Processing of personal data
Statement of processing of personal data,
pursuant to Regulation (EC) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of personal data) (hereinafter "GDPR"), replacing the previous one Directive 95/46 / EC of the European Parliament and of the Council and Act No. 110/2019 Coll., on the protection of personal data.
Personal data manager is Variability s.r.o. , with its seat at Masarykovo nám. 2457/10, Karviná-Fryštát, 733 01, Czech Republic, IČ: 293 96 212, registered at the Regional Court in Ostrava, Section C, File 38736 (hereinafter "Administrator").
By entering any of Variability sro's Web Sites, or by using in any way any information placed within the Variability sro web site, or by using another option (eg telephone, mail, negotiation, order) between the Subject and the Administrator, with this Statement.
1. Personal data subjects
The subject of personal data is customer, contractor, employee, job aplicants and other potential entities, whether potential or existing, according to a commercial, employment or other legal relationship with the trustee. (hereinafter referred to as the "Entity").
2. Scope of processing of personal data
The extent of processing of personal data is based, in particular, on data provided by the entity, on the basis of a commercial, employment or other legal relationship; eventually otherwise collected by the trustee, and processed in accordance with applicable legal regulations or to fulfill legal obligations.
Which personal data we process about you:
A. Potential customers / suppliers
• Company name
• Company address
• Company ID or company VAT ID
• Your company's website
• Name and surname, Title
• Contact phone
• Contact email
• Job positions
B. Our Customers / Suppliers
These are the same data for the above-mentioned potential customers / contractors, as well as the account number (s) of your company as a rule.
C. Login / Sign Up for Website Variability s.r.o.
These are the same data for the above-mentioned potential customers / suppliers and usually your account number (s) for your company if you enter into a business relationship.
D. Monitoring attendance web pages of Variability s.r.o.
This data is collected anonymously. This is particularly the case with the data below
• The date and time of the visit, the location, the browser used, and which web pages were viewed on the www.variability.com web site.
• The IP address from which the website www.variability.cz was viewed.
Variability s.r.o. uses basic cookies that may not be deactivated under European Parliament Directive 2002/58 / EC. However, you can also reject these cookies by setting up your internet browser.
3. Reasons for processing personal data
The reason for the processing of personal data is in particular the commercial, business or other legal relationships between the entity and the trustee. Another reason is the manager's marketing activities to offer a business, work or other legal relationship to the subject.
The entity agrees to send a business (marketing) message related to the service / company's manager to the email address, or to the postal address of the entity. An entity may at any time withdraw its consent to send commercial communications.
Personal data of the subject are processed by electronic or paper recording. From the security point of the subject, security standards are set and maintained. The retention period of the personal data is based on the administrator's archiving directive, as well as on the legal regulations.
4. The lawfulness of the processing of personal data
The lawfulness of the processing of personal data is based on Article 6 (1) of the GDPR where the controller may, without the consent of the entity, process the following personal data:
(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of the contract to which the data subject is subject,
or for the implementation of measures taken before the conclusion of the contract at the request of that data subject;
(c) the processing is necessary to fulfill the legal obligation to which the manager is subject;
(d) processing is necessary to protect the vital interests of the data subject or other natural person;
(e) processing is necessary to carry out a task carried out in the public interest or in the exercise of public authority entrusted to the administrator;
(f) processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except in cases where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over those interests,
5. Rights of the data subject
The subject's right of access to personal data is based on Article 15 (1) of the GDPR if required by the trustee and includes:
(a) processing purposes;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipients whose personal data have been or will be made available, in particular to recipients in third countries or to international organizations;
(d) the planned period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period;
(e) the existence of the right to require the controller to correct or erase personal data relating to the data subject or to restrict his processing, or to object to such processing;
(f) the right to lodge a complaint with the Supervisory Authority;
(g) all available information on the source of personal data, if not obtained from the data subject;
(h) the fact that automated decision making takes place,
The Administrator has the right to require an appropriate administrative fee for the entity in relation to the cost of providing the information (s) if such information is requested by the entity.
6. Lessons and explicit consent of the subject
6.1 The entity expressly agrees to the management, processing and storage of its personal data, namely:
a) to the extent of its identification data provided, on the basis of a commercial, labor or other legal relationship; eventually otherwise collected by the trustee, and processed in accordance with applicable legal regulations or to fulfill legal obligations.
b) The entity grants consent for the duration of the business relationship under this statement and subsequently for 15 years (in the case of the conclusion of a business relationship), otherwise for a period of 5 years, unless the law requires a longer period for the preservation and processing of personal data - in this case, consent for this longer period.
6.2 It is the responsibility of the entity, to inform the entity´s authorized staff, in connection with the use of the services of the administrator, of the level of processing of personal data and their rights under "GDPR".
6.3 The subject was instructed to have in accordance with the provisions of the Act:
(a) the right of access to his or her personal data and the right to rectify personal data under the conditions laid down by law;
(b) the right to apply to the controller or the Data Protection Office with a request for remedial action if it finds that the processing of personal data has led to a breach of the duty of the controller or other person to process the data; in this case, the entity has the right to require that such persons:
- provide explanations of personal data;
- refrain from acting in violation of their duties, eliminate the situation thus created or at their own expense to provide an apology or other satisfaction;
- have made corrections or additions to personal data so that they are true and accurate;
- block or destroy personal information.
7. Final Provisions
7.1 The administrator is entitled to change this statement at any time unilaterally.
7.2 The invalidity or ineffectiveness of any of the provisions of this statement for the processing of personal data does not affect the validity or effectiveness of this statement for the processing of personal data as a whole.
7.3 In the case of a dispute between the language versions of the declaration for the processing of personal data, the version in the Czech language is always preferred, before the versions in another foreign language.
7.4 The updated version of this Statement is valid from 24.4.2019.
8. Contact information
In case of your questions, please contact your inquiry / recommendation / complaint at the following email address: firstname.lastname@example.org.If your inquiry / recommendation / complaint is justified, the problem will be resolved as soon as possible.