GDPR
INFORMATION MEMORANDUM ON PERSONAL DATA PROCESSING
Dear customers, business partners, and the public, The document you are currently reading contains basic information about how we process your personal data. We appreciate that you share your personal data with us, and we are committed to protecting it to the maximum extent possible. We also strive to be as transparent as possible with you regarding how we process your personal data.
In light of new European Union legislation, this information memorandum has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
This information memorandum presents the basic information that we, as the data controller, are obliged to provide. If you have any questions regarding the processing of your personal data, please do not hesitate to contact us at the email address gdpr@mpservis.cz or by phone at +420 469 669 323. In all cases, you can reach us at our mailing address: Davídkova St. 692/30, 180 00 Prague 8.
WHO IS THE DATA CONTROLLER?
A data controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
The data controller is Metal Produkt Servis Praha, s.r.o., with its registered office at Davídkova St. 692/30, 180 00 Prague 8, Company ID: 26708159, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert No. 88745.
WHO IS THE DATA PROTECTION OFFICER?
A Data Protection Officer (DPO) is a person experienced in the field of personal data protection who ensures that data processing is carried out correctly, particularly in compliance with relevant legal regulations. The DPO is also the most qualified person to handle inquiries and requests related to personal data.
The controller has decided that, according to GDPR (Article 37), it is not required to appoint an official Data Protection Officer.
FOR WHAT PURPOSE DO WE NEED PERSONAL DATA?
The controller carries out many activities that we would like to inform you about. The processing carried out by the controller varies depending on the relationship you have with us.
If you are a candidate who would like to become part of our team, we process your personal data:
- Based on contractual obligation, we use your personal data for:
- Recruitment and ensuring the selection process for the position being filled;
- Based on your consent, we use it for:
- Searching for suitable candidates in the open market.
If you are a visitor to our premises, we process your personal data:
- Based on our legitimate interests, we use it for:
- Managing access to the company;
- Managing the protection of property and persons on the company’s premises, where we record camera footage of you in connection with your movement around the company’s premises.
If you are a visitor to our website, a participant in public or private events organized by our company, we process your data:
- Based on your legitimate interests, we use it for:
- Recording participants at our public events;
- Based on your consent, we use it for:
- Statistical purposes and other related analyses, such as information on how much time you spent on our website or how many times you visited it in the past (analytical and marketing cookies);
- Communication with you based on the contact form.
If you are a student doing an internship with us, we process your personal data:
- Based on contractual obligation, we use it for:
- Fulfilling the essence of the internship agreement between the school and us.
If you are our customer, we process your personal data:
- Based on our legitimate interests or the legitimate interests of third
parties, we use it for:
- Customer records;
- Based on contractual obligation, we use your personal data for:
- Activities related to the sale of goods, such as delivering the goods you ordered, preparing a quote/offer, contacting you to send a quote/offer, preparing a contract proposal based on your request, preparing a (pro forma) invoice, handling complaints.
- Based on your consent, we use it for:
- Marketing purposes (promotions, loyalty programs, commercial communications, competitions, registration in the client portal).
If you are our suppliers or partners, we process your personal data:
- Based on our legitimate interests or the legitimate interests of third
parties, we use it for:
- Records of suppliers or partners;
- Based on contractual obligation, we use your personal data for:
- Contacting you to send an offer or deliver goods to the customer.
Providing personal data to the controller is generally a legal and contractual requirement. When providing personal data for marketing purposes, which does not constitute the fulfilment of the controller’s contractual and legal obligations, your consent is required. If you do not give the controller consent to process personal data for marketing purposes, it does not mean that the controller will refuse to provide you with its product or service based on the contract.
CONSENT FOR PERSONAL DATA PROCESSING
We use consent for personal data processing for the purposes listed below, and only when you give us your consent:
- Customer feedback, which we subsequently publish on our website, in offer or product sheets, catalogues, or our magazine, including your references if you provide them to us;
- If you participate in company or public events, training, and workshops organized by us;
- If you fill out a contact form and allow us to process your personal data.
Remember, you can withdraw this consent at any time, and we will delete the personal data we have about you where deletion is possible. However, we are unable to delete some data for which you have given us consent to process, especially if you have given permission for its use in PR articles and videos created for marketing and promotion of the company, in news with your references that we send to clients by email if they request it, etc.
HOW WERE PERSONAL DATA OBTAINED?
The controller obtained personal data directly from you, mainly from completed forms, mutual communication, or concluded contracts. In addition, personal data may come from publicly available sources, registers, and records, such as the commercial register, debtor register, or professional registers. Furthermore, the controller may have obtained personal data from third parties authorized to access and process your personal data and with whom it cooperates, as well as from information on social networks and the internet that you have placed there yourself.
WHAT CATEGORIES OF PERSONAL DATA ARE PROCESSED?
To ensure your satisfaction with the proper fulfilment of obligations, to ensure compliance with legal obligations, to provide personalized offers of goods and services from the controller, and for other purposes listed above, we, as the data controller, process the following categories of personal data:
- Basic identification data – name, surname, date of birth, address of residence, personal identification number, and identification number, signature;
- Contact details – phone number and email address;
- Information about the use of the controller’s products and services – data on which products you have contracted with the controller and which you are currently using;
- Information from mutual communication – information from emails, contact forms on websites;
- Billing and transaction data – information appearing on invoices, agreed billing conditions, and received payments, bank account numbers;
- Information about completed orders;
- Information about entries into the premises;
- Information from resumes that you provide and communicate to us through the resume;
- Information for marketing purposes – promotions, commercial communications, loyalty programs;
- Information about website visits – processing of IP addresses, location of page opening, time spent on the page, date and time of page opening, time of most frequent page opening, cookies.
WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?
The legality of processing is determined by Article 6(1) of the GDPR, which states that processing is lawful if it is necessary for the performance of a contract, for compliance with a legal obligation to which the controller is subject, for the protection of the legitimate interests of the controller, or if the processing is based on consent that you have given us.
The legality of processing also derives, for example, from Act No. 563/1991 Coll., on Accounting, under which billing data are processed and stored, from Act No. 89/2012 Coll., the Civil Code, under which the controller protects its legitimate interests, or from Act No. 235/2004 Coll., on Value Added Tax.
WILL WE SHARE PERSONAL DATA WITH ANYONE ELSE?
As the data controller, we process your personal data. This means that we must have a purpose for collecting your personal data. To fulfill our legal obligations, we are sometimes required to provide your personal data to third parties who are also in the role of data controllers:
- Health insurance companies
- Tax office
- Czech Social Security Administration
For processing your personal data, we also use the services of external processors. We use the following categories of processors:
- External company providing accounting and payroll processing;
- External company providing legal services;
- External company providing security for the premises;
- External companies providing server, web, cloud, or IT services;
- External company managing our website and analytical tools on the web.
Contracts for the processing of personal data are concluded with all processors to ensure the maximum possible protection of your personal data. Additionally, there are cases of providing personal data upon request to authorities involved in criminal, misdemeanor, or administrative proceedings. However, we disclose your personal data only to the necessary extent and in the form required to achieve the purposes stated in this privacy statement.
WILL WE TRANSFER PERSONAL DATA TO THIRD COUNTRIES OUTSIDE THE EUROPEAN UNION?
Your personal data will not be transferred outside the territory of the European Union. This does not apply if you explicitly consent to such a transfer of your personal data abroad, or for the purpose of providing ordered services abroad.
HOW LONG WILL WE STORE PERSONAL DATA?
Your personal data will be stored for the duration of the contract and subsequently for the necessary period to ensure legal claims arising from the contract, i.e., until our mutual rights and obligations can become the subject of a legal dispute. Considering the limitation periods set by the Civil Code and tax obligations, we will store your personal data for 10 years after the termination of the contractual relationship. Some personal data required, for example, for tax and billing obligations will be stored longer, but not longer than the legally required minimum.
If the processing is based on consent, we may store your personal data for the period for which you have given us consent, unless you withdraw this consent. We may also store your personal data after the end of such a process if it is necessary in connection with any actual or potential dispute (e.g., we need this personal data to establish or defend legal claims); in such a case, we will store your personal data until the end of such a dispute.
Personal data obtained for the purpose of protecting property and persons on the company’s premises (camera system) will be stored for a maximum of 17 days from the date of recording.
Personal data will never be stored longer than the legally required maximum. After the retention period expires, personal data will be securely and irreversibly destroyed to prevent misuse.
ARE PERSONAL DATA AUTOMATICALLY EVALUATED?
Personal data are not automatically evaluated or otherwise processed and cannot be used for profiling or automatic decision-making in the area of marketing or other activities of the controller.
WHAT ARE COOKIES?
Cookies are text files that our website sends to your browser or device from which you view our website (e.g., phone, tablet, computer). They allow us to recognize you and customize our website accordingly, analyze your behavior, display certain content to you, etc.
What types of cookies do we use?
- Technical, functional – these are necessary to display our website to you and ensure it works as it should.
- Analytical – these help us analyze how our website works in terms of visitor behavior and adjust and change the website accordingly.
- Marketing – these cookies allow us or third parties to customize our service offerings after your visit. This offer may then be displayed to you even outside our website.
Can we process such cookies?
On the website, we can also use so-called technical cookies, which ensure that the website works as it should, or to record whether you have given consent to cookies or not. Unfortunately, there is no way to refuse the use of these cookies. In addition to technical cookies, we also use other cookies for the purposes mentioned above. We store all these cookies only with your consent, for each of the specified purposes separately. If you decide to give consent only to some cookies according to the settings when giving consent, the cookies for which you did not give consent will not be activated. You can also withdraw your consent at any time by changing the settings according to the relevant button on the website. However, withdrawing consent does not affect the legality of processing before its withdrawal. In other words, until you withdraw consent, the use of cookies is legitimate.
IN CONNECTION WITH COOKIES, WE SPECIFICALLY USE THE FOLLOWING TOOLS
- Google Analytics and other tools from Google Ireland Ltd., Google Building
Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
- More information: Google Cookies
- Sklik tool from Seznam.cz, a.s., with its registered office at Radlická
3294/10, Smíchov, 150 00 Prague 5. Typically, the cookie file sid and related
cookies are stored with this tool.
- More details: Seznam Cookies
- Facebook Pixel and other tools from Facebook Ireland Ltd., 4 Grand Canal
Square, Grand Canal Harbour, Dublin 2, Ireland.
- More information: Facebook Cookies
- Tools from LinkedIn Ireland Unlimited Company, with its registered office at
Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland.
- More information: LinkedIn Cookies
- Tools from Twitter International Company, with its registered office at One
Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
- More information: Twitter Cookies and Cookie Description List
The simplest way to prevent the use of cookies is through your browser settings, where you can block cookies.
WHAT ARE YOUR RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA AND HOW CAN YOU EXERCISE THEM?
The controller does everything to ensure that your data is processed properly and, above all, securely. Personal data to which the controller gains access is under continuous physical, electronic, and procedural control. The controller has modern control, technical, and security mechanisms in place to ensure the maximum possible protection of processed data against unauthorized access or transfer, loss or destruction, as well as other possible misuse. All persons who come into contact with personal data as part of fulfilling their work or contractually assumed obligations are bound by a legal or contractual duty of confidentiality. You are guaranteed the rights described in this article, which you can exercise with the controller.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You exercise your rights (including the right to object) with the Data Controller. You can contact us in person or in writing, either by email or by sending a request (download here) to our company’s data box. We must verify your identity to ensure we do not infringe on the privacy of another individual when taking steps to exercise your rights.
In person (with ID) | Metal Produkt Servis Praha, s.r.o. Davídkova ul. 692/30, 180 00 Praha 8 |
By mail (notarized) | Metal Produkt Servis Praha, s.r.o. Davídkova ul. 692/30, 180 00 Praha 8 |
By email (electronic signature) | gdpr@mpservis.cz |
Data box | 22imdtv |
All communications and statements regarding your exercised rights are provided by the controller free of charge. However, if the request is manifestly unfounded or excessive, particularly because it is repetitive, the controller is entitled to charge a reasonable fee reflecting the administrative costs of providing the requested information. In the case of repeated requests for copies of processed personal data, the controller reserves the right to charge a reasonable fee for administrative costs.
The controller will provide you with a statement and, if applicable, information on the measures taken as soon as possible, but no later than one month. The controller is entitled to extend the period by two months if necessary, considering the complexity and number of requests. The controller will inform you of any extension, including the reasons, within 30 days of receiving the request.
RIGHT TO INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA
You have the right to request information from the controller about whether your personal data is being processed or not. If personal data is being processed, you have the right to request information from the controller, particularly about the identity and contact details of the controller, its representative, and, if applicable, the Data Protection Officer, the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients of personal data, the legitimate interests of the controller, a list of your rights, the possibility to contact the Office for Personal Data Protection, the source of the processed personal data, and automated decision-making and profiling.
If the controller intends to further process your personal data for a purpose other than that for which it was collected, it will provide you with information about this other purpose and other relevant information before such further processing. The information provided to you under this right is already contained in this memorandum, but you are not prevented from requesting it again.
Right of access to personal data
You have the right to request information from the controller about whether your personal data is being processed or not, and if so, you have access to information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients, the period for which personal data will be stored, information about your rights (the right to request correction or deletion from the controller, restriction of processing, to object to this processing), the right to lodge a complaint with the Office for Personal Data Protection, information about the source of personal data, information about whether automated decision-making and profiling are taking place, and information about the procedure used, as well as the significance and expected consequences of such processing for you, information and guarantees in the case of transferring personal data to a third country or international organization. You have the right to obtain copies of the processed personal data. However, the right to obtain this copy must not adversely affect the rights and freedoms of others.
Right to rectification
If, for example, there has been a change in your residence, telephone number, or other facts that can be considered personal data, you have the right to request the correction of the processed personal data from the controller. Additionally, you have the right to complete incomplete personal data, including by providing an additional statement
Right to erasure (right to be forgotten)
In certain specified cases, you have the right to request that the controller delete your personal data. Such cases include, for example, that the processed data is no longer necessary for the purposes mentioned above. The controller automatically deletes personal data after the necessity period expires, but you can contact the controller with your request at any time. Your request is then subject to individual assessment (despite your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data), and you will be informed in detail about its resolution.
Right to restriction of processing
The controller processes your personal data only to the extent necessary. However, if you feel that the controller, for example, exceeds the purposes for which personal data is processed, you can request that your personal data be processed only for the most necessary legal reasons or that personal data be blocked. Your request is then subject to individual assessment, and you will be informed in detail about its resolution.
Right to data portability
If you wish for the controller to provide your personal data to another controller or another company, the controller will transfer your personal data in an appropriate format to the entity you specify, provided there are no legal or other significant obstacles.
Right to object and automated individual decision-making
If you find or believe that the controller is processing personal data in violation of the protection of your private and personal life or in violation of legal regulations (provided that personal data is processed by the controller based on public or legitimate interest, or is processed for direct marketing purposes, including profiling, or for statistical purposes or purposes of scientific or historical significance), you can contact the controller and request an explanation or the removal of the problematic state. You can also object directly to automated decision-making, including profiling.
Right to lodge a complaint with the Office for Personal Data Protection
You can contact the supervisory authority with your suggestion or complaint regarding the processing of personal data at any time, namely the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website: Office for Personal Data Protection
Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time, either by filling out a form/unchecking a box/sending a withdrawal to the controller’s registered office address, or via a link in email communication, depending on how the consent was obtained.
FINAL PROVISIONS
All legal relationships arising from or in connection with the processing of personal data are governed by the legal order of the Czech Republic, regardless of where access to them was made. The Czech courts, which will apply Czech law, are competent to resolve any disputes arising in connection with privacy protection between you and our company.
This Information Memorandum on Personal Data Processing is effective from 25.05.2018 and was last updated on 01.11.2024.