Personal Data Processing Principles
Company KOVERDYNSKY s.r.o., with registered office at Jindřicha Plachty 596/8, Smíchov, 150 00 Praha 5, ID No: 19347332, registered in the Commercial Register of the City Court in Praha, Section C, insert 384967 (hereinafter referred to as the "Controller") fully protects the personal data of the data subject and the data from misuse in the sense of the applicable legislation, in particular respecting the principles and rules set out in (i) Regulation 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation") and (ii) in the national legislation supplementing certain provisions of the Regulation and replacing Act No. 101/2000 Coll. (the Personal Data Processing Act).
The main activities of the Controller include mainly design, consulting and expert activities in the field of technical insulation, as well as related services available at www.koverdynsky.cz. This document provides a clear overview of all the information about what personal data the controller processes about its customers and business partners (data subjects), whether the data is processed on the basis of the data subject's consent or on the basis of another legal ground, for what purposes the personal data is used, to whom it may be transferred and what rights the data subject has in relation to the processing of personal data.
Contact details of the Controller:
KOVERDYNSKY s.r.o.
ID: 19347332
e-mail: info@koverdynsky.cz
phone: +420 774 023 173
The data subject's rights described below may be exercised at the contacts listed above.
1. Personal Data
1.1. The personal data processed by the controller are:
- dentification data of the customer, a member of his/her body or an employee (name and surname, date of birth, birth number, ID number, home/residential address, email address, telephone number, ID card number),
- contact details (email address, telephone number, home /office address),
- order details (details of services ordered, payment including bank account number and details of complaints).
2. Purpose of processing of personal data and legal basis for processing
2.1. Where the customer has placed an order for the services or products offered by the controller, the controller processes the customer's identification and contact data, including order data, for the purpose of the proper performance under this contract and the legal basis for the processing of personal data is the performance of a contract to which the data subject is a party within the meaning of Article 6(1)(b) of the Regulation.
2.2. Where the customer has placed an order for the services or products offered, the controller shall store the identification and contact data, including the customer's order data, on the basis of its legitimate interest within the meaning of Article 6(1)(f) of the Regulation, for the purpose of protecting legal claims, the controller's internal records and controls and the effective promotion of the controller's services. The legitimate interest of the controller here is the protection of legal claims, the control of the proper provision of services and the effective promotion of the controller's services. Identification and contact data, including order data and electronic customer identification data, are processed for the purpose of
- obtaining information on the basis of which the controller can improve the services offered in the future, in particular to determine customer satisfaction;
- providing tailored offers and targeted advertising, which it is entitled to send to the customer by email or post.
2.3. There is no automatic individual decision-making by the controller within the meaning of Article 22 of the Regulation.
3. The period of storage of personal data
3.1. The period for which personal data obtained for the purpose of the proper performance of the contract within the meaning of Article 2, paragraph 2.1 of this Policy will be stored is 10 years, in accordance with the obligation to archive invoices on the basis of national accounting and tax legislation (in particular Act No. 563/1991 Coll., on Accounting, as amended; Act No. 235/2004 Coll., on Value Added Tax, as amended; etc.)
3.2. The period for which personal data will be kept for the purpose of protecting legal claims, internal records and control of the controller and effective promotion of the controller's services within the meaning of Article 2, paragraph 2.3 of this Policy is the period necessary to fulfil the purpose of processing personal data.
4. Other recipients of personal data
4.1. The Controller processes the Customer's personal data, i.e. determines the purpose and means of processing the personal data and is responsible for its proper execution. For the processing of personal data, the controller also uses the services of other processors who process personal data only as instructed by the controller and for the purposes described in section 2 of this policy.
5. Instructions to the data subject
5.1. Under the conditions set out in the Regulation, the data subject has the right to request access to personal data from the controller, the right to rectification or erasure of personal data or restriction of processing, the right to object to the processing of personal data, and the right to data portability.
5.2. If the data subject considers that the processing of his or her personal data has infringed or is infringing the Regulation, he or she shall have the right, inter alia, to lodge a complaint with a supervisory authority. The data subject shall have the right to object at any time to processing of personal data and the controller shall not continue the processing for such purposes unless it has legitimate compelling reasons for continuing the processing.
Praha, May 16th, 2023.
