Declaration on processing of personal data according to the Regulation of the European Parliament and the EU Council. 2016/679 Regarding – protection of natural persons in connection with the processing of personal data and instructing data subjects hereinafter referred to as (‘GDPR’)
Personal data administrator: AR Brno, spol. s r.o., IČO: 25317903, with its registered office at Nádražní 1240, 671 72, Miroslav. The Company hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.
The range of processing personal data: personal data shall be processed to the extent that the data subject has provided it to the controller in connection with the conclusion of a contractual or other legal relationship with the controller or collected by the controller otherwise and processed in accordance with applicable law or to fulfill the statutory duties of the administrator.
Sources of personal data
Directly from data subjects (e-mails, telephone, website, web contact form, business cards, etc.)
Publicly accessible registers, lists and records (eg business register, trade register, real estate register, etc.) for the purpose of creating accounting documents and checking the correctness of information
Categories of personal data that are subject to processing
Address and identification data used for unambiguous and unmistakable identification of the data subject (eg. name, surname, title, possibly birth number, date of birth, permanent address, identification number, VAT number) and data enabling contact with the data subject (contact details – eg. contact address, phone number, email address, and other similar information)
Descriptive data (eg bank details)
Other data necessary for performance of the contract
Data provided in addition to the relevant laws processed within the consent of the data subject (processing of photographs, use of personal data for the purpose of personnel management, for the purpose of sending commercial or information messages, etc.)
Categories of data subjects
Client manager
Employee manager
Service provider
Another person who is in contractual relationship with the trustee
Job applicant
Categories of recipients of personal data – the controller does not intend to transfer personal data to a third country outside the EU; Otherwise, the data subjects will be fully informed of this transfer. The categories of beneficiaries are therefore:
Financial institutions
Public institutes
Processor
State and other bodies within the fulfillment of legal obligations stipulated by the relevant legal regulations
Purpose of personal data processing
Purposes contained in the data subject’s consent
Contractual relationship negotiations
Performance of the contract
Protection of the rights of the controller, the consignee or other persons concerned
Archiving under the law
Selection procedures for vacancies
Fulfillment of legal obligations by the administrator
The protection of the vital interests of the data subject
The transmission of commercial communications or other information in the case of legitimate interests of the controller
Method of processing and protection of personal data – processing of personal data is carried out by the controller. The processing is carried out in its premises, branches and the headquarters of the administrator by individual authorized employees of the administrator. processor. The processing takes place in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical, organizational and legal measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transmission, unauthorized processing and other misuse of personal information. All entities to whom personal data may be disclosed respect the right of data subjects to the protection of privacy and freedoms and are obliged to comply with the applicable legislation on the protection of personal data.
Period of processing of personal data – in accordance with the deadlines specified in the respective contracts and consents, the deadlines prescribed for handling in the case of legitimate interests of the controller or third party, in the relevant legislation this is the time necessary to safeguard rights and obligations under both and relevant legislation.
10)The controller processes the data with the data subject’s consent, except in cases where the processing of personal data does not require the data subject’s consent, ie when there is another legal basis for the purpose of the processing. In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:
Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
Processing is necessary to fulfill the legal obligation applicable to the controller,
Processing is necessary for the protection of the vital interests of the data subject or of another natural person,
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority by the controller,
Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests.
11)Data subjects’ rights
In accordance with Article 12 of the GDPR, the controller shall, at the data subject’s request, inform the data subject of the right of access to personal data and the following information:
The purpose of processing,
The category of personal data affected,
Recipients or categories of recipients to whom personal data have been or will be disclosed,
The planned period for which personal data will be stored,
All available information about your personal information source,
If not obtained from the data subject, whether automated decision-making, including profiling, takes place.
The administrator has the right to demand adequate compensation not exceeding the costs necessary for providing the information for the provision of information, for the second and every other copy within the administrative costs associated with this.
Any data subject who discovers or considers that the controller or processor is processing his or her personal data that is contrary to the protection of the private and personal life of the data subject or to the law, in particular if personal data are inaccurate for the purpose of their Processing, can:
Ask the administrator for an explanation.
Require the administrator to remedy this. In particular, it may be blocking, correcting, supplementing or deleting personal data.
If the data subject’s request under paragraph A is found justified, the controller shall immediately remedy the defective condition.
If the controller fails to comply with the data subject’s request pursuant to paragraph A., the data subject shall have the right to contact the supervisory authority directly, ie the Office for Personal Data Protection.
The procedure under paragraph A. shall not preclude the data subject from contacting the supervisory authority directly.
The data subject shall have the right to revoke the consent to the processing of personal data previously granted to the personal data controller.
The rights of data subjects are therefore: to exercise the right to rectification, to erase, to forget, to limit processing. Furthermore, the right to data portability where technically or organizationally feasible.