Declaration on the protection of personal data in the company TAJMAC ZPS, a.s.

Similar documents
PROCEDURE RIGHTS OF THE DATA SUBJECT PURSUANT TO THE ARTICLES 15 TO 23 OF THE REGULATION 679/2016

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)

(1) General information

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

Information about the Processing of Personal Data (Article 13, 14 GDPR)

Charter on personal data

closer look at Rights & remedies

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

Art. I Right to Access to Personal Data

Information on the Processing of Personal Data (GDPR)

16 March Purpose & Introduction

Aalto Summer continuing education

Data Protection Policy. Malta Gaming Authority

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April on the protection of natural persons

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

REGULATION (EU) 2016/679 General Data Protection Regulation

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

The Act on Processing of Personal Data

PERSONAL DATA PROCESSING AGREEMENT

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

How we use Personal Information

Data Protection Declaration in accordance with the DSGVO

General Data Protection Regulation

DATA PROTECTION (JERSEY) LAW 2018

Application for a visa for a long stay in Belgium This application form is free

FUJITSU Cloud Service K5: Data Protection Addendum

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

Data Protection Bill [HL]

Referral Bonus System Regulations

Address: PL 52 (Ketunpolku 1), Kajaani

Data Protection Bill [HL]

Adequacy Referential (updated)

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

DATA PROTECTION LAWS OF THE WORLD. Romania

The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

THE PERSONAL DATA PROTECTION BILL, 2018: A SUMMARY

SUPPLIER DATA PROCESSING AGREEMENT

GDPR. EU General Data Protection Regulation. ebook Version 1.2

DATA PROCESSING ADDENDUM

Privacy Notice 1. CONTROLLER S NAME AND DATA

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

Appendix 1 Data Processing Agreement

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

Presentation to IAPP November 18, EU Data Protection. Monday 18 November 13

Individual Rights (Data Privacy) Policy

PERSONAL DATA PROTECTION POLICY OF GOPET

Data Processing Addendum

Article 1. Federal Data Protection Act (BDSG)

Factsheet on the Right to be

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

DATA PROTECTION LAWS OF THE WORLD. Ireland

How we use Personal Information

9091/17 VH/np 1 DGD 2C

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

5418/16 AV/NT/vm DGD 2

AmCham EU Proposed Amendments on the General Data Protection Regulation

Selection procedure at the European Ombudsman's Secretariat

ARTICLE 29 DATA PROTECTION WORKING PARTY

Act No. 502 of 23 May 2018

6153/1/18 REV 1 VH/np 1 DGD2

Data Processing Addendum

Personal Data Protection Act

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

EQUILOR BEFEKTETÉSI ZRT. S PRELIMINARY INFORMATION ON DATA PROTECTION

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

Is information about legal entities personal data? No. The DPA only applies to information about individuals as opposed to legal entities.

Case C-553/07. College van burgemeester en wethouders van Rotterdam. M.E.E. Rijkeboer. (Reference for a preliminary ruling from the Raad van State)

Brussels, 3 May 2006 (Case ) 1. Procedure

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

COMP Article 1. Article 1 Subject matter and objectives

Law Enforcement processing (Part 3 of the DPA 2018)

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Data Processing Agreement

Data Processing Addendum

ARTICLE 29 Data Protection Working Party

The EDPS has limited the comments below to the provisions of the Proposal that are particularly relevant from a data protection perspective.

The legal framework and guidance on data protection under the. Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.

ARTICLE 29 DATA PROTECTION WORKING PARTY

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

ASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT]

This unofficial translation is provided for information purposes only and has no legal force. Data Protection Act.

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

Data Protection Act 1998

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

Processor Agreement SURF Model Agreement

Notifying Professional Trade for Natural Persons Residing in the Czech Republic (Czech natural person)

Data Protection Bill [HL]

PE-CONS 71/1/15 REV 1 EN

DATA PROTECTION (JERSEY) LAW 2005

Transcription:

Declaration on the protection of personal data in the company TAJMAC ZPS, a.s. In this Declaration on the protection of personal data, the company TAJMAC-ZPS, a.s. how it processes personal data of individuals (the data subject), in particular, information about the categories, extent and purpose for which they are processed, about the source from which the personal data are collected and the persons to whom personal data are transferred, about the time of storing of the personal data and others. In this Statement are also given information about the rights of the data subjects in relation to the processing of personal data. Company TAJMAC-ZPS, a.s., with registered office in Zlín, Malenovice, třída 3. května 1180, 763 02, Czech Republic, ID: 26215578, registered in the Commercial Register kept by the Regional Court in Brno, file n. B 3328, as a personal data controller ("TAJMAC-ZPS") processes personal data in accordance with the legislation on the protection of personal data, in particular, the Regulation (EU( 2016/679 of the European Parliament and of the Council of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter GDPR ) and further, in accordance with our internal rules and principles. The contact information of the controller: info@tajmac-zps.cz Tel.: tel.: +420 577 532 072 Data protection officer has not been named. The purposes of the processing of personal data and legal basis of the processing: We process personal information only to the extent necessary for that purpose. We process personal information for the purpose of: the business purposes (sale of spare parts / machines to the contractual partners - a natural person doing business, for the purpose of offering and selling machines, fulfillment of business activities and normal operation of the company) - i.e. the processing is necessary for performance of the contract or for the implementation of the measures adopted prior to the conclusion of the contract at the request of the data subject - according to the article. 6 para. 1. letter b) GDPR, the contracting purposes (the conclusion, performance, alteration and termination of commercial contracts with customers a natural person doing business, the related billing, claims and communication. The provision of personal data is a contractual requirement.) - processing is necessary for performance of the contract - according to

the article. 6 para. 1. letter b) DGPR and the legitimate interest of the controller under the article 6 para 1. letter f) GDPR, the purposes of fulfilling the legal duties of the controller (the processing of personal data on the basis of law, i.e. legal regulations of the Czech republic and the European union - e.g. accounting law, tax law, law on auditors, etc.) - processing is necessary for compliance with a legal obligation to which the controller applies - according to the article. 6 para. 1. c) GDPR, the purposes of the legitimate interests of the controller (processing is necessary for the purposes of the legitimate interests of TAJMAC ZPS, a.s. according to the article. 6 para. 1. f) GDPR) - contacting customers in order to establish cooperation and conclusion of business contracts, contacting existing business partners for the purpose of invitations to events organized by the company TAJMAC ZPS, a.s. (Customer days, fairs, open Day, etc. - NO newsletters are sent in the form of offers and promotional discounts), - contacting of the business partners for the purpose of promotion/presentation of the company TAJMAC-ZPS, a.s. - the processing of data in the solution of labor-law disputes, debt recovery, resolving business disputes with business partners (natural persons) (for example, in the case of damage to company property, etc.) - in some cases, the company is entitled to transfer personal data to third parties (for example law office), - camera systems (CCTV) at the premises of the company for the protection of property, life and health of persons entering into the premises of the company. About the location of the cameras shall inform the information signs. The security footage is checked, if no damage to property or health, otherwise there is no cctv footage not being processed or used. CCTV records are kept for a period of 7 days. - administrative purposes, - registration of job applicants (registration and processing of applications for job applicants for a specific job position or in general sent CVs of candidates without specific recruitment procedure), data about the data subject obtained on the basis of the consent - the company TAJMAC-ZPS, a.s. in the framework of their action Customer days obtained on the basis of the consent the personal data of the visitors natural persons, individual entrepreneurs, representatives of business partners/entrepreneurs, and the name and surname, e-mail, name of the entrepreneur (legal entity or enterprising natural person). The data are used for marketing and advertising purposes and also are provided to other entrepreneurs, which are the entity providing the consent, notified in advance. Processing on the basis of the consent granted by the data subject for a specific purpose - according to the article. 6 para. 1. a) GDPR. - Any other data on the basis of consent is purely incidental and exceptional.

Categories of personal data being processed: 1) The company TAJMAC-ZPS, a.s. processes the following personal data of existing and potential business partners: name and surname of the commercial representative of the firm or entrepreneur natural persons, corporate phone and email (Nb.: head office, tax ID - we do not consider to be personal data within the meaning of GDPR, as these data are freely available from public registers and the company TAJMAC- ZPS, a.s. it is used exclusively for contractual purposes) 2) The company TAJMAC-ZPS, a.s. processes the following personal data of applicants for employment: name and surname, date of birth, address of permanent residence, telephone number, email address, education and qualifications. The source from which the information originated: The personal data obtained, the company TAJMAC-ZPS, a.s. from business partners or from applicants for employment. On the basis of own activities of the company TAJMAC-ZPS, a.s. personal data may come from publicly available sources (e.g. from the website of the business partner, advertising, etc.). The recipients or categories of recipients of the personal data: The company TAJMAC-ZPS, a.s. processes personal data of data subjects as the controller of the personal data. The personal data are not passed on to third parties except when required to do so by law (state or state-designated entities, authorities active in criminal proceedings, misdemeanour and administrative proceedings, audit firm) or on the basis of the concluded contract on the protection of personal data (the service of external processors). In the case that personal data are sent to the other entities referred to in the preceding sentence, the company TAJMAC-ZPS, a.s. makes available personal data only to the extent necessary to achieve the specified purpose. Personal data are not passed on to a third country or an international organisation. The length of time that personal data will be stored with the administrator: The personal data of current and potential business partners obtained not on the basis of the consent pers. data are kept for the duration of the contractual relationship/business cooperation and after its termination, for the period strictly necessary for the case of further cooperation. The personal data of current and potential trading partners obtained on the basis of consent these details are kept for a period of 3 years from granting of consent. The personal data of job applicants the pers. data are kept for the ongoing selection procedure and 3 months after the end of the selection procedure.

Data subject's rights in terms of protection of personal data: The company TAJMAC-ZPS, a.s. in the processing of all personal data of the data subject, fully respects the data subjects respects laid down in Chapter III of the GDPR, which are the following: 1) Right of access by the data subject - the data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him of her are being processed not processed, and where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling. 2) Right to rectification The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. 3) Right to erasuer ("right to be forgotten") - The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing; the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR Personal data cannot be deleted, if it has been collected for the purpose of performance of the contract (according to the article. 6 para. 1. b) GDPR) or processing is necessary for compliance with a legal obligation (according to the article. 6 para. 1. c) GDPR). 4) Right to restriction of processing - the data subject shall have the right to obtain from the controller restriction of processing where one of the following objections: (i) denial of the accuracy of the data, (ii) the processing is unlawful and the data subject opposes the erasure of personal data, and asks instead about the restrictions on their use, (iii) the controller no longer personal data needs, but the data subject is required for the identification, performance or defence of legal claims, (iv) the entity has raised an objection against the processing

Right to restriction of processing cannot be required if the personal data were collected for the purpose of performance of a contract or processing is necessary for compliance with a legal obligation, and with regard to the nature of the performance. 5) Right to data portability to other controller - the data subject shall have right to obtain personal data relating to him or her, which he or she has provided to the controller, without hindrance from the controller to which the personal data have been provided, in case that: (i) data provided by the data subject, (ii) the processing is based on contract or consent, (iii) the data are provided in a structured and commonly used electronic format, if it is available for the subject, (iv) the processing is carried out by automated means. 6) Right to object - the data subject shall have the right to object at any time to the processing of personal data relating to him, if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority or if the processing is necessary for the purposes of the legitimate interests of the controller. The controller does not process personal data unless he demonstrates serious legitimate reasons for further processing, which outweigh the interests or rights and freedoms of the data subject. The same applies when the processing for direct marketing purposes. 7) Right not to be subject to an automated individual decision-making, including profiling - this right cannot be used, if decisions is necessary for the conclusion or performance of a contract, or decision is authorised by Union law or Member Atate, or a decision is based on explicit consent of the data subject. If any of the above rights is exercised, the applicant will be informed in writing of the manner in which the application is processed without undue delay (within statutory time limits). The data subject has the right to withdraw consent to the processing of personal data, which has granted the controller (when are personal data processed on the basis of the consent) at any time. The withdrawal of consent, however, shall not affect the lawfulness of processing based on consent granted before its withdrawal. The data subject has the right to lodge a complaint with the Office for personal data protection (address: Pplk. Sochora, 27, 170 00 Praha 7, tel.: +420 234 665 111) if it considers that there has been a breach of the obligations laid down by the legislation. The fact, whether the provision of personal data is a legal or contractual requirement, and whether the data subject has the obligation to provide personal data is designed according to the character/nature of the relationship between the controller and the data subject (see above, Purposes of the processing of personal data and legal basis of the processing operation). In the processing of personal data by the company TAJMAC-ZPS, a.s. as a controller, there is no automated decision making including profiling.

Update Last update 23. may 2018 The rules and principles of personal data protection in the company of TAJMAC-ZPS, a.s. they are continuously checked, can occasionally change, mainly in order to achieve compliance with the legislation. An updated version of the Statement is always available on this website.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback