personal data processing statement
Personal Data Processing Statement in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the instruction of data subjects (hereinafter referred to as "GDPR").
DataController registered office: Trnkova 3069/117L, 628 00 BRNO, ID: 26292351, hereby informs you in accordance with Art. 12 GDPR about the processing of your personal data and your rights.
Scope of personel data processing
Personal data are processed to the extent provided by the relevant data subject to the controller in connection with the conclusion of a contractual or other legal relationship with the controller, or data otherwise collected by the controller and processed in accordance with applicable laws or to fulfill the controller's statutory obligations.
Sources of personal data
directly from data subjects (emails, phone, websites, contact form on the website, business cards, etc.)
publicly available registers, lists, and records (e.g., commercial register, trade license register, etc.)
Caregories of personal data subject to processing
address and identification data for unique and unmistakable identification of the data subject (e.g., name, surname, title, possibly birth number, date of birth, permanent address, ID, Tax ID) and data enabling contact with the data subject (contact details - e.g., contact address, phone number, email address, and other similar information)
descriptive data (e.g., bank account details)
other data necessary for contract fulfillment
data provided beyond the relevant laws processed based on the data subject's consent (processing of photographs, use of personal data for personnel management purposes, sending commercial or informational messages, etc.)
Categories od data subjects
controller's customer (including potential ones)
other persons in a contractual relationship with the controller
Categories of personal data recipients
The controller does not intend to transfer personal data to a third country outside the EU. The controller has the right to entrust a processor, who has concluded a processing agreement with the controller and provides sufficient guarantees for the protection of your personal data. Otherwise, data subjects will be unequivocally informed about such transfers. Categories of recipients are:
External accounting company – ADMIO s.r.o., registered office Lidická 2030/20, 602 00 Brno, ID 27690318, registered at the Regional Court in Brno, section C, insert 52259
state and other bodies within the fulfillment of statutory obligations set by relevant legal regulations
Purpose of personal data processing
purposes contained within the consent of the data subject
negotiation about a contractual relationship
protection of the rights of the controller, recipient, or other concerned persons
archiving conducted based on the law
recruitment processes for job positions advertised
fulfillment of statutory obligations on the part of the controller
protection of vital interests of the data subject
sending business messages or other information in the case of the controller's legitimate interests
Method of processing and protection of personal data
Processing of personal data is performed by the controller. Processing is carried out in its operations, branches, and the controller's headquarters by individual authorized employees of the controller or possibly the processor. Processing is carried out in compliance with all security principles for the management and processing of personal data. For this purpose, the controller has adopted technical, organizational, and legal measures to ensure the protection of personal data, especially measures against unauthorized or accidental access to personal data, their alteration, destruction, or loss, unauthorized transfers, unauthorized processing, as well as other misuse of personal data. All entities that may have access to personal data respect the right of data subjects to privacy and freedom and are obliged to proceed according to applicable legal regulations concerning personal data protection.
Duration of personal data processing
In accordance with the deadlines stated in the relevant contracts and consents, deadlines prescribed for handling in the case of legitimate interests of the controller or a third party, in relevant legal regulations, it concerns the time necessary to ensure the rights and obligations arising both from the contractual relationship and from the relevant legal regulations.
The controller processes data with the consent of the data subject except in legally established cases where the processing of personal data does not require the consent of the data subject, i.e., when there is another legal basis for the processing. In accordance with Art. 6 Para. 1 of the GDPR, the controller can process this data without the data subject's consent if:
the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
the processing is necessary for compliance with a legal obligation to which the controller is subject,
the processing is necessary to protect the vital interests of the data subject or of another natural person,
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Rights of the Data Subjects
In accordance with Art. 12 of the GDPR, the controller informs the data subject, upon request, about the right to access personal data and the following information:
the purpose of the processing,
the categories of personal data concerned,
the recipients or categories of recipients to whom the personal data have been or will be disclosed,
the envisaged period for which the personal data will be stored,
all available information on the source of the data if not obtained from the data subject,
the fact of automated decision-making, including profiling.
The controller has the right to charge a reasonable fee for providing the information, not exceeding the necessary costs of providing the information, for the second and each subsequent copy associated with the administrative costs.
Any data subject who discovers or believes that the controller or processor is processing their personal data in violation of their private and personal life or in contradiction with the law, especially if the personal data is inaccurate concerning the purpose of their processing, can:
ask the controller for an explanation
request the controller to rectify such a situation; this can especially relate to blocking, making corrections, completing, or deleting personal data
if the data subject's request, as per Paragraph A, is found justified, the controller will immediately rectify the situation
if the controller does not comply with the data subject's request as per Paragraph A, the data subject has the right to turn directly to the supervisory authority, i.e., the Personal Data Protection Office
the procedure according to Paragraph A does not prevent the data subject from turning to the supervisory authority directly
The data subject has the right to revoke consent for the processing of personal data previously given to the controller of personal data.
The rights of the data subjects are thus: to assert the right to correction, to deletion, to be forgotten, to restrict processing. Furthermore, the right to data portability, if technically or organizationally feasible.
This declaration is publicly available on the controller's website.