INFORMATION MEMORANDUM ON THE PROCESSING OF PERSONAL DATA

Dear customers, business partners and the public,


the document you are reading now contains basic information about how we process your personal data. We appreciate that you share your personal data with us and are committed to protecting it as much as possible. We also strive to be as transparent as possible with you about how we process your personal data.


In light of new European Union legislation, this information memorandum has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).


This Information Memorandum sets out the basic information that we are required to provide as a data controller. If you have any questions regarding the processing of your personal data, please do not hesitate to contact us by e-mail at gdpr@datera.support or by phone at +420 228 227 418. In all cases, we can be contacted at our delivery address Hráského 25, 148 00 Prague 4.


Who is the data controller?

The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, that law may determine the controller concerned or the specific criteria for its determination.


The personal data controller is DATERA s. r. o., with registered office at Hadovitá 962/10, 141 00 Prague 4, identification number 24804932, a company registered with the Municipal Court in Prague, file number C 175842.


Who is the data protection officer?

The data protection officer is the person who is experienced in the field of data protection and does everything to ensure that the processing takes place as it should, in particular in accordance with the relevant legal regulations. It is also the most authorized person to handle questions and requests regarding personal data.


The controller decided that it is not obliged to appoint an official data protection officer pursuant to Article 37 of the GDPR.


What is the purpose of the personal data?

The controller performs many activities, about which he would like to inform you. The processing that the controller performs varies depending on the relationship in which you are with us.


If you are a candidate, who would like to become part of our team, then we process your personal data

  • based on contractual obligation and use your personal data to

    • recruitment and ensuring the selection process for the vacant position;

    • searching for suitable candidates on the labor market.

If you are a visitor to our premises, then we process your personal data

  • based on our legitimate interests and use your personal data to

    • management of access to the company;

    • management of the protection of property and persons in the company's premises, where we record your image in connection with your movement on the company's premises.

If you are a visitor to our website, participant in public or private company events, then we process your data

  • based on your legitimate interests and use your personal data to

    • registration of participants in our public events;

  • based on your consent and use your personal data for

  • for the purposes of maintaining statistics of website visits and other related analyses such as information about how much time you spent on our website or how many times you have visited it in the past (analytical and marketing cookies)

  • for the purposes of communication with you based on the contact form

If you are a student, who is doing an internship with us, then we process your personal data

  • based on our contractual obligation and use your personal data to

    • fulfillment of the essence of the internship agreement between the school and us.

If you are our customer, then we process your personal data

  • based on our legitimate interests or the legitimate interests of third parties and use your personal data to

  • registration of participants in our public events;

  • based on our contractual obligation and use your personal data to

  • activities related to the sale of goods, such as delivery of the goods you have ordered, preparation of a request/offer, contacting you to send a request/offer, preparation of a contract proposal based on your request, preparation of an invoice (advance payment), processing your request or mediating the sale of the goods.

If you are our suppliers or partners, then we process your personal data

  • based on our legitimate interests or the legitimate interests of third parties and use your personal data to

    • registration of participants in our public events;

  • based on our contractual obligation and use your personal data to

  • contacting you for the purpose of sending an offer or delivering goods to you.

Providing personal data to the controller is generally a legal and contractual requirement. When providing personal data for marketing purposes, which does not constitute the fulfilment of a contractual and legal obligation of the controller, it is consent is required from you. If the controller consents to the processing of personal data for marketing purposes, it does not mean it does not mean that the controller will refuse to provide you with its product or service under the contract.


Consent to the processing of personal data is used for the purposes of processing listed below, and only if you give us your consent:

  • feedback from the customer, which we will then publish on our website, in offer or product catalogues, in our newsletter, and including your references, if you give us any;

  • if you decide to subscribe to our newsletter;

  • if you participate in our corporate or public events, trainings and workshops;

  • if you participate in our corporate or public events, trainings and workshops

Please note that you can withdraw this consent at any time and we will delete any personal data we hold about you that is subject to deletion. However, we are not able to delete some data for which you have given your consent to processing, in particular if you give your consent to their use in PR articles and videos created for the purpose of marketing and promotion of the company, in newsletters with your references that we send to clients by email if they request them, etc.


How were personal data obtained?

The controller obtained personal data directly from you, primarily from filled in forms, mutual communication or closed contracts. In addition, personal data may come from publicly available sources, such as the commercial register, debtor register or professional registers. In addition, the controller may have obtained personal data from third parties who are entitled to access and process your personal data and with whom cooperate, and also from information from social networks and the internet, which you have yourself placed there.


What categories of personal data are processed?

To ensure your satisfaction in the proper performance of our obligations, to ensure the performance of our legal obligations, to ensure the personalization of our offers and services, and to other purposes listed below, we process the following categories of personal data:


  1. basic identification data – name, surname, date of birth, address of residence, personal number and identification number, signature;

  2. contact data – telephone number and e-mail address;

  3. information about the use of products and services of the controller – this is information about the products you have concluded with the controller and the services you are currently using;

  4. information about the communication between us – information from e-mails, from contact forms on the company's website;

  5. billing and transaction data – this is information about the information appearing on invoices, about the concluded billing conditions and about the received payments, bank account numbers;

  6. information about the completed order

  7. information about the completed order

  8. information about the entrances to the area

  9. information from CVs, which you yourself provide and through the CV you tell us

  10. information about the visits to the company's website – where the processing of the IP address, the place of opening

pages, time spent on the page, date and time of opening the page, the most frequent opening of the page,

cookies;


What is the legal basis for the processing of personal data?

The legality of the processing is provided by Article 6(1) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract, for the performance of a legal obligation, for the protection of the legitimate interests of the controller or for the performance of a task carried out in the public interest, or if the data subject has given consent to the processing of personal data for one or more specific purposes.


The legality of the processing is further provided by the Act No. 563/1991 Sb., on Accounting, according to which the billing information is processed and stored, by the Act No. 89/2012 Sb., Civil Code, according to which the controller protects its legitimate interests, or by the Act No. 235/2004 Sb., Value Added Tax Act, according to which the controller protects its legitimate interests.


Will we transfer your personal data to someone else?

As the controller of personal data, we process your personal data. This means that we must have a purpose for which we collect your personal data. For the fulfilment of our legal obligations, we are obliged to provide your personal data to third parties, who are also controllers of personal data:

  • Health insurance companies

  • Financial authority

  • Czech Social Security Administration

We also use the services of external processors to process your personal data. We use the following categories of processors:

  • External accounting firm

  • External tutor

  • Subcontractors

All processors have concluded contracts with us to ensure the protection of your personal data to the maximum extent.

In addition, we also provide personal data to authorities active in criminal, administrative or administrative proceedings.


Your personal data is only disclosed to the extent necessary to achieve the purposes set out in this privacy statement.


Will we transfer your personal data to third countries outside the European Union? unii?

Your personal data will not be transferred outside the territory of the European Union. This does not apply to your explicit consent with such a transfer of your personal data to a third country, for the purpose of providing ordered services abroad.



How long will we store your personal data?

Your personal data will be retained for the duration of the contract and subsequently for as long as necessary to secure legal claims arising from the contract, i.e. until such time as our mutual rights and obligations may become the subject of a legal dispute. With regard to the statute of limitations provided by the Civil Code and tax obligations, we will retain your personal data for 10 years after the termination of the contractual relationship. Certain personal data required, for example, for tax and billing obligations will be kept for longer, but no longer than the statutory minimum.

If the processing is based on your consent, we may retain your personal data for the period for which you have given us your consent, provided that you do not withdraw your consent. Your personal data may also be retained after the termination of such a process if it is necessary in connection with any actual or potential dispute (e.g. we need your personal data to determine or defend legal claims); in such a case, we will retain your personal data until the resolution of such a dispute.

Personal data acquired for the purpose of protecting property and persons in the company's area (camera system) will be retained for a maximum of 10 days from the date of recording.

Personal data will never be retained for longer than the maximum period stipulated by law. After the expiry of the archival period, the personal data will be securely and irretrievably destroyed so that it cannot be used improperly.


Are personal data automatically processed?

Personal data are not automatically processed or otherwise processed, and cannot be used for profiling or automated decision-making in the field of marketing or other activities of the controller.


What are cookies?

Cookies are text files that our website sends to your browser, or your device, from which you view our web pages. They allow us to recognize you and tailor our web pages to your needs, perform an analysis of your behavior, display certain content to you.


What types of cookies do we use?

Technical, functional – these are necessary to display our web pages to you and to ensure their proper functioning

Analytical – these help us analyze how our web pages work from the perspective of visitor behavior and tailor them accordingly

Marketing – thanks to these cookies, we can tailor our offer to you or third parties after your visit. This offer can then also be displayed to you outside our web pages.


Can we process such cookies?

We can process such cookies based on legal regulations. Without them, we would not be able to provide you with our services.

Analytical and Marketing cookies can be processed based on your consent.


How can we prevent the use of cookies?

First of all, we would like to point out that cookies, which we collect for the purpose of measuring website traffic and creating statistics concerning website traffic and visitor behavior on our website, are considered as a whole and in a form that does not allow the identification of an individual.

Cookies necessary for the proper functioning of the website are always stored only for the period necessary for its proper functioning.

The easiest way to prevent the use of cookies is to block them in your browser settings, where you can also find more information about our cookies HERE.


What are your rights related to the processing of personal data and how can you exercise them?

The controller does everything to ensure that the processing of your data is carried out properly and above all securely. Personal data to which the controller has access are subject to continuous physical, electronic and procedural control. The controller has modern control, technical and security mechanisms ensuring the maximum possible protection of the processed data against unauthorized access or transfer, before their loss or destruction, as well as against any other possible misuse. All persons who come into contact with personal data as part of the performance of their contractual obligations, are bound by a legal or contractual obligation of secrecy. Your rights described in this article can be exercised at the controller.



How can you exercise your rights?

Your rights (including the right to object) are exercised at the controller. You can contact us personally or in writing, by email or by sending a request (for download HERE) to the data box of our company, where we will verify your identity. We must verify your identity to ensure that we do not violate the privacy of another physical person during the steps leading to the exercise of your rights.


In person (with proof of identity)

DATERA s. r. o.

Hráského 25, 148 00 Praha 4

By mail (notarized)

By email (electronic signature)

gdpr@datera.support

Data box

d2mykrn


All information and statements regarding your rights are provided free of charge. If the request is manifestly unfounded or excessive, especially because it is repeated, the controller can charge a reasonable fee taking into account the administrative costs associated with providing the requested information. In the case of repeated exercise of the request the controller reserves the right to charge a reasonable fee for the administrative costs associated with providing the requested information.


The controller will provide you with the requested information as soon as possible, but no later than within one month. The controller may extend the deadline by two months in case of need and taking into account the complexity of the request and the number of requests. The controller will inform you about the extension of the deadline, including the reasons, no later than 30 days from the date of receipt of the request.


Right to information about the processing of your personal data

You are entitled to request information from the controller about whether your personal data are being processed or not. If your personal data are being processed, you have the right to request information from the controller, in particular about the identity of the controller, his representatives and the representatives of the data protection officer, the purpose of processing, the categories of personal data concerned, the recipients or categories of recipients of personal data, the legitimate interests of the controller, the list of your rights, the possibility of contacting the supervisory authority, the source of personal data, information about the automated decision-making and profiling, as well as the information and guarantees in the case of transferring personal data to a third country or international organization.


If the controller intends to further process your personal data for a different purpose than for which they were obtained, it will provide you with information about this other purpose and other relevant information before the further processing. The information provided to you in the context of exercising this right is already contained in this memorandum, but it does not prevent you from requesting it again.


Your right to access your personal data

You are entitled to request information from the controller as to whether or not your personal data is processed and, if so, you have access to information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the period of storage of personal data, information about your rights (rights to request from the controller rectification or erasure, restriction of processing, to object to such processing), the right to lodge a complaint with the Data Protection Authority, information on the source of the personal data, information on whether automated decision-making and profiling takes place and information concerning the procedure used as well as the significance and foreseeable consequences of such processing for you, information and safeguards in case of transfer of personal data to a third country or an international organisation. You have the right to be provided with copies of the personal data processed. However, the right to obtain this copy must not adversely affect the rights and freedoms of others.


Your right to rectification

If, on your part, for example, there has been a change of address, telephone number or other circumstances that can be regarded as personal data, you have the right to request from the controller the rectification of the processed personal data. You also have the right to supplement incomplete personal data, by providing additional information.



Your right to erasure (the right to be forgotten)

In certain specified cases, you have the right to request that the controller erase your personal data. Such cases include, for example, where the processed data are no longer necessary for the purposes mentioned above. The controller will automatically delete the personal data after the expiry of the retention period. However, you can contact the controller at any time to request the deletion of your personal data. Your request will then be subject to individual assessment (even if you have the right to erasure, the controller may have a legitimate interest in retaining the personal data). You will be informed in detail about the processing of your request.


Your right to restrict processing

The controller processes your personal data only to the extent necessary. However, if you believe that the controller is, for example, exceeding the above-mentioned purposes, you can submit a request to restrict the processing of your personal data.


Your right to data portability

If you wish the controller to provide your personal data to another controller or another company, the controller will transfer your personal data in the appropriate format to the entity you have designated, unless prevented by any legal or other significant obstacles.


Your right to object to automated individual decision-making

If you become aware or believe that the controller is processing your personal data in breach of the protection of your private and personal life or in breach of the law (provided that the personal data are processed by the controller on the basis of public or legitimate interest or for direct marketing purposes, including profiling, or for statistical purposes or for purposes of scientific or historical interest), you may contact the controller and request an explanation or rectification of the deficiency. You can also object directly to automated decision-making, including profiling.


Your right to lodge a complaint with the Data Protection Authority

You can contact the supervisory authority at any time with your complaint or complaint regarding the processing of your personal data, and that is the Data Protection Authority, with its seat at Pplk. Sochora 27, 170 00 Praha 7, webové stránkyhttps://uoou.gov.cz/


Your right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time, and that is by filling in the form or sending a withdrawal to the e-mail address.


Final provisions

All legal relationships arising from or in connection with the processing of personal data are governed by the legal system of the Czech Republic, without regard to where the access to them was obtained. The relevant Czech courts will apply the Czech legal system to resolve any disputes arising from the protection of your privacy between you and our company.


This Information Memorandum on the processing of personal data comes into force on 25.05.2018 and was last updated on 27.02.2024.