INFORMATION ON THE PROCESSING OF PERSONAL DATA
Dear clients and business partners!
The aim of this document is to give you information about how we process your personal data.
We appreciate that you share your personal data with us, which we intend to protect to the highest degree possible. At the same time we try to be as transparent as possible in our relation to you, especially as to the manner how we treat your personal data.
Regarding the new legislation of the European Union, this information notice has been prepared to be in harmony with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDRP, General Data Protection Regulation).
If there are any questions concerning the processing of your personal data, do not hesitate to contact us under the email address firstname.lastname@example.org or under phone number +420571653990. In any case we may be contacted under our delivery address COMET SYSTEM, s.r.o., Bezručova 2901, 756 61 Rožnov pod Radhoštěm.
1. Controller of personal data
The controller is a person who, by himself, or in cooperation with others, determines in which manner the personal data will be processed.
The controller is the COMET SYSTEM, s.r.o. company having its head office at Bezručova 2901, 756 61 Rožnov pod Radhoštěm, its identification number being 60776846. The company is registered in the business register of the District Court in Ostrava under reference number C6795. The controller may be contacted under the following email address: email@example.com or under phone number +420571653990. No commissioner for personal data protection has been appointed.
2. Purpose of the processing of personal data
The controller processes the personal data:
a) to provide for concluding and subsequent performing the contractual bond between the controller and you (Article 6, Paragraph 1, Letter b) GDPR). Such a contractual bond necessitates fulfilling further legal duties. Thus the processing of personal data is necessary for compliance with the legal obligation to which the controller is subject (article 6, paragraph 1, letter b) GDPR).
b) to comply with marketing objectives. The controller tries to adapt the offer of his products and services, as well as his pertinent trade communications to your needs. The controller has to obtain your unambiguous consent for such kind of the processing of personal data (Article 6, Paragraph 1, Letter a) GDPR).
c) to protect his legitimate interests (Article 6, Paragraph 1, Letter f) GDPR).
Generally, providing the controller with personal data is a legal and contractual demand. For the disclosing of personal data for marketing objectives your consent is needed, because this activity does not constitute the performance of contractual or legal obligations of the controller. Refusal to give your consent for the processing of personal data for marketing objectives to the controller does not result in the controller’s rejection to provide you with his product or service on contractual basis.
3. What are your legitimate interests?
Moreover, personal data is processed by the controller for the protection of his legitimate interests. Legitimate interests of the controller are especially as follows: regular performance of all his contractual obligations, regular performance of all his legal duties, direct marketing, protection of the controller’s business and property and, last but not least, environmental protection and providing for sustainable development.
To ensure the highest degree possible of your privacy protection you are entitled to demand that your personal data be processed exclusively for the most serious legal reasons, or that your personal data be blocked. For your more rights concerning the processing of personal data see Article 10 of this document.
4. How has personal data been obtained?
Personal data has been obtained by the controller directly from you, mostly on the basis of completed forms, by means of direct communication or concluded contracts.
5. Which categories of personal data are processed?
To reach your satisfaction with the regular contract performance, to ensure the fulfilment of legal obligations and to ensure personalized offers of goods and services of the controller and to further purposes mentioned above the controller processes the following categories of personal data:
a) basic identification data: name, surname, address, identification number;
b) contact data: phone number and email address;
c) information originating from the mutual communication: information from emails, from the registration of phone calls or from contact forms.
6. What is the legal basis for the processing of personal data?
The legality of the data processing is established by Article 6, Par. 1 GDPR, according to which the data processing is lawful, if this is unavoidable for the contract performance, for the fulfilment of the controller’s juridical obligations, for the protection of the controller’s legitimate interests, or, if the processing takes place based on the consent you have given to us.
Furthermore, the data processing legality results among others form the following laws:
- Code No. 563/1991 Coll. on accountancy, according to which invoicing data is processed and
- Code No. 89/2012 Coll., Code of civil law, by means of which the controller protects his legitimate
- Code No. 235/2004 Coll. on value added tax.
7. Are we going to pass on the personal data to any other person?
Personal data may be only passed on to third persons if this is indispensable for executing orders or their contractual obligations (e.g. post and transportation services, or in the case that an order is delegated to a regionally competent contractual distributor).
Within the legal framework we have to furnish personal data to authorities of the state administration, e.g. to the tax administrator, to the court of justice, to criminal proceeding bodies (the criminal justice system) or to capital market inspection bodies.
8. Are we going to pass on personal data to a third country or to an international organisation?
We are not going to pass on personal data to countries outside the European Union and the European Economic Area or to any international organisation.
9. How long are we going to store personal data?
Personal data will be processed and stored at least for the contract validity period. Some personal data, e.g. that necessary for discharging tax or invoicing obligations will be stored for a longer time, as a rule for 10 years beginning with the year that follows after the inception of the storage necessity.
Personal data which is processed for marketing purposes on the basis of consent will be stored for an indefinite period of time or up to the withdrawal of the personal data consent.
When the filing time expires, the personal data will be destroyed safely and irrecoverably, so that it might not be misused.
10. What are your rights connected with the processing of personal data, can you enforce these rights?
The controller will do his best to process your personal data orderly and safely. In this paragraph your guaranteed rights are described, which can be enforced via the controller.
Particular rights can be enforced by sending an email to the firstname.lastname@example.org address or by calling phone number +420571653990. Moreover, you can apply for your rights by sending a written application to our mailing address at Bezručova 2901, 756 61 Rožnov pod Radhoštěm.
Any information and representations as to the rights claimed by you will be presented to you by the controller free of charge. Nevertheless, should the claim be evidently not acceptable or inadequate, particularly because of its repeating, the controller is entitled to charge a reasonable fee taking into consideration the administrative costs connected with the provision of the information requested. In the event of repeated requests to provide copies of the personal data processed the controller reserves for this reason the right to charge a reasonable fee taking into consideration the administrative costs thus arisen.
Representations and contingent information on accepted measures will be delivered to you by the controller as soon as possible, but in a month’s time at the latest.
You are entitled to claim the controller‘s information, whether your personal data is processed or not. In the case that it is processed, you will gain access to information on the goal of the processing, on the categories of the respective personal data, on the data recipients or recipient categories, as well as on the personal data storage time. You are entitled to obtain a copy of the personal data being processed.
You are entitled to get the personal data to be processed changed or completed by the controller.
In certain and determined events you are entitled to ask the controller to delete your personal data. This holds e.g. in the case that the personal data is no more necessary for the above mentioned purpose. When the time period of the data necessity elapses, the controller will delete the personal data automatically, but you can ask the controller any time to delete your personal data. In such a case your request is subject to the controller’s individual judgement, because the controller may be obliged or otherwise duly interested to keep your personal data. In any case you will be informed in detail about the settlement of your claim.
The controller will process your personal data to a degree which is inevitably necessary. Nevertheless, should you feel that the controller may perhaps exceed the limits of purpose for which the data is processed, you can claim that your personal data be processed exclusively for the most exigent legal reasons, or, as the case may be, that your personal data be blocked. Your request is then subject to individual judgement. In any case you will be informed in detail about the settlement of your request.
Should you find out, or should you suspect that the controller processes your personal data in contradiction to the fundamentals of the protection of your private and personal life or in contradiction to some regulations (provided that the personal data is processed by the controller on the basis of public or legitimate interest, or that the personal data is processed for the sake of the direct marketing), you may address the controller and ask him for explanation or removal of this objectionable state of affairs.
At any time you can appeal to the following supervisory body with you incentive or complaint concerning the processing of your personal data:
Úřad na ochranu osobních údajů (Office for Personal Data Protection), at Pplk. Sochora 27, 170 00 Praha 7, web site https://www.uoos.cz/.
At any time you are entitled to withdraw your consent to the processing of personal data by filling in the form, checking the appropriate box and sending it to the address of the controller’s office. Besides, you can make use of the link for the email communication.