INFORMATION ON PERSONAL DATA PROCESSING IN RELATION TO PERFORMANCE OF THE CONTRACTUAL RELATIONSHIP
- PURPOSE OF THE DOCUMENT
1.1. The purpose of this document is to provide business partners with information on personal data processing to the extent defined in Art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as ”GDPR“ or the ”Regulation“), with regard to the contractual relation with the controller.
- IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
2.1. The controller of your personal data is the trading company FEROPLAST spol. s r.o., Company ID 150 59 031, with the registered office at Soukenická 136, 583 01 Chotěboř, entered in the Commercial Register maintained with the Regional Court in Hradec Králové, File No. C 962 (hereinafter referred to as the ”Controller“).
2.2. The Controller’s contact details: delivery address: Soukenická 136, 583 01 Chotěboř, e-mail address: feroplast@feroplast.cz, telephone +420 569 626 607.
2.3. The Controller has not appointed any data protection officer.
- CATEGORIES OF PROCESSED DATA
3.1. In relation to your contractual relationship with the Controller, the Controller processes these categories of personal data:
- Invoicing data: trading company, i.e. name and surname, place of business, Company ID, VAT Reg. No.
- Contact details: telephone number, e-mail, correspondence address
- Bank account number
- Contact details of natural persons acting on behalf of a legal person
- LEGAL BASIS OF PERSONAL DATA PROCESSING
4.1. Legal grounds for processing of your personal data by the Controller shall be as follows:
4.1.1. processing is necessary for the performance of the contract between you and the Controller or for taking steps by the Controller prior to entering into such contract in accordance with Art. 6 para 1 b) of the GDPR.
4.1.2. processing is necessary for compliance with obligations defined by the law, e.g. with regard to keeping accounts and archiving accounting documents containing personal data of suppliers in accordance with Art. 6 para 1 c) of the GDPR.
- PURPOSE OF PERSONAL DATA PROCESSING
5.1. The purpose of your personal data processing is compliance with contractual obligations ensuing from the contract entered into between you and the Controller.
5.2. The Controller shall not carry out any automatic individual decision-making in accordance with Art. 22 of the Regulation.
- PERIOD OF PERSONAL DATA STORAGE
6.1. Your personal data will be processed for a period of the contractual relationship duration, and further for a period necessary for the purposes of archiving according to the applicable generally binding legal regulations, however, not longer than for the period determined by the generally binding legal regulations.
- CATEGORIES OF PERSONAL DATA RECIPIENTS
7.1. Other recipients of your personal data can be:
7.1.1. State administration authorities to the extent defined in legal regulations.
7.1.2. The persons cooperating with the Controller and ensuring the processing of personal data for the Controller
• SW suppliers and a subjects ensuring the IT administration of the Controller,
• Providers of legal and accounting services.
7.2. The Controller does not intend to transfer your personal data to a third country (to a country outside the EU) or international organisation.
- RIGHTS OF THE DATA SUBJECT
8.1. Under the conditions referred to in Art. 15 to 22 of the GDPR, you have the right to ask the Controller for the access to your personal data processed by the Controller, ask for a copy of these personal data, ask for the correction of inaccurate personal data, ask for the erasure of personal data processed by the Controller, if they are not necessary any more for the provided purpose or if they are processed by the Controller unlawfully, ask for the limitation of processing of your personal data in the cases laid down in Art. 18 of the GDPR.
8.2. If you believe that by processing of your personal data the Regulation has been or is being breached, you have the right, inter alia, to file a complaint with the supervisory authority, i.e. the Office for Personal Data Protection.
8.3. The provision of your personal data to the Controller for the performance of the contract is voluntary and you do not have the duty to provide these personal data. Without providing your personal data it is not possible to enter into the contract or fulfil it by the Controller.
Document dated on 18 May 2018
FEROPLAST spol. s r.o.