Since the GDPR (the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is coming into force, personal data of natural persons provided to our company Bronswerk Heat Transfer spol. s r.o. (hereinafter „controller”) beside lawful obligations, shall not be processed by our Company after May, 25th 2018 without permission of a particular person.
Purposes of processing. By consenting, a data subject grants consent to the controller to process his or her personal data, i.e. particularly name and surname, e-mail address, phone number, bank account and other identification, contact, descriptive or other data which he or she has given, and namely and exclusively for marketing and business purposes to the controller. Marketing and business purposes need to be considered as sorting of the data, maintaining of the data about type of conduct, drafting anonymous analysis and further set of activities which aim is to inform about products and services of controller, about organized events, held fairs and exhibitions related to the field or activity of the controller, creating of targeted offers, as well as the very addressing on behalf of the controller with the commercial offer of goods or services, namely by phone or by electronic means via contacts that the data subject has already given to the controller. By giving consent to process his or her personal data, the data subject also consents with processing of the data by a third person different from the controller (i.e. processor of the personal data) who has to be mandated to process the personal data by the controller.
The period for which the personal data will be processed. By giving consent, the data subject grants consent to controller to process his or her personal data within the period of time of ten (10) years) only if the consent is not withdrawn by the data subject earlier by means which are given below.
Freedom of giving consent. The data subject shall give his consent to process the personal data voluntarily and for free. Giving of this consent is not conditioned by proving any services or goods.
Withdrawal of consent. Consenting to process the personal data is voluntary and the data subject might at any time withdraw it by free, explicit, understandable and certain manifestation made either via e-mail address sent on this e-mail: firstname.lastname@example.org or in written to the address of the controller (correspondent address): Decinska 288, 407 22 Benesov and Ploucnici, Czech Republic, which are contact data of the controller. There is no sanction or disadvantage connected to the withdrawal of consent.
Withdrawal of consent does not affected legitimacy of processing based on consent which has been given before its withdrawal. Withdrawal of consent does not affected the right or obligation of the controller to process the personal data based on other lawful ground than consent (i.e. especially if the processing is necessary to perform a contract, legal obligation or due to other grounds).
Means of processing. The controller will process your personal data on the ground of given consent to process the personal data only for the above-mentioned purpose and scope. The controller will process the personal data automatically and manually. The controller keeps a register of activities, by which the processing of the personal data occurs. The personal data will be processed in accordance with all efficient legal regulation on protection of personal data pursuant to the law of the Czech Republic and the law of the EU.
Access to the personal data. The personal data might be disclosed to employees of the processer and also the third persons who provide guarantees to adopt proper technical and administrative measures in order to ensure that such processing of the personal data is in compliance with requirements of said regulations on protection of personal data pursuant to the law of the Czech Republic and the law of the EU. Processors of the personal data process the personal data only according to instructions of the controller, primarily IT systems administrators, providers of software and other processors with whom a contract on processing has been concluded which governs right and obligations during the processing of the personal data. The personal data will not be transferred to processors outside the EU. The controller is also obliged in cases stated in particular legal regulations to transfer the personal data to administrative bodies, courts and other bodies of administration.
Your rights. According to the legal regulations on protection of personal data, persons whose personal data the controller process on the ground of their consent have following rights:
- a right to access all processed personal data, i.e. a right to obtain confirmation from the controller whether the controller process your personal data, to obtain information on purposes of processing and categories of processed personal data, data of recipients to whom the personal data was or will be disclosed, eventually to obtain a copy of the personal data if rights and freedoms of others will not be unfavourably afflicted,
- a right to withdraw consent to process the personal data at any time – consent to process personal data for marketing and business purposes is withdrawn at any time with reservations and by above-mentioned means (see “Withdrawal of consent”),
- right to correction (specification or addiction) processed personal data,
- right to erasure of personal data if the controller is not able to prove other lawful grounds for processing of the personal data,
- right to restriction of processing of the personal data until an application of the data subject or a denial of accuracy or eventually grounds of processing of the personal data will be solved, in particular by sending a written request to the same address as in case of the withdrawal of consent,
- a right to obtain processed personal data and such personal data transmit to another controller (the right to data portability), and such transmit should be done in structural, commonly used and machine-readable format, and furthermore a right to request a transmit of these data to different controller if a person acting on behalf of particular controller is properly determined and it is possible to authorize him or her,
-a right to be informed about a breach of security of the personal data in cases given in particular legal regulations on protection of personal data,