Information on processing personal data
Dear Business Partners,
please allow us to inform you that our company RACCOON s.r.o., ID: 25332716, registered office at Blansko, Poříčí 1603/26, postal code: 678 01 (also referred to as “The Company“), issued this Information on processing personal data of data subjects in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as “GDPR “).
The Company is hereby informing you about the following facts concerning the processing of your personal data, the personal data of your employees or the personal data of other authorized persons or data subjects.
Purpose and legal basis of processing: The Company processes personal data for the following purposes the following legal basis for processing:
- The Company processes personal data for the purpose of concluding contracts with business partners and subsequently for the purpose of implementing such contracts. The legal reason for the processing of personal data is the performance of the contract (under Article 6 (1) (b) GDPR);
- The Company processes personal data to a limited extent in order to fulfill its obligations under Act No. 235/2004 Coll. on Value Added Tax and Act No. 563/1991 Coll., on Accounting. The legal reason for the processing of personal data is the fulfilment of legal obligations (under Article 6 (1) (c) GDPR);
- The Company processes personal data to protect the Company’s rights in any civil, administrative or criminal proceedings. The legal interest in the processing of personal data is justified by the company’s interest (according to Article 6 (1) (f) GDPR). The legitimate interest of the company is to protect the rights of the company;
- The Company processes personal data to keep records of data subjects’ requests and processing. The legal interest in the processing of personal data is the legitimate interest of the company (under Article 6 (1) (f) GDPR). The legitimate interest of the company is the ability to demonstrate proper compliance with the GDPR obligations;
- The Company processes personal data to a limited extent for the purposes of direct marketing where the reason for the processing of personal data is the legitimate interest of the company (according to Article 6 (1) (f) GDPR). The legitimate interest of the company is the opportunity to introduce the goods and latest products of ISAN Radiátory s.r.o. to business partners;
- The Company will also process personal data for the purpose specified in the consent to the processing given by the personal data subject (Under Article 6 (1) (a) GDPR).
Scope of processing: The Company processes the following personal data:
- For the above-mentioned purpose of processing under the letter (a) above: name, title,
e-mail, telephone number, date of birth/personal ID, ID, VAT ID, address, correspondence address, billing address, bank account number, telephone number, agent information- name, title, date of birth/personal ID, permanent address, phone number, e-mail, legal representation title.
- For the above-mentioned purpose of processing under the letter (b) above: tax and accounting documents including records.
- For the above-mentioned purpose of processing under the letter (c) above: name, title,
e-mail, telephone number, date of birth/personal ID, ID, VAT number, address, correspondence address, billing address, bank account number, information on received and executed payments, agent information – name, title, date of birth/personal ID, phone number, e-mail, legal representation title.
- For the above-mentioned purpose of processing under the letter (d) above: name, title,
e-mail, telephone number, address, correspondence address, date of birth/personal ID, application for the exercise of one of the rights guaranteed by the GDPR, information on the processing of the application, mutual communication, agent information- name, surname, title, date of birth/personal ID, permanent address, passport number, phone number, e-mail, legal representation title.
- For the above-mentioned purpose of processing under the letter (e) above: name, title,
e-mail, telephone number, address, information about subscribed services.
- For the above-mentioned purpose of processing under the letter (f) above: personal data specified in the consent to the processing given by the personal data subject.
Personal data can also be accessed by the suppliers of internal IT systems and applications (hereinafter “suppliers”). These are not allowed to use personal data processed in any way. However, they may have access to the data based on the nature of the administration or maintenance of internal IT systems and applications. However, all suppliers are bound by the obligation of confidentiality.
Security of processing of personal data: The Company protects personal data and its processing:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the company has taken appropriate technical and organizational measures. This includes, in particular, the protection of passwords, encryption, firewalls, antivirus, detection of penetration into the system, detection of possible anomalies and access control for our employees. The Company guarantees the protection of the processed personal data by the security measures specified in Article 32 of the General Regulation on the Protection of Personal Data.
Recipient of personal data: Personal data will not be passed on to any third party, except personal data processed for the fulfilment of obligations under special legal regulations, which the company transfers to state authorities or other competent authorities only in cases where the law so requires.
Transmission of personal data to a third country or international organization: The Company does not transfer personal data to a third country or to international organizations.
Contact details of the administrator representative: Contact details of the administrator are RACCOON s.r.o., Porici 1603/26, Blansko, postal code: 678 01, Czech Republic. In case of any questions, comments or complaints, you can contact the contact person of the administrator by e-mail: firstname.lastname@example.org .
Supervisory Authority: The Supervisory Authority for personal data protection is The Office for Personal Data Protection located at Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com, telephone No.: +420234665111. If you are certain that the controller is acting unlawfully in the processing of personal data, or if you believe that any of the above rights has been violated, you have the opportunity to contact the above supervisor for your complaint.
- ADDITIONAL INFORMATION FOR THE DATA SUBJECT
The period for which personal data will be stored: The personal data are processed by The Company for the duration of the contractual relationship and subsequently for a maximum of 10 years after the termination of the contractual relationship. The personal data processed for the fulfilment of the obligations under the special legal regulations are processed by the Company for the period stipulated by these legal regulations.
Consequences of failure to provide personal data: If the data subject does not provide identification and address data, it will not be possible to enter into a contract with the data subject and provide services to the data subject. If the entity does not provide or consent to the processing of electronic contact details, this may affect the level of service and scale provided by the company.
Rights of the data subject: The data subject has:
- The right of access to personal data
The data subject has the right to obtain a confirmation from the company whether the personal data concerning him / her are processed or not and, if so, he / she has the right to access these personal data and the following information: a) purpose of the processing; (b) the categories of personal data concerned; (c) the recipients whose personal data has been or will be made available; (d) the scheduled time for which the personal data will be stored; (e) the existence of right to require that the company repairs or erases personal data or restricts their processing, or to object to such processing; (f) the right to lodge a complaint with the Supervisory Authority; (g) all available information on the source of personal data, if not obtained from the data subject; h) the fact that automated decision making is taking place, including profiling. The data subject also has the right to obtain a copy of the processed personal data.
- The right to repair personal data
The data subject has the right to correct the inaccurate personal data concerning him or her without undue delay or supplemented incomplete personal data.
- The right to delete personal data
The data subject shall have the right to delete the personal data relating to him without undue delay if: (a) personal data are no longer needed for the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on the basis of which the data has been processed and there is no further legal reason for processing; (c) the data subject objects to the processing and there are no overriding legitimate reasons for processing; (d) personal data have been processed unlawfully; (e) personal data must be erased in order to comply with a legal obligation laid down in Union or Czech law; (f) personal data were gathered in connection with the provision of information society services.
The right of cancellation does not apply if the processing is necessary to fulfill legal obligations, to determine, to exercise or to defend legal claims and other cases of determination in the Regulation.
- The right to limit the processing
The data subject has the right to restrict the processing, in any of the following cases: (a) the data subject disclaims the accuracy of the personal data for the time necessary for the company to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject refuses the deletion of personal data and instead requests restrictions on its use; (c) the company no longer needs personal data for processing but the data subject is required to identify, exercise or defend legal claims; (d) the data subject has objected to processing until it has been ascertained whether the legitimate reasons for the company outweigh the legitimate reasons for the data subject.
- The right to object to processing
The data subject has the right, at any time, to object at any time to the processing of personal data concerning him / her which the company processes because of his / her legitimate interest. In such a case, the company does not process personal data unless it can prove that there are serious legitimate reasons for processing that outweigh the interests or rights and freedoms of the data subject or for the determination, exercise or defense of legal claims.
- The right to data portability
The data subject has the right to obtain personal data relating to him provided by the company in a structured, commonly used and machine-readable format, and the right to pass on that data to another controller without the company providing the personal data being prevented from doing so if: (a) the processing is based on consent and (b) the processing is done in an automated manner. In exercising its right to data portability, the data subject has the right to have personal data transmitted directly by one administrator to the other’s administrator if this is technically feasible.
- The right to withdraw consent
The data subject has the right to consent to the processing of personal data that is not necessary to fulfill the contract or is not necessary to meet the legal obligations of the company at any time in writing, by sending a disagreement with the processing of personal data to the e-mail address firstname.lastname@example.org .
- The right to file a complaint with the Supervisory Authority
If the data subject considers that the company does not process its personal data legally, it has the right to file a complaint with the Supervisory Authority.
- The right to information about the repair/deletion of personal data or the limitation of processing
The company is required to notify individual recipients to whom personal data has been made available of any repairs or deletions of personal data or processing restrictions, except when this proves to be impossible or requires unreasonable effort. If the data subject requests it, the company shall inform the data subject about these recipients.
- The right to be informed in the event of a personal data breach
If a particular case of a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the company will notify the individual of such violation without undue delay.
The data subject notes that the company uses so-called cookies files, small text files that identify the data subject viewer and record the user’s data activity as soon as the data subject enters the http://www.raccoondoors.com/ website. Cookies are files sent to a browser via a web server to allow users to record user activity during navigation. Cookies can also be used to measure the viewing and traffic parameters of web pages http://www.raccoondoors.com/.
Cookies do not provide any specific personal information about the data subject. The data subject is allowed to set up his browser so that cookies on his computer are prevented. When visiting the Web site http://www.raccoondoors.com/, do it automatically to identify the IP address of the data subject. IP address is the number automatically assigned to the data subject’s computer when connected to the Internet. All of this information is recorded in the activity file by the server, which allows subsequent processing of data to process statistical measures that indicate the number of page views http://www.raccoondoors.com/, the number of visits, the order of visits, and the access point.
Efficiency: This Information is valid and effective from May 25, 2018.