MENU
×
Home Information on personal data processing

Information on personal data processing

1.1        Controllers and processors

The personal data controllers:

The personal data processors:

The controllers and processors are required to provide for the handling of technical, physical, organizational, and process aspects in compliance with the industry standards, so as to prevent any unauthorized access to the processed personal data, violation of its confidentiality or security, loss or unauthorized destruction or alteration (“security incidents”), and to do all this in accord with the instructions and internal policies of the controller and the applicable legislation on personal data protection.

1.2       Purposes of the personal data processing

Processing without consent

In the interest of guaranteeing the strongest possible protection for the privacy of data subjects, every data subject has the right to raise an objection requiring that his or her personal data be processed solely for the most urgent legal reasons, or that this data be blocked. For more on the data-subject rights surrounding the processing of personal data, see article 1.7 of this Information.

Processing on the basis of consent

If you do not provide the controller with consent to the processing of personal data for the purposes mentioned above or to a certain selection from among these purposes (Processing on the basis of consent), this does not mean that the controller has refused to provide you with products or services as a consequence of this.

1.3       Sources of personal data

The controller has acquired personal data directly from you, and this primarily from mutual communication, forms you have filled out or contracts you have entered into. Outside of this, personal data comes from publicly accessible sources, indexes and registers such as the commercial register. The controller has also obtained personal data from third parties that are entitled to access and process your personal data and with whom the controller cooperates, and further from information on social networks and the internet that you have yourself placed there.

1.4       Personal data categories

The controller processes the following categories of personal data to ensure your satisfaction arising from the proper fulfilment of obligations, to ensure the fulfilment of legal obligations, to enable personalised offers of the products and services of the controller and for other purposes named above:

  1. a) basic identification data – name, surname, address of residence and national personal ID number;
    b) contact information – telephone number and e-mail address;
    c) information on the utilisation of the controller’s products and services – this is information on what products you have arranged with the controller and how you use them today, including product configurations etc.
    d) information from mutual communication – information from e-mails, from phone-call recordings or other contact forms;
    e) invoicing and transaction data – this primarily means information that appears on invoices, about invoicing conditions agreed upon and about accepted payments;
    f) geo-location information – information from the web browser or mobile applications that you use.

1.5       The recipients of the personal data

Your personal data will be accessible to the above-mentioned controllers and personal data processors, as well as to the authorised employees and representatives of Aimtec Group Members.

1.6       Processing period for the personal data

Your personal data will be processed until such time as you withdraw your consent or it will no longer be needed in connection with the above-listed purposes (i.e. the period for which the contract lasts or the controller’s legal obligations exist), but in no case for a period of longer than 10 years.

After this period expires, all data will be irreversibly destroyed. The controllers will preserve your personal data in the scope necessary for the purposes of proving that their actions are compliant with the applicable legislation.

1.7       The rights of data subjects

The controller will take all steps needed to ensure that the processing of your data is performed properly and above all securely. You are guaranteed the rights described in this article, which you can exercise towards the controller.

The controller’s provision of all communications and statements concerning the rights you exercise is, per se, free of charge. If, however, your request should show itself to be clearly unfounded or inappropriate, primarily due to being a repeated request, the controller is entitled to charge an appropriate fee that takes into account the administrative costs connected with the provision of the information. In the case of repeated application of a request for the provision of a copy of the personal data being processed, the controller reserves the right to charge an appropriate fee for administrative costs for this reason.

The controller will generally provide you with the statement and any eventual information on measures accepted as soon as possible, but within one month at the latest. The controller is, however, entitled to extend this deadline by two months when needed and with a view to the complexity and quantity of your requests. The controller will inform you of this extension, including a listing of the reasons for it.

The right to information on the processing of your personal data

You are entitled to request from the controller information on whether or not your personal data is being processed. If your personal data is being processed, you have the right to request from the controller information on, above all, the controller’s identity and contact information and their representatives and employees responsible for personal data protection, on the purposes of the processing, on the categories of the processed personal data, on the recipients or categories of recipients of personal data, on the authorised controllers, on the list of your rights, on your options for turning to the Czech Office for Personal Data Protection, on the source of the processed personal data and on automated decision-making and profiling.

If the controller intends to process your personal data for a purpose other than that for which it was acquired, the controller will provide you with information on this further purpose and other relevant information before such further processing. Information offered to you in the framework of the application of this right is contained in this Information; this does not, however, prevent you from requesting it again.

The right to access to your personal data

You are entitled to request from the controller information on whether or not your personal data is being processed, and, if it is being processed, you have access to information on the purposes of this processing and the categories of personal data in question, the data’s recipients or categories of recipients, its preservation period, information on your rights (the right to request from the controller a rectification or erasure; restriction of processing; the right to raise an objection to this processing), on the right to lodge a complaint to the Czech Office for Personal Data Protection, information on the source of the personal data, information on whether or not automated decision-making and profiling is taking place and information concerning the procedure used, as well as the significance and expected consequences of such processing for you, and information and guarantees in the case of the transfer of personal data to a third country or international organisation. You have the right to be provided with a copy of the processed personal data. However, your right to acquire this copy may not infringe upon other persons’ rights and freedoms.

The right to rectification

If, on your part, there has been for example a change of residence, telephone number or other fact that can be considered personal data, you have the right to request from the controller a rectification of your personal data. You further have the right to supplement incomplete personal data, through the provision of a supplementary declaration.

The right to erasure (the right to be forgotten)

In certain specifically defined cases, you have the right to request that the controller erase your personal data. These cases include for example the case where the processed data is no longer needed for the purposes listed above. The personal data controller deletes data after the expiration of its period of necessity automatically; however, you can turn to them with your request at any time. Your request is then subject to individual evaluation (even despite your right to erasure, the controller may have obligations or legitimate interests in retaining your personal data), and you will be informed in detail on the handling of your request.

The right to restriction of processing

The controller processes your personal data in no broader extent than is absolutely necessary. If, however, you should have the sensation that they are e.g. reaching past the above-defined purposes for personal data processing, you can submit a request for your personal data to be processed exclusively for the most essential of legal reasons, or for this data to be blocked. Your request is then subject to individual evaluation, and you will be informed in detail on the handing of your request.

The right to data portability

If you wish for the controller to provide your personal data to another controller, or to another company, the controller will transmit this data in an appropriate format to the legal subject that you define, if no legal or other significant barriers prevent the controller from doing so.

The right to raise an objection to automated individual decision-making

If you have determined, or believe, that the controller is processing your personal data in conflict with the protection of your privacy and personal life or in conflict with legislation (upon the assumption that your personal data is processed by the controller on the basis of a public or legitimate interest or is processed for the purposes of direct marketing, including profiling, or for statistical purposes or purposes of scientific or historical interest), you can turn to the controller and request that they provide an explanation or you can also raise an objection directly towards automated decision-making and profiling itself.

The right to lodge a complaint to the Czech Office for Personal Data Protection

At any time, you can turn to the supervisory authority with any initiative or complaint you may have concerning personal data processing; the Czech Office for Personal Data Protection is this authority, and it has its headquarters at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, and its website at https://www.uoou.cz/.

The right to withdraw your consent

You have the right to withdraw, at any time, the consent you have provided to the processing of personal data. You may do so by filling out a form / checking boxes / sending a withdrawal to the address of the controller or via a link in email communication.

All of these rights may be exercised via email at the address: support@aimtecglobal.com or via a letter sent to AIMTEC a. s., at the address Hálkova 32, 301 22 Pilsen, Czech Republic.

You have the right to turn to the department responsible for personal data protection within Aimtec by writing to dpo@aimtecglobal.com and, likewise, the right to submit a complaint to the relevant supervisory authority (the Czech Office for Personal Data Protection).

________________________________________________________________________________________________________________

[1] Processing is essential for the performance of the contract, for the fulfilment of the controller’s legal obligations or for the protection of the controller’s legitimate interests, or the processing is taking place on the basis of consent that was provided to the controller.

The legality of the processing can further be based upon, for example, the Czech Act no. 563/1991 Sb., on accounting, under which invoicing data is processed and preserved, Act no. 89/2012 Sb., the Civil Code, under which the controller is defending his legitimate interests or Act no. 235/2004 Sb., on value added tax.

[2] The legitimate interests of the Controller include, above all, the proper fulfilment of all contractual obligations of the Controller, the proper fulfilment of all legal obligations of the Controller, direct marketing, protection of the Controller’s business activities and property and last but not least the protection of the environment and the maintaining of sustainable development.

Information on personal data processing 180228

Aimtec
© Aimtec All rights reserved.