TE-SPOL FM s.r.o. - GDPR


DECLARATION ON THE PROCESSING OF PERSONAL DATA

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction to data subjects (hereinafter referred to as the "GDPR")

I. Personal data controller, TE-SPOL FM s.r.o., Palkovická 2105, 738 01 Frýdek-Místek, Comp. Reg. No. (IČO): 28564791, hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and about your rights.

II. Scope of Personal Data Processing Personal data are processed to the extent to which the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller collected otherwise and processes them in accordance with applicable law or in order to fulfil the controller's legal obligations.

III. Sources of Personal Data

  • directly from data subjects
  • publicly accessible registers, lists and records (e.g. commercial register, trade register, real estate cadastre, etc.)

IV. Categories of Personal Data That Are Subject to Processing

  • address and identification data used for unambiguous and unmistakable identification of the data subject (e.g. name, surname, title, or birth number, date of birth, permanent residence address, Comp. Reg. No. (IČ), Tax ID (DIČ) and data enabling contact with the data subject (contact data - e.g. contact address, telephone number, fax number, e-mail address and other similar information)
  • descriptive data (e.g. banking details)
  • other data necessary for the performance of the contract
  • data provided beyond the scope of the relevant laws processed within the framework of the consent granted by the data subject (processing of photographs, use of personal data for the purpose of personnel proceedings, etc.)

V. Categories of Data Subjects

  • controller’s customer
  • controller’s employee
  • service provider
  • another person in contractual relationship with the controller
  • job applicant

VI. Categories of Recipients of Personal Data

  • wholesalers
  • financial institutions
  • public institute
  • data processor
  • state and other bodies within the framework of fulfilling legal obligations stipulated by relevant legal regulations

VII. Purpose of Personal Data Processing

  • purposes contained in the consent of the data subject
  • negotiation of a contractual relationship
  • fulfilling of the contract
  • protection of the rights of the controller, beneficiary, or other persons concerned (e.g. recovery of the controller's receivables)
  • archiving kept on the basis of the law
  • vacancy notices
  • fulfilment of legal obligations by the controller
  • protection of the vital interests of the data subject

VIII. Method of Processing and Protection of Personal Data

The processing of personal data is performed by the controller. Processing is performed in its premises, branches, and registered office of the controller by individual authorized employees of the controller or data processor. The processing takes place through computer technology, or also manually for personal data in the paper form in compliance with all security principles for the management and processing of personal data. For this purpose, the controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, unauthorized processing, and other misuse of personal data. All subjects to whom personal data may be made available respect the right of data subjects to privacy and are obliged to proceed in accordance with the applicable legal regulations concerning the protection of personal data.

IX. Time of Processing of Personal Data

In accordance with the deadlines specified in the relevant contracts, in the controller's file and shredding rules or in the relevant legal regulations, this is the time strictly necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.

X. Instructions

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject. In accordance with Article 6 para.(1) of the GDPR, the controller may process the following data without the consent of the data subject:

  • the data subject has granted its consent for one or more specific purposes
  • the data processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken before the conclusion of the contract at the request of the data subject
  • the data processing is necessary to fulfil a legal obligation that applies to the controller, the data processing is necessary to protect vital interests of the data subject or another natural person
  • the data processing is necessary for the performance of a task carried out in the public interest or during the exercise of public authority vested in the controller
  • the data processing is necessary for the purposes of legitimate interests of the controller concerned or of a third party, except for cases, where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests

XI. Rights of the Data Subjects

1) In accordance with Article 12 of the GDPR, the controller shall, at the request of the data subject, inform the data subject of the right of access to the personal data and to the following information:

  • purpose of processing
  • category of personal data concerned
  • recipients or categories of recipients to whom personal data have been or will be made available, the planned period for which the personal data will be stored
  • all available information about the source of personal data
  • if they are not obtained from the data subject, the information whether there are automated decisions made, including profiling

2) Any data subject that discovers or suspects that the controller or processor is carrying out the processing of the data subject's personal data which is contrary to the protection of the data subject's private and personal life or contrary to law, in particular if the personal data are inaccurate with regard to the purpose of their processing, can:

  • Ask the controller for an explanation
  • Require the controller to remove such condition
  • In particular, it may involve blocking, correcting, supplementing, or deleting personal data
  • If the data subject's request under paragraph 1 is found to be justified, the controller shall immediately rectify the defective condition
  • If the controller fails to comply with the data subject's request pursuant to paragraph 1, the data subject has the right to contact the supervisory authority directly, i.e the Office for Personal Data Protection
  • The procedure referred to in paragraph 1 does not prevent the data subject from contacting the supervisory authority directly
  • The controller has the right to demand a reasonable payment for the provision of information, not exceeding the costs necessary for the provision of information

This statement is publicly available on the controller's website.