Declaration by Profinit on Personal Data Protection
As protection of your personal data is important to us, Profinit EU, s.r.o., with registered office at Tychonova 270/2, Hradcany, 160 00 Prague 6, company ID number: 04434081, entered in the Commercial Register maintained by the Municipal Court in Prague under file ref. C 247646, represented by Pavel Jihlavec (hereinafter referred to only as the “Controller” or the “Processor”), we hereby undertake to comply with the following principles in order to ensure the greatest possible protection for it.
This declaration and subsequent processing of personal data shall in particular be governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (hereinafter referred to only as the “GDPR”). Cases not regulated for by the GDPR or transferral of regulation of which to a national level is explicitly permitted by the GDPR shall be governed by Act No. 101/2000 Coll. on the Protection of Personal Data, as amended.
This declaration may be altered by the Controller at any time, in particular in the event of changes to the respective legislation relating to personal data protection and for this reason we recommend, in your own interest, that you keep an eye on our website for any possible updating of this declaration.
Personal data is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (name, surname, number, network identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject is a natural person who the personal data relates to and who can be identified according to the personal data or who is identifiable.
Controller is a natural or legal person who/which determines the purposes and means of processing of personal data and who/which is primarily responsible for processing. Unless specified otherwise in these principles or the conditions of a specific service, it shall be understood that the Controller is (to be added).
Processor is a natural or legal person who/which processes personal data for the Data Controller on the basis of instructions by the Data Controller.
Processing of personal data
Processing means any operation or set of operations which is performed with personal data or with sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
How we process data
We process the personal data you provide to us on the basis of legal grounds in accordance with Article No. 6 GDPR para. 1 (b), this being if processing is necessary for performance of a contract or in accordance with point (c) for compliance with a legal obligation. We also process personal data in accordance with point (a) on the basis of the consent you have provided to processing of this data, if legitimate interest in accordance with the above-mentioned provisions is insufficient as legal grounds for processing.
Personal data is processed for the purpose of performance of existing contractual relationships and contractual relationships which are in the negotiation stage.
We always only use the personal data you have provided for the purpose which such data was provided to us for and we always provide users transparent information about this purpose.
Which data we process
Within the framework of commercial relations, we collect the following items of personal data:
- Form of address/title
- Contact address (for work)
- Email address
- Telephone number (or numbers if you provide these to us)
Period of retention of personal data
We retain data for the period necessary for the purpose of performance of the contract and also for the period necessary for compliance with our legally determined obligations or protection of our rights. Data provided on the basis of consent by the data subject shall be retained for the period specified in such consent. If you exercise your right to be forgotten or if you withdraw consent which was given, the period of retention will of course be shorter.
Handover of data – other Processors
The Controller shall be entitled to process personal data in an automated and manual manner, this being via the designated Processors. Personal data is/will only be made available to the authorised employees of the Controller or the employees of the Processor, only in that scope which is necessary for the purpose of processing. Handover of personal data to other Processors occurs only to a minimal extent and all relations with Processors are based on processing contracts in which our processors have guaranteed that they shall adopt such measures as will ensure the same level of security for personal data as that provided by our company.
In order to enable us to achieve the very highest level of protection for the personal data you provide, we use certain technologies and security functions. Despite the fact that we try our best to protect your personal data against its loss, misuse, unauthorised access, modification or publication, it is never possible to ensure 100% control over this. For this reason, we will inform you immediately in the event of any incidents which pose a certain level of risk.
For the purpose of protecting its property and prevention of damage, the Controller monitors the movements of people on its premises using a camera system which records footage. A warning is always displayed in areas in which cameras are positioned. In this case, after performance of a balancing test, the legal grounds for this processing is the legitimate interest of the Controller in accordance with Article No. 6 GDPR para. 1 (f). If recordings are not deemed to be required for the purposes of criminal, administrative or other similar proceedings, they shall be deleted within 7 days of them having been made.
Rights of Data Subject
In order for us to ensure transparency of personal data processing, we will be happy to provide you information about which items of your personal data we process via the contact details provided below.
If legally possible, you are entitled to change or correction of the personal data which we hold about you.
If personal data processing is performed on the basis of your consent, you are entitled to restriction of this processing, to withdraw your consent or even to have all of the data we hold on the basis of your consent deleted. Exceptions to this are constituted by cases when processing is performed due to a legally determined obligation or due to our legitimate interest.
You are also entitled to a copy of the personal data which we hold about you, including its sources, purposes and methods of processing, electronic decision-making and the entities which we share your data with. We will attempt to provide the information you request within a reasonable period of time. Depending on which information you request, we may charge a small fee within the scope permitted by the valid legislation.
If you believe that the Controller is acting at variance with the GDPR while processing person data, you are entitled to object to processing and also to submit a complaint to the Office for Personal Data Protection.