Declaration of the processing of personal data
Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter "GDPR")
I. Personal data administrator
Personal data administrator, company CLASSIC COTTON s.r.o. Průmyslová 146, 551 02 Jaroměř, (hereinafter referred to as the "controller") hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.
II. Scope of personal data processing
Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or otherwise collected by the controller and processed in accordance with applicable law or to fulfill legal obligations.
III. Sources of personal data:
- pdirectly from data subjects
- publicly accessible registers,
- ists and records (eg commercial register, trade register, real estate cadastre, public telephone directory, etc.)
IV. Categories of personal data that are subject to processing:
- address and identification data used for unambiguous and unmistakable identification of the data subject (eg name, surname, title, ID number, VAT number) and data enabling contact with the data subject (contact data - eg contact address, telephone number, fax number, e-mail address and other similar information)
- descriptive data (eg bank details, date)
- other data necessary for the performance of the contract
V. Categories of data subjects:
- customer manager
- service provider
- another person who is in a contractual relationship with the controller
VI. Categories of recipients of personal data:
- state and other authorities in the framework of fulfilling the legal obligations stipulated by the relevant legal regulations
VII. Purpose of personal data processing
- purposes contained in the consent of the data subject
- negotiation of a contractual relationship
- performance of the contract
- protection of the rights of the administrator (controller), beneficiary or other persons concerned (eg recovery of the administrator 's claims)
- archiving kept on the basis of the law
- fulfillment of legal obligations by the administrator
- protection of the vital interests of the data subject
VIII. Method of processing and protection of personal data
The processing of personal data is performed by the administrator. Processing is performed in its premises, branches and registered office of the administrator by individual authorized employees of the administrator, or processor. The processing takes place through computer technology, or also manually for personal data in paper form in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, change, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data. data. All subjects to whom personal data may be disclosed respect the right of data subjects to privacy and are obliged to comply with applicable legislation on personal data protection.
IX. Time of personal data processing
In accordance with the deadlines specified in the relevant contracts, in the administrator's file and shredding rules or in the relevant legal regulations, this is the time strictly necessary to secure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.
The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject. In accordance with article 6, paragr.1 of the GDPR, the controller may process the following data without the consent of the data subject:
- the data subject has given his or her consent for one or more specific purposes,
- processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of measures taken before the conclusion of the contract at the request of the data subject,
- processing is necessary to fulfill the legal obligation applicable to the controller,
- processing is necessary to protect the vital interests of the data subject or another natural person,
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
- processing is necessary for the legitimate interests of the controller concerned or of a third party, except where those interests take precedence over the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.
XI. Rights of data subjects
In accordance with article 11 of the GDPR, the controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and to the following information:
- the purpose of processing,
- the category of personal data concerned,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed,
- the planned period for which the personal data will be stored,
- all available information on the source of the personal data, if not obtained from the data subject,
- whether there is automated decision-making, including profiling.
Any data subject, who discovers or suspects, that the controller or processor is carrying out the processing of his or her personal data which is contrary to the protection of the data subject's private and personal life or contrary to the law, in particular if the personal data are inaccurate with regard to their purpose; processing, can:
- Ask your administrator for an explanation.
- Require the administrator to remove this condition. In particular, it may be a matter of blocking, correcting, supplementing or deleting personal data.
- If the data subject's request under paragraph 1 is found to be justified, the controller shall immediately rectify the defective condition.
- If the controller does not comply with the data subject's request pursuant to paragraph 1, the data subject has the right to contact the supervisory authority, ie the Office for Personal Data Protection.
- The procedure referred to in paragraph 1 shall not preclude the data subject from contacting the supervisory authority directly.
- The administrator has the right to demand a reasonable payment for the provision of information, not exceeding the costs necessary for the provision of information.