en

DECLARATION ON THE PRINCIPLES OF PERSONAL DATA PROTECTION

In accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 dated to 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46 / EC. 

These Rules for the Protection and Processing of Personal Data (hereinafter referred to as the "Rules") describe which personal data of individuals, especially suppliers and customers (hereinafter referred to as the "Data Subject"), are processed during the activities of the personal data controller Ondrej Hudec, ID: 75869195, with its registered office at Ressl Street 1137, Hlinsko, 539 01, doing business as an individual under the Trade Licensing Act not registered in the Commercial Register (hereinafter referred to as the "Administrator") at the address of the premises sad Miru 787, Zruc nad Sazavou, 285 22.


This Policy Statement sets out the types of personal information we collect and process when you use our services or enter into another agreement with us, as well as the way in which your personal information is used, shared and protected. Here you will also find an explanation of the options available to you in relation to your personal data and how you can contact us. We hereby inform you below about the processing of your personal data and your rights in accordance with Article 12 of Regulation  of the European Parliament and of the Council (EU) 2016/679 dated to 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as "GDPR").

Personal data means any information relating to an identified or identifiable individual; an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


The administrator did not appoint a data protection officer. 


RECIPIENTS OF PERSONAL DATA

Personal data of the Data Subject may be passed on to the following recipients / categories of recipients:

  • suppliers of the Administrator
  • employees of the Administrator
  • persons in another contractual relationship with the Administrator (eg. providers of marketing and advertising services)
  • financial institutions and insurance companies 
  • state authorities in the framework of fulfilling the legal obligations of the Administrator stipulated by the relevant legal regulations


CATEGORIES OF PERSONAL DATA PROCESSED

The Administrator is entitled to process in particular the following personal data of the Data Subject:

  • address and identification data used for unambiguous and unmistakable identification of the Data Subject (eg name, surname, title, date of birth, or birth number, permanent residence address, business address, delivery address, ID number, VAT number) and data enabling contact with the Data Subject (e.g. contact address, telephone number, fax number, email address, and other similar information)
  • descriptive data (eg bank details, payment information)
  • pictures, photos and videos 
  • data provided in addition to the relevant laws processed within the framework of the consent granted by the Data Subject (eg use of personal data for the purpose of personnel proceedings, use of personal data for the purpose of promotion, etc.)
  • other data necessary for the performance of the contract 
  • other personal data provided by the Data Subject to the Administrator


PURPOSES AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

The Administrator processes the personal data of the Data Subject for the purposes:

  1. performance of the contract, on the basis of Article 6 (1) (a). b) GDPR, 
  2. compliance with the legal obligation of the Administrator stipulated by a generally binding legal regulation, on the basis of Article 6, paragraph 1, letter c) GDPR (eg the obligation of the Administrator to keep accounting and tax documents), 
  3. determination, exercise or defense of legal rights of the Administrator, on the basis of Article 6, paragraph 1, letter f) GDPR, 
  4. sending commercial communications pursuant to Article 6 (1) (a) f) GDPR due to the existence of a legitimate interest of the Administrator consisting in direct marketing, 
  5. other marketing purposes of the Administrator associated with the offer of products and services; sending information about organized events, products, services and other activities (eg in the form of sending newsletters, telemarketing); contacting for market research and marketing research; contacting for the purpose of wishing for Christmas and Easter or other holidays and sending discount vouchers, gifts, etc. on the basis of Article 6, paragraph 1, letter a) GDPR 


TIME OF PROCESSING PERSONAL DATA

Personal data will be processed only for the time necessary for the purpose of their processing. In view of the above:

  • for the purpose according to letter a) above, personal data will be processed until the termination of obligations under the contract (this does not affect the possibility of the Administrator to further process these personal data - to the extent necessary for the purpose under points 2), 3), 4) and / or 5) above, 
  • for the purpose according to point 2) above, personal data will be processed for the duration of the relevant legal obligation of the Administrator, 
  • for the purpose according to point 3) personal data will be processed until the end of the 4th calendar year following the end of the warranty period under the contract (if a quality guarantee has been agreed in the contract), but at least until the end of the 5th calendar year following the termination of obligations under the contract, 
  • in the case of initiation and duration of judicial, administrative or other proceedings in which the rights or obligations of the Administrator in relation to the relevant Data Subject are resolved, the period of processing personal data for the purpose under point (3) above before the end of such proceedings, 
  • for the purpose of sending commercial messages according to point 4) above, personal data will be processed until the Data Subject expresses his / her disagreement with such processing,
  • for the purposes of point 5) above, personal data will be processed for the period for which the Data Subject has given consent to the Administrator according to a separately agreed consent to the processing of personal data. In this case, the data subject acknowledges that before the expiry of this period, the Administrator may contact him in order to renew his consent.

By the end of the calendar year following the expiry of the processing period above at the latest, the relevant personal data for which the purpose of their processing has expired will be destroyed (by shredding or other means ensuring that unauthorized persons will not be able to access personal data) or anonymised. 


METHOD OF PROCESSING PERSONAL DATA 

The processing of personal data is performed by the Administrator. Processing is performed in the premises and registered office of the Administrator by individual authorized employees of the Administrator, or Processors. The processing takes place through computer technology, or also manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Administrator has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, their unauthorized processing and other misuse of personal data. data. All entities to which personal data may be made available respect the right of Data Subjects to the protection of privacy and are obliged to proceed in accordance with the applicable legal regulations concerning the protection of personal data. 

Automated individual decision-making or profiling based on the data provided will not be performed. Data subjects' personal data will not be transferred to third countries (ie countries outside the EU and the EEA). 


INFORMATION TO BE PROVIDED TO DATA SUBJECTS BY GDPR

In relation with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Administrator:

  • access to their personal data (under the conditions of Article 15 of the GDPR), 
  • correction or deletion of personal data (under the conditions of Article 16 or Article 17 of the GDPR), 
  • restrictions on the processing of personal data (under the conditions of Article 18 of the GDPR), 
  • raise an objection to the processing of personal data (under the conditions of Article 21 of the GDPR), 
  • the right to the portability of personal data (under the conditions of Article 20 of the GDPR), 
  • the right to revoke consent to the processing of personal data in writing or electronically to the address or email of the Administrator specified in these Rules.

If the Data Subject finds or believes that his or her personal data are being processed in violation of the Data Subject's privacy and personal life or in violation of the law, he / she has the right to contact the Controller for clarification and / or redress. The application must be submitted in writing by sending a letter or e-mail to the contact details of the Administrator: Ondrej Hudec, ID: 75869195, with its registered office at Ressl Street 1137, Hlinsko, 539 01 , e-mail: vyvaz@vyvaz.cz 

If the Data Subject's request is found to be justified, the Administrator shall immediately rectify the defective condition. This does not affect the possibility of the Data Subject to contact directly the supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, +420 234 665 555, www.uoou.cz 


CONCLUSION

These Controller Rules shall apply in relation to Data Subjects, unless otherwise agreed between a third party and the Controller. The administrator reserves the right to change these rules for the protection and processing of personal data in any way and at any time, while the current status will always be placed on the website www.vyvaz.cz.