OKCEL
Terms of use - declaration of personal data processing
Declaration of Personal Data Processing according to The General Data Protection Regulation (hereinafter referred as the "GDPR") of the European Parliament and the Council (EU) 2016/679
I. Personal Data Controller
Company Synthesia, a.s. , Semtín 103, 530 02 Pardubice, Identification Number: 60108916, CZ60108916, is registered since January 1, 1994 in the Commercial Register kept at the Regional Court in Hradec Králové, Section B, Insert 1031 (hereinafter referred as the "Controller") hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.
II. Scope of personal data processing
Personal data is processed to the extend that the related data subject has provided to the data controller in connection with the conclusion of a contractual or other legal relationship or which the controller has collected and processes in accordance with the applicable legal regulations or to fulfil the statutory obligations of the controller.
III. Sources of personal data
- directly from the data subjects (registration at the entrance to the company premises, name, surname, etc. emails, phone number, chat, websites, contact forms on the websites, social networks, business cards etc.),
- publicly available registers, lists and records (i.e. commercial registers, trade registers, land registers, public telephone directory etc.).
IV. Categories of personal data that is being processed
- addresses and identification data which can uniquely identify a data subject (i.e.name, surname, title, or birth certificate number, date of birth, address of permanent residence, company identification number, company tax number) and data which enable to directly contact the data subject (contact details - i.e. contact address, phone number, fax number, email address and other similar information)
- descriptive data (i.e. bank details)
- other data which is necessary to fulfil contractual obligations
- data provided beyond the applicable laws within the legitimate interest of the controller and/or consent given by the data subject (processing of photographs, usage of personal data in order to safeguard the subject, hr reasons etc.)
V. Categories of data subjects
- employee of the controller
- employees of the tenant or owner in the SemtinZone premises of the controller
- client of the controller
- carrier
- service provider
- another individual, who has a contractual relationship with the controller
- job applicant
VI. Categories of personal data recipients
- clients
- financial institutions
- public authorities
- processor
- public and other authorities in the fulfilment of the legal obligations stated by the relevant legal regulations
- other recipients (i.e. transfers of personal data to a third country – EU countries)
VII. Purpose of personal data processing
- purposes included in the consent of the data subject
- negotiations on a contractual relationship
- performance of the contract
- protection of the rights of the controller, recipient or other individuals concerned (i.e. security of the employees of the controller and other individuals, enforcement of the receivables of the controller)
- document storage according to the law
- tenders for orders of the controller
- job vacancies
- fulfilment of the contractual obligations of the controller
- protection of the vital interests of the data subject
VIII. Method of private data processing and protection
Personal Data is being processed by the Controller. Processing is carried out in its premises - in the headquarters of the controller by employees who are authorized by the controller, or processor. Processing is done by computer technology, or manually if the personal data is in paper form, in compliance with all the security measures for personal data control and processing. For this purpose, the controller has put in place technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All entities, which may have access to the private data, must respect the privacy rights of data subjects and are obliged to act according to the related personal data protection regulations.
IX. Duration of data processing
In accordance with the deadlines specified in the relevant contracts, the record and retention procedure of the controller, or the relevant legislation, it is the time necessary to ensure the rights and obligations based on both the obligation relationship and the applicable legal regulations.
Information
Controller processes data with the data subject consent with the exception of circumstances stated by the law and circumstances when the controller has a legitimate interest (safeguarding activities of the controller), when personal data processing does not require consent of the data subject.
According to the Article 6 of GDPR controller has the right to process following data without the consent of the data subject:
- the data subject has given consent for one or more specific purposes,
- data processing is necessary to fulfil contractual obligations with a data subject, or to take measures which were accepted before the conclusion of the contract upon request of the data subject,
- data processing is necessary to fulfil a legal obligation of the controller,
- data processing is necessary to protect vital interests of the data subject or other natural person,
- data processing is necessary to perform a task in the public interest or to exercise the public authority entrusted to the controller,
- data processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except in cases, where the interests or fundamental rights and freedoms requiring data protection of the data subjects prevail over those interests.
XI. Right of data subjects
1) According to the Article 12 of GDPR the controller upon request informs the data subject about his or her right of access personal data and following information:
- purpose of data processing,
- category of personal data concerned,
- recipients or categories of recipients with whom private data were or will be shared,
- how long the data is stored
- all the available information about the source of the information,
- if they are not obtained from data subjects, the fact, that the decision making process including profiling is done automatically.
2) Any data subject who discovers or considers that controller or processor does not process his or her private data in compliance with the protection of private and personal life regulations or that controller violates the law, in particular if the personal data is inaccurate with respect of processing purpose, data subject may:
- request an explanation from the controller,
- to submit a request to the controller to resolve such a situation. In particular, this may be blocking, alteration, adding or deleting personal data,
- if the request of the subject is legitimate according to the Article 1, controller must immediately resolve such an issue,
- in case the controller does not agree with the legitimate request, according to paragraph 1 the data subject has the right to directly contact the supervisor authority, the Office of personal data protection.
- procedure in paragraph 1 does not exclude the right of data subject to contact directly supervisor authority.
Controller is entitled to require reasonable compensation for the provision of the information, not exceeding the cost necessary to provide the information.