INFORMING ABOUT THE PROCESSING OF PERSONAL DATA
Statement on the processing of personal data pursuant to the Directive of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR")
I. Controller of personal data
Company RIM CZ a.s. with headquarters at Dr. E. Beneše 1015, 765 02 Otrokovice, ID No: 44 11 73 53, Tax ID No.: CZ 44 11 73 53 registered in the Commercial Register held at the Register Court in Brno, Section C, File 3953, (hereinafter "controller") hereby informs you in accordance with article 12 of the GDPR about the processing of your personal data and your rights.
II. Scope of processing of personal data
Personal data is processed within the scope which the respective data subject has provided to the controller in relation to the conclusion of a contractual or other legal relationship with the controller, or the controller has collected by other means and processed in accordance with valid legal regulations, or for the fulfilment of the legal obligations of the controller.
III. Sources of personal data
- directly from the data subject (registration and purchases made via the eshop, email, telephone, chat, website, contact form on the website, social networks, business cards, etc.)
- publicly accessible registers, lists and evidence sources (e.g. commercial register, trade register, cadastre (land titles registry), public telephone directory, etc.)
IV. Categories of personal data that are the subject of processing
- address and identification details serving for the definite and unmistakable identification of a data subject (e.g. first name, last name, title, possibly birth number, date of birth, permanent residence address, ID No., Tax ID. No.) and information enabling contact with the data subject (contact information - e.g. contact address, telephone number, fax number, email address and other similar information)
- descriptive information (e.g. bank account details)
- other information necessary for the fulfilment of a contract
- information provided over and above the scope of respective laws processed within the scope of a provided consent from the data subject (processing of photographs, use of personal data for the purpose of human resource management, etc.)
V. Categories of data subjects
- customer of the controller (only for subjects registered at the eshop)
- employee of the controller
- service provider
- other person that is in a contractual relationship with the controller
- job applicant
VI. Categories of personal data recipients
- financial institutions
- public institutions
- government and other bodies within the scope of fulfilment of legal obligations set by respective legal regulations
- other recipients (e.g. transfer of personal data abroad - states of the EU)
VII. Purpose of processing of personal data
- the purposes contained within the scope of consent of the data subject
- contractual relationship proceedings
- fulfilment of a contract
- protection of the rights of the controller, recipient or other concerned parties (e.g. debt collection proceedings of the controller)
- archiving performed on the basis of the law for employee recruitment proceedings
- fulfilment of legal obligations from the side of the controller
- protection of vital interests of the data subject
VIII. Method of processing and protection of personal data
Personal data is processed by the controller. Processing is performed at his facilities, branches and headquarters of the controller by individual authorised employees of the controller, or alternatively by a processor. Processing is performed by means of computer technology, or alternatively manually for personal data in written form under the adherence to all security fundamentals for the administration and processing of personal data. For this purpose, the controller has implemented technical-organisational measures for ensuring the protection of personal data, prevention of unauthorised or accidental access to personal data, its modification, destruction or loss, unauthorised transfers, other unauthorised processing as well as the misuse of personal data. All subjects to whom personal data is made available shall respect the right of the data subjects to the protection of their privacy and are required to proceed according to valid legal regulations related to the protection of personal data.
IX. Duration of processing of personal data
In accordance with the deadlines specified in the respective contracts, in the filing and shredding system of the controller or in the respective legal regulations, this is the time necessary for ensuring the provision of rights and obligations arising both from the binding relationships as well as from respective legal regulations.
The controller processes information with the consent of the data subject with the exception of legally stipulated cases, where the processing of personal data does not require the consent of the data subject. In accordance with article 6, paragraph 1 of the GDPR the controller may process the following information without the consent of the data subject:
- the data subject has given consent to one or more specific purposes,
- processing is essential for the fulfilment of a contract, the contractual party of which is the data subject, or for the performance of measures accepted prior to the conclusion of the contract at the request of this data subject,
- processing is necessary for the fulfilment of a legal obligation that relates to the controller,
- processing is essential for the protection of vital interests of the data subject or another physical entity,
- processing is essential for the fulfilment of tasks performed in the public interest or for the performance of public power, for which the controller is commissioned
- processing is essential for the purposes of the legitimate interest of the respective controller or third party, excluding the cases, where these interests are preceded by the interests or basic rights and freedoms of the data subject requiring the protection of personal data.
XI. Rights of data subjects
1. In accordance with article 12 of the GDPR, the controller shall inform the data subject, upon the request of the data subject, about the right to access personal data and the following information:
- purposes of processing,
- categories of affected personal data,
- recipients or categories of recipients to whom the personal data was or will be made accessible,
- planned duration for which the personal data shall be stored,
- all available information about the source of the personal data,
- if it was not obtained from the data subject, and the fact, whether automated decision-making is taking place, including profiling.
2. Every data subject, that finds out or suspects that the controller or processor is performing processing of his person information, which is in contradiction with the protection of private and personal life of the data subject or is in contradiction with the law, in particular where personal data is inaccurate with respect to the purpose of its processing, the data subject may:
- Request an explanation from the controller.
- Require that the controller remove such an arisen state. Particularly, this may involve the blocking, correction, supplementation or deletion of personal data.
- In the event that the request of the data subject is found to be justified according to paragraph 1, the controller shall immediately remove the faulty state without delay.
- In the event that the controller does on comply with the request of the data subject according to paragraph 1, then the data subject has the right to contact the supervisory authorities, i.e. the Office for Personal Data Protection.
- The procedure according to paragraph 1 does not preclude that the data subject submits his case directly to the supervisory authority.
- For the provision of data, the controller has the right to demand reasonable remuneration not exceeding the costs necessary for the provision of the information.