top of page

 

DECLARATION ON THE PROCESSING OF PERSONAL DATA

 

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter "GDPR")

 

Personal data controller

 

Personal data controller:

Diametral a.s.
with its registered office at Vaclava Spacka 1759, 193 00 Prague 9 - Horni Pocernice,
conducted by the Municipal Court in Prague, Section B, Insert 20964,

represented by Mr. Vít Majtás, Member of the Board of Directors

Company ID: 044 34 374
VAT No .: CZ 044 34 374

(hereinafter referred to as the "Administrator")

hereby, in accordance with Article 12 of the GDPR, informs data subjects about the processing of their personal data and their rights.

 

Scope of personal data processing

Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or otherwise collected by the controller and processed in accordance with applicable law or to fulfill the controller's legal obligations. .

 

Sources of personal data

  • directly from data subjects (eg registration, e-mails, telephone, chat, website, contact form on the web, social networks, business cards, contracts, consents, video recorded via the administrator's technical equipment, etc.)

  • from public records - for the purposes of this document, public records are:

    • public register according to Act No. 304/2013 Coll., on public registers of legal and natural persons, as amended, ie. the Federal Register, the Foundation Register, the Register of Institutes, the Register of Associations of Unit Owners, the Commercial Register and the Register of Public Benefit Companies;

    • other registers in the sense of No. 111/2009 Coll., on basic registers, as amended

 

Categories of personal data that are subject to processing by the administrator

  • Identification data contact details

  • descriptive data

  • transaction data

  • product specifications

 

Categories of data subjects

The data subject is the natural person to whom the personal data relate, namely:

  • employee of the administrator

  • job seeker with the administrator

  • contractual partner of the administrator (natural person - entrepreneurial, non-entrepreneurial)

  • entity in a pre-contractual relationship with the administrator (customer before accepting the order, inquiring, etc.)

  • party to the proceedings

  • intervener

  • the person concerned is involved

  • applicant

  • interviewer

  • payer

  • recipient

  • authorized

  • compulsory

  • damaged

 

Categories of processors and recipients of personal data

  • state administration bodies

  • local authorities

  • public constitution

  • banking institutions

  • insurance companies

  • external entity providing services to the administrator in various areas (health and safety, accounting, training, education, carriers)

 

Purpose and reasons for processing personal data

Personal data is processed by the administrator:

  • with the consent of the data subject

  • when performing the contract with the data subject

  • when implementing measures taken before the conclusion of the contract at the request of the data subject

  • due to the fulfillment of the legal obligation applicable to the administrator (including archiving on the basis of the law)

  • in order to protect the vital interests of the data subject or another natural person

  • by reason of the performance of a task carried out in the public interest or in the exercise of official authority for which the administrator is entrusted

  • due to the legitimate interest of the administrator or a third party (including archiving based on the legitimate interest of the administrator)

 

Reasons for processing special categories of personal data

  • express consent of the subject,

  • fulfillment of obligations in the field of labor law, social security law and social protection,

  • the protection of the vital interests of the data subject or of another natural person where the data subject is not physically or legally competent to give his or her consent,

  • OU clearly published by the data subject,

  • determination, enforcement or defense of legal claims or in court proceedings,

  • significant public interest,

  • archiving in the public interest, for scientific or historical research purposes or for statistical purposes

 

Method of processing and protection of personal data

The processing of personal data is performed by the administrator. Processing is carried out in its premises, the registered office of the administrator by individual authorized employees of the administrator, or processor. The processing takes place through computer technology, or also manually for personal data in paper form in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data. All subjects to whom personal data may be made available respect the right of data subjects to privacy and are obliged to proceed in accordance with the applicable legal regulations concerning the protection of personal data.

 

Time of processing personal data

In accordance with the deadlines specified in the relevant contracts, in the administrator's internal regulations or in the relevant legal regulations, this is the time strictly necessary to ensure the rights and obligations arising from the contracts, legitimate interests and the relevant legal regulations.

 

Rights of data subjects

  1. In accordance with Article 12 of the GDPR, the controller informs the data subject of the right of access to personal data and of the following information:

    • the purpose of processing,

    • the category of personal data concerned,

    • the recipients or categories of recipients to whom the personal data have been or will be disclosed,

    • the planned period for which the personal data will be stored,

    • all available information on the source of personal data,

    • if they are not obtained from the data subject, whether there is automated decision-making, including profiling.

  2. Any data subject who discovers or suspects that the controller or processor is carrying out the processing of his personal data which is contrary to the protection of the data subject's private and personal life or contrary to law, in particular if the personal data are inaccurate with regard to their purpose processing, can:

    • Ask your administrator for an explanation.

    • Require the administrator to remove the condition. In particular, it may involve blocking, correcting, supplementing or deleting personal data.

    • If the data subject's request is found to be justified, the controller shall immediately rectify the defective condition.

    • If the controller does not comply with the data subject's request, the data subject has the right to contact the supervisory authority, which is the Office for Personal Data Protection.

    • The data subject has the right to contact the supervisory authority directly without taking any previous steps.

  3. The controller shall provide information and communication to data subjects in a concise, transparent, comprehensible and easily accessible manner using clear and simple language. The CONTROLLER may provide information and communication to data subjects in writing, where appropriate also electronically or orally, provided that he verifies the identity of the data subject concerned.

  4. The controller is obliged to respond to the request of data subjects without undue delay, but no later than within 1 month of receiving such a request. In justified cases, the administrator may extend this period, but by no more than 2 months. The controller shall inform the data subject of the extension, also within 1 month of receiving the data subject's request, and shall inform the data subject of the reasons for the extension. In the event that the data subject submits a request for information and communication electronically, the ADMINISTRATOR shall provide it to him electronically, unless the data subject requests another way of providing information and communication, eg in writing.

  5. If the data subject requests the controller to take certain measures (correction of his personal data, their deletion, etc.) and the controller does not take such a measure, he shall inform the data subject without delay, no later than 1 month from the request to take the relevant measure, including the reasons for non-implementation. measures as well as information on the possibility of the data subject to file a complaint with the Office for Personal Data Protection, or go to court.

  6. The information and communication shall be provided by the data subject's controller free of charge. In the event that the data subject makes repeated requests, or if such requests are unfounded or disproportionate, the controller may reject the data subject's request or impose a reasonable fee covering the administrative costs of providing information and communication or implementing the required measures. The controller must be able to substantiate the unfoundedness or disproportionate nature of the data subject's request.

  7. If the controller obtains personal data directly from the data subject, he shall communicate the following information when obtaining them to the data subject:
    (a) the identification and contact details of the administrator and any representative of the administrator;
    (b) the purposes of the processing for which the personal data are intended and the legal basis for the processing;
    (c) the legitimate interests of the controller or of a third party where processing is necessary for the purposes of the legitimate interests of the controller or of a third party;
    (d) any recipients or categories of recipients of the personal data;
    (e) the controller's possible intention to transfer personal data to a third country or international organization and the existence or non-existence of a European Commission decision that that third country or international organization provides adequate protection for personal data, as well as a reference to appropriate safeguards and means of obtaining a copy; where this data was made available.

  8. If it is necessary to ensure fair and transparent processing, the controller shall provide the data subject with other information, in particular the time of processing of personal data, or criteria for its determination, as well as information on the data subject's right to correct personal data, their deletion, etc.

  9. In the event that the controller does not obtain personal data directly from the data subject, he shall communicate the information referred to in paragraph 7 (a) upon receipt of the data subject. a), b), d) and e), or and other information pursuant to paragraph 8.

  10. The controller shall inform the data subject of any change in the purpose of the processing of personal data whenever it occurs.

  11. The controller shall, upon request, provide the data subject with a confirmation as to whether the controller processes personal data concerning him and, if so, ensure that the data subject has access to that data and to the following information:
    (a) the purposes of the processing;
    (b) the categories of personal data concerned;
    (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or in international organizations;
    (d) the planned period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine this period;
    e) the existence of the right to request from the CONTROLLER the correction or deletion of personal data concerning the data subject or the restriction of their processing or to object to such processing;
    f) the right to lodge a complaint with the Office for Personal Data Protection;
    (g) all available information on the source of the personal data, if not obtained from the data subject.

  12. In accordance with the obligations set out in paragraph 11, the controller is obliged to provide the data subject with a copy of the personal data processed. The administrator may charge a reasonable administrative fee for providing copies in accordance with the previous sentence.

  13. The controller is obliged without undue delay to correct inaccurate personal data concerning the data subject, to supplement incomplete personal data, even by providing an additional statement.

  14. The controller is obliged to delete personal data concerning the data subject without undue delay if one of the following reasons is fulfilled:
    (a) personal data are no longer needed for the purposes for which they were collected or otherwise processed;
    (b) the data subject withdraws the consent if the personal data have been processed on the basis of that consent and there is no other legal reason for the processing;
    (c) the data subject objects to the processing and there are no overriding legitimate reasons for the processing;
    (d) the personal data have been processed unlawfully;
    e) personal data must be deleted in order to fulfill a legal obligation stipulated by the law of the European Union or the legal order of the Czech Republic.

  15. In the event that the controller has disclosed the personal data of the data subject and is obliged to delete them, the controller must take (taking into account available technology and costs) reasonable steps to inform other controllers processing the personal data that the data subject is requests that they delete all references to such personal data, copies thereof and replications.

  16. The controller is not obliged to fulfill the obligations under paragraphs 14 and 15 if the processing of personal data is necessary for him, eg to fulfill a legal obligation requiring the processing of personal data by European Union law or the Czech law applicable to the controller, or for determination, exercise or defense of their legal claims, etc.

  17. The controller is obliged to restrict the processing of personal data of the data subject if:
    (a) the data subject denies the accuracy of the personal data for the time necessary for the controller to verify the accuracy of the personal data;
    (b) the processing is unlawful and the data subject refuses to delete the personal data and requests instead that their use be restricted;
    (c) the controller no longer needs the personal data for processing purposes, but the data subject requests them for the determination, exercise or defense of legal claims;
    (d) the data subject has objected to the processing pursuant to paragraph 19 of this Article of the Directive until it is verified that the legitimate reasons for the controller over the processing outweigh the legitimate reasons for the data subject.

  18. In the event that the controller has restricted the processing of personal data pursuant to the previous paragraph, such personal data may be processed only with the consent of the data subject, or for the purpose of determining, enforcing or defending legal claims, for the protection of other natural or legal persons. interest of the European Union or of a Member State of the European Union.

  19. The controller shall inform the data subject in advance of the lifting of the restrictions on the processing of personal data pursuant to paragraph 17.

  20. The controller is obliged to notify individual recipients of any corrections or deletions of personal data, restrictions on the processing of personal data, except in cases where this proves impossible or requires a disproportionate effort. The controller shall also inform the data subject of these recipients, if the data subject so requests.

  21. In the event that the data subject objects to the processing of personal data by the Owners' Community, which the controller processes for the legitimate interests of the controller or a third party, the controller shall not further process personal data on the basis of this objection, unless he demonstrates serious legitimate reasons for processing which outweigh the interests. or the rights and freedoms of the data subject, or for the determination, exercise or defense of legal claims. The controller must inform the data subject of this right at the latest when communicating with the data subject for the first time.

 

Verification of the identity of the data subject

  1. In the event that the controller receives a submission from a natural person - a data subject to whom, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repeal of Directive 95/46 / EC (hereinafter referred to as "GDPR")
    a) exercises the right of access to his personal data, and / or,
    (b) request the execution of a request for confirmation that the controller is processing personal data concerning the applicant within the meaning of the GDPR, and / or
    c) requests free copies of the personal data processed and / or,
    d) requests communication of which categories of personal data are processed and / or
    e) requests communication of the purpose for which the personal data are processed and / or
    (f) requests communication of the planned period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine this period, and / or
    g) requests information on whether (and under what conditions) it may request the controller to correct or delete personal data, restrict their processing, or whether and how the data subject may object to the processing of my personal data, and / or,
    (h) requests information on whether (and how) the data subject can lodge a complaint with the supervisory authority and who is that supervisory authority, and / or
    (i) requests the communication of all available information on the source of the personal data concerning the data subject, if not obtained directly from him / her, and / or
    (j) request information on whether the processing of the data subject's personal data also involves automated decision-making, including the profiling referred to in Article 22 (1) and (4) of the GDPR, and at least in these cases further requests the provision of meaningful information on the procedure used; as well as the significance and expected consequences of such processing for his person, and / or
    k) requests information on who are the recipients of the personal data of this data subject, or requests to indicate their categories to which his or her personal data have been or will be made available, and / or
    (l) request communication from recipients from third countries and international organizations who have had or will have access to the personal data of the data subject, and / or
    m) requests information on guarantees under Article 46 of the GDPR in the event that personal data are transferred to a third country or to an international organization;
    the administrator is always obliged to sufficiently verify the identity of the applicant before processing the above applications. If the administrator has doubts about the identity of the applicant, he has the right to request from the applicant the additional information necessary to confirm his identity (Article 12 (6) of the GDPR).

  2. In case of doubts about the identity of the applicant, the administrator is entitled to request from this person:
    a) sending the application with a verified signature of the applicant in case the applicant has made the application in paper form,
    b) sending an application with an electronic signature, ie with data in electronic form, which are attached to the data message or are logically connected to it, and which serve as a method to unambiguously verify the identity of the signatory in relation to the data message
    c) sending the application by data box, if the applicant has established it

  3. The administrator is not entitled to request additional information to verify the identity of the applicant, especially in cases where:
    a) at the relevant time (ie the time of submission of the relevant application) the administrator processes the email contact as personal data of the applicant from whom the relevant application was sent
    b) the administrator processes the applicant's telephone number at the relevant time, then calls this telephone number to verify the applicant's identity and, in agreement with the applicant, sends the required information or other facts concerning personal data processing electronically to the applicant's email address or in writing to the address given by the applicant,
    c) the administrator has the possibility to verify the identity of the applicant in another way (eg through public registers, existing communication)
    (d) the applicant has made the application in person before the relevant employee of the administrator or another person authorized by him.

 

Final Provisions

The statement is publicly available on the administrator's website: www.diametral.cz
The last update of this Statement was made on 21.5.2021.

 

bottom of page