Memorandum on Personal Data Protection
Dear customers and business partners,
this document contains basic information about how we process your personal information. We appreciate the fact that you share your personal data with us and we are committed to protect your data as much as possible. We also strive to be as transparent as much as possible, especially regarding the methods how we process your personal data.I
In view of the new European Union legislation, this memorandum was prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and the Council on 27 April 2016 on the protection of individuals with regard to personal data processing and on free movement of data along with the termination of the Directive No. 95/46 / EC (GDPR).
1.Who are you giving your consent to?
We give your personal information to a data administrator) SAFINA, a. s., registered office: Vídeňská 104, 252 50 Vestec, Company ID: 032 14 257, registered at the Municipal Court in Prague, file number B20972
2. For what purpose do we need your personal information?
We process your personal data to:
- conclude and fulfil a contract between you and us and to fulfil legal obligations arising from such contractual relationship;
- protect our legitimate interests which include proper fulfilment of all our contractual obligations we hold towards you, to properly fulfil all our legal obligations, for direct marketing, to protect our business activities and assets, and last but not least, to protect the environment and to ensure sustainable development. In order to ensure maximum protection of your privacy you have the right to demand that your personal data are processed only for the most crucial legal reasons, or that your personal data are blocked. For more details on your rights relating to the processing of your personal data, please refer to Article 9 of this memorandum.
3. How did we collect your personal data?
We collect personal information directly from you, in particular from completed forms, mutual communication, from contacts shared at fairs and other similar events or from concluded contracts. In addition, personal data may also come from publicly available sources, registers and records such as business or trades register, registry of debtors and professional registers, for example, the Land Registry. However, we will process your personal data only to exercise our legitimate interests or to fulfil legal obligations. In addition, we might have been able to obtain your personal information from third parties which have been authorised to access and process your personal information, but only within the extent and purpose the third party was authorised to do so.
4. What personal data categories are processed?
In order to ensure your satisfaction in terms of proper fulfilment of the given obligation, to ensure fulfilment of legal obligations, to ensure provision of personalised offers for goods and services of the administrator and for the other purposes mentioned above, we process the following categories of personal data:
- basic identification data – name, surname, permanent address, date of birth and identification number;
- contact details – phone number and e-mail address;
- information describing the use of our products and services – information about what products you have ordered and what you are currently using, including exact specification of products, etc.;
- information obtained from mutual communications – information from emails, telephone call records or other contact forms;
- billing and transaction data – in particular, information appearing on invoices, information about negotiated billing terms and received payments;
- information from camera systems located in our company’s headquarters.
5. What is the legal basis for personal data processing?
The legality of data processing is governed by Article 6 (1) of the GDPR, according to which processing is legal if such processing is necessary for the fulfilment of a contract, or to fulfil statutory duty of the administrator or to protect legitimate interests of the administrator.
Further, the legality of processing is also based for example, on the Act No. 563/1991 Coll., the Accounting Act, according to which billing data are processed and stored, and on the Act No. 89/2012 Coll., of the Civil Code, according to which the administrator defends his legitimate interests and finally, based on the Act No. 235/2004 Coll., on value added tax.
6. Will we pass your personal data to someone else?
Based on the applicable legislature we are required to pass data within the specified extent to state authorities, such as tax administrators, courts, or to law enforcement agencies. In addition, personal data are passed on to computer system administrators, camera system administrators, and to employment agencies. A list of these data processors is available on the request at firstname.lastname@example.org .
7. Will we transfer personal data to a third country or to an international organisation?
We will rarely provide personal data to other member states of the European Economic Area, but it will always be done within our ownership structure. In any case, we will do so while maintaining all necessary security measures. We shall require the same from the relevant data processors and shall comply with all international agreements, decisions of the European Union, all the current conditions for such data transfers which need to be observed and which are available at the website of the Czech Office for Personal Data Protection
8. How long will we store your personal data?
Personal data will be processed and stored for at least the duration of the contract. Some personal data needed for example for tax and invoicing obligations will be stored longer, usually for 5 years starting from the year following the occurrence of the stored event, but in any case only for the statutory time limit specified by the given law.
We shall store recordings from CCTV systems for 14 days. Then they are overwritten with new recordings.
Upon expiry of the aforementioned times, personal data will be safely and irreversibly destroyed to prevent misuse.
9. What are your rights in relation to data processing and how you may exercise them?
We do our best to process your data properly and safely. You are guaranteed the rights described in this article and you may claim these rights at our company.
How can you claim your rights?
Individual rights may be claimed by sending an email message to email@example.com or by calling +420 241 024 111. You may also claim your rights by writing to our mailing address: Safina, a.s., Vídeňská 104, Vestec, 252 50
We will give you all statements and communication related to your rights free of charge. However, if your request is clearly unreasonable or disproportionate, in particular if you keep repeating your request, we are entitled to charge a reasonable fee which takes into account the administrative costs involved in providing the requested information. In case of a repeated requests for copies of processed personal data, we reserve the right to charge a reasonable administrative fee.
We shall provide you with statements or information about accepted measures as soon as possible, but no later than within one month. If necessary, we are entitled to extend this deadline by two months based on the complexity and the number of requests. We shall inform you about such extension, and provide you with the reasons for doing so.
Right to receive information about the processing method of your personal information
You are entitled to request information from us whether your personal data are processed or not. If your personal data are processed you are entitled to inquire about the processing purposes, the categories of personal data concerned, about the recipients or about the categories of recipients who receive your personal data, you may inquire information about authorised data administrators, or ask for the list of your rights or about your options to contact the Office for Personal Data Protection, about the source of the processed personal data and about issues related to automated decision making and profiling.
Information provided to you under this right is already contained in this memorandum, but that does not prevent you from asking for this information again.
Right to access your personal data
You are entitled to ask whether your personal data are processed or not and, if so, you shall have an access to the information about the processing purposes, personal data categories, recipients or categories of recipients, the duration of personal data storage, information about your rights (the right to request the administrator to correct or delete your data, to limit processing, or to object to data processing), about the right to file a complaint at the Office for Personal Data Protection, inquire information about the source of personal data, information regarding automated decision making and profiling and information on the used procedures as well as about the significance and implications the relevant processing may bring to you, and about guarantees if your personal data are transferred to a third country or to an international organisation. You have the right to request copies of the processed personal data. However, the right to obtain such copies may not adversely affect the rights and freedoms of others.
Right to demand corrections
If, for example, your permanent address, phone number, or other personal information is changed, you have the right to request a correction of your personal data. In addition, you have the right to add incomplete personal information and you may do so by providing an additional statement.
Right to deletion (right to be forgotten)
In certain specific cases you have the right to require the administrator to delete your personal information. Such cases include for example a situation when the data are no longer needed for the purposes mentioned above. After the relevant time period expires we will automatically delete your personal information, but you may submit your request at any time. Your request is then subject to individual assessment (despite your right to have your information deleted, we may be obligated or have a legitimate interest to keep your personal information). You will be informed how the request was resolved.
Right to limit processing
We only process your personal data within the necessary extend or scope. However, if you feel that, for example, we exceed the above-mentioned purposes for which we process your personal data, you may file a request and demand that your personal data are processed only for the most legitimate reasons or you may request your personal data to be blocked. In such scenario, your request is subject to individual assessment and you will be informed in detail how your request was resolved.
Right to data portability
If you wish to provide your personal information to another administrator or to another company we shall transfer your personal data in the appropriate format to the subject/administrator specified by you, provided that there are no legal or other significant obstacles.
Right to object and automated individual decision-making process
If you determine or believe that we process your personal data in violation of your privacy or in violation of your personal life or in conflict with legal regulations (provided that personal information is processed by the administrator based on public or legitimate interests or for the purpose of direct marketing, including profiling and statistical purposes, or for scientific or historical purposes), you may contact us and ask for clarification or removal of the defective status. You have the right not to be the subject to automated decision-making (including profiling).
10. Right to file a complaint at the Office for Personal Data Protection
You may submit your claim or complaint regarding the processing of your personal data at any time to the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Praha 7, website https://www.uoou.cz/.
11. How can you contact us?
If you have any questions regarding the processing of your personal information, please do not hesitate to contact us electronically at firstname.lastname@example.org or by phone +420 241 024 111. In any case you may use our delivery address: Safina, a.s., Vienna 104, Vídeňská 104, Vestec, 252 50.