General Data Protection Regulation
Information privacy protection
1. Company Data
The Company RENOMIA, a. s., Identification Number: 483 91 301, with registered office Holandská 874/8, Štýřice, 639 00 Brno, registered in the Commercial Register administrated by the Regional Court in Brno under B 3930 (hereinafter referred to as „the Company“) needs, in connection with the activity if performs, to collect personal data about certain natural persons. These persons can be both its employees and its customers, suppliers and business partners of suppliers and other persons with whom the Company is in a particular relationship or with whom it communicates.
These General Data Protection Terms (hereinafter only „Terms“) describe how the processing of personal data is processed within the Company. These Terms ensure that the processing of personal data is in accordance with the generally binding legal regulations, in particular Regulation of the European Parliament and of the European Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the cancellation of Directive 95/46/ES (General Data Protection Regulation) (hereinafter only „Regulation“), so that the rights of data subjects are adequately protected.
These Terms affect all personal data processed by the Company, regardless the purpose or legal title (legal reason) of their processing.
Questions regarding the processing of personal data may be addressed to the Company or its Data Protection Representative:
Correspondence address: Holandská 874/8, Štýřice, 639 00 Brno
Data Protection Representative: current contact information of the Representative is available on a web site: https://www.renomia.cz/en/contact
2. What principles do we apply to the processing of personal data?
The Company processes accurate and up-to-date personal data on the basis of the title set by the Regulation in a correct and transparent manner only for the specific, explicit and legitimate purposes to the minimum necessary extent, stores them in the form ensuring the identification of the data subjects only for the necessary period relating to the purpose and ensures their integrity and confidentiality through appropriate technical or organizational measures and appropriate security against unauthorized or illegal processing and against accidental loss, destruction or damage.
The Company ensures that inaccurate data is deleted or corrected without delay, taking into account the purpose for which it is processed.
All activities relating to the personal data and their protection are duly documented by the Company, in particular it keeps records of the processing activities and other documents on the processing of personal data in order to meet the liability principle under the Regulation. The Company cooperates with the Supervisory Authority, which is especially the General Data Protection Authority, with registered office Pplk. Sochora 27, 170 00 Praha 7, e-mail: firstname.lastname@example.org, tel.: +420 234 665 111.
3. For what purpose do we process personal data?
Prior to any processing of personal data, the Company determines the purpose for which it processes personal data. Such a purpose is typically the conclusion of a contract (including negotiation of a contract) or the performance of a customer contract, the management of the employee agenda, contacting potential customers for the purpose of products offers, etc.
The purpose for which the subject´s personal data is processed, learns the data subject from the information that the Company hands it over (sends) individually. The processing of personal data is performed exclusively for the entire period and in order to achieve a predetermined purpose.
Once the purpose of processing is met, the Company erases personal data in accordance with the principle of data minimization (processing reasonable, relevant, limited to the extent necessary for the purpose of processing) and the storage limitation if it is not necessary to store it for another purpose.
4. What personal data do we process?
The Company processes personal data only to the extent necessary to meet the specified purpose. Which specific personal data about the given data subject is for the given purpose processed, learns the data subject from the information that the Company hands it over (sends) individually.
5. Based on what title do we process personal data?
The Company processes personal data always on the basis of one of the titles listed in the Article 6 of the Regulation (legal basis for the processing). The most frequently applied processing titles by the Company are:
the conclusion or the performance of a contract which contracting party is a data subject or the implementation of measures taken before the conclusion of a contract on the request of data subject;
the performance of a legal obligation to which the Company is subject as an Administrator;
a legitimate interest of the Company or a third party that prevails over the interests and fundamental rights and freedoms of data subject for the protection of personal data; or
the consent of the data subject to the processing of its personal data.
The specific title on the basis of which the personal data of the data subject is processed, learns the data subject from the information that the Company hands it over (sends) individually.
5.1. Legitimate interest of the Company
The Company´s legitimate interest is determined by the Company. Before processing the personal data according to the legitimate interest the Company will compare the interest with the legitimate interests and fundamental rights and freedoms of data subjects whose personal data are processed by the so-called balance test.
If the Company finds, based on the result of a balance test, that the personal data of the data subject can be processed under the title of a legitimate interest, it is always informed by the data subject about this fact (i.e. it processes data based on legitimate interest) within the data subject´s information and informs it based on which specific legitimate interest it is doing.
If the title for processing personal data of the data subject is the legitimate interest of the Company, the data subject is entitled to object and request the erase (more detailed within the information that the Company hands over (sends) individually to the data subject). The data subject is informed about these rights within the information that the Company hands over (sends) individually to the data subject, at the latest at the time of the first communication of the Company with the data subject.
The Company processes personal data based on the legitimate interests, such as fraud prevention, property protection, legal claims prosecuting, transmitting within the group for administrative purposes, direct marketing (if the Company processes personal data for the purposes of meeting the contract to which the data subject is a contracting party, it is entitled to inform the subject about the goods or services and to send the commercial information to the e-mail address of the data subject), etc.
5.2. Consent to the processing of personal data
The consent of the data subject to the processing of its personal data can be granted for one or more specific purposes – this title is used by the Company only in those cases where it is not authorized to process personal data based on another legal title.
The consent of the data subject to the processing of its personal data is used by the Company in particular when handling so-called special category of personal data (health status data), when transmitting personal data among companies in a group of RENOMIA GROUP, and alike.
The subject can withdraw at any time the consent to the processing of personal data. If the data subject withdraws his consent to processing, this does not mean that the processing of personal data prior to such a withdrawal is illegal - withdrawal of a consent has no retrospective effect and the processing of personal data resulting from such consent prior to its withdrawal is unaffected. The data subject is informed about this fact before expressing the consent to the processing of personal data.
6. How do we process personal data?
Personal data is processed most frequently in electronic form by a non-automated manner (in particular, personal data of customers and suppliers) as well as in a printed form by a non-automated manner (especially labor law documentation).
The Company accepts the technical and organizational measures for the protection of personal data described in these Company's Terms and Internal Regulations and personal data is always sufficiently secured and protected against unauthorized disclosure - for details see the Art. 10 of these Terms.
7. How long do we process personal data?
Personal data will be processed only for the time required to meet the purpose of personal data processing, which is determined individually and the length of which is also individually reported to the data subject. Except for such a period, the Company is authorized to process personal data of the data subject for the period determined by special legislation or for the period required to enforce the Company's rights against the data subject. The specific time period during which the data subject's personal data will be processed will learn the data subject from the information that the Company hands it over (sends) individually.
Once the purpose of the personal data processing is met and the Company has no longer any other purpose for which it is authorized to process, the Company deletes the personal data. In case of personal data processed on the basis of the data subject's consent, the Company also deletes personal data if the data subject withdraws its consent to the processing of personal data. If personal data is processed based on the legitimate interest, and the data subject makes a protest against the processing and there are no prevailing legitimate reasons for processing, the Company will also delete its personal data after being informed by the data subject.
8. What rights does the data subject have?
Each data subject has the following rights:
- Right to information
- Right to personal data access
- Right to correction
- Right to erase (right to be forgotten)
- Right to limit the processing
- Right to data transmitting
- Right to make a protest
- Right not to be a subject of automated individual decision, including profiling
- Right to make a complaint to the General Data Protection Authority or another relevant supervisory authority in connection with the personal data processing.
8.1 Where and how to make a claim of data subject?
The possibilities of exercising the rights (where and how), referred to in 1) - 8), learns the data subject from the information that the Company hands it over (sends) individually.
The law referred to in the Articles 8 and 9) can the subject claim by the General Data Protection Authority:
- by e-mail email@example.com;
- via data box ID: qkbaa2n;
- by phone +420 234 665 111; or
- in writing at Pplk. Sochora 27, 170 00 Praha 7,
or other relevant supervisory authority with the personal data processing.
9. Under which conditions do we pass on the personal data?
Personal data may be processed by the Company as an administrator directly by its employees or through third parties (hereinafter referred to as the "Processor" or "Processors"). The Company has concluded with each Processor a contract on processing of personal data and has also concluded a contract on processing of personal data with the persons to whom the Company acts as a Processor.
Whom and to what extent the information is passed, the data subject learns from the information that the Company hands it over (sends) individually.
The Processors provided the Company with sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with the requirements of the Regulation and to ensure the protection of the rights of the subjects.
The Company does not transmit the personal data to third parties against payment.
Personal data may be transmitted to third countries outside the European Union and the European Economic Area. To whom and to what extent is the information to third countries outside the European Union and the European Economic Area transmitted, the data subject learns from the information that the Company hands it over (sends) individually.
10. How do we secure personal data?
Taking into account technology status, implementation costs, nature, scope, context and purposes of the processing, as well as probable and various serious risks to the rights and freedoms of natural persons, the Company has put in place appropriate technical and organizational measures to ensure the level of security of personal data corresponding to the particular risk, especially accidental or illegal destruction, loss, alteration, unauthorized access to transmitted, stored or otherwise processed personal data or unauthorized access to them.
The specific measures introduced by the Company learns the data subject from the information that the Company hands it over (sends) individually.