GDPR statement

STATEMENT ON THE PROCESSING OF PERSONAL DATA

Statement on processing personal data according to ordinance European of Parliament and Council (EU) 2016/679 on protection physical persons in connection with the processing personal data and learning subjects data ( further just "GDPR")

Administrator personal data

Administrator personal data :

Diametral a.s. ,
with registered office at Václava Špačka 1759, 193 00 Prague 9 – Horní Počernice ,
led urban by the court in Prague section B, insert 20964,

represented Mr Vít Majtás, member administrative council

ID: 044 34 374 DIČ: CZ 044 34 374

( further just " administrator " )

hereby in accordance with art . 12 GDPR informs subjects processing data​ their personal data and about them rights .

Range processing personal data

Personal data they are processed to the extent applicable​​ subject data administrators provided in connection with the closing contractual whose another legal relationship with the administrator , or which administrator collected otherwise and processes them in accordance with the valid ones legal regulations or to fulfill legal responsibilities administrator .

Resources personal data

  • directly from the subjects data ( e.g. registration , e- mails , phone , chat, web pages , contact form on web , social networks , business cards , contracts , consents , video recording taken through technical device administrator etc. )
  • from public records - public records are for purposes this document :
    • public index according to Act No. 304/2013 Coll., on public registers legal and physical persons , in wording later ones regulations , i.e.​ federal register , foundation index , index institutions , register commonwealth owners units , commercial register and register in general beneficial by companies ;
    • other registers in meaning No. 111/2009 Coll., on basic registers , in wording later ones regulations

Category personal data which​ they are the subject processing administrator

  • Identification data contact data
  • descriptive data
  • transactional data
  • technical product data

Category subjects data

Subject data is physical person to whom personal​ data concern , specifically :

  • employee administrator
  • a job seeker at the administrator
  • contractual partner of the administrator ( physical person – entrepreneur , non-entrepreneur )
  • subject in the pre-contract of the relationship with the administrator ( customer before acceptance orders , inquiring etc. )
  • party management
  • minor party management
  • concerned person involved
  • applicant
  • interviewer
  • payer
  • recipient
  • authorized
  • compulsory
  • damaged

 

Category processors and recipients personal data

  • organs national management
  • organs local self-government
  • public constitution
  • banking constitution
  • insurance companies
  • external subject providing services administrators in different areas (health and safety, accounting , training , education , carriers )

 

Purpose and reasons processing personal data

Processing personal data ongoing with the administrator :

  • on basis granted consent subject data
  • at fulfillment contract with the subject data
  • at implementation measure accepted before closing contracts on request subject data
  • due​ fulfillment legal responsibilities relating to​ administrator ( incl archiving on basis of the law )
  • due​ protection vitally important ones interests subject data or other physical persons
  • due​ fulfillment task carried out in public of interest or at performance public power , to which he is entrusted with administrator
  • due​ authorized of interest administrator whose third parties ( incl archiving on basis authorized of interest administrator )

 

Reasons processing special ones categories personal data

  • express agreement subject ,
  • fulfillment duties in the area working rights , rights social security and social protection ,
  • protection vitally important ones interests subject data or other physical person in the event that subject data it isn't physical or legally eligible grant consent​
  • OU apparently published subject data ,
  • determination , performance or defense legal claims or at negotiations courts ,
  • significant public interest ,
  • archiving in public interest , for purposes scientific whose historical research or for statistical purposes

 

Way processing and protection personal data

Processing personal data performs administrator . The processing is carried out in his establishments , headquarters administrator individual authorized employees administrator , or​ processor . To proccess is running out through computer technology , or and manual way in personal data in the paper fee form for compliance all of them security management and processing policies​ personal data . Behind this purpose accepted administrator technical-organizational security measures​ protection personal data , in particular measures so that it cannot to occur unauthorized or random access to personal data , their change , destruction whose loss , unauthorized transmissions , to their unauthorized processing as well and to another misuse personal data . All entities to which they can be personal data made available , they respect right subjects data on protection privacy and are compulsory proceed according to valid legal regulations relating to protection personal data

Processing time personal data

In accordance with the deadlines listed in the respective contracts , in internal regulations administrator or in the relevant legal regulations it's about time necessarily necessary to secure rights and obligations arising both from contracts , authorized interests , so and from the relevant ones legal regulations .

Right subjects data

In accordance with Art . 12 GDPR informs administrator subject data on law on access to personal data and the following information :

    • purpose processing ,
    • category concerned personal data ,
    • recipients or category beneficiaries to whom personal data were or they will made available
    • planned the time for which they will personal data saved​
    • all available resource information​ personal data ,
    • if they are not acquired from subject data , facts , whether automated occurs​ decision-making , incl profiling .

 

Each subject data which​ will find out or believes that​​ administrator or processor performs processing his personal data that is in violation of protection private and personal of life subject data or contrary to law , esp​ if they are personal data imprecise with respect on purpose their processing , can :

      • Ask administrator for an explanation .
      • Request to the administrator removed thus originated status . In particular, it can deal with blocking , execution repairs , additions or deletion personal data .
      • If there is a request subject data found authorized , administrator removes immediately objectionable status .
      • If the administrator does not comply requests subject data , has subject data right turn directly​ on supervisory office , which is the Office on protection personal data .
      • Subject data has right turn around​ my own stimulus on supervisory office directly without doing previous ones steps .

     

    Administrator provides subjects data information and communications concise , transparent , understandable and easy accessible way per use clear and simple linguistic resources . Information and communications can ADMINISTRATOR to entities data provide in writing , in suitable cases and electronic or orally if​ you are will verify identity relevant subject data .

    The administrator is obliged on request subjects data about information react without unnecessary postponement , at the latest but within 1 month from receiving such requests . In justified cases can administrator this one deadline extend , the longest but in 2 months . Administrator on extension deadlines informs subject data , also within 1 month from receiving requests subject data and communicate subject data reasons this extension . In case that​ subject data will serve request for information and communication electronically , the ADMINISTRATOR will provide them to him electronically , unless subject data he will not ask for another way providing information and messages , e.g.​ in writing .

    If subject data back administrator for admission certain measures ( repair his personal data , their erasure etc. ) and the administrator such measure does not accept , informs the subject about it data immediately , within 1 month at the latest from applications for admission relevant measures , including reasons non-execution these measures and also option information​ subject data submit complaint to the Protection Office personal data , or​ to turn on court .

    Information and communications provides administrator subject data free of charge . In case that​ subject data does repeatedly requests , or they are these requests unreasonable , or unreasonable , administrator can request subject data refuse or impose adequate charge covering administrative costs associated with the provision information and communication or associated with execution required measures . Administrator must be able to unreasonableness whose inadequacy requests subject data to prove

    In case that​ administrator will get personal data direct from subject data , will communicate at their acquisition subject data following information :
       a) identification and contact data administrator and any representative administrator ;
       b) purposes processing , for which they are personal data determined , and legal basis for processing ;
       c) justified hobbies administrator or third parties in the case of processing​ necessary for the purposes authorized interests administrator , or third persons ;

       d) eventual recipient or category recipients personal data ;
       e) possible intention administrator hand over personal data to the third Earth or international organization and existence whose non-existence decision European commission that​ this third Earth or international organization provides corresponding protection personal data , further then link on appropriate guarantees and means of obtaining copy these data or information about where were these data made available .

    If necessary for security​ fair and transparent processing , administrator will provide subject data and next information , in particular time processing personal data , or​ criteria for her determining , further then information about the law subject data on repair personal data , their erasure etc.​

    In case that​ administrator won't get personal data direct from subject data , will communicate at their acquisition subject data information mentioned in par . 7 letter ​a), b), d) and e) , or and next information according to par . 8.

    Administrator informs subject change data​ purpose processing personal data at any time to her will happen

    The administrator is obliged on requested give subject data confirmation as to whether administrator personal the data that he​ relate to , processes , and if yes , ensure subject data access to these data and the following information :
       a) purposes processing ;
       b) category concerned personal data ;
       c) recipients or category beneficiaries to whom personal data were or they will made available , in particular recipients in third parties countries or in international organizations ;
       d) planned the time for which they will personal data stored , or if it is not possible determine , criteria used to determination this one times​
       e) the existence of the right require repair from the ADMINISTRATOR or erasure personal data relating to the subject data or limitations their processing or raise objection against to this one processing ;
       f) right submit complaint to the Protection Office personal data ;
       g) all available resource information​ personal data , if they are not acquired from subject data .

    The administrator is in compliance with the obligations stipulated in par . 11 obliged provide subject data a copy processed personal data . For providing copies according to previous sentences can administrator charge adequate administrative fee .

    Administrator has duty without unnecessary delay repair inaccurately personal data relating to the subject data , complete incompletely personal data , including by providing additional statement .

    Administrator has duty without unnecessary delay delete personal data relating to the subject data , if filled​ one of the following reasons :
       a) personal data already they are not necessary for the purposes for which were gathered or otherwise processed ;
       b) subject data will recall consent if​ were personal data processed on basis this consent , and does not exist none next legal reason for processing ;
       c) subject data raises objections against processing and do not exist none prevailing justified reasons for processing ;
       d) personal data were processed unlawfully ;
       e) personal data must be deleted for purpose fulfillment legal responsibilities established by right European union or legal in order Czech of the Republic .

    In case that​ administrator personal data subject data published and is obliged to delete them , he must administrator accept (with regard to on available technology and costs ) reasonable steps to inform​​ other administrator personal data who​ these personal data they process that is the subject data asks to delete all links on these personal data , their copy and replication .

    Administrator it isn't obligated fulfill responsibilities according to par . 14 and 15 if processing personal data for him necessary , e.g. ​for fulfillment legal obligations that​ requires processing personal data by right European union or legal in order Czech of the republic , which administrator covers , or for determining , performance or defense of their own legal claims etc.​

    The administrator is obliged limit processing personal data subject data if :​
       a) subject data denies accuracy personal data , namely on time required to the administrator​ could accuracy personal data verify ;
       b) processing is illegal and subject data refuses erasure personal data and requests instead about limitations their use ;
       c) administrator already personal data does not need for purposes processing , but the subject data is required for determination , performance or defense legal claims ;
       d) subject data raised objection against processing according to par . 19 of this article directive until​ won't be verified whether​ justified reasons processing manager​ prevail over authorized reasons subject data .

    In case that​ administrator limited processing personal data according to the previous one paragraphs , they can be these personal data processed only with consent subject data , or for a reason determination , performance or defenses legal claims , for the reason protection rights other physical or legal persons or for reasons important public of interest European union or some one member of the state European union .

    Administrator in advance informs subject cancellation data​ limitations processing personal data according to par . 17.

    The administrator is obliged announce individual recipients information about everyone repairs or erasures personal data , about restrictions processing personal data , with the exception of cases when it turns out as impossible or requires it disproportionately effort . Administrator also informs subject data about these beneficiaries , if it subject data require .

    In case that​ subject data raises objection against processing personal data Community owners which​ administrator processes for the purpose authorized interests administrator , or third persons , administrators on basis this one objections personal data further does not process unless will prove serious justified reasons for processing which​ prevail over hobbies or rights and freedoms subject data , or to determine performance​ or defense legal claims . Administrator must subject data on this right inform at the latest at first communication with the subject data .

    Check identity subject data

    In case that​ administrator will receive filing physical person - subject data , which in accordance with the Regulation European of the Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection physical persons in connection with the processing personal data and free movement these data and cancellation directive 95/46/EC ( further just "GDPR")
     a) applies right on access to my own personal data, and/ or

    b) requests settlement​ requests to confirm whether​ administrator in within the meaning of the GDPR processes personal data concerning the applicant, and/ or

    c) asking for free providing copies processed personal data and /or

    d) asks for a message that category personal data they are processed, and/ or

    e) asks for a message , for which purpose they are personal data processed, and/ or

    f) asks for a message as planned​ the time for which they will personal data stored , or if it is not possible determine which​ they are criteria used to determination this one times, and/or

    g) asks for information on whether (and under what conditions ) can after the administrator require repair or erasure personal data , restrictions their processing , as the case may be whether and how he can subject data submit objection against processing mine personal data, and /or

    h) asks for information on whether (and how) he can subject data submit complaint to the supervisor office and who is hereby supervisor by the office, and /or

    i ) asks for a message all of them available source information​ personal data that the subject​ data relate to if they weren't acquired direct from him, and/ or

    j) requests information whether​​ appearance to processing personal data subject data is running out also to automated decision-making , incl profiling referred to in art . 22 par . 1 and 4 GDPR, and at least in these cases further requests to provide meaningful information relating to the used procedure , as well as and meaning and assumed consequences like that processing for his person, and/ or

    k) asks for information who​ they are recipients personal data this subject data , if applicable back to state their category by which were or they will made available his personal data, and/or

    l) asks for a message recipients from third parties countries and international organizations who​ they had or they will have to available personal data subject data , and /or

    m) requests to provide information regarding guarantees according to Art . 46 GDPR if it is personal data they pass to the third Earth or international organization ,
    is the administrator always obligated before processing above listed requests sufficiently verify identity applicant . If it has an administrator identity doubts​ applicant , has right from the applicant to request additional information necessary for confirmation his identity ( Article 12 paragraph 6 GDPR).

    The administrator is authorized in case identity doubts​ the applicant to request you from this one persons :
       a) sending application with verified signature the applicant in the event that applicant he did application in paper form form ,
       b) sending applications with electronic by signature , i.e. with data in electronic form which​ they are connected to data message or they are with her logical connected , and which serves as method to unequivocal identity verification signed persons in relation to the data message
       c) sending requests data mailbox , if the applicant has one established

    Administrator it isn't authorized require next information to verify identity the applicant especially in cases where :​
       a) administrator in decisive at the time ( i.e. at the time filing respectively requests ) processes email contact as personal detail applicant from which she was appropriate request sent
       b) administrator in decisive period processes telephone number the applicant , then will do phone call on this phone number number for purpose verification of the applicant's identity and according to agreement with the applicant then will send required information whose will tell next reality regarding processing​ personal data electronic on by the applicant given email address whose in writing on by the applicant given address ,
       c) administrator has possibility identity the applicant verify otherwise ( e.g. through​ public registers , to date communication )
       d) applicant he did request personally before appropriate worker administrator whose other them authorized by a person .

    Final provision

    The statement is public accessible on internet pages administrator : www.diametral.cz
    Last update this Declaration performed on 1/1/2021.