CertiCon a.s., Company ID 25083341with registered offices at Evropská 2758/11, 160 00 Prague 6, registered in the Commercial Register maintained at the Municipal Court in Prague, Section B, file no. 4355(hereinafter also “My”) an administrator of personal data, hereby informs you that as a user of our website, our customers, suppliers and persons participating in development and testing of our products, of the below-stated collection of personal data and the fundamentals of privacy protection.
Protecting your personal information is important to us, and that is why we will always observe these principles in our relationships with you.These principles of personal data protection explain, in particular:
· What personal information we will process;
· For which purposes and in what way we will process your personal data, and the legal basis of this processing;
· To whom your personal data may be transferred;
· The length of time for which we will process your personal data and
· What your rights are in relation to the protection of your personal data.
If you would like any part of the text explained, need advice, or would like to discuss the further processing of your personal data, you can contact us any by e-mail at email@example.com at the address of our company headquarters.
SCOPE OF PROCESSING PERSONAL DATA
2. If you contact us as a job applicant, (either through the http://www.makejvit.cz/website, or another path), you will be asked to complete certain details about yourself, which we will further process, and these are:
· Name and last name;
· E-mail address and telephone number;
· A résumé, which may, in addition to the abovementioned data, include information regarding your education, your work experience and your other knowledge or expertise, depending on the position for which you are applying. In the event that you list other personal data, it is your voluntary decision to provide us with this information, andtherefore, for the purpose of selection procedure, we will also process this personal data you provide.
3. If you want to participate in one of the events held at our company offices or organized by our company, such as the Open Days event, you will be asked to register, either through the website http://www.makejvit.cz/, or another channel. During this registration, you will be asked to fill in your personal details, which we will further process, and these will be:
· Name and last name;
· E-mail address;
4. If you are one of our customers or suppliers, you may be asked to fill out your personal details, which we will then further process, and this will namely be the following personal data:
· Name and last name, date of birth or business ID number;
· Representing company (business name);
· Address, telephone or e-mail address;
· Job title and company representative;
· Bank account number;
· Other personal data that will be required for the fulfillment of our mutual obligation.
5. If you are involved in the development and testing of our products, we will process personal data that is necessary for collaboration in development and testing, and in some cases this may even include a special category of personal data, namely state of health. The full list of personal data cannot be provided on a general basis without specification of the particular project, and will be communicated to you within the context of the specific project, but we will always require:
· Name and last name;
· E-mail address.
We collect this data if you access our website. Some cookies are necessary for the functioning of the website, and these will always be active. We may use other cookies, which are not for the functioning of the website, only if you grant us consent to their use, through the settings in your web browser. If your web browser is set up accept third-party cookies, such settings are considered to be consent to the use of these cookies.
Additionally, our website may collect data including, for example, the type of browser or operating system, your IP address, visits to the website, ISP, and other data of a similar nature.
Information on browsers and cookie preference settings can be found on the following websites:
The administration tool for cookies is also available at:http://www.youronlinechoices.com/cz/.
PURPOSE OF PROCESSING AND LEGAL BASIS OF PROCESSING
1. If you are a visitor to our site, we process your personal data as cookies as outlined above due to a legitimate interest, which lies in our interest in monitoring the use of and improving our services. We will only process your personal data for the above purpose. The provision of the above-listed information is not one of our requirements, but without providing such data, some features of our website may be limited. This personal data will not be used for any purely automated decision-making, including profiling based on such decision-making.
2. If you are a job candidate with us, we process your personal data due to a legitimate interest, which lies in our interest in filling our open job positions and in your interest in finding the employment you seek. The purpose of processing is therefore the finding of an appropriate candidate for our open position. We use the data you provide us with to contact you regarding the status of the selection procedure. We will only process your personal data for the above purpose and, if you are interested in a particular position, we will process your personal data only for the purpose of filling this position, or for positions similar to your desired employment position. Providing the above information is our requirement, and without providing us with this information, we cannot include you in the selection procedure. This personal data will not be used for any purely automated decision making, including profiling.
If you are a job candidate with us, you may also grant us your permission to process personal data, specifically to process data for the purpose of selection procedures for a period of five years, and potentially, permission to send you the business and marketing communications of the administrator, regarding events and workshops. The legal basis for this stated processing is your permission, which we will not force you to grant, and which is granted entirely on a voluntary basis on your part; you may even only grant us one of the particular permissions, as they are entirely separate. Granting permission is not a contractual requirement on our part, however, the permission to keep your data for the purposes of selection procedures for a period of 5 years will enable us to contact you over a longer period of time and will allow us to offer you employment positions with us for an extended period. Consent to the sending of business and marketing communications and invitations to events, tradeshows and workshops will allow us to send you information which, in our view, could be useful and beneficial for you, and we will decidedly not unnecessarily bother you excessively.
3. If you want to participate in one of the events held at our company offices or organized by our company, we process your personal data for the performance of the contract, where our commitment is to enable you to participate in the event organized by us, and we need to identify you to fulfill this commitment to allow you access to the event. The data you provide us is used to identify you and possibly to contact you in a situation where a change of the organization of the event occurs. We will only process your personal data for the aforementioned purpose. Providing the above data is our requirement, and without providing this data, we cannot grant you access to the event. This personal data will not be used for any purely automated decision-making, including profiling.
If you want to participate in one of the events held at our company offices or organized by our company, you may also grant us your permission to process your personal data, and that for the purposes of inclusion in our record of job applicants for a period of five years, and potentially, granting us permission to send you the business and marketing communications of the administrator, and invitations to events, tradeshows and workshops. The legal basis for this stated processing is the granting of your permission, which we will not force you to grant, and which is granted entirely on a voluntary basis; you may even only grant us one of the permissions, as they are entirely separate. Granting permission is not a contractual requirement on our part, however, granting permission to process your data for the purposes of inclusion in our job applicant record for a period of 5 years will enable us to contact you in the event of a job opening. Consent to the sending of business and marketing communications and invitations to events, tradeshows and workshops will allow us to send you information which, in our view, could be useful and beneficial for you (for example, invitations to similar events), and we will decidedly not unnecessarily bother you excessively.
4. If you are one of our customers or suppliers, we process your personal data on the grounds that it is necessary for the performance of the contract or the fulfillment of legal obligations (especially tax and accounting) or due to legitimate interest (which consists, in particular, of enabling us to improve our services and contact you with our offers). The purpose of processing is primarily to ensure the smooth implementation of our business relationship and to further develop joint business cooperation. This way, we can use your name, last name, and email address to send you business and marketing communications of the administrator, and invitations to events, tradeshows and workshops, that is, so that we can provide you with information which, in our view, could be interesting and beneficial for you. We can also use your personal information for our internal needs, relating to, namely, monitoring your satisfaction, optimizing and improving the quality of products and services provided, developing new products and reducing risks. The provision of personal data for purposes of performance of a contract and for the fulfillment of a statutory obligation is our requirement, and failure to provide them may be a reason not to conclude the contract or to terminate further business cooperation.However, processing your personal data for the purpose of sending business communications is not our contractual requirement and you may at any time reject it and will not affect our other relationships. Just send us an e-mail with the appropriate request at firstname.lastname@example.org or different address from which you received the business message from us. This personal data will not be used for any purely automated decision-making, including profiling.
5. If you are involved in the development and testing of our products, all detailed information will be given to you before commencement of the given project, as each project is original and the information cannot be provided on a general basis. However, we will always process your name, surname, and email address, so we can contact you. Providing this data is our requirement.
WHO HAS ACCESS TO YOUR PERSONAL DATA
In the context of providing some activities, your personal data may be processed for us by processors, or potentially may be provided to recipients; this will involve, namely, the following entities:
· Entities that provide us with server, Internet, cloud, or IT services;
· Entities that provide accounting services for us;
· Entities that provide us with legal services;
· Entities that collaborate with us on developing and testing our products,
· Processors who provide other services for our company – consulting, audits and other external services.
Given the frequency of our projects, in some cases we may even be placed in the position of joint administrator, together with our partner. If such a case arises, we will inform you of this in the given, specific case.
DURATION OF PERSONAL DATA PROCESSING
We will process your personal data for as long as we provide our services or fulfill a mutual agreement, for the duration of our legitimate interest or for the time necessary to perform archiving and other duties under applicable laws, such as the Accounting Act, the Archiving and Bookkeeping Act, the Value-Added Tax Act and others.
We will store your personal data for the period necessary for providing our services and completing the required transactions or for other necessary purposes, such as compliance with our legal obligations, dispute resolution, and legal enforcement of our agreements. These requirements may vary for various types of data and in the context of various situations, and therefore the actual period of storing information may differ significantly. The criteria determining the period for which we store data, include:
· How long is personal data needed for providing services and ensuring the operations of our company? This includes activities such as maintaining and improving the performance of these services, maintaining the security of our systems, and maintaining appropriate business and financial records. This is a generally valid rule, which is the basis for determining the retention time in most cases.
· Are you providing us with your personal data with the expectation that we will maintain this data as long as you do not expressly desire to have the data deleted? If yes, we will delete this data only on the basis or your explicit request.
· Have we introduced and announced a specific time of maintaining a certain type of data? If yes, we will definitely never exceed this period.
· Have you provided consent with the extension of the period of maintaining data? If yes, we will store the data in accordance with your consent.
· Do we have legal, contractual or similar obligations to store data? Examples include laws regulating mandatory data retention, government regulation to store data related to an investigation, or data to be retained for the purposes of litigation.
In view of the above criteria, which may vary from time to time (especially with respect to changes in legislation), we cannot generally establish retention periods in these Principles. However, if you contact us (e.g. by e-mail at email@example.com), we will always tell you the exact amount of time your personal data will be processed.
YOUR RIGHTS RELATING TO THE PROCESSIONG OF PERSONAL DATA
You have the following rights in relation to our procession your personal data:
· The right to correction;
· The right to deletion(“the right to be forgotten”);
· The right to limit data processing;
· The right to raise an objectionto processing;
· The right to portability of data;
· The right tohuman intervention, theright to express your opinion and the right to challenge decisions;
· The right to submit a complaintregarding the processing of personal data.
Your rights are explained below, to give you a clearer idea of their extent.
The right to accessmeans that at any time you can ask for our confirmation as to whether personal data concerning you are processed and, if so, for what purposes, to what extent, to whom they are made available, how long we will process them, whether you have the right to correction, deletion, or limitation of processing or objection, where we obtained the personal data and whether, based on the processing of your personal data, automated decision making, including profiling, takes place. You also have the right to obtain a copy of your personal information, whereas the first provision is free of charge, and after this, we may then require reasonable reimbursement of administrative costs for further provision.
The right to correctionmeans that you may, at any time, request us to correct or complete your personal data, if this data is incorrect or incomplete.
The right to deletionmeans that we must delete your personal data if (i) the data is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) processing is illegal, (iii) you object to the processing and there are no prevailing, justified reasons for processing, (iv) we have an obligation to do so or (v) withdraw the consent you have granted to processing personal data.
The right to limit processingmeans that until we resolve any contestable issues regarding the processing of your personal data, we cannot process the personal data other than to have it stored and potentially use it only with your permission or due to the determination, exercising or defense of legal claims.
The right to raise an objectionmeans thatyou may object to the processing of your personal data that we process for direct marketing purposes or due to legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for this purpose; in the case of an objection to processing due to legitimate interest, this objection will be evaluated, and we will either inform that we have complied with your objection, and no longer process your data, or that the objection was unjustified and the processing will continue. In any case, processing will be suspended until the objection is resolved.
The right to portabilitymeans that you have the right to obtain your personal data, and data concerning you that is processed automatically and on the basis of consent or agreement, in a structured, commonly used and machine readable format, and the right to have this personal data directly transferred to another administrator.
If you have any commentsor complaintsconcerning the protection of your personal data, or you a questionregarding the person responsible for the protection of data at our company or you are exercising any of your rights, please contact us using our e-mail address: firstname.lastname@example.org. We will respond to your questions or comments within one month.
Our activities are also supervised by the Personal Data Protection Office, where you may submit a complaint in the event of your dissatisfaction. You can learn more at this institution’s website (www.uoou.cz).
REPORTING OF SECURITY INCIDENTS
In today’s increasingly technologized world, there is risk, no matter how slight, that your personal data may be leaked or misused or lost. As part of our activities, we will do everything we can to prevent such a security incident. Namely, we will regularly train all of our employees who come into contact with your personal information on the subject of personal data protection, we will adopt internal company regulations and familiarize our employees with these regulations governing the protection of your personal information, and we will always use only the most appropriate technical solutions to ensure our processing, such as data encryption, complex passwords and corresponding software.
If, however, in spite of our best efforts, a security incident occurs and this incident could represent a high risk to your rights and freedoms, we will promptly inform you of such facts through the email address provided, and the publication of such information on our website, including all the necessary details.
CHANGES IN PRINPCIPLES
Our principles of personal data protection may change from time to time. We will not restrict your rights arising from these principles of personal data protection without your express consent. We will publish all amendments to the principles of personal data protection on this site, and if these involve significant changes, we will inform you more explicitly (in the cases of certain services, we may announce the changes to the principles of personal data protection via e-mail). We archive the preceding versions of these principles of personal data protection for you, so that you can access them in the future. They can be accessed through the links at the beginning of these principles.
These Principles of Personal Data Protection take effect as of May 25, 2018.