0
Basket is empty
0
     
    Information On Processing Of Personal Data

    INFORMATION ON PERSONAL DATA PROCESSING AND ADVISING OF DATA SUBJECTS OF THEIR RIGHTS

    Our company BORGY CZ, a.s., company identification No. 28959442, with the registered office at Dittrichova 346/4, 120 00 Praha Nové Město, incorporated in the Companies Register kept by the Municipal Court in Prague under file No. B 15548, hereby in accordance with Article 13 et seq. of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), as a data controller, provides you with information relating to processing of your personal data and with advice on rights that you have in connection therewith.

    In the matters relating to processing of your personal data you may contact us:

    • through e-mail address info@borgy.cz,

    • by phone to tel. No. +420 326 312 591 or

    • by letter to address Zápy 4, 250 01 Zápy.

    Principles of personal data processing

    When processing your personal data we follow and respect high standards of personal data protection and we observe in particular the following principles:

    • we always process the personal data for clearly and comprehensibly set purpose, by set means, in set manner and for period that is necessary with regard to purpose of processing thereof;

    • we process only accurate personal data;

    • we process the personal data in the manner ensuring safety of such data and preventing unauthorized or accidental access to your personal data, their change, destruction, loss, unauthorized transmissions, processing and other misuse;

    • we always inform you comprehensibly on processing of your personal data and on your rights to accurate and complete information on circumstances of such processing, as well as on your other relating rights;

    • we observe adequate technical and organizational measures to secure safety level adequate to all possible risks;

    • all persons coming into contact with your personal data are obliged to maintain secrecy on information obtained in connection with processing of such personal data.

    Purpose of personal data processing

    Our company as a controller processes personal data for below-mentioned purposes, if necessary for:

    • performance of a contract or in order to take steps agreed prior to entering into a contract (Article 6 paragraph 1 letter b) GDPR);

    • compliance with a legal obligation to which the controller is subject (Article 6 paragraph 1 letter c) GDPR);

    • legitimate interests of our company or third party, in particular securing of protection of property or other rights, collecting of due receivables and claims, safety at work (Article 6 paragraph 1 letter c) GDPR);

    • carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (Article 9 paragraph 2 letter b) GDPR);

    • preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services (Article 9 paragraph 2 letter h) GDPR); and

    • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Article 9 paragraph 2 letter j) GDPR).

    Categories of personal data processed for above-mentioned purposes

    In accordance with above-mentioned purposes our company may process below-mentioned categories of personal data of our clients (purchasers) and business partners:

    • name and surname;

    • address of place of residence or possibly address for service;

    • e-mail address;

    • telephone number;

    • type and specification of taken goods;

    • price and volume of taken goods;

    • data relating to performance of contractual relation (ID No., tax ID No., address of registered office or place of business, invoicing address, bank details),

    • camera recordings from premises of our company (locations of cameras are always visibly marked);

    • data from communication between our company and data subject;

    Concerning the employees it may be also:

    • birth certificate No.;

    • academic degree;

    • bank account No.;

    • data on health insurance fund;

    • data on social insurance;

    • family situation;

    Source of personal data

    All processed personal data come solely from subjects of such data or from publicly available sources.

    Time of storing

    We archive your personal data for the period of performance of contract, for warranty period for delivered goods and 4 years from the day of expiry of the last warranty period for delivered goods.

    Invoices issued by our company are, in accordance with Section 35 of Act No. 235/2004 Coll., on Value Added Tax, archived for the period of 10 years from the end of tax period, in which performance was provided. For the reason of necessity to document legal reasons for issuing of invoices, also customer contracts are archived for the period of 10 years from the date of termination of the contract.

    Camera recordings of premises of our company and its surrounding are processed for the period of 90 days from taking thereof.

    Processing of cookies from websites operated by our company

    In the case that you have cookies enabled in your Internet browser, we process records of browsing activities from cookies on websites operated by our company for the purposes of better operation of our websites and for the purposes of our online advertising.

    Processing of data from cookies may be prevented by setting of your web browser.

    Categories of recipients of personal data

    Our company uses during performance professional and specialized services of other entities. If such suppliers process personal data transferred by our company, they are in a position of personal data processors and they process the transferred data only within instructions of our company. They must not use them in any other manner. These are in particular services of insurance companies, experts, attorneys, auditors, tax advisers or IT system administrators.

    We always select the mentioned entities carefully and pay attention to fulfillment of strict duties for protection of your personal data securing, when we conclude with them agreements on personal data processing, if statutory duty of confidentiality of such entities stipulated by applicable legal regulations is not sufficient. These are companies with their registered office in the Czech Republic or in member states of the European Union, which share the same standards of personal data protection as the Czech Republic.

    Right to access to your personal data

    As a data subject you shall have the right to require us to inform you whether we process your personal data (Article 15 GDPR).

    If we do, you have the right to obtain access to such personal data. You can require also some other information regarding processing thereof, as for example purposes of processing, informing on categories of affected personal data or on planned period, for which the personal data will be stored and if it is not possible to determine such period, criteria used for setting thereof etc..

    In the case of request for copy of processed personal data reasonable administrative costs may be charged to you for all other copies than the one.

    Right to withdraw consent to personal data processing

    If your personal data processing is based on your consent, you shall have the right to withdraw your consent anytime.

    The withdrawal of consent shall however not affect the lawfulness of processing based on consent before its withdrawal, or lawfulness of processing based on other legal reason stated in Article 6 GDPR than your consent.

    Right to rectification

    One of basic principles of personal data processing is accuracy of the data. If you assume that your personal data processing by us are inaccurate, you may require their rectification (Article 16 GDPR). We will check the affected personal data upon your request and correct the possible inaccuracy.

    Taking into account purpose of the processing you may also ask for completing of incomplete personal data.

    Right to erasure

    If any of reasons set in GDPR is given and at the same time processing of your personal data is not necessary with regard to any of circumstances excluding exercise of this rights under GDPR, you shall have the right to require us to erase (liquidate) your personal data and not to keep them any longer.

    Reasons, for which you may require erasure of your personal data, include in particular the fact that your personal data are no longer necessary for the purposes, for which they were collected or processed. Also withdrawal of the consent to processing of your personal data, if there exists no other legal reason for processing thereof (see also above the right to withdraw consent to personal data processing) or if your personal data were processed unlawfully.

    Exercising of right to erasure shall be excluded for example by circumstance that their processing is necessary for performance of concluded contract or for implementation of measures taken before conclusion of the contract, for fulfillment of legal duty imposed on our company by generally binding legal regulations, or for the purposes of our legitimate interests or legitimate interests of the third party (e.g. protection of property, establishment, exercise or defense of legal claims).

    Right to restriction of processing

    You may also have the right to require restriction of processing of your personal data, if any of the below-mentioned cases occurs:

    • for the period necessary for us to verify accuracy of your personal data, if you contest their accuracy,

    • processing of personal data is unlawful and you request restriction of their use instead of erasure of your personal data,

    • we no longer need your personal data for the purposes of processing but you require them for establishment, exercise or defense of legal claims,

    • if you object to personal data processing under Article 21 paragraph 1 GDPR, for the period until it is checked, whether your legitimate reasons override legitimate reasons of our company (see also right to object).

    If processing of your personal data is restricted, your personal data may be, with the exception of their storing, processed only with your consent or for the reason of establishment, exercise or defense of legal claims, for the reason of protection of rights of other natural person or legal entity or for the reasons of important public interest of the European Union or any of its member states.

    Right to be notified regarding rectification, erasure of personal data or restriction of processing

    If your personal data were rectified, erased or processing of your personal data was restricted, you may require us to inform you on recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

    Right to data portability

    In the case of personal data processed on the basis of your consent or on the basis of contract, which are at the same time processed by automated means, you shall have the right to transmit such data to another controller. Where technically feasible you may also request so that we transmitted your personal data that you provided to us and that relate to you, directly to another controller in a structured, commonly used and in machine-readable format.

    The right to data portability shall not adversely affect the rights and freedoms of others.

    Right to object

    On grounds relating to your particular situation, you have the right to object to processing of your personal data (see Article 21 GDPR), if processing for the reason of public interest, when exercising public authority or for the purposes of our legitimate interests or legitimate interests of the third party is concerned. If you object, your personal data shall be no longer processed unless compelling legitimate grounds for the processing which override your legitimate interests, rights and freedoms are demonstrated or for the establishment, exercise or defense of legal claims.

    If we processed your personal data for direct marketing purposes (including profiling, if concerned), you shall have the right to object anytime to such processing. However our company does not process the personal data for such purposes.

    Right not to be subject to a decision based solely on automated processing, including profiling

    As a data subject you shall have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you.

    This shall not apply if the decision is necessary for entering into, or performance of, a contract between you and a data controller, if it is based on your explicit consent or permitted by generally binding legal regulations. Our company however does not perform any decisions without effect of human consideration with legal effects for the data subject.

    Right to file a complaint to supervisory authority

    Without prejudice to any other administrative or judicial remedy, you shall have the right to file a complaint at any supervisory body, in particular in state of your habitual residence, place of employment or place where the alleged breach was committed, if you suppose that processing of your personal data violated GDPR.

    In the Czech Republic, such supervisory authority is the Office for Personal Data Protection (hereinafter referred to as ÚOOÚ). For contact details and detailed information on the Office see website of ÚOOZ www.uoou.cz.

    The supervisory authority, at which you file your complaint, will inform you on progress in solving of the complaint and on its result.

    Communication of personal data breach

    Protection of your personal data is secured also by duty of every controller to inform you on personal data breach without undue delay, when the personal data breach is likely to result in a high risk to your rights and freedoms.

    The above-mentioned communication shall not be required under Article 34 paragraph 3 GDPR if any of the following conditions are met:

    • the controller has implemented appropriate technical and organizational protection measures, and those measures were applied (in particular those that render your personal data unintelligible to any person, who is not authorized to access it, such as encryption),

    • the controller has taken subsequent measures, which ensure that the high risk to your rights and freedoms referred to in the paragraph above is no longer likely to materialize, or

    • it would involve disproportionate effort.