Frequently Asked Questions
Frequently Asked Questions
I use the services of the Czech Post, which is governed by postal and commercial terms and conditions. Do I have to enter into special agreements with the Czech Post as a result of the adoption of the GDPR?
If we are obligated to provide you with services consisting of the delivery of a shipment, we are always in the position of controller of your personal data. This is because, once your shipment is handed over to us, it fully enters our sphere of influence, and we are therefore responsible for its delivery in accordance with the Postal Services Act No. 29/2000 Coll. With regard to other special services, the rules are different and we may be in the position of a processor. This is the case, for example, with the Hybrid Mail service, where we protect the data you provide, including personal data, in our capacity as a processor when processing personal data. Our interpretation corresponds to the qualified interpretation of the Office for Personal Data Protection, available here: https://www.uoou.cz.
Why is my date of birth and telephone number listed on the shipment I received? Why do you require this information on the Customer Card form? Doesn't this violate applicable legislation, specifically the newly adopted GDPR regulation?
The GDPR regulation does not change the legitimacy of stating the date of birth or telephone number on shipments when this information is provided to us by the sender of the shipment for the purpose of clearly identifying its recipient. Employees of Česká pošta who have access to this data for the purposes of performing their work tasks and responsibilities for the delivery of shipments are bound by postal secrecy (pursuant to Section 16 of Act No. 29/2000 Coll., on postal services). The requirement for the combination of your personal data in question is also included on the Customer Card form so that we can clearly identify you in accordance with the terms of service.
When a registered letter is delivered in a special envelope containing a delivery note, does the person authorized to accept deliveries on behalf of a legal entity have to fill in their first name, last name, and signature on the delivery note?
Yes, they must. Pursuant to Act No. 29/2000 Coll., on Postal Services and the Postal Terms and Conditions of Česká pošta, when sending a registered letter in a special envelope with a delivery note, the sender may request that the delivery note include, among other things, the following information: the first name, last name, and signature of the recipient confirming receipt of the postal item.
How should the delivery person (or the Czech Post) proceed if the addressee refuses to accept this type of postal item?
If the addressee refuses to accept this type of postal item (unless the envelope bears the words "Do not return, place in mailbox"), Česká pošta will return the item to the sender without delay. Česká pošta is obliged to indicate on the returned postal item the reason why it was not delivered.
If the postal item is accompanied by a notice of the legal consequences of accepting or refusing to accept the postal item, or a request to collect the stored postal item, or a notification that the postal item has been returned to the sender, and if possible, Česká pošta will deliver it to the addressee before returning the postal item.
When picking up a parcel, the employee at the Czech Post office counter asks for my ID and notes down my personal details. Is this in accordance with the GDPR?
When delivering shipments, Česká pošta primarily proceeds on the basis of Act No. 29/2000 Coll., on postal services, its implementing decree No. 464/2012 Coll., on the specification of individual basic services and basic quality requirements for their provision, and its postal conditions issued on the basis of these regulations under the supervision of the Czech Telecommunications Office. The obligation to verify the identity of the addressee of registered items arises from the meaning of this regulation, whereby Česká pošta is obliged to prove to whom the registered item was delivered. The relevant conditions for verifying identity at Czech Post branches when collecting items can be found in Article 23 of the Czech Post's "Postal Conditions - Basic Postal Services," available at every Czech Post branch and on the Czech Post website, in the Downloads section, Postal and Business Conditions.
According to its terms and conditions, Česká pošta also offers services for which you do not need to provide proof of identity, such as the "parcel pickup by code" service. You can find out more about this service at https://m.ceskaposta.cz/en/.
Is the Czech Post responsible for the loss, theft, or damage of shipments, as well as for the leakage of personal data? What is the appropriate amount of insurance for shipments containing a lot of personal data?
The controller is responsible for the protection of personal data. However, in relation to the data contained in the shipment, Česká pošta acts neither as a controller nor as a processor. Česká pošta does not offer shipment insurance services. Česká pošta's liability for damage caused during the provision of postal services is governed by Act No. 29/2000 Coll., on postal services, and by the postal terms and conditions, which can be downloaded at www.ceskaposta.cz, in the Downloads section, Postal and Business Terms and Conditions. If, in the event of damage to a shipment during these extraordinary events, the contents of the shipment become accessible to Česká pošta employees who handle the shipment during its transport, they are bound by postal secrecy in accordance with the aforementioned Act. The obligation to protect postal secrecy continues not only throughout the entire period of employment, but also after its termination.
When choosing a postal service, each sender must therefore carefully consider the subject matter or content of the postal item and the conditions of liability for damage applicable to the postal service in question. Therefore, choose a postal service at your own discretion – according to the nature of the possible damage resulting from the loss of shipments to the rights and freedoms of individuals. We would also like to refer you to the related statement from the Office for Personal Data Protection: https://www.uoou.cz
As part of my relationship with Czechia Post, is my personal data provided to third parties for marketing purposes, etc.?
We do not provide your personal data to third parties, but in some cases our business partners have access to it. A complete list of these partners is available on our website here: https://www.ceskaposta.cz/o-ceske-poste/obchodni-partneri/zasilkove-obchody-eshopy/zasilkove-obchody-a-eshopy. Personal data is transferred to these business partners for the purpose of processing personal data, exclusively for the purpose of fulfilling the terms and conditions of the relevant contract concluded with you (e.g. for the purpose of providing services). Česká pošta is entitled to contact its own customers with offers of services that customers can obtain at the post office. Česká pošta may entrust the processing of marketing offers to a second contracting party, a so-called personal data processor, to whom it may then transfer the personal data necessary for this purpose.
Does Česká pošta pass on my personal data to any third parties?
Česká pošta only transfers the personal data of its clients to recipients specified in the contract concluded between Česká pošta and the client (or on the website referred to in the contract) when the transfer of such data is necessary for the performance of the contract. The list of Česká pošta processors is also available at www.ceskaposta.cz. From the perspective of applicable legislation, Česká pošta is obliged to transfer personal data at the request of state authorities or authorities vested with special powers under specific legal regulations, such as the Police of the Czech Republic, supervisory authorities (the Supreme Audit Office, the Office for the Protection of Competition, the Czech Telecommunications Office, and others) and courts.
Where do we store certificates generated on PostSignum?
Issued certificates, as well as all personal data of our customers, are stored on the servers of Česká pošta (Czech Post), located in the Czech Republic.
Are there any alternatives to encrypting certificates in Microsoft Outlook?
Encryption can also be ensured, for example, by setting encryption using the security tools of the document being sent. Many Microsoft Office tools offer this option for sending documents in Word/PDF/Excel format. There are a number of options available, and we recommend consulting your IT administrator with regard to the specific requirements (attachment) you wish to secure.
How long do we retain our partner's customer data obtained from electronic submissions?
Client data relating to shipments is deleted from the ČP system after a total period of 36 months from the end of the service. This period is set for control purposes (state administration bodies – ČTÚ) and in accordance with Act No. 499/2004 Coll. on archiving and file management. Within this period, there is a standard complaint period of one year during which rights under the postal contract can be exercised, within the meaning of Section 7 of Act No. 29/2000 Coll. on postal services.
The client is dissatisfied that his call to our helpline is automatically recorded and claims that we are violating the GDPR. Are we actually violating any regulations?
The Czech Post call center hotline is set up in accordance with applicable personal data protection regulations. For the purpose of improving our services, we are authorized to record calls, which we inform customers of in advance, and we ask them to hang up if they do not agree to this.
The client is dissatisfied that it is often necessary to loudly disclose personal information to our employees at our branch counters, which, in his opinion, is in violation of the GDPR.
When providing postal services, it is necessary to provide the address and, where applicable, other identification details of the recipient of the shipment in order to deliver the postal item. When performing this activity in the case of customer communication at the counter of the establishment, we strive to ensure the privacy of our customers through the aforementioned discreet zones. The distance marked by the discreet zone should be observed primarily by the customers themselves.
How long do we retain the surveillance footage from our branches?
Česká pošta stores CCTV recordings for security purposes and for a period of time set in accordance with applicable laws and recommendations of the Office for Personal Data Protection. The retention period for recordings varies depending on the location of the CCTV systems according to traffic categories. The usual retention period for recordings is 7 days.
A customer called to ask whether a registered parcel had been delivered to the branch for him. An employee at the branch refused to answer his question, citing the GDPR. Was she right to do so?
According to the provisions of Section 16 of Act No. 29/2000 Coll. on postal services: "The operator, a person involved in the provision of postal services, and a person performing activities pursuant to Section 37 (hereinafter referred to as "the bearer of postal secrecy") are obliged to maintain confidentiality regarding facts relating to the postal service provided or to be provided, which they have learned in the course of their activities. They may use this knowledge only for the purposes of providing postal services or activities pursuant to Section 37; they may not allow any other person to become aware of it without authorization. A bearer of postal secrecy may disclose information about the postal service provided or to be provided to the sender, addressee, legal successor of the sender or addressee, representative of the sender or addressee, or other persons who, with the knowledge of the sender or addressee, act on their behalf."
Therefore, given the ambiguity of identifying the caller via telephone inquiry, Česká pošta does not provide information about shipments over the phone. This protects postal secrecy and personal data, which, without sufficient verification that can be carried out in person at the counter, could fall into the hands of unauthorized third parties.
When providing information by telephone regarding the tracking number provided by the caller, only information that does not reveal who the sender or recipient was may be disclosed to the caller. For example, it is possible to disclose whether the shipment is in transit and its current location. For these purposes, clients can also use a specialized application from the Czech Post called Track&Trace.
Why does my employer, Česká pošta, require me to wear a name tag with my name on it? Isn't this requirement in conflict with the GDPR?
The interest in a transparent and reliable approach towards customers of Česká pošta requires that employees acting on behalf of Česká pošta and under its responsibility inform customers in this form about such basic facts as who from our company they are dealing with by name. The requirement for employees to wear name tags is therefore a legitimate interest of Česká pošta, in accordance with the GDPR. Internal regulations specify the procedures for what the name tag should look like and how it should be worn, which applies in particular to employees serving behind the counters of Czech Post offices.
I work for the Czech Post as a mail carrier and found my first and last name on a notice posted on the official bulletin board (electronic or physical) of a judicial or administrative authority. Do I have the right to have my first and last name removed from this publicly accessible notice?
Yes, you do. The inappropriate practice of publishing the names of delivery personnel on communications from courts or administrative authorities was common in previous years. Thanks to the strengthening of personal data protection, inter alia by the GDPR, you have the right to request the relevant court or administrative authority to delete or remove your personal data (usually the name and surname of the delivery employee) from a publicly accessible document. This personal data exceeds the scope of data that must be published in the case of legally regulated delivery by public notice, which is posted on the official notice board of the court or administrative authority in accordance with administrative or court rules and is also accessible electronically.