personal data processing statement

Personal Data Processing Statement in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the instruction of data subjects (hereinafter referred to as "GDPR").

  1. DataController registered office: Trnkova 3069/117L, 628 00 BRNO, ID: 26292351, hereby informs you in accordance with Art. 12 GDPR about the processing of your personal data and your rights.

  2. Scope of personel data processing

    Personal data are processed to the extent provided by the relevant data subject to the controller in connection with the conclusion of a contractual or other legal relationship with the controller, or data otherwise collected by the controller and processed in accordance with applicable laws or to fulfill the controller's statutory obligations.

  3. Sources of personal data

    • directly from data subjects (emails, phone, websites, contact form on the website, business cards, etc.)

    • publicly available registers, lists, and records (e.g., commercial register, trade license register, etc.)

  4. Caregories of personal data subject to processing

    • address and identification data for unique and unmistakable identification of the data subject (e.g., name, surname, title, possibly birth number, date of birth, permanent address, ID, Tax ID) and data enabling contact with the data subject (contact details - e.g., contact address, phone number, email address, and other similar information)

    • descriptive data (e.g., bank account details)

    • other data necessary for contract fulfillment

    • data provided beyond the relevant laws processed based on the data subject's consent (processing of photographs, use of personal data for personnel management purposes, sending commercial or informational messages, etc.)

  5. Categories od data subjects

    • controller's customer (including potential ones)

    • controller's employee

    • carrier

    • service provider

    • other persons in a contractual relationship with the controller

    • job applicant

  6. Categories of personal data recipients

    The controller does not intend to transfer personal data to a third country outside the EU. The controller has the right to entrust a processor, who has concluded a processing agreement with the controller and provides sufficient guarantees for the protection of your personal data. Otherwise, data subjects will be unequivocally informed about such transfers. Categories of recipients are:

    • financial institutions

    • public institutions

    • processor:

      External accounting company – ADMIO s.r.o., registered office Lidická 2030/20, 602 00 Brno, ID 27690318, registered at the Regional Court in Brno, section C, insert 52259

    • state and other bodies within the fulfillment of statutory obligations set by relevant legal regulations

  7. Purpose of personal data processing

    • purposes contained within the consent of the data subject

    • negotiation about a contractual relationship

    • contract fulfillment

    • protection of the rights of the controller, recipient, or other concerned persons

    • archiving conducted based on the law

    • recruitment processes for job positions advertised

    • fulfillment of statutory obligations on the part of the controller

    • protection of vital interests of the data subject

    • sending business messages or other information in the case of the controller's legitimate interests

  8. Method of processing and protection of personal data

    Processing of personal data is performed by the controller. Processing is carried out in its operations, branches, and the controller's headquarters by individual authorized employees of the controller or possibly the processor. Processing is carried out in compliance with all security principles for the management and processing of personal data. For this purpose, the controller has adopted technical, organizational, and legal measures to ensure the protection of personal data, especially measures against unauthorized or accidental access to personal data, their alteration, destruction, or loss, unauthorized transfers, unauthorized processing, as well as other misuse of personal data. All entities that may have access to personal data respect the right of data subjects to privacy and freedom and are obliged to proceed according to applicable legal regulations concerning personal data protection.

  9. Duration of personal data processing

    In accordance with the deadlines stated in the relevant contracts and consents, deadlines prescribed for handling in the case of legitimate interests of the controller or a third party, in relevant legal regulations, it concerns the time necessary to ensure the rights and obligations arising both from the contractual relationship and from the relevant legal regulations.

  10. Guidance

    The controller processes data with the consent of the data subject except in legally established cases where the processing of personal data does not require the consent of the data subject, i.e., when there is another legal basis for the processing. In accordance with Art. 6 Para. 1 of the GDPR, the controller can process this data without the data subject's consent if:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,

    • the processing is necessary for compliance with a legal obligation to which the controller is subject,

    • the processing is necessary to protect the vital interests of the data subject or of another natural person,

    • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,

    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  11. Rights of the Data Subjects

    1. In accordance with Art. 12 of the GDPR, the controller informs the data subject, upon request, about the right to access personal data and the following information:

      • the purpose of the processing,

      • the categories of personal data concerned,

      • the recipients or categories of recipients to whom the personal data have been or will be disclosed,

      • the envisaged period for which the personal data will be stored,

      • all available information on the source of the data if not obtained from the data subject,

      • the fact of automated decision-making, including profiling.

      • The controller has the right to charge a reasonable fee for providing the information, not exceeding the necessary costs of providing the information, for the second and each subsequent copy associated with the administrative costs.

    2. Any data subject who discovers or believes that the controller or processor is processing their personal data in violation of their private and personal life or in contradiction with the law, especially if the personal data is inaccurate concerning the purpose of their processing, can:

      • ask the controller for an explanation

      • request the controller to rectify such a situation; this can especially relate to blocking, making corrections, completing, or deleting personal data

      • if the data subject's request, as per Paragraph A, is found justified, the controller will immediately rectify the situation

      • if the controller does not comply with the data subject's request as per Paragraph A, the data subject has the right to turn directly to the supervisory authority, i.e., the Personal Data Protection Office

      • the procedure according to Paragraph A does not prevent the data subject from turning to the supervisory authority directly

    3. The data subject has the right to revoke consent for the processing of personal data previously given to the controller of personal data.

    4. The rights of the data subjects are thus: to assert the right to correction, to deletion, to be forgotten, to restrict processing. Furthermore, the right to data portability, if technically or organizationally feasible.

This declaration is publicly available on the controller's website.