the defective condition,
  • if the controller does not comply with the data subject’s request pursuant to paragraph 1, the data subject has the right to contact the supervisory authority, ie the Office for Personal Data Protection, directly,
  • the procedure referred to in paragraph 1 does not preclude the data subject from contacting the supervisory authority directly,
  • the controller shall have the right to demand an appropriate remuneration for the provision of information, not exceeding the costs necessary to provide the information.

You also have the right to lodge a complaint with the supervisory authority, which is the ÚOOÚ.

To whom can personal data be made available?

Personal data that we process as an administrator as well as a processor, we can make available only to co-workers and processors who perform administrative and technical support when running applications needed to run the site and supporting applications.

Other entities are allowed access only for the purpose of fulfilling legal obligations.

Personal Data Controller Statement

We declare that, as the administrator of personal data of our customers, we fulfill all legal obligations required by applicable legislation, in particular the Personal Data Protection Act, and therefore that:

  • we process the personal data of our customers only on the basis of consent or legal title,
  • we do not work with sensitive personal data, i.e. personal data indicating nationality, racial or ethnic origin, political attitudes, trade union membership, religion and philosophical beliefs, criminal convictions, health status and sexual life of the data subject, with the data subject’s genetic data and biometric data,
  • we meet information obligation against its customers under the Personal Data Protection Act.

Personal data controller


CST Consulting with. r. o. with its registered office at U Továren 14/256, 102 00, Prague 10, IČ: 03460886, DIČ: CZ03460886, entered in the Commercial Register kept by the Municipal Court in Prague in section C, insert 231904 ,, ( hereinafter referred to as “administrator”) You hereby in accordance with Art. 12 GDPR informs about the processing of your personal data and about your rights.

This statement is publicly available on the administrator’s website.