how we manage your data
When processing personal information we comply with our organization has strict rules and we take care to only authorized persons have access to them. Without your knowledge in ur not pass personal data outside the structure of our organization, other than that you provided consent or sometimes it saves us or our legislation to the legislation authorizes or if it is our legitimate interest.
Please read below eo inform the AC and the principles of personal data processing.
I. Personal Data Manager
Komerční železniční výzkum, spol. with ro , Company ID : 48041424 , registered office at U Kapličky 1199, Prague 6 – Suchdol, postcode 165 00 , registered in the Commercial Register maintained by the Municipal Court in Prague under sp. z n. C 15743 (hereinafter referred to as “the manager of S“) hereby informs the purpose, scope, time and title of legal processing of personal data of data subjects, including access to and the extent of the rights of the data subject related to the processing of personal data on the part of the controller.
II. Legislation, concepts
Administrator processes personal data in compliance with valid legislation, ie Act No. 101/2000 Coll., o Protection of Personal Data (hereinafter referred to as the ” Act “) and with effective from 25 May 2018 also by Regulation (EU) 2016/67 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General the Personal Data Protection Regulation ) (hereafter “the Regulation “) . For the purposes of the guidelines below, the Administrator shall refer to the following terms:
• personal data – any information about an identified or identifiable natural person (data subject). An identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, the social identity of that individual;
• a special category of personal data – personal data that indicate racial or ethnic origin, political opinions, religious beliefs or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the sole purpose of identifying individuals and health data, or sexual life or sexual orientation of a natural person;
• processing of personal data – any operation or set of operations with personal data or personal data files that is executed with or without the help of automated procedures such as collecting, recording, arranging, structuring, storing, customizing or altering, finding, inspecting, using, disclosing transmission, distribution or any other disclosure, sorting or combining, restriction, erasure or destruction;
• pseudonymization – processing of personal data so that it can no longer be assigned to a specific data subject without the use of additional information if this additional information is kept separate and is subject to technical and organizational measures to ensure that no identifiable or identifiable natural person is assigned;
• trustee – natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purpose and means of such processing are determined by the law of the Union or of a Member State, that authority may designate the person concerned or the specific criteria for designating it;
• recipient – a natural or legal person, a public authority, an agency or other entity to whom personal data are provided, whether or not a third party is involved;
• consent of the data subject – any free, specific, informed and unambiguous indication of the will by which the data subject gives a statement or other apparent confirmation of his or her consent to the processing of his or her personal data;
• processor – a natural or legal person, a public authority, an agency or other entity processing personal data for the trustee;
• evidence – any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or functionally or geographically divided;
• deletion of personal data – physical destruction of carriers, their physical erasure or permanent exclusion of next processing thereof;
• limitation of the processing of personal data – identification of stored personal data in order to limit its processing in the future;
• violation of security of personal data – a breach of security that results in the accidental or unlawful destruction, loss, alteration or unauthorized provision or disclosure of transmitted, stored or otherwise processed personal data;
• Supervisory Authority – an independent body set up by an EU Member State to monitor the application of data protection requirements; in The Czech Republic is the Office for the Protection of Personal Data.
III. Purpose, scope and duration of the processing of personal data
The controller shall process the personal data of the data subjects only to the extent necessary for the fulfillment of the intended purpose and only for the time necessary for its achievement, but for the longer period provided for by the relevant legislation and in compliance therewith.
The primary purpose of the Data Manager’s processing of data is :
manufacturing , service and assembly activities Administrator resulting from valid business licenses .
business activity Administrator resulting from valid business licenses.
SThe administrator processes personal data and specific categories of personal information in the following range:
• identification data : title, first name and surname ;
• address data : mailing address , telephone, e – mail address ;
• other personal details : bank account number ;
The administrator does not process specific categories of personal data within the meaning of Article 9 of the Regulation
IV. Legal title for the processing of personal data
The administrator processes personal data on the basis of the following legal titles :
• performance of the contract pursuant to Article 6 (1) b) the Regulation;
• fulfillment of the legal obligation under Article 6 (1) c) the Regulation ;
• legitimate interest pursuant to Article 6 (1) f) Regulation.
V. Processing by agreement
The controller processes personal data on the basis of the prior consent necessary for :
5.1 Processing for marketing purposes
We also process personal data for marketing purposes if we have obtained consent for that purpose. Processing for marketing purposes includes in particular:
5.1.1 N ate of the products and services of an administrator and its business partners
We may send you bids based on your consent electronically, in particular in the form of e-mail messages .
Granted consent for marketing purposes is voluntary but is necessary for providing individual ch Menu ek our products and services. Without your consent, we can not offer you individual offers .
With ouhlas for marketing purposes lasts for the duration of the contractual relationship with manager and for the following 5 years after termination of the contract or until the withdrawal of consent.
Consent can be revoked at any time on the following Admin contact links.
VI. Access to personal data m m
The personal data can be accessed only by administrator and the persons who are related to him in an employment relationship or processors under contract with e By the administrator , and only for the intended purpose of the processing. Access and handling of personal data processed by the Administrator are subject to the internal security regulations of the Administrator .
An administrator may only make personal data of the data subject available to third parties in cases where he or she is required to do so by law or otherwise only with the consent of the data subject.
The processing of personal data is mainly by suppliers and service providers related to by running an Administrator organization .
VII. Transmission of personal data to third countries
The administrator does not transfer personal data to third countries .
VIII. Rights of the data subject
Each data subject has the following rights under the Regulation:
• the right of access to personal data under Article 15 of the Regulation – the data subject has the right to obtain from the Administrator a confirmation of the processing of his or her personal data and, if so, has the right to access such personal data;
• the right of repair or erasure, or the restriction of processing according to Articles 16, 17 and 18 Regulation – the data subject has the right to ask the Administrator for correction or addition of incorrect or incomplete personal data, to request the deletion of personal data if it is dropped or there is no reason to process it, or to request a limitation on the processing of personal data in connection with solving the circumstances of the processing of personal data with the Administrator;
• right to data transferability in accordance with Article 20 of the Regulation – the data subject has the right to obtain personal data concerning him / her which he has provided to the Administrator in a structured, commonly used and machine-readable format and the right to pass this data to another Administrator;
• right of objection under Article 21 of the Regulation – the data subject has the right, at any time, to object to the processing of personal data on grounds relating to his or her particular situation where processing is carried out pursuant to Article 6 (1) (e) or (f) of the Regulation, ie it is necessary for the performance of a task carried out in the public interest or in the exercise of a public authority entrusted to the Administrator or the processing is necessary for the purposes of the legitimate interests of the Administrator or a third party;
• not be the subject of a decision based on an automated processing reservation under Article 22 of the Regulation – the data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for him or is of similar significance to him;
• the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the Regulation – the data subject has the right to file a complaint with the Supervisory Authority if he believes that the processing of his or her personal data has been violated by the Supervisory Authority, the Office of Protection for Data Entities residing in the Czech Republic personal data.