Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter "GDPR").
I. Introduction
This statement has been prepared and published to provide information about our company's practices and obligations in applying the requirements of the GDPR Regulation. The following are used:
- PD – personal data, ie all information leading to the identification of a specific person
- Owner of PD – an entity that holds personal data held and processed by our company
- Administrator – our company, which registers, processes, archives and protects your PD
- Processor – the company we invited to process your PD on the basis of a contract. This ensures that the system of handling, processing and protection of your PD is ensured within the scope of the GDPR requirements and that your rights are not restricted.
II. Personal data controller
The company MTM Transport, as, IČ: 28628268, contact address for the area of protection of the District Office: info@mtmtransport.cz, telephone number: +420 596 753 564-5 (hereinafter referred to as the "administrator") hereby in accordance with Art. 12 The GDPR Regulation informs about the processing of your personal data and about your rights.
III. Scope of personal data processing
Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with and on the basis of a free decision at the time of establishing a relationship or registration and in a contractual or other legal relationship with the controller, or otherwise collected and processed by the controller. is in accordance with applicable law or to fulfill the legal obligations of the administrator.
IV. Sources of personal data
We obtain personal data from the owners of the District Office (business communications, purchases, deliveries of products and services, contact form on the website, telephone communications, business cards, etc.)
Another source of personal data is information necessarily provided to job seekers and workers. If personal data are obtained from public sources, they are used exclusively for the purpose of implementing a business relationship or in accordance with the consent obtained from the holder of personal data.
V. Categories of personal data that are subject to processing
- These are identification data used to uniquely and unmistakably identify the owner of the PD (name and surname, date of birth, birth number, permanent residence address, etc.)
- Descriptive information (e.g. bank details)
- Information necessary to perform the contract (email, telephone, workplace address, function) and more
- Data provided in addition to the relevant laws and legislative regulations, processed within the framework of the consent granted by the owner of the PD
VI. Categories of owners of data offices
These are in particular:
- Customers
- Customers of customers
- Employees and workers on extracurricular agreements and job seekers
- Owners of personal information of suppliers and partners providing the services needed to run our business
- Other persons who are in a contractual relationship with the PD administrator
VII. Categories of recipients of personal data
- State and other bodies in the framework of the fulfillment of legal obligations stipulated by the relevant legal regulations
- Financial institutions and public administration organizations
- PD processors on the basis of concluded contracts
- Third parties and organizations with the consent of the PD owner
- Our company as a trustee
VIII. Purpose of personal data processing
- Purposes contained in the data subject's consent Negotiation of a contractual relationship
- Performance of the contract
- Protect the rights of the administrator, the recipient or other persons concerned
- Lawful archiving
- Tenders for vacancies
- Compliance with legal obligations by the administrator
- Protection of the vital interests of the owner of the PD or other entities
IX. Method of processing and protection of personal data
Personal data is processed by the administrator, resp. the processor, which has a contract concluded by the administrator, which guarantees that it will comply with the following responsibilities in the processing of the PD and the rights of the owner of the PD.
Processing is performed at the registered office and at the premises of the administrator, resp. processors. The processing takes place via computer technology or manually at the PD in paper form in compliance with all security principles for the management and processing of personal data. To this end, the administrator has taken technical and organizational measures to ensure the protection of PDs, in particular measures against unauthorized or accidental access to PDs, their change, destruction or loss, unauthorized use or transmission of PDs or other misuse of PDs.
All entities to which PDs may be made available respect the PD owner's right to privacy and are required to comply with applicable PD protection legislation.
X. Time of personal data processing
In accordance with the time limits set out in the relevant contracts, the administrator's file and shredding rules or the relevant legislation, this is the time strictly necessary to safeguard the rights and obligations arising from the obligation, the legitimate interests of the processor and the relevant legislation.
XI. Edification
The controller processes the data with the consent of the PD owner, except in cases stipulated by law, where the processing of personal data does not require the consent of the PD owner.
In accordance with Article 6 (1) of the GDPR, the controller may process data without the consent of the PD owner if:
- Processing is necessary for the performance of a contract to which the PD owner is a party or for the implementation of measures taken before the conclusion of the contract at the request of that PD owner.
- Processing is necessary to fulfill the legal obligation that applies to the controller
- Processing is necessary to protect the vital interests of the PD owner or other natural person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests of the controller or a third party concerned, except where those interests take precedence over the interests or fundamental rights and freedoms of the PD owner requiring the protection of personal data.
In other cases, the consent of the PD owner granted under the terms of the GDPR is required to process the PD.
XII. Rights of the data subject
- In accordance with Article 12 of the GDPR, the controller informs the entity, at the request of the PD owner, of the right of access to personal data and to the following information:
- Purpose of PD processing
- Category of personal data concerned
- Recipients or categories of recipients to whom the PDs have been made available
- Scheduled time for personal information to be stored
- All available information about the source of personal data
- Whether there is automated decision making, including PD profiling
- Any PD owner who discovers or believes that a controller or processor is carrying out the processing of his PD which is contrary to the protection of the personal and personal life of the PD owner or contrary to the law, in particular if the personal data are inaccurate with regard to purpose their processing, may:
- Ask the administrator for an explanation in person or via info@mtmtransport.cz
- Require the administrator to remove the condition. In particular, it may involve blocking, correcting, supplementing or deleting (forgetting) personal data.
- If the PD owner's request under paragraph 1 of this chapter is found to be justified, the administrator shall immediately rectify the defective condition.
- If the controller does not comply with the data subject's request pursuant to paragraph 1, the PD owner has the right to contact the supervisory authority directly, ie the Office for Personal Data Protection (ÚOOÚ)
- The procedure under paragraph 1 does not preclude the owner of the PD from contacting the supervisory authority directly.
- The administrator has the right to demand a reasonable payment for the provision of information, not exceeding the costs necessary to provide the information.