- what personal data of yours we will be processing;
- for what purposes and through which methods we will be processing your personal data and the legal grounds for such processing;
- to whom your personal data may be transferred; for how long we will process your personal data;
- what rights you have in relation to the protection of your personal data;
Should you have any questions regarding the processing of your personal data, you may contact us at any time at the following e-mail address firstname.lastname@example.org, or at the address of our registered office.
I. EXTENT OF PERSONAL DATA PROCESSING
- If you are merely visiting our website, we will process the following personal data:
If you are contacting us as a job applicant (either digitally or by any other means), you will be asked to provide certain data about yourself, which we will further process. This data includes:
a) first name and surname;
b) e-mail address and telephone number;
c) a curriculum vitae (CV), which, in addition to the above, may include at the very least information about your education and prior work experience and about your other relevant knowledge or expertise in relation to the job you are applying for; should you happen to provide any other additional personal data in your CV, it is of your own free choice to do so and we will thus process this additional personal data for purposes of the selection process.
3. In the event that you are one of our customers or suppliers, you may be asked to fill in your data, which we will further process. This includes the following personal data in particular:
a) name and surname, date of birth or Company Registration Number (CRN);
b) representative company (trading company);
c) address, telephone number, and e-mail address;
d) job title of company representative;
e) bank account number;
f) other personal data deemed necessary for fulfilling our shared commitments.
We collect this data when you access our website. Some cookies are necessary for the functioning of the website and these will always be active. We may use other cookies that are not used for the functioning of the website only if you give us your consent to use them through the settings in your web browser. Should your web browser be configured to accept third party cookies, such configuration shall be deemed as you giving your consent to the use of these cookies. Furthermore, our website may collect information including, for example, your browser or operating system type, IP address, site visits, internet service provider, and other similar information.
IV. PURPOSES OF PROCESSING AND LEGAL GROUNDS FOR PROCESSING
1. When you visit our website, we will process your personal data in the form of cookies as described above for the legitimate interest of monitoring the use of our services and improving them. We will only process your personal data for the purpose listed above. Providing the information above is not a mandatory requirement. However, without providing this information, some features of our website may not work as intended. Your personal data will not be processed for the purpose of any exclusively automated decision-making, including profiling based on such decision-making.
2. If you are applying for one of our positions, we will process your personal data out of legitimate interest, which consists of our interest in filling our job vacancies and your interest in obtaining employment according to your personal wishes. The purpose of this processing is, thus, to find a suitable candidate for the vacant position being applied for. We use the information you provide to contact you about the status of the selection process. We will only process your personal data for the purpose mentioned above. Should you be interested in a specific position, we will only process your personal data for the purpose of filling that particular position or other positions similar to the position you are applying for. Providing the information above is a mandatory requirement. Without providing this information, we cannot include you in the selection process. Your personal data will not be processed for the purpose of any exclusively automated decision-making, including profiling.
V. WHO HAS ACCESS TO YOUR PERSONAL DATA
Your personal data may be processed by other processors for us in the course of providing certain activities, or may be provided to certain recipients; this includes, in particular, the following entities:
- Entities that provide server, web, cloud, or IT services to us;
- Entities that provide us with accounting services;
- Entities that provide us with legal services;
- Processors who provide us with other services – consultations, audits, and other external services.
VI. PERIOD OF PERSONAL DATA PROCESSING
We will process your personal data for as long as we provide you with our services or perform our mutual contract, for the duration of our legitimate interest, or for the time necessary to perform archiving obligations pursuant to the applicable legal regulations, such as the Accounting Act, Archiving and Records Keeping Act, Value Added Tax Act, and others.
We will retain your personal data for the period necessary to provide our services and complete the required transactions, or for other necessary purposes, such as the fulfilment of our legal obligations, the solution of disputes, and the legal enforcement of our agreements. These needs may vary depending on the data type, context, or situation. Thus, the actual retention period may vary significantly. The criteria used to determine the retention period include:
- How long is the personal data needed to provide our services and run our company? This includes activities such as maintaining and improving the performance of these services, maintaining the security of our systems, and maintaining relevant business and financial records. This is a generally applicable rule that forms the basis for determining the retention period in most cases.
- Are you providing us with your data with the expectation that we will retain it until you explicitly want it deleted? If so, we will only delete such data upon your explicit request.
- Have we established and communicated a specific retention period for a certain type of data? If so, we will certainly never exceed this period.
- Have you consented to the extension of the information retention period? If so, we will store the data in line with your consent.
- Are we subject to legal, contractual, or similar obligations to retain data? Examples include laws governing mandatory data retention, government regulations to retain data in relation to investigations, and data that must be retained for litigation purposes.
In view of the above criteria, which may vary over time (particularly with regard to changes in legislation), we cannot establish retention periods in general terms in this policy. However, if you contact us (for example, by e-mail at email@example.com), we will inform you of the exact timeframe for processing your personal data.
VII. YOUR RIGHTS ARISING FROM THE PROCESSING OF PERSONAL DATA
In relation to the personal data processing we perform, you have the following rights:
- the right to access your personal data;
- the right to rectification;
- the right to deletion;
- the right to restrict processing;
- the right to data portability;
- the right to object to processing;
- the right not to be subject to a decision based solely on automated processing, including profiling;
- the right to file a complaint against personal data processing.
Your rights are explained below in-depth so that you may have a clearer idea of their content.
The right to access means you may ask for our confirmation at any time whether or not the personal data concerning you is processed or not, and if so, for what purposes, to what extent, to whom the data is made available, how long we are going to process it, whether you have the right to rectification, deletion, and the restriction of processing, or the right to file an objection, from where we obtained your personal data, and whether automated decisions are made based on your personal data processing, including profiling, where appropriate. You also have the right to receive a copy of your personal data, where the first provision is free of charge; we may require adequate compensation for administrative costs of each additional provision of your personal data.
The right to rectification means you may ask us at any time to correct or supplement your personal data if it is inaccurate or incomplete.
The right to deletion means we must erase your personal data if (i) it is no longer needed for the purposes, for which it was collected or otherwise processed, (ii) the processing is illegal, (iii) you object to the processing, and there are no prevailing legitimate reasons for processing, (iv) such obligation is imposed on us by a law, or (v) you withdraw your consent to the processing of your personal data.
The right to restrict processing means that until we resolve any issues raised regarding the processing of your personal data, we are unauthorised to process your personal data in any way other than to store such data, and where applicable, we may process your data only with your consent or for the purpose of determining, enforcing, or defending legal claims.
The right to data portability means you have the right to obtain personal data concerning you that is processed automatically based on prior consent or under a contract in a structured, commonly used, and machine-readable format and the right to have this personal data transmitted directly to another administrator;
The right to object means you may object to the processing of your personal data, which we process for direct marketing purposes or out of legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes; if you object to processing on the grounds of legitimate interest, this objection will be evaluated and we will then inform you whether or not we have complied with it and will no longer process your data, or that the objection was not justified and processing will continue. In any case, processing will be restricted until the objection is resolved.
The right not to be subject to a decision based solely on automated processing, including profiling, means that any decision of our company that has legal effects for you or that affects you significantly in a similar way will not be made by automated processing, including profiling. This does not apply in the event such processing is necessary for the conclusion or performance of a contract between you and our company or if you have given your explicit consent to this type of processing, or if such processing is permitted by a legal regulation applicable to our company.
Should you have any comments or complaints regarding the protection of your personal data or should you have a question about the person responsible for data protection at our company or should you choose to exercise any of your rights, please contact us via e-mail sent to firstname.lastname@example.org. We will respond to your questions, comments, or concerns within one month. This timeframe may be extended by another two months if necessary and with regard to the complexity and number of applications we receive.
Our activities are also overseen by the Office for Personal Data Protection, where you may file a complaint in the event of your dissatisfaction. Find out more on the authority’s website (www.uoou.cz).
VIII. REPORTING SECURITY INCIDENTS
In this day and age of modern technology, there exists a slight but nevertheless small risk that your personal data could be leaked, misused, or lost. As part of our activities, we will do everything in our power to prevent such a security incident from occurring. In particular, we will: (i) regularly train all our employees who come into contact with your personal data on the protection of personal data, (ii) adopt and familiarise our employees with internal company regulations governing the protection of your personal data, (iii) and always use only the most appropriate technical solutions to secure our data processing, such as data encryption, complex passwords, and appropriate software.
However, should a security incident occur, despite all our efforts, and should this incident have the potential to pose a serious risk to your rights and freedoms, we will immediately inform you of this fact via e-mail sent to the e-mail address you provided and also by posting about such an incident on our website along with all the necessary details.
IX. POLICY CHANGES