Information on the processing of the personal data of contractual partners
in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “General Regulation”), inform you that our company GENNET, s.r.o., with registered office in Prague 7, ID: 27080234, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Entry 94758, as a personal data manager (the “administrator”), processes your personal data, that is, the personal data of actual or potential contractual partners – natural persons, and the rights and obligations associated with them.
Personal data is considered to be all information about an identified or identifiable natural person (also referred to as the “data subject”); an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
1. Scope and purpose of processing personal data
The administrator processes personal data to the extent that it was provided to it by the data subject in connection with the conclusion of the contract with the administrator. The administrator also processes personal data that was not provided to it by the data subject, but which is publicly available, especially data obtained from public registers. The administrator processes personal data in accordance with the valid and generally binding legal regulations of the Czech Republic and to fulfil its legal obligations.
Your personal data is processed for the following purposes:
- the purpose of negotiating the contractual relationship under consideration (for the purpose of concluding a contract);
- the purpose arising from the performance of the agreement between you and the administrator, especially for the record of contractual relations, for activity control, for statistical purposes and others;
- determination, exercise or defence of legal claims;
- the purpose of IT security of the manager for information obtained from an electronic communication with the subject, such as an IP address, etc.;
- the purpose of fulfilling the statutory obligations of administrators from the applicable legal regulations, in particular the regulations governing the keeping of accounts and taxes, regulations on the regulation of advertising and others;
- the purpose of direct marketing, in particular the sending of business communications;
- protection of company property and protection of the life, health, property and personal data of patients, employees and other persons present within the premises of the Administrator and prevention of undesirable acts and phenomena through camera systems; for detailed information on how to process information via camera systems, see “Information on the processing of personal data through camera systems “.
2. Sources of personal data
The administrator processes personal data it obtains:
- in connection with the negotiation of a contractual relationship under consideration (with a view to concluding it);
- in connection with the fulfilment of the conditions under the contract;
- directly from data subjects in connection with complaints handling;
- from records;
- data that can be detected from camera records, especially gender and appearance.
3. Categories of personal data and category of data subjects
The following categories of personal data are subject to processing:
- address and identification data used to identify clearly and unambiguously data subjects, such as name, surname, date of birth, identification number and others;
- contact details such as contact address, phone number, e-mail address and others;
- other data, such as bank details, data in contract, invoiced and paid (due) amounts, data on the ongoing fulfilment of contractual obligations, communication between the subject and administrator or their employees.
The administrator hereby informs the data subjects that the personal identification number will be processed only if the subject provides it to the administrator voluntarily or if required by law. If the subject voluntarily provides the administrator with his/her birth number, he/she agrees, in accordance with Section 13c(1) of Act No 133/2000, on the records of citizens and personal identification numbers and amending certain laws, that the administrator processes this personal identification number for the purposes mentioned above in this document. Such consent may be withdrawn by the subject at any time, in accordance with the General Regulation, by means of the following e-mail address: email@example.com or by phone: +420 226 226 205.
In connection with communication with a data subject, the administrator may also store some technical data, i.e. the time of communication with the data subject and the IP address from which it will be sent.
For prospective contractual partners, the administrator can process data from public sources (such as their website or advertising required by a potential contractual partner) so that we can contact them with the offer of services. Such basic data can be stored by the administrator in our IT system for further contact.
The data subjects whose data are processed by the data administrator and to whom this information is addressed are:
- contractual partner of the administrator;
- potential contractual partner of the administrator;
4. Method of processing and protection of personal data
Personal data is processed in full compliance with applicable laws. Their security and protection is ensured in accordance with these regulations and in accordance with the General Regulation.
Processing is done manually in paper and electronic form or automated by computer technology, subject to all security principles for managing and processing personal data. To this end, technical and organizational measures have been taken by the administrator, in particular those to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing and other misuse of such personal data. All subjects to whom personal data may be made available respect the rights of data subjects to privacy protection and are required to comply with applicable data protection laws.
Data on potential, current or past partners may also be processed for direct marketing purposes. This typically involves sending emails or making phone calls with commercial communications. In accordance with Section 7 of Act No 480/2004, on certain information society services, the commercial communications will be sent to the data subjects. The subject may unsubscribe from such sending at any time by means of the following email address: firstname.lastname@example.org or by phone: +420 226 226 205.
5. Period of processing of personal data
The administrator shall process personal data for the time necessary for the fulfilment of the given purpose and in accordance with the time limits specified in the relevant generally binding legal regulations of the Czech Republic, or as long as it needs them for the determination, exercise or defence of legal claims.
The contact details of the data subjects for the purpose of sending commercial communications will be processed for as long as the subject withdraws the consent therewith. After that, the administrator will only process the basics about why he has sent the business message for a reasonable period of time to prove the legitimacy of such sending.
In determining the adequacy of the period of processing of personal data, it will be based in particular on the length of the limitation period, the likelihood of legal claims, the likelihood and significance of any risks, etc.
6. Update of personal data
One of the administrator’s responsibilities is to process accurate data. Therefore, the administrator politely asks all of its contractual partners to inform the administrator about any changes in the personal data provided to or obtained by the administrator. For this purpose, the administrator can be contact by the following email address: email@example.com or by phone: +420 226 226 205.
7. Categories of recipients of personal data
The recipients of personal data of data subjects are:
- public institutions, especially health insurance companies;
- processors on the basis of a contract with the administrator to the extent of the data needed for the purpose of processing, such as suppliers of external services, especially programmer or other support technical services, data storage or archiving personnel, IT system vendors, server operators used by the administrator and others;
- to the extent necessary, legal, economic and tax advisors and auditors, for the purpose of providing advisory services to the administrator;
- public authorities in the course of fulfilling the legal obligations laid down by the relevant legislation.
8. Lessons learned about the data subject’s rights
As a personal data administrator, you are entitled to do the following in our company:
- request access to personal data processed by the administrator, which means the right to obtain from the administrator a confirmation whether the personal data concerning you are processed or not and, if so, you have the right to access these personal data and other information referred to in Article 15 of the General Regulation,
- request the correction of personal data processed for you if they are inaccurate. Taking into account the purposes of processing, you may in some cases also request that incomplete personal data be supplemented,
- request the deletion of personal data in cases covered by Article 17 of the General Regulation,
- request the restriction of personal data processing in cases covered by Article 18 of the General Regulation,
- obtain personal data about you that we process in an automated manner to perform a contract concluded with you in a structured, commonly used and machine-readable format, and you have the right to require the administrator to pass this information to another administrator under the conditions and limits set forth in Article 20 of the General Regulation; and
- you have the right to object to processing within the meaning of Article 21 of the General Regulation on grounds relating to your particular situation.
If we receive your request, we will inform you about the measures taken without undue delay and, in any case, within one month after the receipt of the request. This time limit can be extended by another two months if necessary and given the complexity and number of requests. In certain cases laid down in the General Regulation, our company is not obliged to comply with the request in whole or in part. This will be the case in particular if the request is clearly unreasonable or disproportionate, in particular because it is repeated. In such cases, we may (i) impose a reasonable fee, taking into account the administrative costs associated with providing the requested information or communication or with making the requested actions, or (ii) refuse to comply with the request.
If we receive the above request, but we will have reasonable doubt as to the identity of the applicant, we may ask him/her to provide the additional information necessary to confirm his/her identity.
In addition, you have the right to contact the Office for Personal Data Protection directly if you believe that personal data are not processed in accordance with legal regulations, in the place of your habitual residence, place of employment, or where there was an alleged violation. If, as a result of the processing of your personal data, you incurred damage other than property damage, a special law applies to the claim.
We also inform you that our company has appointed a Data Protection Officer. Contact details of the Officer: Rita Novoseletska, Na Poříčí 1047/26, 110 00 Praha 1, E-mail: firstname.lastname@example.org