Inove Ltd, ID No. 075 56 071, with registered office at Prague 10, Hostivař, náměstí Přátelství 1518/2, Postal Code 102 00, registered in the Commercial Register kept at the Municipal Court in Prague, Section C, Insert 303041 (hereinafter referred to as "the Company") hereby informs about the basic principles and principles on the basis of which, as a personal data controller within the meaning of Article 4, point 7 of Regulation (EU) No. 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter also referred to as "GDPR"), in connection with the provision of its services, handles the personal data of its clients or prospective clients (hereinafter also collectively referred to as "data subject"). All procedures are governed by the applicable laws of the Czech Republic, the EU and the implementing internal regulations, which aim to ensure even greater security in the processing of personal data.
The Company processes personal data of its clients, or their representatives, business partners, if they are the data subject, in particular for the purposes set out below and on the relevant legal basis resulting from the GDPR and to the extent necessary to fulfil the purpose for which they were collected.
Purposes of processing personal data:
In other cases, we process personal data of data subjects only with their explicit consent.
Personal data will be processed for the period necessary to ensure the mutual rights and obligations arising from the contractual relationship (provision of services), i.e. always for at least the duration of the contract, and then for the duration of the rights and obligations arising from the services provided, or generally for the duration of the binding legal relationship in connection with which the personal data of the data subject are processed. For a longer period of time, personal data shall only be processed provided that a valid and effective legal regulation (e.g. accounting or tax law) so provides, or if such processing is justified by the need or potential for full settlement of claims arising from a binding legal relationship concluded between the Company as controller and the data subject, or a third party, if personal data of the data subjects are processed in this context.
The processing relates to personal data obtained by the Company from the data subject in the course of providing the services, in particular identification data (name, surname, date of birth, birth number, ID number, VAT number), contact data (address, telephone number, e-mail address, bank account) and other information strictly necessary for the provision of the requested services (e.g. socio-demographic data, financial data, data on the services provided). Personal data are processed to the extent that they have been provided, to the extent that they arise during the course of a given commitment and/or to the extent that the Company is entitled or obliged to ascertain them itself on the basis of generally binding legal provisions or the consent of the data subject.
The processing of personal data is carried out manually and automatically in electronic information systems, in electronic or paper form, always with high technical, organisational and personnel security in accordance with the requirements of generally binding legal regulations.
All persons who come into contact with personal data from their work position (or within the scope of their contractually assumed duties) are trained and bound by confidentiality obligations.
Processing is carried out mainly by authorised employees of the Company, whereby the Company, on the basis of a contract for the processing of personal data, also authorises the processor to process personal data, provided that the conditions are met.
As far as the recipients of personal data are concerned - in addition to the above-mentioned persons, personal data may also be disclosed to other persons, but only if they have a lawful reason for accessing such personal data (e.g. law enforcement authorities, other controlling authorities with a legal authorisation to access information), or if it is necessary to protect the rights of the Company or the data subject (e.g. public authorities), or if it is necessary for the fulfilment of obligations relating to the legal services provided, or if it is necessary for the fulfilment of the Company's obligations under generally binding legislation.
The right of access to personal data means that the data subject has the right to obtain information from the Company as to whether it is processing his or her personal data and, if so, which data is being processed and how it is being processed. The data subject also has the right to have inaccurate personal data concerning him or her rectified by the Company without undue delay upon his or her request. The data subject shall have the right to have incomplete personal data completed at any time.
The right to erasure of personal data represents, in other words, an obligation for the Company to erase the personal data it processes about the data subject if certain conditions are met and the data subject so requests.
The data subject has the right to have the Company restrict the processing of his or her personal data in certain cases. The data subject shall have the right to object at any time to processing which is based on the legitimate interests of the Company, of a third party or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
The right to data portability gives the data subject the possibility to obtain the personal data he or she has provided to the Company in a common and machine-readable format. He or she may subsequently transmit this data to another controller or, if technically feasible, request that the controllers transmit it between themselves.
The right to withdraw consent to the processing of personal data at any time does not apply, as the personal data of the data subject are processed for the performance of a contractual relationship with the data subject, not on the basis of consent to processing.
If the data subject is in any way dissatisfied with the processing of his or her personal data by the Company, he or she may lodge a complaint directly with the Company or contact the Data Protection Authority.
More information about the rights of the client is available on the website of the Data Protection Authority. (https://www.uoou.cz/6-prava-subjektu-udaj/d-27276)
24 July 2023
Inove s.r.o.
