Conditions of personal data protection
If you are our customer, you are giving us your personal information. We are responsible for its protection and security. Please be aware of these terms and conditions of personal data relating to the validity and effectiveness of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR “) which the company DT – EXPERT sro, with registered office at Pražská 1430/34, Praha 10, Hostivař, company ID: 25094254, must adhere to.
Personal data within GDPR is defined as all information about an identified or identifiable person (“data subject”), an identifiable person is a person that can be directly or indirectly identified, in particular by reference to a particular identifier such as name, identification number, a network identifier, or one or more specific elements of that physical, physiological, genetic, economic, cultural or social identity.
Processing means any operation or set of operations with personal data or personal data files that is performed by or without automated procedures such as collecting, recording, structuring, storing, altering, searching, inspecting, using, disseminating, or any other type of disclosure, combining, restricting or deleting.
1. Who is the Privacy Controller?
DT – EXPERT s.r.o., with its registered office at Pražská 1430/34, Praha 10, Hostivař, ID: 25094254 (hereinafter referred to as “Company” or “Administrator”) is the administrator of the personal data. In the Company, Mr. Pavel Dyba is the person responsible for the personal data protection, email: firstname.lastname@example.org, phone: +420 272 011 190.
Inquiries regarding the processing of personal data can be addressed to the Company or person responsible for the protection of personal data.
2. Sources and categories of processed personal data
The Company processes the personal data you have provided to it on the basis of your order. The company processes only your identification, contact details and data necessary for the performance of the contract.
3. Legal title and purpose of processing of personal data
The Company processes from legal titles under Article 6 (1) b) and c) fulfillment of the contract between you and the Company and fulfilment of the legal obligations of the Company. The purpose of the processing is to record the contractual party, to communicate with it, to perform the contract and also to fulfill all statutory tax and accounting obligations.
4. Method of processing and securing personal data
The administrator handles your personal data automatically and manually. The administrator keeps records of all activities, processing both manual and automated personal data.
The administrator does not transfer personal data outside of the Czech Republic.
Activities related to personal data and its protection The Administrator duly documents, for example, records of processing activities and other documents on the processing of personal data for the fulfillment of the GDPR liability principle.
The Company is always taking technical and organizational measures to protect personal data and sufficiently and provides protection against unauthorized disclosure.
The administrator processes the personal data for the duration of the contract. Subsequently, all personal data will be destroyed.
5. Information on the rights of data subjects:
Every identifiable person, as a personal data subject demonstrating identity, has the following rights:
(a) Right of access to personal data.
This includes the right to obtain from the Administrator:
- confirmation that it processes personal data,
- information about the processing purposes, categories of personal data concerned, recipients to whom personal data has been or will be made available, the scheduled processing time, the existence of the right to request from the Administrator the correction or deletion of personal data relating to the data subject or limitation of their processing or objection to such processing , the right to file a complaint with the Supervisory Authority, any available information about the source of personal data, if it is not obtained from the data subject, the fact that automated decision making, including profiling, appropriate safeguards for data transfers outside the EU.
- In the event that the rights and freedoms of others are not adversely affected, as well as a copy of personal data.
The above information and communication requested by the Data Entity shall be provided by the Administrator free of charge. In cases of a repeated request, the Administrator will be entitled to charge a reasonable fee for a copy of his / her personal data. The right to confirmation of the processing of personal data and information can be applied for by e-mail to the above-mentioned e-mail address of the Administrator.
(b) Right to correct inaccurate data
The data subject has the right to correct inaccurate personal data that the Administrator will process.
(c) Right of destruction/delete
The data subject has the right to destroy/delete personal data concerning him/her if the Administrator does not prove legitimate reasons for processing this personal data. The Right to delete/destroy personal data may be applied by the Data Entity via e-mail to the above-mentioned e-mail address of the Administrator. Any deletion by the Administrator shall be effected by the Administrator without delay, no later than 30 days after the client´s request.
(d) Right to limit processing
The data subject has the right to limit the processing until he / she resolves the complaint if he / she disputes the accuracy of the personal data, the reasons for the processing, or if he / she objects to their processing, by e-mail to the above mentioned e-mail address of the Administrator.
(e) Right to notify correction, deletion/destruction or limitation of processing
The data subject has the right to notify the Administrator in the event of a correction, deletion/destruction, or limitation of the processing of personal data.
(f) Right to the transference of personal data
The data subject has the right to transfer the data relating to him/her and which he/she has provided to the Administrator in a structured, commonly used and machine-readable format, and the right to request the Administrator to transfer the data to another Administrator. In the event that the action of this right could adversely affect the rights and freedoms of third parties, the data subjects’ requests cannot be met.
(g) Right to withdraw consent to the processing of personal data
(h) Automated individual decision making including profiling
The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, or have been significantly affected by it which would have legal consequences. The Administrator states that he does not perform automated decision-making without human assessment legal which may effects Data subjects.
(i) The right to contact the Office for Personal Data Protection
The data subject has the right to contact the Office for Personal Data Protection (https://www.uoou.cz/).
(j) Protection of personal data.
The administrator collects and stores the Data subject´s personal data as well as personal data of a technical nature obtained from the Data subjects through electronic information carriers in a secured database. The administrator protects personal data to the highest level using modern technologies that correspond to the highest level of technical development.
The Administrator declares that he has taken all possible, currently known, measures to secure this data against unauthorized third party interventions.
In the event of any material breach of personal data being detected, the Administrator shall report it without undue delay and, if possible, within 72 hours of the time he has learned of it to the Supervisory Authority and to provide reasonable redress.
The Administrator may, in the course of fulfilling his legal obligations, transmit personal data to the administrative authorities and authorities provided by the applicable legal regulations. The data subject takes note that the Administrator may be required to provide personal data by law or to fulfill his statutory obligation (eg. in court or administrative proceedings).
(k) Other recipients of personal data – processors.
In fulfilling his obligations towards data subjects, the Administrator uses specialists and specialized services of other entities. The administrator is therefore entitled to entrust a third party as a processor of personal data, and the Administrator will only use those processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing ensures the protection of data subjects’ rights. If these specialists and specialized services process personal data transmitted from the Administrator, they process personal data only as directed by the Administrator and may not use it otherwise. With each such entity, the Administrator concludes a contract for the processing of personal data within the outlines of Article 28 GDPR.
Other recipients of the Personal Data of the Entities may include: IT Developer, Accountant, IT Administrator, iCloud Providers, Service Providers, Legal Service Providers, Insurance Companies, and Other Contracted Partners of the Company.
Administrators and other recipients of personal data processing the personal data of data subjects are required to maintain confidentiality of personal data and security measures which the disclosure of which would jeopardize the security of personal data. This confidentiality persists even after the termination of the engagement with the Data Entity. Without the consent of data subjects, no personal data will be released to any third party.
6. Rules of Using Cookies.
In Prague on 25.5.2018