Email: info@frunek.cz
Phone: +420 737 259 920
Contact

 RULES FOR THEA PROTECTION AND PROCESSING OF PERSONAL DATA

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

__________________________________________________________________________________

These rules for the protection and processing of personal data (hereinafter referred to as the “Rules”) describe which personal data of natural persons, in particular customers (hereinafter referred to as the “Data Subject”), are processed in the course of the activities of FRUNĚK INOX s.r.o., ID No.: 26926008, with its registered office at Cecilka 235, Zlín, Příluky, 760 01, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File 45530 (hereinafter referred to as the “Controller”).

These Rules set out the types of personal data we collect and process when you use our services or enter into another contract with us, as well as how your personal data is used, shared, and protected. You will also find an explanation of the options available to you in relation to your personal data and how you can contact us. We hereby inform you about the processing of your personal data and your rights in accordance with Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as the “GDPR”).

Personal data means any information relating to an identified or identifiable natural person; An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The controller has not appointed a data protection officer.

RECIPIENTS OF PERSONAL DATA

The Data Subject’s personal data may be further transferred to the following recipients/categories of recipients:

–        Suppliers Administrator,

–      the Administrator’s employees,

–        persons in another contractual relationship with the Controller (e.g., providers of marketing and advertising services),

–        financial institutions and insurance companies,

–        state authorities in the performance of the Administrator’s legal obligations as set out in the relevant legislation,

CATEGORIES OF PERSONAL DATA PROCESSED

The Controller is authorized to process, in particular, the following personal data of the Data Subject:

–      address and identification data used for the unambiguous and unmistakable identification of the Data Subject (e.g., first name, last name, title, date of birth, birth number, permanent address, business address, mailing address, ID number, VAT number) and data enabling contact with the Data Subject (e.g., contact address, telephone number, fax number, e-mail address, and other similar information),

–      descriptive data (e.g., bank details, payment information)

–      images, photos, and videos,

–    data provided beyond the scope of applicable laws processed within the scope of consent granted by the Data Subject (e.g., use of personal data for personnel management purposes, use of personal data for promotional purposes, etc.),

–      other information necessary for the performance of the contract,

–      other personal data that the Data Subject has provided to the Controller.

PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The Controller processes the Data Subject’s personal data for the following purposes:

a)      performance of a contract, based on Article 6(1)(b) of the GDPR,

b)      compliance with the legal obligation of the Controller stipulated by generally binding legal regulations, based on Article 6(1)(c) of the GDPR (e.g., the Controller’s obligation to retain accounting and tax documents),

c)      determination, exercise, or defense of legal claims of the Controller, based on Article 6(1)(f) of the GDPR,

d)      sending commercial communications, based on Article 6(1)(f) of the GDPR due to the existence of the Controller’s legitimate interest in direct marketing,

e)      other marketing purposes of the Controller related to the offer of products and services; sending information about organized events, products, services, and other activities (e.g., in the form of newsletters, telemarketing); contacting for the purpose of market research and marketing research; contacting for the purpose of sending Christmas, Easter, or other holiday greetings and sending discount vouchers, gifts, etc., based on Article 6(1)(a) of the GDPR

PERSONAL DATA PROCESSING TIME

Personal data will only be processed for as long as is necessary for the purpose of its processing. With regard to the above:

–      For the purpose under point a) above, personal data will be processed until the obligations under the contract expire (this does not affect the possibility of the Controller subsequently processing this personal data to the extent necessary for the purposes under points b), c), d) and/or e) above).

–    For the purpose under point b) above, personal data will be processed for the duration of the relevant legal obligation of the Controller.

–    For the purpose specified in point c) above, personal data will be processed until the end of the fourth calendar year following the end of the warranty period specified in the contract (if a quality warranty was agreed in the contract), but at least until the end of the fifth calendar year following the termination of the obligations under the contract.

–      in the event of the commencement and duration of judicial, administrative, or other proceedings in which the rights or obligations of the Controller in relation to the relevant Data Subject are being resolved, the period of personal data processing for the purpose under point c) above shall not end before the end of such proceedings,

–    For the purpose of sending commercial communications pursuant to point d) above, personal data will be processed until the Data Subject expresses their disagreement with such processing.

–      For the purposes specified in point e) above, personal data will be processed for the period for which the Data Subject has given the Controller consent in accordance with a separately agreed consent to the processing of personal data. In this case, the Data Subject acknowledges that the Controller may contact them before the expiry of this period to renew their consent.

No later than by the end of the calendar year following the expiry of the above processing period, the relevant personal data for which the purpose of processing has ceased to exist shall be destroyed (by shredding or other means ensuring that unauthorized persons cannot access the personal data) or anonymized.

METHOD OF PROCESSING PERSONAL DATA

Z

Personal data is processed by the Controller. Processing is carried out at the Controller’s premises and registered office by individual authorized employees of the Controller or Processors. Processing is carried out using computer technology or manually in the case of personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, its alteration, destruction or loss, unauthorized transfers, unauthorized processing, and other misuse of personal data. All entities to whom personal data may be disclosed respect the Data Subjects’ right to privacy and are required to comply with applicable laws and regulations regarding the protection of personal data.

No automated individual decision-making or profiling based on the data provided will be carried out. The personal data of Data Subjects will not be transferred to third countries (i.e., countries outside the EU and EEA).

INFORMATION PROVIDED TO DATA SUBJECTS UNDER THE GDPR

In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Controller:

–        access to your personal data (under the conditions of Article 15 of the GDPR),

–        correction or deletion of personal data (under the conditions of Article 16 or Article 17 of the GDPR),

–        restriction of personal data processing (under the conditions of Article 18 of the GDPR),

–        object to the processing of personal data (under the conditions of Article 21 of the GDPR),

–        the right to data portability (under the conditions set out in Article 20 of the GDPR),

–        the right to withdraw consent to the processing of personal data in writing or electronically to the address or email of the Controller specified in these Rules.

If the Data Subject discovers or believes that their personal data is being processed in violation of the protection of the Data Subject’s private and personal life or in violation of legal regulations, they have the right to contact the Controller with a request for an explanation and/or remedy. The request must be submitted in writing by sending a letter or e-mail to the Controller’s contact details: FRUNĚK INOX s.r.o., Cecilka 235, Zlín, Příluky, 760 01, e-mail: info@frunek.cz

If the Data Subject’s request is found to be justified, the Controller shall immediately remedy the situation. This does not affect the Data Subject’s right to contact the supervisory authority directly, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 555, www.uoou.cz.

CONCLUSION

These Controller Rules shall apply in relation to Data Subjects, unless otherwise agreed between a third party and the Controller. The Controller reserves the right to change these rules for the protection and processing of personal data in any way and at any time, with the current status always being posted on the website www.frunek.cz.