GDPR

Information of processing of personal data

In accordance with the requirements of European legislation for the protection of personal data (Ordinance EU n. 2016/679), which is active since 25.5.2018, we provide you the information below, which personal data we process, with the scope and purpose of their collection, and yours rights.

We assure you, that we take seriously the protection of yours personal data and we process personal data strictly in accordance with valid law. Upon collecting, storing and processing personal data, we apply processes and measures that minimize the possibility of abuse. We do not trade with personal information, and if we provide it to third parties, this is always in accordance with the requirements of the legislation.

Administrator of personal data

Administrator of personal data is 5M s.r.o. company with its registered office Na Záhonech 1177, 686 04 Kunovice, IČO 46969250, DIČ 46969250, registered in the Commercial Register maintained by the Regional Court in Brno, file number C 7093 (hereinafter only administrator)

You can contact us at address of registered office, through the data box rn5dsqn, or at email address 5M@5M.cz

 Scope of processing of personal data

Personal data are processed in scope, in which the appropriate subject of data provided to administrator, and it in the context with the conclusion of a contractual or other legal relationship with the administrator, or which administrator gathered differently and the administrator processes it in accordance with valid legal regulations or the legal obligations of the administrator.

Resources of personal data

• directly from data subjects
• CCTV
• publicly accessible registers, lists and records (e.g. business register, trade register, cadastre, public phonebook etc.)

Categories of personal data, which are subject to processing

• Address and identification data which are unambiguous and unmistakable identification of the data subject, and data allowing contact with the data subject (e.g. first name, surname, title, personal identification number, date of birth, address of permanent residence, contact or delivery address, place of birth, nationality, gender, natural person also carrying tax identification number and company ID, contact address, telephone number, e-mail address, mailboxes and other similar information)
• Descriptive data are data that create a complex image of a physical person (for example, education, knowledge of foreign languages, professional knowledge and skills, number of children, information of completion military service, previous employment, health insurance, wages, also appearance, high, figure, hair color, etc.)
• Other data necessary for performance of the contract.
• Data provided in excess of the relevant laws processed within granted agreement from the side of subject of details (processing of photos, use of personal data for the purpose of personal management, etc.)

Categories of subject data

• Customer administrator
• Empoyee administrator
• Supplier administrator
• Carrier
• Other person, who is in contractual relationship to administrator
• Job applicant

Categories of recipient of personal data

• National and others authorities within accomplishment of the legal obligations established by the relevant legal regulations.
• Financial institutions
• Public institution

Purpose of processing of personal data

• Accomplishment of legal obligations by the administrator
• Administrator rights protection, recipient or other affected persons
• Negotiations about contractual relationship
• Fulfillment of the contract
• Archiving led based on law
• Selection process for job vacancies
• Concernet purposes within subject agreement of details

Method of processing and protection of personal data

Processing of personal data does the administrator. Processing is done at administrator´s residence and his separated workplaces authorized employees of the administrator. Processing takes place through computer technology, or manually in the form of personal data in paper form, in compliance with all the security principles for the management and processing of personal data. For this purpose, the administrator has accepted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or random access to personal data, alteration, destruction or loss, unauthorized transmissions, unauthorized processing, and other misuse of personal data. All subjects to which personal data may be made available, respect the privacy rights of subjects´s data protection and they are required to proceed according to the applicable legislation related to protection of personal data.

Time of processing of personal data

In accordance with the deadlines specified in the relevant contracts, the administrator´s record and retention order, or the relevant legislation, it is the time necessary to ensure the rights and obligations flowing from the obligation relationship and the relevant legislation.

Instruction

Administrator processes the data with the consent of the data subject with the exception of statutory cases, when processing of personal data does not require the consent of the data subject.

In accordance with art. 6 par. 1 GDPR administrator can to process these data without the consent of the data subject:

• processing is necessary for the accomplishment or closure of a contract with the subject, or for implementation of the measures accepted before conclude a contract at the request of that data subject
• processing is necessary for the accomplishment legal obligation, which applies to the administrator
• processing is necessary to protect the vital interests of the subject or other individual
• processing is necessary for the accomplishment of the task carried out in the public interest or in the performence of public power of which is authorized to an administrator
• processing is necessary for purposes legitimate interests of the relevant administrator or a third party, except for cases, when before these interests have preference interests or fundamental rights and freedoms of data subjects requiring the protection of personal data

Rights of the data subject

1. In accordance with art. 12 GDPR inform administrator at the request of the data subject, the data subject of the right of access to personal data and the following information:

• for the purpose of processing
• category of personal data concerned
• beneficiaries or categories of beneficiaries, to who personal data has been or will be made available
• the planned time for which personal data will be saved
• available information about source of personal data, if they are not get from the data subject
• reality, if is happens automated decision, including profiling

2. Every data subject, who finds out or thinks, that the administrator carries out the processing of his personal data, which is in conflict with the protection of private and personal life of the data subject or outside the law, particularly if personal data are inaccurate with regard to the purpose of their processing, can:

• ask the administrator for an explanation
• ask, the administrator to remove the resulting condition, especially, it may be blocking, repair, adding or deleting personal information
• if the data subject’s request according to par. 1 is found to be justified, the administrator is going to immediately change the defective condition
• if the data administrator does not comply to data subject according to paragraph 1, the data subject has the right to contact directly the supervisory authority – the office for the protection of personal data
• the process according to in paragraph 1 does not exclude, the data subject to contact with his initiative directly to the supervisory authority
• administrator has the right in the case of clearly unjustified or disproportionate requests of data subject to require reasonable compensation not exceeding costs which are necessary for provision of information or refuse to comply