This website uses cookies to ensure the best level of services, personalized advertising and visits analysis. You agree to cookies by using this website. More information


Statement on processing of personal data of customers of "WATER under control" service


Who is the personal data controller?

Company ČEVAK a.s., Company ID 60849657, having registered office at Severní 2264/8, 370 10 České Budějovice, registered in the Commercial Register maintained by the Regional Court in České Budějovice, Section B, Insert 657, is the controller of the personal data collected from customers of WATER UNDER CONTROL service.


Whose personal data are processed?

In this document, customers are understood as all natural person customers of WATER UNDER CONTROL service.

Where a legal person is a customer of WATER UNDER CONTROL service, the natural person acting and entering into a respective contract or amendment on behalf of such legal person is the personal data subject.


What personal data are processed by the controller?

The controller generally processes personal data of customers of WATER UNDER CONTROL service in the following scope:

  • name, surname,
  • residence, or forwarding address,
  • date of birth (or birth registration number),
  • telephone number,
  • email address,
  • address of the consumption site (or other location data - e.g. coordinates),
  • bank account number,
  • quantity of water consumed (in relation to the set-up unit of time,


The collector will not require any personal data exceeding the necessary scope.


What are the purposes of personal data processing?

The controller processes the personal data collected from its customers primarily for the purpose of execution of a Contract of Provision of WATER UNDER CONTROL service and the performance and changes thereof. For this purpose, personal data are processed in paper form (contracts) as well as in electronic form.



The controller uses its customers' personal data in order to perform its legal obligations to the extent these obligations are imposed on the controller by the law (e.g. cooperation with the Police of the Czech Republic).


Is the processing of personal data lawful?

The controller considers the processing of personal data for the purposes delineated above lawful and compliant with Regulation 2016/679 (GDPR), specifically under Art. 6(1)(b), (c) and (f).

The controller does not require consent of the personal data subject to the processing of personal data. Personal data are provided voluntarily. However, where personal data are not provided, a contract cannot be performed; accordingly, it is necessary to provide personal data.


Is the controller entitled to process personal data for other purposes than those specified above?

The controller is entitled to process personal data for other purposes as well, provided that such processing is compatible with the purposes for which personal data have been collected and where not excluded by the nature of personal data. Should this be the case, the controller is obliged to evaluate the lawfulness of such processing.


Are personal data transferred to other authorities?

The controller transfers personal data gained from its customers to public authorities only (e.g. the Tax Office, Courts, Police) or for compliance with other legal obligations.


The controller makes the customers' personal data accessible to third persons who administer the systems storing the data, but only for the exclusive purpose of the administration of such systems. As a rule, there are contracts in place with these persons and the controller; such contract at all times stipulates obligations of these persons in relation to personal data protection and security of personal data. These persons may not use personal data for other purposes.


Customers' personal data will not provided to any other persons by the controller without the customers' consent.


How long are personal data stored?

The controller processes the personal data collected during the performance of the given contractual obligation. Following the completion of a contractual obligation the controller stores personal data until the expiry of legal periods for exercising rights and claims that might relate to the contractual obligation concerned, but usually no more than ten years.


What rights does the personal data subject have?

Customers, as personal data subjects, have the following rights:

  1. to have access to personal data, consisting in the information whether their personal data are processed and to what extent,
  2. to have their personal data rectified,
  3. to have their personal data erased or to have personal data processing restricted,
  4. to lodge a complaint against processing of their personal data.


Customers have a right to contact a supervisory authority. The Office for Personal Data Protection is a supervisory authority.


The controller processes its customers' personal data also by automated means (transfers of readings).


How to contact the controller?

To exercise their rights, personal data subjects may contact the controller through the intermediation of the Data Protection Officer.

The Data Protection Officer is ENERGIE AG BOHEMIA s.r.o., Company ID 63908298, having registered office at Lazarská 11/6, 120 00 Prague 2, whereas the person authorized to represent the Data Protection Officer is Mgr. Barbora Veselá, email: .