GDPR

1. IDENTIFICATION OF THE CONTROLLER.

Business company STAVOKLIMA s.r.o., business ID: 608 27 980, registered office: Budějovická 450, 370 01 Homole, business company registered in the Commercial Register kept with the Regional Court in České Budějovice, section C 21455, contact data for GDPR affairs: www.stavoklima.cz, e-mail: info@stavoklima.cz; authorized representative is the controller JUDr. Martin Šimák, phone. 387 001 932, or the company office – managing director assistant, GSM: 778 706 373.

2. RANGE OF THE PERSONAL DATA BEING PROCESSED

identification and invoicing data (in particular name and family name, date of birth, business ID, tax ID)
contact data (in particular residential address or place of business and registered office, phones, fax, e-mail, identifiers for electronic communication), bank details data (e.g., bank account number)
other information of common category (e.g., appearance and figure of persons according to CCTV recordings, data about products purchased or services consumed, or data about your potential representative or authorized employee or any other contact person)
special categories of personal data in the form of biometric data for unambiguous identification of a person, in particular fingerprints of the employees.

3. PURPOSES FOR PROCESSING OF THE PERSONAL DATA

for the purposes of compliance with commitments resulting from a contract between you and the controller (e.g., purchase contract, contract for work, lease or loan contract, service contracts, labour-legal contracts and agreements, etc.)
for the purposes of compliance with liabilities according to laws in force, in particular in connection with the business activities of the controller, e.g., in the field of consumer protection, liability for defects, or compliance with accounting, tax, or customs liabilities, including those related to the audit by relevant bodies,

the purpose of application of rights and legitimate interests of the controller or third party, in particular for the purposes of application of controller’s rights, production security, correctness of the production procedures and review of legitimacy of complaints (in use of CCTV recordings), for compliance with their liabilities under the warranties or defect liability, or for the purpose of improving the level for sale of the products and provision of services, or for the purposes of so-called direct marketing pursued by the controller or third party.

4. LEGAL GROUNDS FOR PROCESSING OF THE PERSONAL DATA

The controller processes the personal data always in compliance with the legal ground defined by GDPR, in particular Article 6, subsection 1, paragraph a), b), c), and f), in case of the special categories of personal data in case according to Article 9, subsection 2, paragraph a) when:

The consent with processing of own personal data for one or multiple specific purposes was given,
the processing is necessary for performance of a contract or for adoption of measures taken before conclusion of the contract upon your request,
the processing is necessary for compliance with a legal obligation to which the controller is subject,
the processing is necessary for protection of vitally important interests of a natural person,

the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

5. TERM OF PROCESSING OF THE PERSONAL DATA

Your personal data will be processed for the duration of the contractual relationship between you and the controller, and after its termination for the duration of the limitation periods and the periods set aside for retention, but no later than ten years after the end of the accounting period in which the termination of the last contractual relationship occurred, unless a legal provision provides otherwise and if, after the expiration of that period, there are no any purposes for which the personal data may continue to be processed (for example, ongoing judicial or enforcement proceedings). Your personal data shall be destroyed thereafter.

6. DEFINITION OF POTENTIAL RECIPIENTS OF THE PERSONAL DATA

Public authorities, tax advisors, accountants, auditors, courts, and other relevant inspection and finance institutions, in case of transport of the products also post services providers or contractual transporters, and in case of international transport also the customs bodies and companies providing the customs proceedings; other persons based on your consent; for compliance with contractual or legal obligations, your personal data may be also provided to the recipients abroad, however, under conditions stipulated in Article 44 et seq. of the GDPR, provided that sufficient guarantees of protection of your personal data are granted.

7. SOURCES OF THE PERSONAL DATA BEING PROCESSED AND UPDATE THEREOF

Personal data is or will be obtained, in particular, by the controller’s own activities, from you and your representatives or other authorized persons, as well as from publicly available information sources, the Internet, public lists, registers and debtors’ records, as well as documents and communications submitted to or received by the controller.
Update of your personal data will take place in particular based on information received from you or your representatives or other authorized persons, as well as from publicly available information sources, the Internet, social networks, public lists and registers.

8. FUNDAMENTAL RIGHTS GRANTED BY GDPR IN CONNECTION WITH PROCESSING OF THE PERSONAL DATA

You have right for processing of your personal data correctly, in a legal and transparent way, for legitimate purposes, to an adequate and necessary extent, and for the period needed, wherein data must be secured against unauthorized processing, accidental loss, destruction, or damage, which is in particular secured by its mechanical and electronic protection (including encryption in the transfer of the same), and adequate measures and procedures implemented, including regular training of persons who may access your personal data.
You have right for free access to your personal data, and for confirmation whether your personal data is processed, wherein you will be charged for an administration fee for provision of another copy or of another confirmation to cover the costs for provision of these deeds.
You have right for addition of the missing data and for rectification of incorrect personal data.
You have right for erasure of your personal data no longer being needed for said purposes, if you submit an objection against processing thereof and if there are no prevailing grounds for processing of the same; if the personal data was processed illegally; or if the acts of the European Union or of a member state stipulate so; however, the right for erasure will not be vested to you if processing of the personal data is necessary in particular for compliance with a legal liability according to laws of the European Union or a member state for the purposes of retaining or definition, execution, or defence of the legal claims.
You have right for limitation of the processing of the personal data, which will mean in particular temporary migration of selected data to a different processing system, making the selected personal data inaccessible to the users, or temporary removal of the published data from Internet websites.
f) According to Article 21 of GDPR you have right to submit an objection against processing of personal data being processed for the purposes of the legitimate interests of the trader, and for the purposes of so-called direct marketing.
You have right to submit a complaint to a supervisory body, which is the Office for Personal Data Protection, registered office Pplk. Sochora 27, 170 00 Praha 7 (www.uoou.cz )

9. PROCESSING OF THE PERSONAL DATA ABOUT JOB APPLICANTS

The controller processes the personal data about the job applicants, who demanded for a job position, and sent their CV and a motivation letter. The controller processes their personal data to the following extent: name and family name of the applicant, residential address, e-mail, phone number, and other information contained in the CV and motivation letter delivered.

The legal ground for the processing of the job applicant’s personal data is compliance with a contract covering also the phase of pre-contractual negotiations.
The controller processes personal data for the period of the selection procedure to a certain job position being demanded by the applicant. The controller will erase the personal data at the end of the selection procedure, unless the job applicant granted a consent for further processing of the personal data. The controller does neither provide the applicant’s personal data to any recipient nor uses it for automated decision-making or profiling.

10. PERSONAL DATA PROCESSING PRINCIPLES

In processing of the personal data about the data subjects, the controller will always proceed in compliance with the following principles resulting from Article 5 of GDPR:

the principle of lawful, fair processing and in a transparent manner – the personal data of the data subjects is processed based on a valid legal ground, correctly and in a transparent manner – i.e., to the extent and for the purposes specified herein;

the principle of collection for specific purpose – the personal data of the data subjects is processed exclusively for specific legitimate purposes defined herein; the personal data is not processed in a manner being incompatible with these purposes;
the principle of minimized volume of the personal data being processed – the controller processes the personal data only to an adequate, relevant, and limited extent with respect to what is necessary;
the principle of accuracy of the personal data being processed – the controller processes personal data in exact and updated, if appropriate, form, and implements reasonable measures so that the personal data not exact is either erased or rectified immediately while considering the purposes it is processed for;
the principle of limitation of period for storing and processing of the personal data – the personal data is processed in the form, which enables identification of the data subjects for time not longer than needed for achieving of the purposes it is processed for;
the principle of integrity and confidentiality of the personal data – the controller processes the personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;
the employees and staff of the controller are governed in processing of the personal data by the rules and procedures defined in the internal regulation including security measures implemented to protect the personal data by keeping the confidentiality liability.
the employees and staff of the controller are governed in processing of the personal data by the rules and procedures defined in the internal regulation including security measures implemented to protect the personal data by keeping the confidentiality liability.

11. APPLICATION OF THE RIGHTS

You can apply for your rights defined in Article 8, paragraphs a) to f) personally at the address of the controller’s registered office, or via e-mail sent to the address specified under clause 1 above. Your demands will be usually resolved not later than thirty days, and the deadline may be extended up to two months in legitimate cases.

Under the conditions defined in Article 79 of GDPR you have right for an efficient court protection, if you consider violation of your rights in consequence of processing of your personal data by the controller contrary to the GDPR rules.