Personal data protection principles
I. Basic provisions
- The administrator of personal data pursuant to Article 4 item 7 of the EU Regulation No. 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on free movement of data (hereinafter: “GDPR” only) is Entry Engineering s.r.o. Company ID 28750098, registered address 1. máje 863/9, Liberec III-Jeřáb, 460 07 Liberec (hereinafter: the “administrator” only).
- Contact information of data administrator
- address: 1. máje 863/9, Liberec, 460 07
- email: firstname.lastname@example.org
- phone: +420 737 218 242
- Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- The administrator has appointed a person responsible for the protection of personal data. Contact details of the responsible person: Jan Souček, Information Security Manager, email@example.com, +420 737 218 242.
II. Sources and categories of processed personal data
- The administrator processes personal data that you have provided, or personal data the administrator obtained based on the fulfilment of your order.
- The administrator processes your identification and contact information and other information necessary for contractual fulfilment.
III. Legal reason and purpose for personal data processing
- The legal reason for processing of personal data is
- performance of a contract between you and the administrator pursuant to Article 6, (1) letter b) of GDPR,
- the legitimate interest of the administrator in direct marketing (sending commercial messages and newsletters) pursuant to Article 6 (1) (f) GDPR,
- Your consent to the processing for the purpose of direct marketing (in particular sending commercial messages and newsletters) pursuant to Article 6 (1) (a) GDPR in connection with Sect. 7 (2) of Act No. 480/2004 Coll., on certain company information services – in the event that no goods or services have been ordered.
- The purpose of personal data processing is
- the fulfilment of your order and performance of rights and obligations arising from the contractual relationship between you and the administrator; when ordering, personal data are required and necessary for successful execution of your order (name and address, contact), provision of personal data is a necessary requirement for performing the contract.
- without providing personal data the administrator cannot conclude and fulfil the contract, and cannot send commercial messages or to perform other marketing activities.
- No automatic individual decision-making within the meaning of Article 22 of GDPR is done by the administrator. You have granted your express consent to such processing.
IV. Data retention period
- The administrator stores personal data
- for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to assert claims arising from this contractual relationships (for 15 years from the termination of the contractual relationship).
- until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 5 years, if personal data are processed on the basis of the consent.
- After the personal data retention period expires, the administrator deletes the personal data.
V. Recipients of personal data (subcontractors of the administrator)
- The recipients of personal data are persons
- involved in the supply of goods / services / execution of payments on the basis of a contract, and ensuring the operation of services and marketing services.
- The administrator does not intend to transfer personal data to any third country (non-EU country) or to an international organization. Recipients of personal data in third countries are mailing / cloud service providers.
VI. Your rights
- Under the conditions set out in the GDPR, you have
- the right to access your personal data pursuant to Article 15 of the GDPR,
- the right to correct your personal data pursuant to Article 16 of GDPR, or restrict the processing of data pursuant to Article 18 of the GDPR,
- the right to delete personal data pursuant to Article 17 of the GDPR,
- the right to object to the processing pursuant to Article 21 of the GDPR,
- the right to data portability according to Article 20 of the GDPR,
- the right to withdraw the consent to processing in writing or electronically by sending a message to the address or email of the administrator specified in Article III of these conditions.
- You also have the right to file a complaint at the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Conditions and requirements on the protection of personal data
- The administrator declares that it has taken all appropriate technical and organizational measures to protect personal data.
- The administrator has applied technical measures to secure data repositories and storage of personal data in paper form, in particular those specified in the internal directive titled Information Security Policy.
- The administrator declares that only persons authorized by the administrator have access to personal data.
VIII. Final Provisions
- By submitting an order using the on-line order form, you confirm that you are familiar with the conditions of personal data protection and that you accept them in their entirety.
- You agree with these terms by checking the consent box in the on-line form. By checking the consent box, you confirm that you are familiar with these conditions on personal data protection and that you fully accept these conditions.
- The administrator is entitled to change these conditions. The new version of these conditions on personal data protection will be published by the administrator on its website, or the new version will be sent to the e-mail address you have provided.
These conditions take effect on 26 July 2020.