Skip to main content

Privacy Policy

  1. Personal data protection is implemented in accordance with applicable legal regulations. All personal data are registered by the CEDA Maps a.s., registered in the Registry of the Municipal Court in Prague, Section B, Insert 7038 (hereinafter referred to as CEDA), with the registered office: Jihlavská 1558/21, Praha 4, 140 00, collected, processed and stored in accordance with Act No. 101/2000 Coll. on the Protection of Personal Data as amended and the Electronic Communications Act No. 127/2005 Coll. as well as May 2018, according to the European Parliament and Council Regulation (EU) 2016/679, the so-called General Data Protection Regulation ("GDPR").
  2. If you request the deletion of your details, we will do so without delay, within 1 month of receipt of your request, please send to our address CEDA (Jihlavská 1558/21, Prague 4, 140 00) or email Please note that deletion of your data may only be made if the data are not otherwise legitimate.
  3. Collecting data:
    1. Personal information of customers who intend to enter into a contractual relationship with CEDA or who are interested in information about the services and products provided:
      1. personal data - name, business name, position, permanent address / address / postal address, telephone number, e-mail, ID, VAT number, in case of payment addition the bank account number;
      2. how to obtain a personal data - directly from the subject, from publicly available registers;
      3. purpose - contact information usable for user support and provision of services and products (eg updates), offer of related services and products offered by CEDA, eventually the emergence of a future contractual relationship;
      4. processing information - Personal data is processed pursuant to Article 6 1.and GDPR as it was provided on the basis of the entity's interest in the purchase of CEDA by the services or products offered (purchase contract / works contract / service contract, etc.). The data can be updated and updated from publicly available sources (registers, data on the subject's website, etc.) according to Article 9.e GDPR.
    2. Data about places of interest recorded in the navigation database - it is exclusively about data on the premises of business entities, including entrepreneurial individuals.
      1. personal details - business name, business name, business address, telephone number, e-mail;
      2. the method of obtaining a personal data - directly from the subject; from publicly available registers and databases; from the data on the premises; from the websites operated by the entity;
      3. purpose - publishing geospatial databases for end-user search in targeted applications (navigation applications, web and mobile applications for track or route search, etc.);
      4. processing information - personal data are processed pursuant to Article 6 1.and GDPR as they were provided on the basis of the interest of the subject for inclusion in the navigation database or under Article 9e of the GDPR as it is data published by the data subject in public registers, sites or at their premises.
  4. Personal data obtained automatically:
    1. Web sites automatically process and store the site visit data. Automatic data is collected by own web server logs and through Google Analytics. Automatically collected data includes time identifiers, time spent on a page, IP addresses, operating system and browser information, calculated geolocation information. These data do not allow you to identify the person directly, but in most cases allow you to identify the computer from which the site was accessed. CEDA uses this information to evaluate site traffic and optimize the site;
    2. Data for Ad Systems - We do not use any method of data aggregation intended for advertising systems, either for our own purposes or for purposes of third parties;
    3. Saving data to the user's computer. In some cases, the webpage saves data on a user's computer, and can read and modify (cookies) when re-visited.

  5. Personal Data Security - We use only secure connections with HTTPS, SSH, SFTP / FTPS for data transfer. Data is stored in a secure database and in the cloud. Cloud services are provided by certified contractors (Google). Access to administration is properly secured by internal security policy.
  6. The administrator is responsible for complying with the obligations of the General Regulation. It is absolutely essential to adhere to the processing principles, the adherence of which must be documented by the trustee. The essential prerequisite for this is the existence of a proper legal basis for the processing of personal data which the controller must have in order to process personal data at all. At the same time, personal information must be secured. However, the fulfillment of other obligations laid down in the General Regulation must also be a matter of course. Each trustee should verify the extent to which the general regulation will come into effect, in particular as regards new obligations based on risk-based approach (eg the appointment of a trustee, the assessment of the impact on the protection of personal data).
  7. Processors process personal data according to the instructions and needs of administrators. These include webmaster, web hosting provider, accountant, tax advisor and auditor. There is a contractual relationship between the processor and the trustee.
  8. By internal analysis, we do not have a duty to appoint a Personal Data Protection Officer (within the meaning of Article 37 GDPR). The statutory body of CEDA is responsible for all matters concerning the protection of personal data.
  9. The administrator will process your personal data for 10 years unless such consent to the processing of your personal data is revoked. However, this is without prejudice to the processing of personal data to the extent necessary to fulfill the obligations arising from generally binding legal regulations.
  10. Administrator and, if applicable, third parties - processors and third parties listed above who provide appropriate warranties and whose processing complies with the requirements of applicable law and which ensures the proper protection of your rights.
  11. With regard to the protection of personal data, the data subject shall:
    1. the right to withdraw your consent at any time;
    2. the right to correct or supplement personal data;
    3. the right to request processing restrictions;
    4. the right to object or complaint against processing in certain cases;
    5. the right to request the transfer of data;
    6. the right of access to personal data;
    7. the right to be informed about a personal data breach in specific cases;
    8. the right to delete personal data (the right to be "forgotten") in certain cases;
    9. other rights set forth in the Personal Data Protection Act and after entry into force in the GDPR;
    10. the right to lodge an application for data portability.
  12. If you want to request the transfer of your data, to object, to withdraw consent, to file a personal data removal request (right to be forgotten) or to completely delete your data from our databases, please contact us on the above mentioned contacts.



Prague, 1 April 2019
CEDA Maps a.s.