according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC
These rules for the protection and processing of personal data (hereinafter referred to as the "Rules") describe which personal data of natural persons, especially customers (hereinafter referred to as the "Data Subject"), are processed during the activities of the company FRUNĚK INOX s.r.o., ID: 26926008, with registered office in Cecilka 235, Zlín, Příluky, 760 01, registered in the commercial register maintained by the Regional Court in Brno, section C, file 45530 (hereinafter referred to as the "Administrator").
This Policy sets out the types of personal data we collect and process when you use our services or otherwise enter into a contract with us, as well as how your personal data is used, shared and protected. Here you will also find an explanation of the options available to you in relation to your personal data and how you can contact us. We hereby inform you below about the processing of your personal data and about your rights in accordance with Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter also referred to as "GDPR").
Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
The administrator has not appointed a personal data protection officer.
RECIPIENTS OF PERSONAL DATA
Personal data of the Data Subject may be further transferred to the following recipients/categories of recipients:
- suppliers of the Administrator,
- employees of the Administrator,
- persons in a different contractual relationship with the Administrator (e.g. providers of marketing and advertising services),
- financial institutions and insurance companies,
- state authorities within the framework of the fulfillment of the Administrator's legal obligations established by the relevant legal regulations,
CATEGORIES OF PERSONAL DATA PROCESSED
The Administrator is authorized to process in particular the following personal data of the Data Subject:
- address and identification data used for unambiguous and unmistakable identification of the Data Subject (e.g. name, surname, title, date of birth, possibly birth number, address of permanent residence, business address, delivery address, ID number, VAT number) and data enabling contact with the Subject data (e.g. contact address, telephone number, fax number, e-mail address and other similar information),
- descriptive data (e.g. bank details, payment information)
- images, photos and videos,
- data provided beyond the scope of relevant laws, processed as part of the consent granted by the Data Subject (e.g. use of personal data for the purpose of personnel management, use of personal data for the purpose of promotion, etc.),
- other data necessary for the performance of the contract,
- other personal data provided by the Data Subject to the Controller.
PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
The Administrator processes the personal data of the Data Subject for the purposes of:
a) performance of the contract, on the basis of Article 6 paragraph 1 letter b) GDPR,
b) compliance with the administrator's legal obligations established by generally binding legislation, based on Article 6 paragraph 1 letter c) GDPR (e.g. the Administrator's obligation to keep accounting and tax documents),
c) determination, exercise or defense of the Administrator's legal claims, on the basis of Article 6 paragraph 1 letter f) GDPR,
d) sending commercial messages, on the basis of Article 6 paragraph 1 letter f) GDPR due to the existence of a legitimate interest of the Administrator consisting in direct marketing,
e) other marketing purposes of the Administrator connected with the offer of products and services; sending information about organized events, products, services and other activities (e.g. by sending newsletters, telemarketing); contacting for market research and marketing research purposes; contacting for the purpose of wishes for Christmas and Easter or other holidays and sending discount vouchers, gifts, etc. on the basis of Article 6 paragraph 1 letter a) GDPR
TIME OF PERSONAL DATA PROCESSING
Personal data will only be processed for the time necessary for the purpose of their processing. In view of the above:
- for the purpose according to letter a) the above personal data will be processed until the termination of the obligations from the contract (this does not affect the Controller's ability to subsequently further process these personal data - to the extent necessary for the purpose according to points b), c), d) and/or e) above,
- for the purpose according to letter b) the above personal data will be processed for the duration of the relevant legal obligation of the Controller,
- for the purpose according to letter c) personal data will be processed above until the end of the 4th calendar year following the end of the warranty period according to the contract (if a quality guarantee was agreed in the contract), but at least until the end of the 5th calendar year following the termination of the obligations from the contract,
- in the event of the initiation and duration of judicial, administrative or other proceedings, in which the rights or obligations of the Administrator in relation to the relevant Data Subject are resolved, the period of processing of personal data for the purpose according to letter c) above before the end of such proceedings,
- for the purpose of sending commercial messages according to letter d) above, personal data will be processed until the Data Subject expresses his/her disagreement with such processing,
- for purposes according to letter e) above, personal data will be processed for the period for which the Data Subject has given the Administrator consent according to the separately agreed consent to the processing of personal data. In this case, the data subject acknowledges that before this period expires, the Administrator may contact him for the purpose of renewing his consent.
At the latest by the end of the calendar year following the expiry of the processing period above, the relevant personal data, for which the purpose of their processing has expired, will be disposed of (by shredding or in another way that ensures that unauthorized persons will not be able to access the personal data) or anonymized.
METHOD OF PROCESSING PERSONAL DATA
The processing of personal data is carried out by the Administrator. The processing is carried out in the premises and headquarters of the Administrator by individual authorized employees of the Administrator, or Processors. The processing takes place through computer technology, or also manually for personal data in paper form, subject to compliance with all security principles for the management and processing of personal data. For this purpose, the Administrator has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, their change, destruction or loss, unauthorized transfers, their unauthorized processing, as well as other misuse of personal data data. All entities to which personal data may be made available respect the Data Subjects' right to privacy protection and are obliged to proceed in accordance with applicable legal regulations regarding the protection of personal data.
Automated individual decision-making or profiling based on the data provided will not be carried out. Personal data of Data Subjects will not be transferred to third countries (i.e. countries outside the EU and EEA).
INFORMATION PROVIDED TO DATA SUBJECTS ACCORDING TO GDPR
In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Controller:
- access to your personal data (under the terms of Article 15 GDPR),
- correction or deletion of personal data (under the conditions of Article 16 or Article 17 GDPR),
- restriction of personal data processing (under the terms of Article 18 GDPR),
- object to the processing of personal data (under the terms of Article 21 GDPR),
- the right to portability of personal data (under the terms of Article 20 GDPR),
- the right to withdraw consent to the processing of personal data in writing or electronically to the address or email address of the Administrator specified in these Rules.
If the Data Subject's request is found to be justified, the Administrator will immediately remove the objectionable situation. This does not affect the possibility of the Data Subject to contact the supervisory authority, the Office for the Protection of Personal Data, Plk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 555, www.uoou.cz.
These Rules of the Administrator shall apply in relation to Data Subjects, provided that no other agreement has been reached between the third party and the Administrator. The administrator reserves the right to change these rules for the protection and processing of personal data in any way and at any time, while the current status will always be posted on the website www.frunek.cz.