INFORMATION ON PROCESSING OF PERSONAL DATA
The company Model Obaly a.s., seated at Těšínská 2675/102, Předměstí, 746 01 Opava, Id. No: 45192944, registered in the Commercial register maintained by the Regional court in Ostrava, Section B, Insert 456 (hereinafter also referred to as the ‘Controller‘), as the controller of personal data within the meaning of Article 4(7) of the regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation, (hereinafter only referred to as the ‘GDPR’), hereby informs data subjects on the method and scope of the processing of personal data by Controller, including the scope of the rights of data subjects related to the processing of their personal data by Controller.
1. Purpose, scope and legal basis for the processing of personal data
1.1 Controller processes personal data in accordance with the law of the European Union, in particular in accordance with GDPR and in accordance with relevant national legal regulations which are represented at the time prior to the effect of GDPR in particular by the Act No. 101/2000 Coll., on the Protection of Personal Data and on Amendment to Some Acts, as amended (hereinafter only referred to as the ‘PDPA’).
1.2 Společnost zpracovává pouze přesné, a v případě potřeby aktualizované, osobní údaje, které získala v souladu se ZOOÚ a s nařízením GDPR, přičemž tyto osobní údaje shromažďuje a zpracovává pouze za stanoveným konkrétním účelem, v rozsahu a po dobu nezbytnou pro naplnění tohoto stanoveného konkrétního účelu.
1.3 The processing of personal data is thus necessary for:1.3.1. dodržení právních povinností Správce;
1.3.1. compliance with legal obligations of Controller;
1.3.2. negotiation concerning conclusion or amendment of a contract whose contractual party is a data subject and for subsequent performance of such agreement
1.3.3. protection of rights and interests protected by law of Controller or another affected person, if a data subject does not provide Controller with personal data, Controller shall not be able in particular to comply with his obligations for meeting the purpose of the contractual relationship with the data subject and the legal obligations which arise from generally binding legal regulations for Controller.
1.4 Personal data are acquired by Controller only directly from data subjects, or from public registers.
1.5 The processing of personal data is carried out in the Controller’s registered office, his establishments and branches, namely by individual authorised employees of Controller, or processors, i. e. persons in a contractual relationship with Controller. The processing is carried out mainly through computer technology but also in a manual way in the case of personal data in paper form, at the same time all security principles for the processing of personal data are observed. For this purpose Controller has adopted all necessary technical-organizational measures to ensure protection of personal data, in particular the measures which prevent unauthorised or accidental access to personal data their alteration, destruction or loss, unauthorised transmissions, their unauthorised processing as well as another misuse of personal data. All the subjects to whom personal data may be made available respect the right of data subjects to protection of the privacy and they are obliged to proceed in accordance with applicable generally binding legal regulations concerning the protection of personal data. In accordance with the periods stated in internal regulations of Controller or in relevant generally binding legal regulations personal data shall be processed as long as it is necessary for ensuring the rights and obligations arising from both the contractual relationship and applicable legal regulations or from other titles for the processing of personal data as the case may be (e. g. a legitimate interest of Controller, consent of data subjects, etc.).
1.6 Personal data may processed be for ensuring of the aforementioned purposes apart from Controller and his employees also by processors, i. e. mainly by contractual partners of Controller who provide Controller with the performance during whose execution they may come into contact with personal data of data subjects (hereinafter only referred to as the ‘Processors’). With these Processors Controller concludes for purpose of thorough protection of personal data contracts on the processing of personal data in accordance with GDPR. In this context Controller cooperates with Processors such a companies which ensure for him security of buildings, provide IT services for him, etc.
1.7 Controller may process the provided personal data within the following scope:
a) the identification and address details serving for unambiguous and uninterchangeable identification of data subjects such as given name, surname, date of birth, academic title, address of the permanent residence, delivery or another contact address, e-mail address, Id. No, TIN;
b) other contact details such as telephone number or e-mail address, and also data on data subjects from social networks and other similar information;
c) the data processed under the consent of the data subject (processing of photographs, use of personal data for purposes of marketing communications, use of cookie files, etc., in the case if there is no legitimate interest of Controller);
d) other personal data such as bank account number, an image record from camera system, as well as other personal data of data subjects arising from a particular contract or generally binding legal regulation.
1.8 For the purpose of protection of Controller’s property, his staff, clients and associates of the company and for the purpose of increase of the security of persons image recording camera system storing records for 7 days is installed in Controller’s premises. The Controller’s premises which are monitored by the camera system are always marked with relevant information signs.
1.9 On the Controller’s side automated processing of personal data also occurs consisting of their use for the assessment of some personal aspects relating to a natural person, in the interest of personification of offers of Controller for those data subjects.
2. Rights of data subjects
2.1 Controller fully respects and observes all the rights of data subjects pursuant to GDPR (in particular Article 12 to 23 of GDPR) and other generally binding legal regulations.
2.1 A data subject is entitled to request from Controller:
2.2.1. access to personal data relating to the data subject;
2.2.2. their rectification or erasure;
2.2.3. restriction of the processing;
2.2.4. the right to raise an objection against the processing;
2.2.5. the right to data portability.
2.3 If a data subject gives his consent to Controller to the processing of his personal data he has the right to withdraw the consent at any time, specifically in the same form in which it was given.
2.4 A data subject has the right to lodge a complaint concerning the processing of his data by Controller to the Office for Personal Data Protection (www.uoou.cz).