Statement on the processing of personal data
„Privacy Policy“
Statement on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR")
I. Introduction
This statement has been prepared and published to provide information about our company's procedures and commitments regarding the application of the requirements of the GDPR. The following terms are used in the text below:
- Personal data – any information that leads to the identification of a specific person
- Personal data owner – the entity that owns the personal data held and processed by our company
- Controller – our company, which records, processes, archives, and protects your PD
- Processor – a company that we have engaged to process your PD on the basis of a contract. This ensures that the system for handling, processing, and protecting your PD is secured to the extent required by the GDPR and that your rights are not restricted.
II. Personal Data Controller
DESMO a.s., ID No.: 00129224; contact email address for the area of personal data protection: posta@desmo.cz.cz, telephone number: +420 251 553 468, hereinafter referred to as the "controller," hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.
III. Scope of personal data processing
Personal data is processed to the extent that the relevant data subject has provided it to the controller, in connection with and on the basis of a free decision at the time of establishing a relationship or registration, and further within the framework of a contractual or other legal relationship with the controller, or which the controller has collected otherwise and processes in accordance with applicable legal regulations or to fulfill the controller's legal obligations.
IV. Sources of personal data
We obtain personal data from the owners of personal data (business communications, purchases, deliveries of products and services, contact forms on the website, telephone communications, business cards, etc.).
Another source of personal data is information necessarily provided by job applicants and employees. If personal data is obtained from public sources, it is used exclusively for the purposes of conducting business relations or in accordance with the consent obtained from the personal data holder.
V. Categories of personal data subject to processing
This is identification data used for the unambiguous and unmistakable identification of the owner of the municipal office (first and last name, date of birth, birth number, permanent address, etc.).
- Descriptive data (e.g., bank details)
- Data necessary for the performance of the contract (email, telephone, workplace address, position) and other data
Data provided beyond the scope of applicable laws and legislative regulations, processed within the scope of consent granted by the owner of the personal data.
- CCTV recordings of the production facility security
VI. Categories of data controllers
These include, in particular:
- Customers
- Customers' customers
- Employees and workers on non-employment contracts and job applicants
- Owners of personal data of suppliers and partners providing services necessary for the operation of our company
- Other persons who are in a contractual relationship with the controller of personal data
- Persons interested in commercial and technical information
VII. Categories of recipients of personal data
- State and other authorities in the performance of their legal obligations under relevant legislation
- Financial institutions and public administration organizations
- Processors of personal data on the basis of concluded contracts
- Third parties and organizations on the basis of consent granted by the owner of personal data
- Our company as the controller of personal data
VIII. Purpose of personal data processing
Purposes included within the scope of the data subject's consent
- Negotiations on contractual relationships, orders
- Performance of contracts, orders
- Protection of the rights of the controller, recipient, or other affected persons
- Archiving conducted in accordance with the law
- Selection procedures for vacant positions
- Fulfillment of legal obligations on the part of the controller
- Protection of the vital interests of the owner of the municipal office or other entities
IX. Method of processing and protecting personal data
Personal data is processed by the controller or processor with whom the controller has concluded a contract guaranteeing that all responsibilities in the processing of personal data and the rights of the owner of personal data will be observed.
Processing is carried out at the registered office and premises of the controller or processor. Processing is carried out using computer technology or manually in the case of personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures against unauthorized or accidental access to personal data, its alteration, destruction or loss, unauthorized use or transfer of personal data, or other misuse of personal data. All entities to whom personal data may be disclosed respect the right of the owner of the personal data to privacy and are obliged to comply with the applicable legal regulations concerning the protection of personal data.
X. Period of personal data processing
In accordance with the deadlines specified in the relevant contracts, in the administrator's filing and disposal rules or in the relevant legal regulations, this is the period necessary to ensure the rights and obligations arising from the contractual relationship, the legitimate interests of the processor and the relevant legal regulations.
XI. Instruction
The controller processes data with the consent of the data subject, except in cases specified by law where the processing of personal data does not require the consent of the data subject.
In accordance with Article 6(1) of the GDPR, the controller may process data without the consent of the data subject if:
- Processing is necessary for the performance of a contract to which the owner of the municipal office is a party, or for the implementation of measures taken prior to the conclusion of the contract at the request of the owner of the municipal office.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary in order to protect the vital interests of the owner of the municipal office or another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the owner of the personal data requiring the protection of personal data.
In other cases, the processing of personal data requires the consent of the owner of the personal data, granted under the conditions of the GDPR.
XII. Rights of the data subject
V souladu se článkem 12 GDPR informuje správce na žádost vlastníka OÚ subjekt o právu na přístup k osobním údajům a k následujícím informacím:
- Účel zpracování OÚ
- Kategorii dotčených osobních údajů
- Příjemci nebo kategorie příjemců, kterým byly OÚ zpřístupněny
- Plánované době, po kterou budou osobní údaje uloženy,
- Veškeré dostupné informace o zdroji osobních údajů
- O tom, zda dochází k automatizovanému rozhodování, včetně profilování OÚ
Any owner of personal data who discovers or believes that the controller or processor is processing their personal data in a manner that is contrary to the protection of the personal and private life of the owner of the personal data or contrary to the law, in particular if the personal data is inaccurate with regard to the purpose of its processing, may:
Request an explanation from the controller in person or via the address posta@desmo.cz
Request that the controller remedy the situation. In particular, this may involve blocking, correcting, supplementing, or deleting (forgetting) personal data.
If the request of the owner of personal data under paragraph 1 of this chapter is found to be justified, the controller shall remedy the situation without delay.
If the controller does not comply with the data subject's request under paragraph 1, the owner of the personal data has the right to contact the supervisory authority directly, i.e. the Office for Personal Data Protection (ÚOOÚ).
The procedure under paragraph 1 does not preclude the owner of the personal data from contacting the supervisory authority directly with their complaint.
The controller has the right to request reasonable compensation for providing the information, not exceeding the costs necessary to provide the information.