We protect your data. We consider our client’s privacy and the protection of their personal data as a primary obligation.
We handle personal data solely in compliance with valid legislation. In this document, we introduce the principles that clarify what we do to ensure the confidentiality and security of the personal data that is processed and provide information on the rights relating to personal data processing. This document is aimed at providing information on the personal data we collect, how we handle such data, the sources from which we obtain such data and for what purposes we use them, to whom we are allowed to provide such data and where you can obtain information on the personal data we process.
POWER EXCHANGE CENTRAL EUROPE, a. s., ID No.: 27865444 (hereinafter the “PXE”), is the controller of the personal data that you provided to the PXE or your personal data that the PXE obtained (see the chapter Source of Personal Data below) to fulfil one or several purposes. The PXE collects and handles the data and is liable for their due and legal processing. You can exercise your rights with the controller in the manner specified below.
You can contact the controller or its data protection officer with queries concerning personal data processing; the contact data of the administrator and the data protection officer is available in the Contacts tab.
Basic Principles of Personal Data Processing
We follow, in particular, the following principles when processing personal data:
- when processing personal data, we fulfil all obligations imposed by legal regulations;
- when processing personal data, we act fairly and transparently and exert our best efforts to restrict the purposes and extent of personal data processing to the necessary minimum;
- we exert our best efforts to ensure that the data subject’s rights and freedoms are not infringed and that the data subject is protected against unauthorised interference with its private and personal life;
- we provide information on the processing of personal data before the commencement of a contractual relationship or the provision of a service by our company;
- we have implemented an information security management system pursuant to the ČSN ISO/IEC series 27000 standard (“Information Technologies – Security Techniques – Information Security Management Systems”).
Scope of Personal Data Processing
We only process such data that helps us provide you with professional services and comfortable assistance and enables us to fulfil our legal obligations and contractual undertakings and to protect our legitimate interests.
Our main purpose is to provide you with professional services and convenient assistance while complying with our legal obligations and protecting our legitimate interests. Below you will find a list of purposes for which we process your data, as well as a description of specific data processed for the given purpose.
We process your personal data to the following extent and for the following purposes:
Personal Data Category
Purpose of Processing
fulfilment of contracts (participation in PARC, PARC4u, PriceIndex), fulfilment of legal obligations (billing, tax purposes, identification of beneficial owners), legitimate interest (contact persons for administrative purposes, submission of offers relevant to previously signed contracts)
fulfilment of contracts (supply of services), fulfilment of legal obligations (billing, tax purposes), legitimate interest (contact persons for administrative purposes)
fulfilment of legal obligations (duty to include a list of arbitrators and exchange members in the annual report)
fulfilment of legal obligations (obligation to secure data), legitimate interest (obligation to identify the acting person)
fulfilment of legal obligations (obligation to secure data), legitimate interest (optimising the availability of services)
legitimate interest (resolution of complaints and disputes, protection and enforcement of rights, administration and recovery of debts)
consent (business offers that are not directly relevant to previously signed contracts)
legitimate interest (selection of suitable candidates for job positions)
legitimate interest (ensuring the security of the premises and protecting property)
consent (recordings of podcasts, webinars and other online events)
legitimate interest (website operation)
Purposes and Duration of Personal Data Processing
We process your personal data to the necessary extent for the relevant legal purpose.
The purposes of processing include the following categories:
without the data subject’s consent:
- Fulfilment of obligations arising from legal regulations – the processing of personal data is necessary for this purpose since it is stipulated by law or another generally binding legal regulation (e.g., fulfilment of the obligation to act cautiously, fulfilment of the obligations relating to the enforcement of decisions, fulfilment of archiving duties); these are mainly the following regulations:
- Act No. 563/1991 Sb., on Accounting;
- Act No. 235/2004 Sb., on Value Added Tax;
- Act No. 229/1992 Sb., on Commodity Exchanges,
- Act No. 134/2016 Coll. on public procurement,
- Agreement No. 72/2014, Collection of International Agreements, between the Czech Republic and the United States of America on Improvement of Compliance with Tax Regulations in an International Scope;
- Commission Implementing Decision (EU) No. 2016/1250, on the Adequacy of the Protection Provided by the EU-U.S. Privacy Shield.
The PXE processes personal data for such purposes for the necessary period while taking into account requirements for legally defined archiving periods of data retention.
- Performance of contractual relationship – personal data processing is necessary for the due fulfilment of the rights and obligations arising for the controller from contractual relationships. The controller processes personal data for this purpose throughout the contractual relationship.
- Controller’s legitimate interest – processing personal data is necessary for this purpose (e.g. physical protection of the controller’s premises, dispute resolution and protection and enforcement of the controller’s rights, management and collection of receivables, analysis and evaluation of potential risks, software testing) within the same scope as for the implementation of the contractual relationship. The controller processes personal data for this purpose throughout the contractual relationship and until the expiry of limitation periods arising from the performance of rights and obligations under the given contractual relationship. In its legitimate interest, the controller processes data on persons entering the controller’s premises for the purpose of their identification and registration, as well as while monitoring designated areas of the premises with camera systems, with or without recording, for the time necessary to protect the controller’s interests. The controller also processes data on job applicants for the purposes of assessing their suitability and comparing their CVs for the duration of the selection procedure.
with the data subject's consent:
- for other purposes (such as for marketing purposes, etc.).
The data that you provide to us with your consent is provided voluntarily. If the data is processed with your consent, such consent is granted for the time stated in the consent.
In most cases, the data is processed for several legal reasons which may be in effect concurrently or follow each other.
Source of Personal Data
Depending on the situation, we process data that we received from the trading participants or other entities with which we have concluded an agreement, data obtained while concluding an agreement, data from publicly available sources and registers, lists and records (such as the Commercial Register) and data from third parties, if a special regulation so stipulates.
- Data from you or your representatives – data you provide to us or that is provided to us, e.g., as part of your inquiry about the supply of energy and/or while implementing a contractual relationship.
- Data as a result of participation in the commodity market and using exchange or non-exchange services – data which is automatically recorded by the exchange or another trading system and devices during the execution of transactions, such as placing inquiries or acceptance of offers via the PARC and PARC4u apps.
- Data from publicly available sources – mainly the insolvency register, bankruptcy register, central enforcement register, registers of invalid or stolen documents, register of economically affiliated groups, trade register, commercial register, list of qualified suppliers, register of beneficial owners, and others.
- Data from the Internet – mainly IP address, cookies, identification of devices from which you connect, browser information, etc. while visiting our website or connecting to the exchange systems.
- Data from our web forms – mainly data you provide to use in connection with using our services.
Method used for Personal Data Processing
The PXE processes personal data by automated means and manually.
Disclosing Personal Data to Third Parties
We primarily process personal data within our company. We only share the data with third parties with your consent or if it is required by the nature of the business relationship (for example, when we share your data with the suppliers of energy within the trading system). Where it is necessary to achieve any of the above-mentioned purposes, in particular, if the relevant external entity has attained the necessary professional and expert level in the relevant area, your data may be processed by cooperating contractors.
- The PXE shares the personal data of persons buying energy with suppliers who are the participants of a market operated by the PXE. The list of suppliers is available from https://www.pxeaukce.cz/#dodavatele and https://parc4u.cz/faq/supplier. Personal data may also be made available to trading officers who support the energy auction system if necessary.
- The PXE shares personal data with persons who require access to such personal data on the basis of legal regulations – these may, for example, include state administration bodies, courts, law enforcement authorities and financial authorities. We may share your data with various national and international authorities, but always in compliance with applicable legal regulations.
- The PXE processes personal data through its own employees as the personal data controller or through its suppliers. The PXE shall ensure technical, organisational and personnel measures that lead to a high level of protection and personal data security. If we commission another person to perform certain activities constituting a part of our services, the service provider may have access to the relevant personal data. The service provider is entitled to handle data solely for the purposes and to the extent to which it is contractually authorised to do so by the PXE. In such an event, your consent to the performance of the activities is not required since such processing is allowed directly by law. Where we use cloud storage sites, a high level of data security is ensured. Suppliers include, in particular, the following:
- external IT service providers,
- providers of cloud storage services,
- entities collecting our claims,
- companies and persons providing legal services,
- companies providing data and document archives,
- providers of printing and postal services,
- reception and security service providers.
- We may also share your personal data with the Prague Stock Exchange (supplier of IT systems) and the affiliated members of our holding group, EEX (European Energy Exchange AG and Powernext SAS) in Germany, if the conditions stipulated by legal regulations are fulfilled.
- When meeting the conditions set by law, we may transfer your personal data to recipients and processors in third countries (fulfilment of obligations in the field of international tax cooperation, placement of recordings of podcasts, webinars and other online events on social networks). Even in these cases, the same protection of your data as the BCPP is guaranteed by contract and regulation.
Data Subject’s Rights
We process your data transparently, fairly, correctly and in accordance with the law. You have the right to access your data and a right to explanation, as well as other rights if you believe that the processing is not correct. You may also submit a complaint to the Office for Personal Data Protection. You can exercise your rights in the relevant company from our group with which you have a relationship.
You can contact the controller or its data protection officer with queries concerning the processing of personal data; the contact data of the administrator and the data protection officer is available in the Contacts tab. You can also contact the controller in writing at its address, which is also listed in the Contacts tab.
Right of access to personal data and right to be informed – you are entitled to access your personal data, in particular, the information on the processing of your personal data However, the relevant rights of third parties must not be affected. For repeated requests, we may request reasonable compensation for providing the information, which must not exceed the costs necessary for the provision of the information.
Right to personal data correction – if your personal data is incorrect or inaccurate, you may request the correction of such data. It is possible to request the completion of incomplete data, taking into account the purposes for which the data is processed.
Right to removal – you are entitled to have your personal data removed if our processing is unauthorised or if your consent to its processing has been revoked.
Right to raise an objection – should the controller breach its obligations concerning the collecting or processing of personal data, you are entitled to request that the controller provides an explanation of such conduct, refrains from such conduct or remedies the relevant situation.
Right to file a complaint with the supervisory authority – you are entitled to file a complaint with the supervisory authority (Office for Personal Data Protection, https://www.uoou.cz/en/) if you believe that the processing of your personal data violated its protection.
Other rights – you have the right to restrict the processing and the right to data transferability under the conditions laid down by law.
Here are some practical tips:
You don’t wish to, or cannot, provide us with your personal data. – You can refuse to provide us with the personal data we request. However, if the provision of such data is mandatory according to the law, we cannot provide you with the related service.
Do you wish to revoke your consent? – You may withdraw your consent at any time in those cases where we have requested your consent to carry out the data processing. Revoking your consent is without prejudice to the processing of your data for the period for which your consent has been validly given or to the processing of your data for other legal reasons, where applicable (e.g. compliance with legal obligations or for the purposes of our legitimate interests).
Do you wish to restrict marketing?
If you granted us your consent for marketing or if you receive newsletters from us for any other rightful reasons, you may revoke your consent at any time or you may unsubscribe from our newsletters in the following manner:
- the possibility of cancelling the newsletters is incorporated directly in our newsletters;
- if you no longer wish us to call you, please inform us during a telephone conversation;
- you can inform us at our registered office or in writing that you no longer wish to receive our newsletters.
If you wish to restrict or revoke your consent to data processing for marketing purposes, please fill out this document and send it to us at info(a)pxe.cz. You may also change the settings of your consent at some of our electronic gateways.
Visitors to our website may revoke their consent to the processing of cookies in the manner stated below.
What are cookies and why do we use them?
A cookie is information that is stored on your device as a small data file whenever you visit a website. Each time you visit the same server, the browser sends such data back to the server. They are used by most websites. Cookies are commonly used to differentiate individual users and help to remember their activities and preferences for a certain period of time so they do not have to re-enter them when they return to the site or go from page to page, thus making web browsing easier and more enjoyable. Information from cookies can also be used for targeted advertising and statistical evaluation of visitor behaviour. Cookies can never be used by third parties to identify visitors. Further information on this topic is available at https://www.aboutcookies.org.
Users may opt into or out of the cookies. This may be changed at any time and can be done directly via your browser settings. Further information is provided below.
What types of cookies are used on the website?
Our website collects cookies from our website and cookies from external services.
who can access the information
3 days / 6 months (according to the consent granted)
cookies from our website
saves the settings for "Cookie consent" in our cookie bar
These cookies are functional cookies, i.e. if you block their use in the browser settings, the functionality of the website may deteriorate significantly.
Description and link to the provider’s detailed information
Website traffic analysis. A website analysis tool from Google which stores cookies in your browser in order to make a report on the behaviour of the users of the site. The IP addresses of website visitors are anonymised, i.e. these cookies detect how you interacted with our website – as an anonymous user.
Measuring the effectiveness and implementation of online marketing campaigns (advertising). The tool helps to view personalised advertising based on users’ behaviour on the website.
Displaying content from the Facebook server and evaluating the viewing of such content by visitors to the website.
Displaying content from the LinkedIn server and evaluating the viewing of such content by visitors to the website.
Displaying short messages from the Twitter server and from the PXE’s Twitter account and evaluating the viewing of such content by visitors to the website.
Displaying videos from the YouTube server and evaluating the viewing of such content by visitors to the website.
Can I influence the processing of cookies?
You can delete or block cookies from your computer at any time. Further information is available at https://www.aboutcookies.org.
You can delete cookies in your browser, usually in the search history settings or the history of pages visited. However, keep in mind that it can also mean that you will lose some of the stored information (e.g. saved login passwords, personalisation of some websites, etc.).
Management of Cookies from Specific Websites
If you want to perform a more detailed check on cookies from specific websites, use the privacy and cookies settings in your browser.
Browsers can be set to prevent the use of any cookies on your device. However, you may need to adjust some preferences on some websites manually each time you visit.
Google Analytics Opt-out
You can prevent Google Analytics from storing cookies by installing the Google Analytics Opt-out browser extension (https://tools.google.com/dlpage/gaoptout).
How can you check or change cookie settings in different browsers?
Here you will find information for settings in specific browsers:
Instructions for a given browser