A DECLARATION OF PERSONAL DATA PROCESSING
A Declaration of Personal Data Processing according to the Regulation (EU) 2016/679 of the European Parliament and of the Council on protection of natural persons in relation to personal data processing and instructions for data entities (hereinafter just “GDPR“).
1. Administrator of Personal Data
The company TECHNOTRON – METAL s.r.o.,Čs. armády 367, 537 01Chrudim, Identification Number: 02299160, VAT Registration Number: CZ02299160, incorporated since 13.11.2013 at the Regional Court in Hradec Králové under the File Ref. No. C 32840, (hereinafter just the “Administrator“), informs you hereby about your personal data processing, and about your rights in compliance with the Article 12 of GDPR.
2. A Scope of Personal Data Processing
Personal data are processed to the extent having been disclosed by a particular data subject to the administrator in relation to conclusion of a contractual or any other legal relation with the administrator, or having been gathered by the administrator in any other way, and processed in compliance with effective legal regulations, or to meet statutory obligations of the administrator.
3. Personal Data Categories Being a Subject of Processing
Ø Address and identification data serving to unique and unchangeable data subject identification (such as name, surname, title, or also birth number, date of birth, residence, identification number, VAT registration number);
Ø Data enabling a contact with a data subject (contact data– such as a contact address, telephone number, fax number, e-mail address, and other similar information);
Ø Descriptive data (such as bank account and particulars);
Ø Other data needed to agreement performance;
Ø Automatically processed personal data within the administrator´s website visiting – e.g. IP address, access date and time, cookies, etc.
4. Categories of Data Subjects
Ø Administrator ´s client
Ø Administrator´s employee
Ø Service provider
Ø Other administrator´s contract-based person
Ø Job applicant
5. Categories of Personal Data Receivers
Ø Financial institutions
Ø Public authorities
Ø Public and other bodies within
performance of statutory obligations defined in appropriate legal regulations
6. A Purpose of Personal Data Processing
Ø Negotiations regarding a contractual relation;
Ø Agreement performance;
Ø Care of existing and potential customers;
Ø Protection of rights of the administrator, receiver, or other involved persons (e.g. collection of administrator´s receivables);
Ø Archiving keeping based on the law;
Ø Tenders for jobs available;
Ø Performance of legal obligations by the administrator;
7. A Way of Personal Data Processing and Protection
Personal data are processed by the administrator. Processing takes place at the administrator´s business premises, branches and registered office by particular authorized employees of the administrator, or by a processor. Processing is made by computer technologies or manually in case of personal data in a written form while observing any and all personal data administration and processing security principles. For that purpose, the administrator adopted technical and organizational measures to provide personal data protection, particularly measures to avoid any unauthorized or accidental access to personal data, their amendment, destruction, or loss, unauthorized portability, as well as any other personal data misuse. Any and all subjects to whom access to personal data may be provided shall follow a right of subjects to privacy, and they are obliged to observe effective legal regulations regarding personal data protection.
8. Personal Data Processing Term
In compliance with terms defined in particular agreements or other legal regulations, this means a period necessarily needed to secure rights and obligations following from a contractual relation as well as from appropriate legal regulations.
The administrator processes personal data which do not require a consent to be granted by a particular data subject. In compliance with the Article 6 Par. 1 of GDPR, the administrator is entitled to process data without a consent granted by a data subject as follows:
Ø Processing is necessary to perform an agreement which the data subject is a party to, or to take measures adopted prior to the agreement execution upon a request by such data subject,
Ø Processing is necessary to meet a legal obligation applicable to the administrator,
Ø Processing is necessary for purposes of justified interests of a respective administrator or third party save cases in which the interests or fundamental rights and freedoms of the data subject requiring personal data protection prevail (purposes of justified interests include protection of legal claims of the administrator, or control of proper administrator´s services providing).
If necessary personal data are not provided, the administrator is entitled to refuse a particular service provided because the administrator may be not able to enter into or perform a respective agreement, meet his/her legal obligations, or provided this would be in contrary to justified interests of the administrator.
10. Rights of Data Subjects
In compliance with the Article 15–22 GDPR, any data subject has rights as follows:
Ø A right to access to his/her personal data;
Ø A right to require his/her personal data transfer,
Ø A right to be informed of his/her personal data protection breach;
Ø Subject to some preconditions, also a right for erasure of some personal data (a so-called right ”to be forgotten“).
Any data subject finding or supposing that the administrator or processor performs his/her personal data processing in contrary to protection of privacy and personal life of the subject, or in contrary to the law, particularly if personal data are incorrect with regard to their processing, is entitled to :
Ø Ask the administrator for explanation.
Ø Ask the administrator to make remedy. This particularly means blocking, correction, addition or erasure of personal data.
Ø If the data subject´s request is found to be justified according to Item 1, the administrator shall make a remedy immediately.
Ø If the administrator fails to meet the data subject´s requirement according to Item 1, the data subject is entitled to address directly the supervisory authority, i.e. the Authority for Personal Data Protection.
Ø A procedure according to Item 1 does not exclude that a respective data subject is entitled to address the supervisory authority directly stating his/her stimulus.
Ø The administrator is entitled to require reasonable remuneration for information providing that shall not exceed the cost needed for such information providing.
In accordance with the Article 12 of GDPR, upon a data subject´s request, the administrator informs of a right to access to personal data and to following information:
Ø A purpose of processing,
Ø Category of respective personal data,
Ø Receiver or category of receivers which the personal data have been or will be available to ,
Ø Scheduled term for which personal data will be stored and kept,
Any available information regarding the personal data source,
Ø Provided they are not acquired from data subjects, the fact whether automatic decision is implemented, including profiling.