Principles of Personal Data Processing
In this document you can find information related with the processing of personal data. We take the protection of your personal data seriously and wish you to feel well when visiting out website. For us, the protection of your privacy when processing personal data is an essential issue that is taken into account in our business processes.
Having read these principles, you will find:
- the legal reason based on which your personal data is processed;
- the time period for which your personal data is processed;
- whether your personal data is transferred to a third party;
- your rights in relation to the controller.
Intemac Solutions s.r.o., based at Blanenská 1288/27, 664 34 Kuřim, Czech Republic, Company ID No.: 02277387 (hereinafter referred to as “Intemac Solutions”) is the controller.
Intemac Solutions shall process the personal data of natural persons (hereinafter referred to as “Data Subjects”) as a controller in accordance with the valid legislation, in particular with Act No. 101/2000 Coll., on personal data protection and on the amendment of some acts, as amended (“hereinafter referred to as “PPPA“) and in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
The personal data that you disclose to us within the use of services provided or offered by our company, or obtained during visits to our website shall be processed in accordance with legal regulations. Our company as a controller shall only use the personal data obtained in this manner for the purposes and under the erms and conditions specified in this information.
We shall process your personal data only if provided by you voluntarily and of your free will, for example upon subscribing to receive the goods or services or participation in a competition, discussion forums, surveys, for the purpose of an agreement performance, etc.
Your personal data shall be used for providing information about new products, services, special offers and for optimizing our services provided to you, or for sending commercial communications, as listed below, namely and only for the purpose for which it has been collected and to the extent necessary. The personal data may be disclosed to state authorities only on the basis of the obligation stated by legal regulations.
Intemac Solutions shall be authorized to use the email address you have provided for sending commercial communications containing information about news, events to be held, competitions or offers of products and services provided by Intemac Solutions in accordance with the provisions of § 7 of Act No. 480/2004 Coll., on certain information society services and on the amendment of some acts. In the event that you no longer wish to receive electronic commercial communications, you may unsubscribe at any time and free of charge using the unsubscribe link shown in the footing of each email containing a commercial communication.
Intemac Solutions accepts and maintains technical, organizational and security measures in order to protect your personal data against leakage, loss, and destruction as well as against any unauthorized intervention by unauthorized persons. The processing of and access to your personal data shall only be ensured by the authorized persons who are bound by the confidentiality obligation and the duty to follow legal regulations.
the website. Cookies are small “files” that are saved on your hard disk. This results in easier navigation and ensures a high level of user comfort of the website. Cookies can, among others, be used to find whether you have already visited our website using your computer.
Processing of personal data by third parties
The website of our company can contain a link to the websites of other companies. Please note that if you click on a link to any such website, the protection of personal data on these websites may be governed by their own principles for the protection of personal data, and Intemac Solutions cannot be held liable for compliance of the terms and conditions of personal data protection of third parties - operators of such other websites with legal regulations. You are kindly requested to check their principles of personal data protection on your visits to the websites of third parties and prior to providing your personal data on the websites of third parties.
Within Intemac Solutions, personal data shall only be made accessible to authorized employees of Intemac Solutions, or to employees of processors, but only to the extent necessary for processing purposes. Intemac Solutions shall be entitled to provide the personal data to third parties only when it is necessary for the purpose of providing the services of Intemac Solutions. These are the processors:
- JIC, association of legal entities, Company ID No.: 71180478
- Kreatura Digital s.r.o., Company ID No.: 03821137
- Mailchimp, 675 Ponce de Leon Ave NE Suite 500030308
- Google Czech Republic s.r.o., Company ID No.: 27604977
- Facebook, Inc., Facebook UK limited, 10 Brock Street, Regent’s Place, London, NV1 3FG
- Linkedin.com, Linkedin International Unlimited, Linked EMEA Headquarter, Vilton Place, Dublin 2
Or any other providers of processing software, services and applications, as applicable, who process personal data on behalf of Intemac Solutions by virtue of the respective agreement on personal data processing (e.g. an external payroll accounting organization, a tax or legal adviser, an advertising agency, a company distributing shipments, a company making payments), but that are not currently used by Intemac Solutions. Intemac Solutions shall, upon careful assessment, select only such persons as processors who have provided maximum guarantees as to the technical and organization ensuring the protection of personal data transferred.
Under certain conditions, Intemac Solutions shall be entitled by virtue of valid legal regulations to transfer some of your personal data, e.g. to law enforcement authorities or other public authorities.
III. Legal grounds for processing of personal data
Intemac Solutions as a controller shall process the personal data on the following grounds:
- content with the processing of personal data according to point (a) of Article 6(1) of the GDPR;
- performance of legal obligations according to point (c) of Article 6(1) of the GDPR (mainly accounting, tax and archiving obligations);
- protection of legitimate interests of the controller or a third party according to point (f) of Article 6(1) of the GDPR (primarily for the purpose of marketing activities, enforcement of legitimate claims of the controller, protection of the controller’s property, processing of cookies).
IV. Retention period of personal data
We shall process and retain your personal data for the time period necessary to ensure all rights and obligations arising from the agreement, i.e. at least for the time period needed for the implementation of your purchase order, and further for the time period for which Intemac Solutions is obliged to retain it as a controller according to generally binding legal regulations or for which you have given us your consent with the processing. In any other cases the processing time shall be based on the purpose of such processing or shall be derived from legal regulations applicable to the protection of personal data. We shall process the personal data with regard to the purpose of its processing for such time period specified:
- processing related with a visit to the website www.intemac.cz – until the consent is revoked, but not longer than 2 years after the last visit;
- processing related with the subscription to events on the website www.intemac.cz – for the time period of such event duration, but not longer than 3 years after it is ended;
- processing related with sending newsletters on the website www.intemac.cz – until the moment you inform us about your wish not to be sent commercial offers any more, or until you revoke your consent with the processing of personal data and with sending of commercial communications;
- performance of the contractual relationship – for the term of contractual relationship, but not longer than 3 years after the performance is terminated;
- improvement in the quality of provided services and development of new services – for 2 years, as a maximum;
- displaying only advertisements based on interests of the visitor to the website – for 6 months, as a maximum;
- accounting and taxation purposes – for 10 years from the following calendar year afterthe performance
- performance of other legal obligations – 5 years, as a maximum.
- processing of personal data based on the consent – until revocation
Information according to Article 13 of the GDPR: Information to be provided where personal data is collected from the data subjects
- the data subject shall have the right to request from the controller access to personal data;
- the data subject shall have the right to request from the controller rectification or erasure of the personal data, or restriction of processing, and to object to the processing, as well as the right to data portability;
- the data subject shall have the right to lodge a complaint with the Office for Personal Data Protection;
- when the processing of personal data is based on the data subject’s consent with the processing, such consent may be withdrawn at any time;
- personal data shall be processed only for the time period necessary for the purpose of such processing. When the personal data is collected based on a contractual relationship between the data subject and the controller, the personal data shall be retained for a period of 4 years from the agreement termination. After the expiry of the maximum time period the personal data may only be retained for purposes of the state statistics services, for scientific purposes, for archiving purposes, or for the time period required by legal regulations;
- personal data shall not be transferred to a third country;
- the controller shall make no automated individual decision, including profiling.
Information according to Article 15 of the GDPR: Right of access to personal data
The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data and other information.
The data subject shall have the right to obtain a copy of the personal data undergoing processing by the controller. For any further copies, the controller may charge a reasonable fee based on administrative costs.
Information according to Article 16 of the GDPR: Right to rectification
The data subject shall have the right to obtain from the controller without undue delay rectification of inaccurate personal data concerning him or her.
Information according to Article 17 of the GDPR: Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay whenever a reason therefor exists. This shall not apply to the extent that processing is necessary, primarily for compliance with a legal obligation and for the establishment, exercise or defence of legal claims.
Information according to Article 18 of the GDPR: Right to restriction of processing
Under certain circumstances, the data subject shall have the right to obtain from the controller restriction of processing of personal data concerning him or her.
Information according to Article 19 of the GDPR: Notification obligation
The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
Information according to Article 21 of the GDPR: Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her.
Information according to Article 34 of the GDPR: Communication of a personal data breach
When the personal data breach is likely to result in a high risk to the rights and freedoms of the data subject, the controller shall communicate such personal data breach to the data subject without undue delay.
Intemac Solutions s.r.o.
These terms and conditions shall become effective as of 25 May 2018.