Principles of Personal Data Protection by CAN SUPERCONDUCTORS
Inspired by the EU 2016/679 General Data Protection Regulation (“GDPR”)
Who are we?
CAN SUPERCONDUCTORS, s.r.o., ID no. 25620312, registered office Ringhofferova 66, 251 68 Kamenice
Contact email: firstname.lastname@example.org
Our role in control and processing of personal data
We are a controller of personal data obtained from you within our mutual business relation. You are the source or the data. As the case may be, we may also obtain the data from publicly available resources, in particular from public registers.
We may also act as a processor of personal data that you control within your activity and provide to us so that we could fulfill business obligations towards you.
Both in our role of the controller and processor we always protect the personal data based on the same principles summarized in this document without making any differences between our clients.
Why do we process personal data?
The personal data obtained from you allow us to enter into a contract with you. If our contractual relation already exists, we use the data to fulfill the contract. We also control and process personal data required for fulfilment of legal obligations prescribed by general applicable legal regulations (labor code, tax and accounting regulations, etc.).
Based on our legitimate interest we are entitled to send to our clients, with whom we have entered the contractual relation, further information and relevant business proposals. Such information is always sent within the client’s legitimate expectations and in non-bothering manner. Should we send you any such information, it will always be the one that may be of your interest.
What personal data we process and in what extent?
To be able to supply our goods and services, we need to know namely the following personal data:
- Name and surname (or a business name),
- Address (or a company seat),
- Your VAT no. (if you are a Vat payer registered within the EU),
- Email address and telephone number
In no case do we gather and process sensitive personal data that are not required for fulfillment of our obligations, e.g. the data of political or religious affiliation, race, sexual orientation etc.
What are our legal grounds for personal data processing?
Legal grounds for control and processing of personal data for the purposes of entering into a contract and its fulfillment are represented in particular by the contract itself.
Once the contract is mutually fulfilled we are obliged to archive your personal data for the period prescribed by applicable legal regulations. In this case the legal grounds are represented by our fulfilment of the legal obligations.
If there is an existing relation on basis of which we are entitled to send you marketing information, the legal grounds for processing of your personal data are represented by our legitimate interest.
How long do we keep personal data?
We will keep your personal data during the entire duration of our mutual contract. After termination of the contractual relation we will keep your personal data for the period prescribed to fulfill the archiving duty based on legal regulations (such as the Accounting Act, VAT Act, Act on Archiving and Records Management).
Personal data processed based on our legitimate interest shall be kept for the period not exceeding 10 years. This period commences on the day when we enter into the contract.
How do we keep your data safe?
We keep the controlled and processed personal data in maximum extent in electronic form on servers with secured and limited access. Access to these personal data is restricted to selected employees of our company. Upon previously agreed conditions you may get access to these personal data. This access shall, however be restricted only to the part of the personal data of which you are the controller.
Personal data kept in documentary form are kept in our registered office, with restricted access to company executive officers and selected employees only. Such data are kept in a locked and secured office.
What are your rights related to processing of your personal data?
You have the right to:
a) Access your personal data – upon your request we must tell you whether we do or do not process your personal data. In the case we process your data, you have the right to the following information:
i. the purpose of our processing of your data,
ii. the extent of your data processing,
iii. how long the data are kept,
iv. whom do we disclose the data
v. whether you can file a complaint with the Office for Personal Data Protection.
b) Accuracy – should you suspect we process your incorrect (inaccurate) personal data, you are entitled to their correction. In the case you find such inaccuracy in your personal data, please inform us at: email@example.com and we shall make the correction without a needless delay.
c) Deletion – We will delete your personal data when:
i. We do not need them anymore
ii. all legal grounds for their processing cease to exist
iii. you object to their processing and there are no prevailing legitimate grounds of continuation of the processing
iv. such a duty is prescribed by a legal regulation.
d) Object – you have the right to object to direct marketing based on our legitimate interest. Processing of your personal data for the purposes of direct marketing based on legitimate interest will be terminated immediately.
e) Restriction of processing – we will keep your personal data in the regime of restricted processing until discrepancies concerning processing of your personal data are solved.
To exercise your rights please contact us at firstname.lastname@example.org
What disclosures of personal data do we make?
Your personal data may be disclosed to the following range of persons: providers of legal, tax, accounting services, providers of technical solutions (namely operators of cloud services, information system and webhosting). We only disclose your personal data to other processors based on the contract on data processing and in accordance with the standards of personal data protection as required by GDPR.
Who can you contact if you think your personal data are not processed in accordance with legal regulations?
If you think your personal data are processed in conflict with applicable legal regulations, please contact us at email@example.com we will take immediate steps to solve the issue.
In the case we cannot find a joint agreement on the matter, you can file a complaint with the Office for Personal Data Protection. For more details please visit https://www.uoou.cz
These Principles of Personal Data Protection come into effect on 25. 5. 2018.