Declaration on processing of personal data
Data subject
Declaration on processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and giving advice to data subjects (hereinafter referred to as the Regulation)
1. Personal Data Administrator, namely OLTIS Group a.s., with its registered office in Olomouc; Milady Horákové 1200/27a, IČ 26847281, registered in the Public Register kept by the Regional Court in Ostrava, Section B, File 2844, contact e-mail: gdpr@oltis.cz, (hereinafter referred to as the Administrator) hereby advises you in accordance with Article 12 of the Regulation about the processing of your personal data and about your rights.
2. Extent of processing personal data
Personal data shall be processed within the extent in which the relevant data subject has provided the said data to the Administrator in connection with the conclusion of a contractual or other legal relationship with the Administrator or collected by the Administrator otherwise and processed in accordance with the current legislation or to meet the Administrator’s legal obligations.
We also advice that during the processing or collection of personal data, audio-visual recording (photos and potentially videos) may be made. Photos or videos will only be used for promotional purposes of the Administrator to present the output of the afore-described actions.
3. Personal data sources:
- Directly from data subjects
- Publicly accessible record offices
- Directories and records (e.g. business register, trade register, land register, public telephone directory, etc.)
4. Categories of personal data subject to processing:
- Address and identification data used for unambiguous and not interchangeable identification of the data subject (e.g. name, surname, title, date of birth, permanent address, ID card number, gender, IČ, DIČ) and information enabling contact with the data subject (contact details – e.g. company name, contact address, telephone number, fax number, email address and other similar information)
- Descriptive information (e.g. bank account, date)
- Other data essential for performance of the contract
Categories of data subjects:
- Administrator’s client
- Service provider
- Another person who is in a contractual relationship with the Administrator
6. Categories of recipients of personal data:
- Processor
- State and other bodies within the fulfilment of legal obligations stipulated by the relevant legislation
- Contractors/Suppliers in contractual relationship with the Administrator in arranging professional and/or social events related to the Administrator’s activities
7. Purpose of processing personal data
- Purposes contained in the data subject’s consent
- Contractual relationship negotiations
- Performance of a contract
- Protection of the rights of the Administrator, recipient or other persons concerned (e.g. recovery of the Administrator’s claims)
- Archiving pursuant to applicable law(s)
- Fulfilment of legal obligations by the Administrator
- Protection of vital interests of the data subject
8. Method of processing and protection of personal data
-
Processing of personal data is carried out by the Administrator. Processing is carried out within its premises, branches and/or head office by specific authorised employees of the Administrator, alternatively by the Processor. The processing takes place by means of computer technology, alternatively also manually, of personal data in paper format, in compliance with all security principles ascribed for the management and processing of personal data. For this purpose, the Administrator assures of having undertaken technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to personal data, its alteration, destruction or loss, unauthorised transfers, unauthorised processing and other misuse. All entities to which personal data may be disclosed abide by the right of data subjects to privacy and are required to comply with the current data protection legislation.
9. Duration of processing of personal data
-
In accordance with the deadlines specified in the relevant contracts, in the filing and shredding code of the Administrator or in the relevant legislation, it means the duration essential to safeguard the rights and obligations arising from the contractual relationship and the relevant legislation.
10. Advice
-
Administrator processes the data with due consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject.
- Personal data of the data subject will be processed on the basis of his/her free consent, under the above stipulated conditions
- The reason for providing the data subject’s personal data is the interest of the data subject to receive information and invitations or business offers of arranged events related to the activities of the Administrator, which would not be possible without providing such data
- The Administrator did not appoint the personal data protection officer, did not entrust any processor with the processing of personal data, nor did he/she appoint a representative to fulfil the obligations under the Regulation
- The Administrator does not intend to transfer the data subject’s personal data to a third country, an international organisation or third parties or others than to the aforementioned third parties
- The data subject shall have the right at any time to withdraw his/her consent to the processing of personal data, the right to request the Administrator for access to his/her personal data, its rectification or deletion or processing restrictions and to object to the processing, has the right to transfer the data to another Administrator as well as to file a complaint with the Office of Personal Data Protection if the data subject considers that the Administrator is in violation of the Regulation concerning the processing of personal data.
In accordance with the provisions of Article 13 of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Regulation on the protection of personal data (the Regulation), the Administrator hereby advises that: