INFORMATION MEMORANDUM ON THE PROCESSING OF PERSONAL DATA ISSUED BY COMFORT COMMODITY a.s.
pursuant to Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR")
In accordance with the above regulation, this document tells you how we process your personal data by our Company. We only process your personal data for a period and to the extent necessary for the purpose or contract and in accordance with applicable law.
- I. Contact details of our Company
- II. Definitions of terms and abbreviations used
- III. Way of processing your personal data
- IV. Security of personal data
- V. What personal data do we process?
- VI. How we collect your personal information
- VII. For what purposes we process your personal data
- VIII. What are your rights?
I. Contact details
- Organization Name: COMFORT COMMODITY a.s.
- IČO: 06148000
- Registered seat: Plaská 2119/54a, Bolevec, 323 00 Pilsen
- Details of the entry in the public register: The company is registered in the Commercial Register at the Regional Court in Pilsen, Section B, File 1990
- The company represents Radek Kaše, member of the Board of Directors
- Telephone connection: +420 734 232 022
- Website: https://www.comfort-commodity.cz
- Bank connection: 2224466677/5500
Hereinafter referred to as the
II. Definitions of terms and abbreviations used
- „GDPR“ Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- Personal Data hereinafter referred to as “PD” - any information relating to a specific natural person (data subject), be it identification and contact information (e.g. name, surname, date of birth, address of residence, personal identification number, IČO / VAT number, phone number, e-mail, employee number, location data, descriptive information about human physiology (e.g. height, weight, shoe size), photo and camera information, socio-demographic data (age, gender, marital status, education, employment, income) and spending, number of children), or information about their behavior and preferences.
- Special categories of PD (formerly sensitive personal data) - some personal data of particular risk in terms of possible interference with the guaranteed rights and freedoms of private persons, such as data on health, racial or ethnic origin, political opinions, religion or philosophical belief, genetic or biometric information.
- Data subject - any private person whose PDs are processed.
- Processing of PD - any handling of personal data, e.g. collecting, recording, accessing, storing, arranging, retrieving, altering, using, distributing, etc.
- Administrator - a private or public person or public authority, who by itself or jointly with others determines the purposes and means of the processing of personal data
- Processor - a private or public person, public authority, or other entity that processes personal data for the administrator, if the administrator authorizes it, and only to the extent and for the purposes specified by the administrator.
- OPDP - Office for Personal Data Protection, the controlling and supervising authority according to GDPR in the Czech Republic, with its registered office at Pplk. Sochora 27, 170 00, Prague 7, phone: +420 234 665 111, web: www.uoou.cz.
III. How we process your personal information
- Our Company is the Administrator of your personal data when processing them. In this case, the Company, as the Administrator, determines the purpose and method of processing your personal data, where it is fully responsible for the processing.
- In some cases, our Company may also act as a personal data Processor, that is, that it processes personal data for purposes specified by another Administrator.
- We only process your personal data for the period and to the extent necessary for the purpose or contract and in full compliance with the law. We process personal data because it is necessary to fulfill the contract or to take pre-contractual measures pursuant to Art. VI par. 1 b) GDPR or, because processing is necessary to fulfill a legal obligation that applies to our company, pursuant to Article VI par. 1 c) GDPR, possibly because of a legitimate interest in the processing under Article VI par. 1 f) GDPR.
- When processing them, we place maximum emphasis on securing your PD to prevent their loss or misuse.
- We process your PD both in paper and electronic form, both manually and automatically. Your PDs are processed primarily by the Company's employees. In addition, your personal data may be processed by the Processors with whom our company has concluded a personal data processing agreement within the meaning of Article 28 par. 3 of the GDPR. These are mainly companies providing IT services and accounting.
IV. Security of personal data
- In paper version: All PDs are located on paper carriers, e.g. contracts in paper form, etc., are secured in locked file cabinets or locked cabinets or in similarly secured registry offices.
- Electronic repositories: All PDs located in electronic folders, data discs (CDs, flash drives and other data repositories), program media and servers are protected by passwords, antivirus programs and firewalls within the network security.
Our Company and / or our employees and, where applicable, Processors of your PDs are obliged to keep confidentiality about all facts and PDs they have learned in the course of their work.
We process your PDs mainly in the Czech Republic. In the case of cross-border trade, then in the territory of the European Union. Our Company does not transmit your PD to so-called "third countries", except where our company uses remote storage, so-called "clouds", in which case guarantees are provided for the transfer of such data to the remote storage provider.
V. What PDs do we process?
- Identification and address data: name, surname, academic title, date of birth, personal identification number, permanent address, delivery or other contact address, registered office, company identification number, VAT, identification data (including photocopy of the document if applicable), account number for bank account, signature.
- Electronic contact details: telephone number, fax, e-mail address, databox ID, IP address and website address.
- Additional information: additional information necessary for the conclusion of contractual contracts.
VI. How do we collect your personal information?
We collect your personal information from you, third parties, or publicly available sources.
- Directly from data subjects, in particular in writing. The oral data is converted into written form. These PDs are obtained mainly on the basis of submitted applications, orders, inquiries and in the framework of negotiations on conclusion of the contract; - during telephone, e-mail or other written communication, or – during personal communication.
- Third parties - in particular from public authorities and executors offices.
- From publicly available registers - the Commercial Register, the Trade Register, the Insolvency Register, the Federal Register, the Endowment Register, the Register of Institutes or the Land Register.
VII. For what purposes we process your personal data
We process your personal data mainly for the following purposes:
- Processing of your orders and inquiries, and processing of outputs when negotiating a future contract.
- Negotiation of the contract and fulfillment of obligations arising from them.
- For the duration of warranty and other terms relating to the contract
- Meeting our legal obligations
- Internal administrative purposes
We only process your personal data to the extent necessary for the purpose and for the time necessary to fulfillment of the purpose.
We are authorized to process your PD even after fulfilling the original purpose (e.g. performance of the contract), especially for fulfilling the legal archiving and shredding period. We store your personal information for a period of time determined by law, contract, or based on our legitimate interest (for example, for the duration of the statute of limitations when we may be interested in claiming or defending our legal claims). We are obliged to keep documents containing your personal data which are part of the accounting documentation for 5 years from the end of the accounting period in which the taxable fulfillment occurred according to the Act on Accounting, resp. 10 years after the end of the accounting period in which the chargeable event occurred according to the Value Added Tax Act.
VIII. What are your rights?
Our Company processes your PD only in accordance with legal regulations, we process your PDs according to the principle of transparency. Anytime during your processing you may use the following rights under Articles 15 to 22 of the GDPR:
- Right of access to your personal data and a copy of your personal data we process.
- Right to correct and supplement your personal data in case you find out that we process incorrect or inaccurate personal information about you.
Right to delete your personal data (or the right to be forgotten). You may require us to delete your personal information when:
- - personal data are not necessary for the purposes for which they were collected or otherwise processed;
- - if we do not have a legal or other title under which we collect your PDs;
- - personal data are processed unnecessarily or unlawfully;
- Right to limit processing
- Right to portability of personal data
- The right not to be the subject of any decision based solely on automated processing, including profiling, which would have legal effects or would affect you in a similar way.
- Right to object if you find that processing of PD is contrary to legal regulations.
- Right to file a complaint or complain against the supervisory authority, namely the Office for Personal Data Protection (OPDP), with its registered office at Pplk. Sochora 27, 170 00 Prague 7, phone number: 234 665 111, website: www.uoou.cz
Our Company may delete the PD in the event that the statutory deadlines set for archiving and shredding of the PD or the deadlines for the execution or defense of legal claims have passed.
In Pilsen on 20.5.2018
Radek Kaše, člen představenstva