Information on Processing of Personal Data

Dear customers and business partners,

This document contains basic information on how we process your personal data.

With regard to the new European Union legislation, this text was prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

To provide maximum clarity, the text is presented in the form of questions and answers.

The information will be presented in the following order:

1             Who is the personal data controller?

2             For what purpose do we need personal data?

3             What are our legitimate interests?

4             How were personal data obtained?

5             What personal data categories are processed?

6             What is the legal basis for the processing of personal data?

7             Will we transfer the personal data to someone else?

8             Will we transfer the personal data to a third country or international organization?

9             How long will we retain the personal data?

10           What are your rights relating to processing of personal data and how can you exercise them?

10.1       Right of information about the processing of your personal data

10.2       Right of access to personal data

10.3       Right to rectification

10.4       Right to erasure (right to be forgotten)

10.5       Right to restriction of processing

10.6       Right to data portability

10.7       Právo Right to object and automated individual decision-making

10.8       Right to file a complaint with the Office for Personal Data Protection

10.9       Right to withdraw consent

11           Are personal data automatically assessed?

12           The company reserves the right to update this document

 

We present to you basic information that we are obliged to provide as a personal data controller.

If case you have any questions regarding the processing of your personal data, please do not hesitate to contact us using the following contact information: Ing. Miroslav Ulrich, email: gdpr@farmak.cz.

1.     Who is the personal data controller?

The personal data controller is the person who, alone or together with others, determines the purposes and decides how the personal data will be processed.

The personal data controller is the company FARMAK, a.s. The controller can be contacted using the email address gdpr@farmak.cz.
2.    For what purpose do we need personal data?

The controller processes personal data to:

  • ensure the conclusion and subsequent fulfilment of the contractual obligation between the controller and you (Article 6 (1) (b) GDPR). Further legal obligations arise from such a relationship and the controller therefore must also process personal data for that purpose (Article 6 (1) (c) GDPR);
  • protect its legitimate interests (Article 6 (1) (f) GDPR), which is the offer of products and services.

The provision of personal data to a personal data controller is generally a legal and contractual requirement. Your consent is required in case of provision of personal data for potential marketing purposes, which does not constitute contractual fulfilment and legal obligations for the controller. If you do not provide your consent to the controller to process your personal data for marketing purposes, it does not mean that the controller will consequently refuse to provide its products or services under a contract.

3.    What are our legitimate interests?

The controller also processes personal data to protect its legitimate interests. The legitimate interests of the controller are, in particular, the proper fulfilment of all contractual obligations of the controller, the proper fulfilment of all legal obligations of the controller, direct marketing, the protection of the controller’s business and property, and also the protection of the environment and ensuring sustainable development.

To ensure maximum protection of your personal data, you have the right to object that your personal data be processed solely for the necessary legal obligations or that your personal data be blocked. More information on your rights relating to processing of personal data is included in Article 11 of this text.

4.    How were personal data obtained?

The controller obtained your personal data directly from you, especially from filled in forms, mutual communication or concluded contracts.

In addition, personal data may also originate from publicly available sources, registers and records, for example the Commercial Register, the Debtors Register, professional registers, or the Land Registry.

The controller may have additionally acquired personal data from third parties who are authorized to access and process your personal data and with whom the controller cooperates, or also from information available on social sites and the internet you have disclosed yourself.

5.    What personal data categories are processed?

In order to ensure your satisfaction relating to proper fulfilment of our obligations, to ensure the fulfilment of legal obligations, to ensure personalized offers of goods and services of the controller and for other already mentioned purposes, the controller processes the following categories of personal data:

  • basic identification data: name and surname;
  • contact details: phone number and e-mail address;
  • invoicing data: address, bank account, etc.

In case of employees (or job seekers), the controller may process the following categories of personal data:

  • Identification and contact details : name, surname, date and place of birth, marital status, birth registration number, title, nationality, address, telephone number, signature, etc.;
  • Additional personal data : education, foreign language skills, professional qualifications, knowledge and skills, number of children, portrait photographs, military service, previous employment, health insurance, membership in organizations, criminal record, etc.;
  • Economic data: bank account number, salary, executions, taxes, etc.;
  • Work data: job category and position, job records, workplaces, job evaluations, professional awards, etc.;
  • Operating and location data: typically data from electronic systems relating to the specific data subject, for example electronic communication data, use of a business telephone, CCTV footage, etc.;
  • Information on the subject’s activities: information on participation in fairs and conferences, involvement in projects, data on business trips, etc.;
  • Information about another person: address and identification data of a family member, spouse, child, partner, etc.;
  • Special categories of personal data: sensitive personal data relating to health information, etc.

6.    What is the legal basis for the processing of personal data?

The legality of processing of personal data is given by Article 6 (1) of the GDPR, which defines the processing as lawful if it is necessary to fulfil the contract, in order to fulfil the legal obligation of the controller, to protect the legitimate interests of the controller, or the processing takes place on the basis of the consent that you have granted.

7.    Will we transfer the personal data to someone else?

Your personal data is available to our employees and in necessary cases to the following collaborators and co-operating companies, particularly:

SW providers: ALTEC a.s., ESKON s.r.o., FOFRNET spol. s r.o.

Consulting and external training:  G. M. PROJECT, s. r. o., Brokl Consulting s.r.o., PRAGOEXPORT a.s., Ing. Milan Pastorčák

Catering services: FARMAK – GASTRO s.r.o.

Other service providers: BPSA s.r.o., NZ SERVIS, spol. s r. o.

We have a valid contract with all these collaborators and businesses that obliges them to handle and transfer personal data as required by the GDPR and only in the necessary extent.

We are also obliged to provide personal data within legal obligations to state authorities, such as tax controllers, courts, law enforcement agencies or capital market authorities.

8.    Will we transfer the personal data to a third country or international organization?

We will not transfer personal data to countries outside the European Union or the European Economic Area.

9.    How long will we retain the personal data?

  • Personal data will be processed and retained for at least the duration of the contract. Some personal data needed for example for billing and tax obligations will be retained longer, usually 10 years from the year following the creation of the retained fact, but are always kept by the controller in compliance with the internal document Document Management and Destruction Rules, which can be provided on request.
  • Personal data that are important to pursue legitimate interests of the controller will usually be kept for 5 years from the conclusion of the contractual relationship with the controller, but are always kept by the controller in compliance with the internal document Document Management and Destruction Rules, which can be provided on request.
  • Personal data will never be retained longer than the maximum legal period. After the archiving period has passed, which is in compliance with the internal document Document Management and Destruction Rules, which can be provided on request, the personal data will be irrevocably destroyed so that they cannot be misused.

10.     What are your rights relating to processing of personal data and how can you exercise them?

The controller strives to process your data in a proper and especially safe manner. The rights described in this article are guaranteed and may be exercised at the personal data controller.

You can exercise individual rights by sending an e-mail to gdpr@farmak.cz. You can also exercise your rights in a written request sent to our mailing address or to a data mailbox.

All communications and statements concerning your rights are provided by the controller free of charge. However, if the request is evidently unreasonable or inappropriate, in particular if repeated, the controller is entitled to charge a reasonable fee reflecting the administrative costs associated with the provision of the required information. In case of a repeated request for the provision of copies of the processed personal data, the controller reserves the right to charge a reasonable fee for administrative costs.

The statement and possible information on the taken measures will be provided to you by the controller as soon as possible, but not later than in one month. The period may be extended by the controller to two months if necessary, particularly in complex cases and in case of a large number of requests. The controller will inform you about the extension and the reasons for the extension.

10.1    Right of information about the processing of your personal data

You have the right to request information from the controller about whether personal data are processed or not. When personal data are processed, you are entitled to request information from the controller, in particular, about the identity and contact details of the controller, of his/her deputies and representatives and, where applicable, of the personal data protection officers, about the processing purposes, categories of personal data concerned, recipients or categories of recipients of personal data, controllers, overview of your rights, about the possibility to contact the Office for Personal Data Protection, about the source of processed personal data and about automated decision making and profiling.

If the controller would like to continue processing your personal data for a purpose other than the one for which it was obtained, he/she will provide you with information about that other purpose and other relevant information before further processing.

The information provided to you under this right is already contained in this text. This does not prevent you from requesting it again.

10.2    Right of access to personal data

You are entitled to request information from the controller about whether or not your personal data are processed and if they are, you have access to information about the purposes for the processing, categories of personal data concerned, recipients or categories of recipients, the retention time of personal data, information on your rights (the right to rectification and erasure, limitation of processing, raising objection to such processing), the right to file a complaint to the Office for Personal Data Protection, information about the source of personal data, information on whether automated decision making and profiling is used, information about the used procedures and the significance as well as impacts of such processing for you, information and guarantees in the case of transfer of personal data to a third country or international organization. You have the right to be provided copies of the processed personal data. The right to obtain this copy, however, must not negatively affect the rights and freedoms of other persons.

10.3    Right to rectification

If there has been a change on your part, for example, a change of address, telephone number, or other personal identification information, you have the right to request the controller to rectify the processed personal data. In addition, you have the right to complete incomplete personal data, also by providing an additional statement.

10.4    Right to erasure (right to be forgotten)

In specific given cases, you have the right to require the controller to erase your personal data. These cases include, for example, that the processed data are no longer needed for the above mentioned purposes. The controller will automatically erase your personal data after the necessary period, but you can always send your request to the controller at any time. Your request is then subject to an individual assessment (in spite of your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data) and you will be informed in detail of your request.

10.5    Right to restriction of processing

The controller processes your personal data only in the necessary extent. However, if you believe that the controller, for example, exceeds the above-defined purposes for which personal data are processed, you can request that your personal data be processed solely for the most necessary legal reasons or that your personal data be blocked. Your request is then subject to individual assessment and you will be informed in detail about the decision.

10.6    Right to data portability

If you want the controller to provide your personal data to another controller, resp. another company, the controller will transfer your personal data in an appropriate format to the subject you will specify unless the controller is prevented from doing so by a legal or other significant obstacle.

10.7    Right to object and automated individual decision-making

If you discover or only suspect that the controller is processing your personal data in violation of your private and personal life or legal obligations (provided that the controller processes the data based on a public or legitimate interest or for direct marketing, including profiling, or for statistical purposes, or for scientific or historical purposes), you can contact the controller and request him/her to explain or rectify the resulting unsatisfactory situation.

If you object to processing of your personal data for direct marketing purposes, we will no longer process your personal data for this purpose.

You can also directly object to automated decision making and profiling.

10.8    Right to file a complaint with the Office for Personal Data Protection

At any time, you have the right to file a complaint or inquire regarding the processing of your personal data to the supervising authority which is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website https://www.uoou.cz/.

10.9    Right to withdraw consent

You have the right to withdraw the consent you have granted for processing of your personal data at any time by sending the withdrawal to the address of the controller.

11.    Are personal data automatically assessed?

Personal data are not automatically assessed and therefore cannot be used for profiling or automatic decision making in the controller’s marketing activities.

12.    The company reserves the right to update this document

The company reserves the right to update the document Information on processing of personal data and will make the previous version available on request.

In Olomouc, May 25, 2018

Tento web používá k poskytování služeb a analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Více informací zde. rozumím