1. CONTROLLER The personal data controller is
TokmaTech s.r.o. with its registered office located at Kabeláčova 562/2, Kamýk, 143 00 Praha 4, identification No. 054 69 252, registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 263896 (hereinafter the "
Controller").
2. YOUR RIGHTS You have the following rights in respect of the personal data processing concerned:
a.
ACCESS – The right to be informed whether or not your personal data are being processed. If your personal data are being processed, you have the right to obtain the information about the processing in prescribed extent and the right, under certain conditions, to obtain a copy of the processed personal data;
b.
RECTIFICATION – The right to request rectification if the personal data processed are inaccurate, or the right to request completion if the data are incomplete;
c. ERASURE (right to be forgotten) - Right to request, under certain conditions stipulated by law (withdrawal of consent, termination of contract, unlawful processing), erasure of the personal data;
d.
RESTRICTION OF PROCESSING – The right to request marking and, if applicable, restriction (suspension) of the processing pending verification of accuracy of the data, lawfulness of the processing, response to an objection or to ensure protection of your interests (application or protection or defence of rights and legitimate interests);
e.
COMPLAINT – The right to lodge a complaint to the Office for Personal Data Protection against the Controller, the processing or the terms and conditions of exercising your rights. See
www.uoou.cz for the contact details and other information about the Office;
You also have the right to:
OBJECT – The right to request for your personal data not to be further processed for tasks in public interest, for the Controller's or third person's interest or marketing purposes.
Use the relevant link to find details of individual rights, their characteristics and the conditions under which the rights arise and may be exercised. See how to exercise your rights at
https://letopos.cz/vykon-prav-en.
A
DATA PROTECTION OFFICER is
not designated at the Controller.
3. PURPOSE OF PROCESSING The Controller processes personal data for fulfilment of the contract and its own legitimate interests:
Database of identification and contact data, i.e. name, surname, place of residence / registered seat (office), identification number, phone number, email address, banking and billing details of potential / current suppliers of goods and services for contract negotiation, records of communication with the supplier regarding contract negotiations (in order to be able to prove the content of the contract as well as pre-contractual liability etc.), conclusion of the contract with the supplier. In respect of fulfilment of contractual obligations, it is the documentation and correspondence concerning performance of employment that is necessary to prove the manner in which the fulfilment of the contract and protection and exercise of rights took place.
In case the supplier is not one of the contractual parties, data concerning his employees, executive representatives or other persons authorised to negotiate about contract, i.e. contract performance, are registered.
4. LEGAL GROUND FOR PROCESSING The legal ground for the processing of personal data is:
— Controller's legitimate interest in relation to the database of potential suppliers Art. 6(1)(f) of the GDPR), in the contracting and fulfilling stage – necessary measures before the conclusion of the contract and fulfilling the contract with data subject Art. 6(1)(b) of the GDPR), all applies if the supplier is a natural person (individual entrepreneur);
— Controller's legitimate interest in relation to the database of suppliers, negotiations and fulfilment of the contract where the subject of processing are personal data of supplier' representatives (Art. 6(1)(f) of the GDPR), all applies if the supplier is a legal entity
5. SCOPE OF THE DATA being processed The Controller processes the following data for the above-mentioned purpose:
— In case the supplier is a natural person (individual entrepreneur) - identification and contact data, i.e. name, surname, scope of business, registered seat / office, billing and invoicing details and information on contractual obligation including communication concerning contract negotiation and performance.
— In case the supplier is a legal entity - identification and contact data of a representative of such entity (work contact information), job title, name, surname, scope of business, registered seat / office, billing and invoicing details and information on contractual obligation including communication concerning contract negotiation with the employer.
6. PROVISION OF DATA IS NECESSARY Provision of personal data is necessary only if it is necessary for the contractual and fulfilment purposes. It is not possible to conclude a contract without such provision.
7. PERIOD for which the personal data are stored and processed The Controller processes personal data: for the necessary period of time, i.e. for the entire cooperation, or potential cooperation with the data subject. In case of contractual obligations – until they are fulfilled, and for the time period stipulated by law, including period for claiming defects, statute of limitations and prescription periods regarding potential claims arising from contractual relationship. Data and documents may be retained for a period prescribed by law (for example tax records, etc.).
8. PLACE where the personal data are being processed The place of the processing of personal data shall be: the Controller's business premises, including the Controller's registered office
9. RECIPIENTS to whom the personal data may be disclosed Personal data are provided to following recipients (categories): NO RECIPIENTS.
10. THIRD COUNTRY Personal data ARE NOT transferred outside of the EU for further processing.
11. PROCESSOR A personal data processor pursuant to Art. 4(8) of the GDPR or a third party authorized by the Controller to process personal data may be engaged in the processing of personal data. In such cases, the Controller will minimize the risk of unauthorized disclosure, destruction, processing or loss of the personal data.
12. AUTOMATED DECISION-MAKING AND PROFILING Automated decision-making means decisions that are made by automated means or based on the output of automated processes, without human intervention/volition.
Profiling means the use of personal data to evaluate certain personal aspects relating to a natural person, e.g. to predict that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, etc.
Automated decision-making WILL NOT be used in connection with personal data processing.
Profiling WILL NOT be used in connection with the processing of personal data.