Protection of Personal Data

I. Basic Provisions

 

  1. The personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is VAE SPRINKLERS, s.r.o., RN: 072 33 469, registered office: náměstí Jurije Gagarina 233/1, Slezská Ostrava, 710 00 Ostrava, registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, Insert 75025 (hereinafter referred to as the “Controller”).
  2. The contact details of the Controller are:
  • VAE SPRINKLERS, s.r.o.
  • address: náměstí Jurije Gagarina 233/1, Slezská Ostrava, 710 00 Ostrava
  • e-mail: vae.sprinklers@vaesprinklers.cz
  • phone: +420 734 586 401
  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, and identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. The Controller did not appoint a data protection officer.

II. Sources and Categories of the Processed Personal Data 

  1. The Controller processes personal data that is necessary for the operation of the Controller’s business and related activities, compliance with legal and contractual obligations, and monitoring of legitimate interests.

In particular, the following categories of personal data are processed:

  • Basic identification data: degree, first name, surname, maiden name, date of birth, national ID number, address of permanent or temporary residence, photograph, audio-visual recording, citizenship, nationality, signature, identification data of the employer/company, job position, place of work, place of business and registration number if you are a self-employed person.
  • Contact details: telephone number, e-mail address, fax, address for the delivery of documents.
  • Transaction data: bank name, bank account number.
  • Socio-demographic data: age (indirectly), sex.
  • CCTV: a CCTV recording of the concerned person that can identify the person, the behaviour of the concerned person, and indirectly also special categories of personal data in some cases, despite this not being a requirement or intention of the company (e.g. state of health, racial and ethnic origin, religious or philosophical beliefs).
  1. Other personal data of yours may also be processed, for example if you are a job applicant, this is data within the scope of the provided CV and cover letter. We also process other personal data if you are, for example, a former employee of the Controller, as is/was required by local legislation.
  2. During each processing of personal data, the Controller follows the principle of data minimization – the adequacy of the scope of the data in relation to the purpose of processing.
  3. You can request a list of personal data that the company processes about you at any time at the above-mentioned contact details.

III. Obtaining Personal Data

  1. The Controller obtains personal data:
  • directly from you when concluding and fulfilling a contract or when obtaining your consent to the processing of personal data;
  • from other persons if you give your consent to it (e.g. from a family member);
  • from proceedings before public authorities;
  • from publicly available registers, lists and records.

IV. Legal Basis and Purpose of Personal Data Processing

  1. The legal basis for the processing of personal data is:
  • performance of a contract between you and the Controller pursuant to Article 6 (1)(b) of the GDPR;
  • compliance with legal obligation of the Controller pursuant to Article 6 (1)(c) of the GDPR;
  • the legitimate interest of the Controller in the provision of direct marketing (especially for sending commercial messages and newsletters) pursuant to Article 6 (1)(f) of the GDPR;
  • your consent to processing for the purposes of providing direct marketing (especially for sending commercial messages and newsletters) pursuant to Article 6 (1)(a) of the GDPR in connection with Section 7 (2) of Act No. 480/2004 Coll., on Certain Information Society Services in the event that no goods or services have been ordered.

2.  The purpose for the processing of personal data is:

  • handling of your order and exercise of rights and obligations arising from the contractual relationship between you and the Controller; when ordering, personal data is required, as it is necessary for the successful completion of the order (name and address, contact); provision of personal data is a necessary requirement for the conclusion and performance of the contract, as it is not possible to conclude the contract or perform it by the Controller without the provision of personal data;
  • compliance with legal obligations towards the state;
  • sending of commercial messages and doing other marketing activities.

3.  There is no automatic individual decision-making by the Controller within the meaning of Article 22 of the GDPR.

V. Data Retention Period

  1. The Controller retains personal data:
  • for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to assert claims under these contractual relationships (for a period of 15 years from the termination of the contractual relationship);
  • until the consent to the processing of personal data for marketing purposes is revoked, and for a maximum of 5 years if the personal data is processed on the basis of a consent.

2.  The Controller erases the personal data after the retention period ends.

VI. Recipients of Personal Data (Subcontractors of the Controller)

  1. The recipients of personal data are persons:
  • involved in the supply of goods/services or the execution of payments on the basis of a contract;
  • providing accounting services;
  • providing marketing services.

2.  The Controller intends to transfer personal data to a third country (a non-EU country) or an international organization. Recipients of personal data in third countries are mailing/cloud service providers.

VII. Processors of Personal Data 

  1. The processing of personal data is performed by the Controller, but the following processors may also process personal data for the Controller:
  • Mailchimp service provider;
  • VAE CONTROLS Group, a.s.;
  • or another provider of processing software services and applications, which, however, are not currently used by the Controller.

VIII. Your Rights

  1. Under the conditions set out in the GDPR, you have:
  • the right of access to your personal data pursuant to Article 15 of the GDPR;
  • the right to rectification of your personal data pursuant to Article 16 of the GDPR, or the right to restrict the processing pursuant to Article 18 of the GDPR;
  • the right to erasure of your personal data pursuant to Article 17 of the GDPR;
  • the right to object to the processing of your personal data pursuant to Article 21 of the GDPR;
  • the right to data portability pursuant to Article 20 of the GDPR; and
  • the right to withdraw the consent to the processing in writing or electronically to the address or e-mail of the Controller specified in Article III of these Conditions.

2.  You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated, or to go to court.

IX. Personal Data Security

  1. The Controller declares to have taken all appropriate technical and organizational measures to secure personal data.
  2. The Controller has taken technical measures to secure electronic data repositories and paper personal data repositories.
  3. The Controller declares that only persons authorized by the Controller have access to personal data.

X. Final Provisions 

  1. By sending the order via the online order form, you confirm that you are acquainted with the Conditions of Personal Data Protection and that you accept them in full.
  2. You agree to these Conditions by checking your consent via the online form. By checking the consent, you confirm that you are acquainted with the Conditions of Personal Data Protection and that you accept them in full.
  3. The Controller is entitled to change these Conditions. The new version of these Conditions will be published on the Controller’s website and also sent to you by e-mail to the address you provided to the Controller.

These Conditions take effect on 1 January 2021.