Principles of personal data processing

Zásady zpracování osobních údajů - GDPR

The company REPAROSERVIS spol. The company REPAROSERVIS spol. s ro, with its registered office at Lnářská 907/12, 104 00 Prague 10, Company Identification Number 639 94 445, entered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert 39328 (hereinafter referred to as the “Administrator”), as the administrator of personal data, hereby allows you to inform about the manner and scope of processing your personal data, including the scope of rights of data subjects.

Definition of terms used:
personal data – personal data is any information concerning a designated or identifiable data subject; a data subject is considered to be designated or identifiable if the data subject can be directly or indirectly identified;

• data subject – in this case, the data subject is you as a natural person to whom personal data relate;

• administrator – the administrator is any entity that determines the purpose and means of personal data processing, performs processing and is responsible for it, in this case the company REPAROSERVIS, spol. s r.o. ; s r.o. ;

• processor – a processor is any entity that processes personal data on the basis of a special law or authorization by the administrator;

• recipient – the recipient is any entity to which personal data is made available; the recipient is not considered to be the entity processing the personal data;

• processing of personal data – processing of personal data is any operation or set of operations that the controller or processor systematically performs with personal data, either automatically or by other means; processing of personal data means, in particular, the collection, storage, making available, modification or modification, retrieval, use, transmission, dissemination, publication, storage, exchange, sorting or combination, blocking and disposal;

• consent of the data subject – any free, informed and unambiguous expression of will by which the data subject gives his or her consent to the processing of his or her personal data by a statement or other obvious confirmation

1. Personal data controller – identity and contact details:

REPAROSERVIS spol. s r.o. Address: Lnářská 907/12, 104 00 Praha 10 Phone: +420 271 960 431 E-mail: ID: 63994445 • VAT: CZ63994445

The administrator did not appoint a data protection officer.

2. Purpose and scope of personal data processing:

The controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council – General Regulation on the Protection of Personal Data, hereinafter referred to as “GDPR”.

Processing of personal data: a) without the consent of the data subject b) with the consent of the data subject

a) Without the consent of the data subject

Without your consent, personal data is processed on the basis of the following legal titles and for the following purposes:

– Performance of the contract or implementation of pre-contractual measures taken at the request of the data subject for the purpose of implementing the contractual obligation, including related commercial and financial communication

– Protection of the rights and legally protected interests of the Administrator for the purpose of recovery of amounts due for delivered goods, services or other receivables of the Administrator, assessment of creditworthiness and credibility, camera system with recording to protect the Administrator’s assets, identification of visitors to the Administrator’s objects for protection of the Administrator’s assets,

– Fulfillment of the legal obligation arising from the law for the purposes of providing co-operation to state bodies on the basis of the law and within its limits, including data storage on the basis of the law and bookkeeping

– Processing is necessary to protect the vital interests of the data subject or another natural person

b) With the consent of the data subject
The administrator will ask for your consent in the absence of a contractual relationship or other reason complying with the requirements of the GDPR.

Granting consent to the processing of personal data is entirely voluntary and this consent can be revoked at any time.

Consent to the processing of personal data may be revoked by a written notice sent by e-mail to the address or by post to the Administrator’s address.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its revocation.

3. Scope of personal data processing:
The administrator processes your following personal data: – identification and contact data of the data subject – data on products that you have purchased or delivered, or about the services that are provided – data from our mutual communication (whether it took place in person, in writing, by telephone or otherwise), – payment data (eg information on the amount paid or owed, account number, etc.).
4. Period for which the personal data will be stored:
Your personal data is kept only for the time strictly necessary to ensure mutual rights and obligations, ie at least for the duration of the contract, and then for as long as the controller is obliged / authorized to keep those data according to GDPR and other generally binding legal regulations. in particular to defend their legal claims. The data that the administrator processes with your consent are stored for the period during which the consent is validly granted.
5. Sources from which the information comes:
Your personal data processed by the Administrator for the purposes described in this information comes from the following sources: – The data were provided to you in connection with the conclusion of the contract or during the cooperation. – Data were obtained from public sources, lists and public records such as the Commercial Register, Trade Register, Insolvency Register, Real Estate Cadastre.

6. Recipients of personal data:
The administrator transfers your personal data only in justified cases and only to the extent necessary to the following categories of recipients:
– contractual partners who are necessary for the operation of the Administrator and securing and implementing a contractual relationship with you, such as information technology suppliers, courier or postal service providers, – other entities in cases where the Administrator imposes legal regulations or if necessary for the protection of his legitimate interests (eg courts, the Police of the Czech Republic, etc.);

7. Your rights as a data subject in the processing of personal data:
– Right of access – the data subject may request the Administrator to access the personal data he processes about him, the Administrator will provide a copy of the processed personal data. – Right of rectification – the data subject has the right to request the controller to correct inaccurate personal data concerning him – Right of erasure – The data subject has the right to request the controller to delete personal data concerning him without undue delay if any for the following reasons: a. personal data are no longer needed for the purposes for which they were collected or otherwise processed; b. the data subject has withdrawn the consent on the basis of which the personal data were processed and there is no other legal reason for their processing; c. the data subject objects to being the subject of a decision based on the automated processing of personal data and there are no overriding legitimate reasons for such processing or objects to the processing of personal data for direct marketing purposes; d. personal data has been processed illegally; e. personal data must be deleted in order to comply with a legal obligation laid down in Union or Member State law applicable to the controller; f. personal data has been collected in connection with the offer of information society services – Right to restrict processing – the data subject has the right to request the Controller to restrict the processing of personal data if any of the following situations occur: a. The data subject denies the accuracy of personal data; for the time necessary for the Administrator to verify the accuracy of the personal data; b. The processing of personal data is illegal, but the data subject refuses to delete the data and requests instead that their use be restricted; c. The controller no longer needs the personal data for processing purposes, but the data subject requests them for the determination, enforcement or defense of legal claims; d. The data subject has objected to the processing of his personal data pursuant to Article 21 (1) of the GDPR until it is verified that the legitimate reasons of the controller outweigh the legitimate reasons of the data subject. – Right to data portability – in cases specified by the GPDR, the data subject has the right to obtain personal data concerning him provided to the Controller in a structured, commonly used and machine-readable format and to transfer them to another controller, provided that this right may not be adversely affect the rights and freedoms of others – Right to withdraw consent – if the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw consent to the processing of personal data for the purpose for which the consent was granted – Right to object – The data subject has the right at any time to object to the processing of his personal data with the Administrator for direct marketing purposes based on the legitimate interest of the Administrator The right to file a complaint – the data subject has the right to file a complaint with the supervisory body, the Office for Personal Data Protection Sochora 27, 170 00 Prague 7,