Pursuant to Regulation (EU)
Pursuant to Regulation (EU) 2016/679 of 27 April 2016, with effect from 25 May 2018
This information is provided by ViT Logistics s.r.o., Company ID No. 48041297, K Hrušovu 2/293, 10203 Prague 10, incorporated in the commercial register at the Municipal Court in Prague, File Number: Section C, File 15722 (hereinafter the “controller”) pursuant to Art. 13 of Regulation (EU) 2016/679 (hereinafter the “Regulation”).
- 1. Definition of terms:
1.1. Personal data are data allowing the identification of a natural person, in particular: name and surname, address of residence, telephone number, identification number of a natural person - entrepreneur and tax identification of a natural person - entrepreneur (hereinafter the “data subject”).
1.2. The controller (the aforementioned company) is an entity that determines the purpose and means of processing personal data, performs processing and is liable for it. The controller may authorise or assign a processor to process the personal data, unless special law stipulates otherwise.
1.3. The processor is any entity which, based on special law or by authorisation of the controller, processes personal data pursuant to the Act and Regulation, based on a concluded agreement on personal data processing or based on consent from the data subject.
1.4. Database is an internal list of data about natural persons and their personal data, kept by the controller.
1.5. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
1.6. Cookies are small data files with the WWW server sends to the browser, which saves them on the user’s computer. During every subsequent visit to the same server, the browser sends these data back to the server. Cookies regularly serve to distinguish individual users, save user settings, etc.
- 2. The controller (the aforementioned company) processes personal data pursuant to the Regulation according to the following principles:
2.1. Lawfulness - it processes only those data which are required to fulfil contractual obligations.
2.2. Purpose limitation - data are collected only for specific, explicit and legitimate purposes.
2.3. Data minimisation - it processes the maximum quantity needed to fulfil the expressed purposes.
2.4. Storage limitation - personal data are processed only for the period necessary fro the given purposes.
2.5. Integrity and confidentiality - the controller has adopted the appropriate technical and organisational measures to secure and protect data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- 3. Personal data protection and information about processing
3.1. The controller obtains personal data from the data subjects within contract negotiations, e.g. by personal handover, e-mail, request forms, orders or via telephone.
3.2. The controller informs the data subject of cases when the provision of personal data is required to perform the contractual relationship, or when it is voluntary.
3.3. Personal data will be processed for the term of negotiating the contract and for the term of the contractual relationship.
3.4. Personal data will be further processed in the necessary form to fulfil the legal obligation of archiving accounting documents for the term stipulated by legislation.
3.5. Personal data will be processed and stored for a term of the next 24 months in the case of potential disputes which may arise between the controller and data subject.
- 4. Purposes of processing
4.1. The controller processes personal data for the following purposes:
- handling orders
- handling claims
- keeping a purchase history for the purpose of directing offers
- reactions and answers to your questions
- fulfilment of the controller’s legal obligations (accounting, tax and archiving)
- controller’s marketing and commercial offers
- maintenance of a database of natural persons
- protection of the rights and lawfully protected interests of the controller (legitimate interest)
- 5. Rights and obligations of data subjects
5.1. The subject is obliged to provide the controller only with true and accurate personal data.
5.2. The subject is obliged to allow the controller to verify the provided data.
5.3. The subject has the right to request access to their personal data from the controller.
5.4. The subject has the right to rectification of the provided personal data.
5.5. The subject has the right to erasure of the provided personal data.
5.6. The subject has the right to restriction of processing of personal data.
5.7. If consent from the subject is required for personal data processing, the subject may revoke it at any time.
5.8. The subject may apply their rights:
5.8.1. In person at the company’s registered office during working hours: 08:00 – 16:30
5.8.2. Data box: aaf343
5.8.3. E-mail: email@example.com
5.8.4. Postal service (the letter must be officially certified)
- 6. Controller’s rights and obligations
6.1. The controller is authorised to verify the truthfulness and accuracy of provided personal data.
6.2. The controller is obliged to provide the data subject with information about the scope and method of processing the provided personal data, if requested by the data subject. The controller will do so immediately, at latest within 30 working days.
6.3. The controller has the right to refuse to provide such information or apply a fee to their provision in the case of repeated and unjustified requests.
6.4. The controller will provide information in electronic form, unless the data subject requests otherwise.
- 7. Controller’s legitimate interest - purposes
7.1. Protection of the controller, its basic and other rights arising from general legal obligations, regulations and contracts. In particular within the framework of various disputes, inspections, investigations and in relation to contractual partners. The processing term is stipulated by generally binding regulations, but is no more than 10 years after termination of the contractual relationship.
7.2. Protection of the controller’s assets, lives and health of employees and persons accessing the controller’s premises. For a period of 3 days from making the recording.
7.3. Recovery of receivables for the period of the lawful statutes of limitations, but maximally 10 years.
- 8. Consent to personal data processing
8.1. The data subject grants consent to personal data processing, the purpose of which is a lawfully required purpose, or the fulfilment of a contractual relationship, or the controller’s legitimate interest. They grant consent by means of a written form or by confirming the electronic version of consent.
8.2. The data subject may revoke this consent at any time pursuant to Art. 5.7.
8.3. The purposes and processing of data provided based on consent are specified in the consent form.
- 9. Method of personal data processing
9.1. The subject’s personal data are processed by automated and manual means.
9.2. Personal data may be made accessible to the controller’s authorised employees, if necessary to fulfil the contractual relationship and if necessary to perform their work duties.
9.3. Personal data may be made accessible to processors with whom the controller has concluded an agreement on personal data processing, and potential other parties in accordance with the Act and Regulation.
- 10. Cookies
10.1. The controller uses “cookies” on its website, which are stored on the visitor’s computer and automatically recognise the visitor during their next visit. Cookies enable, for instance, the adaptation of the website to the data subject’s interests or saving of the username, which then does not have to be re-entered every time. If the data subject does not wish for their computer to be recognised, they must change the settings in their internet browser so as to remove the cookies from the computer’s hard drive, block cookies or set a warning before saving the cookies.
- 11. Validity
11.1. The controller may amend or supplement the Information about personal data processing. The controller shall inform the natural person about any such change via e-mail or other appropriate communication channel at least 5 days before the changes take effect. If the natural person does not consent to the change, they have the right to erasure from the database without any sanctions.
11.2. This document comes into effect on the date of its publication on 25 May 2018.
Prague 10 dated 25 May 2018
For the controller: Vít Mázdra, Company Executive