Dear customers and business partners,
The document you are reading contains general information on personal data processing. We appreciate that you share your personal data with us and we are determined to protect your data as much as possible. We also aim to be transparent as much as possible, particularly the method used for processing your personal data. Considering new legislation of the European Union this information memorandum was completed in compliance with the European Parliament and Council Directive (EU) no. 2016/679 from 27.04.16 on personal data protection in relation to personal data processing and on free transfer of the data and on the termination of directive 95/46/ES (GDPR). This memorandum aims to provide clear information, we have therefore chosen the method of questions and answers. The information will be stated in the sequence below:
1) Who is the administrator of your personal data?
2) Who is the representative for personal data protection?
3) What is the purpose of collecting your personal data?
4) What are our entitled interests?
5) How did we receive personal data?
6) What categories of personal data are processed?
7) What is the legal base for personal data processing?
8) Are we going to transfer personal data to other parties?
9) Are we going to transfer personal data to third countries or international organisations?
10) How long are we going to save your personal data?
11) What are your rights related to personal data processing and how can we apply it?
12) Are personal data automatically evaluated?
This information memorandum provides general information which we, as personal data administrator, must provide.
In case of any questions considering the processing of your personal data, please contact us on e-mail address firstname.lastname@example.org or telephone +420 571 477 551. Under any circumstances, you can contact us at address Zbrojovka obj. 13, Vsetín, 755 01.
1. Who is the administrator of your personal data?
Administrator is a person who, alone or with others, determines the purposes and decides on the method for personal data processing.
Personal data administrator is KOVO s.r.o. with head office Bří. Hlaviců 122, Vsetín 755 01, CRN: 28632346, VAT ID: 28632346 registered at the Commercial Registrar administered by the District Court in Ostrava, division C, file 35741. You can contact the administrator at e-mail address email@example.com or telephone +420 571 477 551.
2. Who is the representative for personal data protection?
The representative for personal data protection is a person experienced in the area of personal data protection, and he/she makes exercises great efforts to ensure adequate procedure in compliance with the respective legal regulations.
It is also the most qualified person for handling any questions and applications related to personal data. The representative is Martin Štěpánek, with contact address firstname.lastname@example.org or telephone +420 571 477 551.
3. What is the purpose of collecting your personal data?
The administrator processes personal to:
a) the conclusion and fulfilment of contractual obligation between the administrator and you (incl. 6, section 1 letter b) GDPR). This relationship establishes further legal obligations and the administrator must process personal data also for the defined purposes (art. 6, section 1 letter c) GDPR);
b) marketing purposes to enable the administrator to adapt the product range and services and related business statements to your requirements; the administrator must receive your consent for this purpose of processing (art. 6, section 1 letter a) GDPR
c) protection of authorised interests (art. 6, section 1 letter f) GDPR).
Personal data provision to the administrator is a general legal and contractual requirement. You are required to provide consent considering the provision of personal data for marketing purposes which is not included in the fulfilment of contractual and legal obligation of the administrator. If the administrator does not receive your consent to process your personal data for marketing purposes, it does not mean the administrator refuses to offer the product or service based on the contract.
4. What are our entitled interests?
The administrator processes personal data for the protection of its authorised interests. Authorised interests of the administrator include particularly the fulfilment of contractual obligations of the administrator, appropriate fulfilment of all legal obligations of the administrator, direct marketing, protection of the administrator’s business and property, and also environment protection and sustainable development. In order to provide the highest possible protection of your privacy, your are entitled to raise an objection, and your data will be processed solely for the necessary legal reasons or to block personal data. More information related to personal data processing is available in article 11 of this information memorandum.
5. How did we receive personal data?
Administrator received personal data directly from you, particularly from completed forms, mutual cooperation, and concluded contracts. Personal data can be also received from public sources, registries, and files, e.g. from commercial registry, registry of debtors, professions registries, and e.g. land registry. The administrator could receive personal data from the third parties entitled to access and process your personal data, and who cooperates with the administrator, and from social networks and internet, where you publish your data.
6. What categories of personal data are processed?
In order to ensure your satisfaction from appropriate fulfilment of your obligation, to fulfil legal obligations, to offer personalised offer of goods and services, and the above stated purposes, the administrator processes the below categories of personal data:
a) general identification data – name, surname, date of birth, address, birth number, identification number;
b) contact data – telephone number and e-mail address;
c) information from mutual communication – information from e-mails, records from telephone calls, and other contact forms;
d) invoice and transaction data – it includes particularly information on invoices, on agreed invoice conditions, and on accepted payments;
7. What is the legal base for personal data processing?
The legal aspects of processing are defined in article 6 clause 1 GDPR, which defines legal processing if necessary for the contract fulfilment, for the fulfilment of legal obligations of the administrator, for the protection f authorised interests of the administrator, or processing is performed based on a consent you provided. The legal aspects of processing are based on act no. 563/1991 Coll., on accounting which applies to processing and keeping invoicing data, from act no. 89/2012 Coll., Civil Code, which defines the protection of authorised interests of the administrator, or act no. 235/2004 Coll., on value added tax.
8. Are we going to transfer personal data to other parties?
Personal data must be provided to the state administration bodies within legal limits, e.g. to the tax administrator, courts, bodies active within criminal procedure, and supervision bodies over capital market.
9. Are we going to transfer personal data to third countries or international organisations?
Personal data will never be transferred to countries outside European Union and European economical area, and to international organisations.
10. How long are we going to save your personal data?
Personal data will be processed and saved at least for the contract duration. Some personal data required e.g. for tax and invoicing obligations will be maintained longer, commonly 5 years starting the year after the matter occurs. Personal data in this contract important for the application of authorised interests of the administrator, will be maintained for the maximum period of 3 years from the end of the contractual relations with the administrator. Personal data processed for marketing purposes will be maintained for the maximum period of 3 years from the reception. Personal data will not be maintained longer than the legally defined maximum. After the archiving period, personal data will be completely and irreversibly destroyed to prevent their abuse.
11. What are your rights related to personal data processing and how can we apply it?
The administrator exercises all efforts for your data processing to ensure appropriate and safe processing. You are entitled to all rights from the administrator defined in this article.
a) How can he/she exercise his/her rights?
Individual rights and obligations can be applied sending e-mail to address email@example.com. The administrator will issue all statements and declarations to your rights free of charge. If the application was clearly unreasonable or inadequate, particularly due to repetition, the administrator is entitled to charge adequate fee for the administration costs related to the provision of required information. In case of repeated request to provide a copy of processed personal data, the administrator reserves a right to charge an adequate fee for the administration costs. The statements and information on accepted measures will be provided by the administrator at the latest within one month. The deadline can be extended by the administrator by two months if required or necessary to the complications. The extension and the reasoning will be announced by the administrator.
b) Right to information on personal data processing
You are entitles to receive information from the administrator if personal data is processed or not. If your personal data is processed, you are entitled to request information from the administrator particularly on the identity and contact data of the administrator, its representatives, and potentially the deputy for personal data protection, on the purposes of processed, categories of respective personal data, on the recipients or categories of personal data recipients, on authorised administrators, on respective of your rights, on the option to contact the Office for Personal data Protection, on the source of processed personal data, and on automated decision making and profiling. If the administrator plans to process your personal data for other purposes than received, it must provide you with other respective information before further processing of your information. Information you receive during the enforcement of this right is contained in this memorandum, it does not prevent you from requesting it.
c) Right to access your personal data
You are entitled to receive information from the administrator if your personal data is processed or not, and if it is, you can access information on the purposes of processing, categories of related personal data, recipients and categories of recipients, the period for personal data keeping, information of your rights (rights to require the administrator to repair or delete, processing restriction, raise objection against the processing), on the right to submit complaint to the Office for Personal data Protection, information on personal data source, information on automated decision making and profiling, and information related to the use of applied procedure, and the meaning and expected consequences of such processing, information and guarantees in case of personal data transfer to third countries or international organisation. You are entitled to receive a copy of personal data processing. The right to receive the copy should not adversely affect the rights and freedom of other persons.
d) Right to correction
If your address changed, or telephone number or other matters which can be considered personal data, you are entitled to require the administrator to correct the processed personal data. You are also entitled to complete incomplete personal data, including additional statement.
e) Right to delete data (right to be forgotten)
Under specific circumstances, you are entitled to ask the administrator to delete your personal data. Such cases include for example the use of personal data that is no longer required for the defined purposes. The administrator deletes personal data after the required period automatically, however you can contact him any time. Your request is then subject to individual evaluation (despite your right to deleting, the administrator may be obliged to entitled to keep your personal data), and the settlement will be announced in detail.
f) Right to restrict the processing
The administrator will process your personal data solely within necessary required scope. If you suspect the administrator, e.g. contravenes the defined purposes for personal data processing, your are entitled to file a request and your personal data will be processed solely for the necessary legal reasons or to block personal data. Your request is then subject to individual evaluation and you will be informed in detail on the settlement.
g) Right to data transferability if you want the administrator to provide your personal data to another administrator, i.e. another company, the administrator will transfer your personal data in the adequate format to the defined subject, unless it is impossible due to legal and other significant obstacles.
h) Right to raise an objection and automated individual decision making
If you find out or assume that the administrator processes personal data in breach with the protection of your personal and private life or in breach with the legal regulations (considering personal data is processed by the administrator based on public or authorised interest or processed for the purposes of direct marketing, including profiling or for statistical purposes or for historical or science purposes), you can contact the administrator and ask him for explanation or removal of the defective state.
i) Right to file a complaint at the Office for personal data protection
Any time you can contact the supervision body, the Office for Personal data Protection with any claims in the matter of personal data processing, with head office Pplk. Sochora 27, 170 00 Praha 7, web pages https://www.uoou.cz/.
j) Right to withdraw consent
The provided consent with personal data processing can be withdrawn any time, upon completing a form/checking the field/ sending the withdrawal to the address of the administrator’s head office or using a link in email conversation.
12. Are personal data automatically evaluated?
Personal data is not automatically evaluated.
13. How do we use cookie files?
During the use of web pages stin.cz, we can use temporary files, i.e. „cookies“, which can contain the visitor related data. Processing cookies files can connect the personal data of the visitor with information contained in cookie file. The data is used solely for the purposes of service improvement of STÍN KOVO s.r.o. and they are not used to identify the visitor, we work with the data solely at aggregate level. STÍN KOVO s.r.o. respects the privacy of the users and proceeds in compliance with the respective rights during the processing of cookies files.
The visitor can prevent the loading of cookies by opening web pages of stin.cz in anonymous mode. Anonymous mode is supported by all modern browsers and no cookies are collected in this mode. The visitor can set the PC, i.e. browser to enable or prevent the cookies in the final device.