STATEMENT OF PERSONAL DATA PROCESSING
Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) – hereinafter reffered to as “GDPR”.
I. Personal Data Administrator
SVCS Process Innovation s.r.o., ID: 27711170, VAT no. CZ27711170, registered in the Commercial Register by the Brno Regional Court in Czech Republic, Section C, Insert 53803.
Contact address regarding personal data protection:
Phone number: +420 517 070 010
Hereinafter reffered to as “the Administrator” hereby informs you about the processing of your personal data and your rights, in accordance with Article 12 of the GDPR Regulation.
II. The scope of personal data processing
Personal data are processed in the range in which a relevant Data subject has provided them to the Administrator, in connection with the conclusion of a contractual or other legal relationship with the Administrator, or which the Administrator has collected differently and processes them in accordance with applicable law, to fulfill the legal obligations of the Administrator or the legitimate interests of the Administrator.
In particular, the legitimate interests of the Administrator for the processing of personal data are:
Health protection and property protection of the Administrator and employees of the Administrator on the premises of the Production plant: Zámecká 133, 757 01 Valašské Meziříčí, Czech Republic.
III. Personal data sources
Directly from the data subjects (filling in the contact form, e-mails, websites, business cards, video recordings, etc.) publicly accessible registers, lists and records.
IV. Categories of personal data subject to processing
• Identification data for unambiguous and unmistakable identification of the data subject (e.g. name, surname, title, company name, ID, VAT no.) and data allowing contact with the data subject (e.g. contact address, phone number, fax number, email address)
• Descriptive data (e.g. bank details)
• Other data necessary for performance of the contract
• Time-limited video recording from CCTV
• Data provided in excess of the applicable laws processed within the data subject’s consent
V. Data subject categories
• Customer / potential customer manager Supplier / partner providing service to the administrator
• Another person who is contractually bound to the controller
• Job applicant
VI. Purpose of personal data processing
• Purposes contained in the data subject’s consent
• Negotiating a contractual relationship
• Performance of the contract
• Protection of the rights of the administrator, the recipient or other persons concerned law-based archiving
• Job vacancies compliance with legal obligations by the controller
• Protecting the health and property of the administrator and the administrator’s staff
• Additional purpose directly related to the original purpose for which the personal data were collected
VII. Method of processing and protection of personal data
The processing of personal data is done by the administrator, resp. a processor with whom the administrator has a contract that guarantees that all responsibilities in the processing of personal data and the rights of the data subject will be respected.
Processing is carried out at the registered office and at the production plant premises of the administrator, resp. the processor. Processing is done by computer technology or manually in case of the personal data exists in paper form. This is done under all security policies for the management and processing of personal data.
VIII. Duration of processing of personal data
We will process and store your data for the duration of the contractual relationship and subsequently for a reasonable period to protect the rights, claims for defective performance or liability for the damage caused, resp. the time period for which is their retention given by valid legislation of the Czech Republic.
IX. Letter of Rights
The administrator process the data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.
In accordance with Article 6 §1 of the GDPR, the administrator may process data without the data subject’s consent if:
• Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject
• Processing is necessary to fulfill the legal obligation applicable to the controller
• Processing is necessary to protect the vital interests of the data subject or other natural person
• Processing is necessary for the performance of a task performed in the public interest or in the exercise of official authority entrusted to the administrator
• Processing is necessary for the purposes of the legitimate interests of the relevant administrator or third party, except those cases where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data to prevail over those interests.
You may withdraw your consent for the processing of personal data at any time by sending an email to: email@example.com. However, we would like to draw your attention to the fact that personal data that are necessary for the proper provision of the service, resp. to fulfill all our obligations, whether these obligations arise from a contract between us or from generally binding legal regulations, we have to process, regardless of your consent, for a period of time given by applicable law or in accordance with them, even after the withdrawal of your consent.
X. Rights of Data Subjects
1) In accordance with Article 12 of the GDPR, the administrator informs the data subject by the data subject about the right for access to personal data and the following information (Recitals 63, 64 and Article 15 of the GDPR):
• The purpose of the processing
• The category of concerned personal data
• The recipients or categories of recipients to whom the personal data has been made or will be made available
• The scheduled time for which the personal data will be stored
• All available information about the personal data source
• Whether there is automated decision making in place, incl. profiling
2) Any data subject who discovers or believes that the administrator or processor is processing his or her personal data that is contrary to the privacy of the data subject or is contrary to law, particularly where personal data are imprecise with the purpose of their processing may:
• Ask the administrator for an explanation
• Require the administrator to remove the condition that arises. Particularly, it has the right to object (Recitals 69, 70 and 21 of the GDPR), the right to limit processing (Recital 67 and Article 18 of the GDPR), the right to make corrections (Recital 65 and Article 16 of the GDPR), adding or deleting personal data (Recitals 65, 66 and Article 17 of the GDPR) in certain cases.
• If the data subject’s request under §1 is found justified, the administrator is to remove the defective status immediately
• If the administrator does not comply with the data subject’s request under §1 or §2, the data subject has the right to contact the supervising authority directly, i.e. the Office for Personal Data Protection.
• The procedure under §1 and/or §2 does not preclude the data subject from addressing the supervising authority directly.
Pursuant to Article 12, §3 of the GDPR, the administrator is obliged to provide, at the request of the data subject under Articles 15 to 22 of the GDPR, the information of the measures taken without undue delay and in any case within one month of receiving the request (Article 14, §3).
This period may be extended for another two months if necessary considering the complexity and number of applications. The administrator is obliged to inform the data subject about such an extension within one month of receiving the request, together with the reasons for the delay.
If the administrator has doubts about the identity of the person who is requesting the information, he may proceed under Article 12, §6 of the GDPR, i.e. he may request the provision of additional information necessary to confirm the identity of the data subject (who submits the request).
The Administrator shall be entitled to request reasonable reimbursement for providing the information, not exceeding the costs necessary to provide the information.
Download GDPR document in English and Czech language: SVCS_GDPR_EN, SVCS_GDPR_CZ