CZ EN RU

Information on the processing of personal data

Dear customers and business partners, 

This document contains basic information on how we process your personal data. 

Because of the new legislation of the European Union, this text was prepared in accordance with the Regulation of the European Parliament and the Council (EU) 2016/679 dated April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and to cancel Directive 95/46/EC (GDPR).          

For the sake of clarity, the text is processed in the form of questions and answers. 

 

The information is in the following order:

1     Who is the Controller of personal data?

2     For what purpose do we need personal data? 

3     What are our legitimate interests?

4     How has personal data been collected?

5     What categories of personal data are processed?

6     What is the legal basis for the processing of personal data?

7     Will we pass on personal data to someone else?

8     Will we transfer personal data to a third country or an international organization? 

9     How long will we store personal data for?

10     What are your rights related to the processing of personal data and how can you exercise them?  

10.1     Right to information about the processing of your personal data.  

10.2     Right of access to personal data.  

10.3     Right of repair. 

10.4     Right of erasure (right to be forgotten). 

10.5     Right to restrict processing. 

10.6     Right to data portability. 

10.7     Right to object and automated individual decision making. 

10.8     Right to lodge a complaint with the Office for Personal Data Protection. 

10.9     Right to withdraw consent.

11      Is personal data evaluated automatically?

12     The company reserves the right to update this document. 

 

We provide you with the basic information that we, as a personal data Controller, are required to provide.

If you have any questions regarding the processing of your personal data, please do not hesitate to contact the following contact for information: Ing. Miroslav Ulrich, e-mail: gdpr@farmak.cz  

 

1     Who is the Controller of personal data?
The controller is the subject who, alone or together with others, determines the purposes for which personal data will be processed and decides how this will be done.

The Controller of personal data is the company FARMAK, a.s. The Controller can be contacted at the email address gdpr@farmak.cz.  
 

2     For what purpose do we need personal data?
The Controller processes personal data to: 

  • ensure the conclusion and subsequent fulfilment of a contractual obligation between the Controller and you (Article 6(1), letter b) of the GDPR). Such a relationship entails additional legal obligations and the Controller must also process personal data for this purpose (Article 6(1), letter c) of the GDPR);    

  • protect his legitimate interests (Article 6(1), letter f) of the GDPR), which are the supply of products and services. 

Providing personal data to the Controller is generally a legal and contractual requirement. You are required to consent to the provision of personal data for potential marketing purposes, which does not constitute a contractual and legal obligation to the Controller. Failure to provide your Controller with permission to process personal data for marketing purposes does not mean that the Controller will consequently refuse to provide you with your product or service under contract. 



3     What are our legitimate interests?
Personal data is also processed by the Controller to protect his legitimate interests. The legitimate interests of the Controller are, in particular, the proper fulfilment of all of the Controller's contractual obligations, the proper fulfilment of all the Controller's statutory obligations, direct marketing, protection of the Controller's business and property, and, last but not least, environmental protection and ensuring sustainable development.

In order to protect your privacy as much as possible, you have the right to request that your personal data is processed solely for the strictest legal reasons or to block your personal data. You can read more about your rights regarding the processing of personal data in Article 11 of this document.    
 

4     How has personal data been collected?
The Controller has obtained personal data directly from you, especially from completed forms, mutual communication, or from concluded contracts.    

In addition, personal data may also come from publicly available sources, registers, and records, such as the Commercial Register, the Debtors’ Register, Professional Registers, or the Land Registry.    

In addition, the Controller may have obtained personal data from third parties authorized to access and process your personal data that he cooperates with, as well as from social networks and information on the internet that you yourself have disclosed there.        
 

5     What categories of personal data are processed?
To ensure your satisfaction with the due fulfilment of our commitment, to ensure compliance with legal obligations, to provide a personalized offer of the goods and services of the Controller, and for other purposes listed above, the Controller processes the following categories of personal data:     

  • basic identification data: name and surname; 

  • contact details: telephone number and email address; 

  • invoice data: address, bank account, etc. 

For employees (or jobseekers), the Controller may process the following categories of personal data: 

  • Identification and contact data: name, surname, date and place of birth, marital status, social security number, title, nationality, address, telephone number, signature, etc.;  

  • Descriptive data: education, foreign language knowledge, professional qualifications, knowledge and skills, number of children, photographic portraits, military service, previous employment, health insurance company, membership of interest organizations, a clean criminal record, etc.;  

  • Economic data: bank account, wage, distraint, taxes, etc.;

  • Occupational data: job title and position, records of work and work activities, workplace, performance review, awards, etc.;   

  • Operational and location data: typically data from electronic systems related to a particular data subject, e.g. data on electronic communication, use of a company telephone, CCTV recordings, etc.;     

  • Data on the subject's activities: data on participation in fairs and conferences, involvement in projects, data on business trips, etc.;      

  • Data on other persons: address and identification details of a family member, spouse, child, partner, etc.;  

  • Special categories of personal data: sensitive personal data regarding health condition, etc.  

 

6    What is the legal basis for the processing of personal data?
The lawfulness of processing is determined by Article 6(1) of the GDPR, according to which processing is lawful if necessary for the performance of a contract, the fulfilment of the Controller's legal obligations, the protection of the Controller's legitimate interests, or processing under the consent you have given to us. 
 

7    Will we pass on your personal data to someone else?
Your personal data can be accessed by our staff and in necessary cases some of our partners and cooperating companies, which include, in particular:

SW providers: ALTEC a.s., ESKON s.r.o.

Advisers and external trainers: Brokl Consulting s.r.o. 

Catering services: FARMAK – GASTRO s.r.o.

Providers of other services: NZ SERVIS, spol. s r. o.

We have contracts with all of these partners and cooperating companies, which obliges them to handle the personal data they receive as required by the GDPR and only to the extent that is strictly necessary.      

We also need to disclose personal data to government authorities, such as tax administrators, courts, law enforcement subjects, or capital market supervisors, as part of our legal obligations.  
 

8    Will we transfer personal data to a third country or an international organization? 
We will not pass on personal data to countries outside the European Union or the European Economic Area. 
 
 

9    How long will we store personal data for?
Personal data will be processed and stored at least for the duration of the contract. Some personal data needed e.g. for tax and invoice obligations will be kept longer, usually for 10 years starting from the year following the occurrence of the facts that are stored, but always kept by the Controller in accordance with the internal document Filing and Shredding Rules provided to you upon request.       

Personal data that is important for the legitimate interests of the Controller will generally be kept for five years from the end of the contractual relationship with the Controller, but will always be kept by the Controller in accordance with the internal document Filing and Shredding Rules, which will be provided to you upon request.       

Personal data will never be stored for longer than the legal maximum. Upon the expiration of the archiving period, which is in accordance with the internal document Filing and Shredding Rules, which we will provide to you upon request, personal data will be safely and irrevocably destroyed so that it cannot be misused.      
 

10     What are your rights related to the processing of your personal data and how can you exercise them?
The Controller wants your data to be processed properly and, above all, safely. You are guaranteed the rights described in this article, which you may exercise with the Controller.   
Individual rights can be claimed by sending an email to gdpr@farmak.cz. You can also exercise your rights by a written request to our mailing address or data box.

All communications and statements on the rights you exercise are provided by the Controller free of charge. However, should the request be manifestly unfounded or disproportionate, in particular because it would be repeated, the Controller shall be entitled to charge a reasonable fee, taking into account the administrative costs involved in providing the information requested. In the event of repeated application of a request to provide copies of processed personal data, the Controller reserves the right to charge a reasonable fee for administrative costs for this reason.      

The Controller will provide you with comments and, if necessary, information on the measures taken, as soon as possible, and no later than within one month. The Controller is entitled to extend the deadline by two months, if necessary and in view of the complexity and number of requests. The Controller will inform you about the extension, including the reasons.        
 

10.1     The right to information about the processing of your personal data
You are entitled to request from the Controller whether your personal data is being processed or not. If personal data is processed, you are entitled to demand from the Controller information about the identity and contact details of the Controller, his agent and, possibly, an officer for the protection of personal data, the purposes of the processing, the categories of personal data in question, the recipients or categories of the recipients of personal data, on legitimate controllers, on the list of your rights, about the possibility of contacting the Office for Personal Data Protection, about the source of the processed personal data, and about automated decision making and profiling.

If the Controller intends to process your personal data further for a purpose other than that for which it was collected, he will provide you with information about that other purpose and other relevant information before further processing.  

The information provided to you under the exercise of this right is contained herein. However, this does not prevent you from requesting it again.   
 

10.2     Right of access to personal data
You are entitled to ask the Controller whether your personal data is being processed or not and if so, you have access to information on the purposes of processing, categories of personal data concerned, recipients or categories of recipients, and personal data retention period, information about your rights (rights to request rectification or erasure from the Controller, processing restrictions, objections to such processing), the right to file a complaint with the Office for Personal Data Protection, information about the source of personal data, information on whether automated decision making and profiling are used, and information regarding the process used for this purpose, as well as the significance and anticipated consequences of such processing for you, and information and guarantees in the event of a transfer of personal data to a third country or international organization. You have the right to receive copies of the processed personal data. However, the right to obtain such a copy shall not adversely affect the rights and freedoms of others.  
                    
 

10.3    Right of rectification
If, for example, there has been a change of residence, telephone number, or other fact that can be considered a part of personal data, you have the right to request the Controller to correct the personal data that is processed. In addition, you have the right to amend incomplete personal data, including by providing additional statements. 
     
 

10.4    Right of deletion (right to be forgotten)
In certain specified cases, you have the right to request that the Controller delete your personal data. Such cases include, for example, the fact that the data that has been processed is no longer needed for the above purposes. The Controller automatically deletes personal data after the expiry date, but you can contact him at any time. Your application is then subject to an individual assessment (despite your right to delete, the Controller may have an obligation to keep your personal data or a legitimate interest in doing so) and you will be informed in detail about its processing. 
       
 

10.5    Right to Restrict Processing
The Controller processes your personal data only to the extent that is strictly necessary. However, if you feel that the Controller, for example, has gone beyond the above purposes for which the personal data is processed, you can request that your personal data be processed solely for the strictest legal reasons or that your personal data be blocked. Your application is then subject to an individual assessment and you will be informed in detail about its processing. 
   
 

10.6     Right to data portability
If you wish the Controller to provide your personal data to another controller, or to another company, the Controller will transfer your personal data in an appropriate format to the entity designated by yourself, provided that no legal or other significant obstacles prevent it. 
  
 

10.7     The right of objection and automated individual decisions
If you discover or just believe that the Controller is processing personal data in conflict with the protection of your private and personal life or in conflict with the law (assuming that the personal data is processed by the Controller on the basis of public or a legitimate interest, or is processed for direct marketing purposes, including profiling, or for statistical purposes or for the purposes of research or historical interest), you can ask the Controller to explain or to rectify the defective situation.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for that purpose.

You can also object directly to automated decision making and profiling.  
 

10.8     Right to lodge a complaint with the Office for Personal Data Protection
You may, at any time, submit a complaint or query regarding the processing of personal data to the supervisory authority, i.e. the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, https://www.uoou.cz/. 
        
 

10.9    Right to Revoke Consent
You have the right to revoke your consent to the processing of your personal data at any time by sending an appeal to the address of the Controller.   

 

11     Is personal data evaluated automatically?
Personal data is not evaluated automatically and cannot be used for profiling or automatic decision making in the area of ​​the marketing activities of the Controller.   
 

12    The company reserves the right to update the document
The company reserves the right to update the text of the document Information on the processing of personal data and previous versions can be provided on request. 
      

 
 

Olomouc, 25 May 2018