RULES OF PROCESSING PERSONAL DATA

All we in the company BENVIG HEAT TRANSFER spol. s r.o., with the registered office at: Děčínská 288, 407 22 Benešov nad Ploučnicí, Id. no.: 14867125, immensely appreciate your trust which you grant us by entrusting important information about you – such as your name, contact data, place of residence, etc. Accordingly, we are very particular about the way how your privacy is treated and how your personal data is protected. For this, we adopted the below rules which we undertake to keep in the contact with you.

All processing the personal data, likewise these rules, are in compliance with the applicable legal regulations in the field of the protection of personal data, particularly with the Directive (EU) no. 2016/679, on the protection of individuals in connection with the processing of personal data („GDPR“).

Our company processes your personal data correctly and transparently and only for certain, explicitly expressed and legitimate purposes. We process your data in the extent necessary in relation to the purpose for which it is processed, we endeavour to process it accurately and as much updated as possible, nevertheless always for a period of time not being longer than it is necessary.  We protect your data from unauthorized or illegal processing or abusing and from incidental loss, destruction or damaging.

It is our  goal that you always know which data we are collecting about you, what we do with it and how it is secured, how long we retain it and, if applicable, to whom we pass it. In addition we want that you are informed whom you can contact in case that you have any doubts about such processing. We are prepared to advise you as to where you can show your disagreement to our procedures and complain about them. Unless any term is clear to you, you can consult our Definitions, which we have prepared for you.

RIGHTS OF THE DATA ENTITIES

The applicable legal regulations award each data entity in connection with the processing of personal data certain rights, which the entity can claim at any time. This is the right to access the personal data, to correct and amend the personal data, to erase the personal data, to limit the processing of the personal data, the right to the transferability of the data, the right to rise an objection and the right to address the supervision authority (Úřad pro ochranu osobních údajů - Authority for Protection of Personal Data).

• Right to access the personal data: you are awarded the right to obtain information about the fact whether our company processes your personal data, and if it does, you also have the right to access your personal data. In case that unjustified, unreasonable or repeated requests for such information have occurred, our company can claim a reasonable fee for providing such information and personal data, or even dismiss such a request. This shall apply similarly also to the exercising of the other right of the data entity.
• Right for the correction of incorrect personal data and amending incomplete personal data: in case that you guess that we process incorrect personal data about you, you shall have the right to the correction and amendment of it. Thereafter, we, having considered the technical possibilities, perform such a change to the data without undue delay.
• Right for erasure: : if you ask for erasing some of your personal data, we are prepared to satisfy you providing that it is no longer required for the purposes for which it was prepared or if you raise objections against the processing of your data and no prevailing justified reasons exist for such processing. It goes without saying that the erasure is provided if our company is imposed to do so by a legal duty or if the processing is proved to be unlawful.
• Right to the limitation of processing personal data: in case that you ask for limiting the processing of personal data, for example, in the form of inaccessibility, temporary removal or retention of the data, our company shall make just such acts which will be necessary for the proper exercise of the right claimed by you.
• Right for the transferability of the data: in case that you would like to pass your personal data to a third party, you can use your right for the transferability of the data and our company can pass it upon your request. Please be aware that we will not be able to satisfy your request if the rights and freedoms of other persons are affected by the discharge of such right.
• Right to raise an objection: the right to raise an objection can be fully used against such processing of the personal data, the legal reason of which is the necessity for the fulfilment of a task conducted in public interest or in exercising the conduct of public power or for which the processing is necessary for the purposes of the protection of the justified interests of our company. Unless our company manages to prove that there is a serious reason for such processing, then, upon the objection, we cease such processing without undue delay.

CONTACT

On exercising your rights please contact us at the e-mail address gdpr@benvig.cz or in writing at the address of the administrator (correspondence address): Děčínská 288, 407 22 Benešov nad Ploučnicí, and/or use our electronic form here. We reserve the right to verify by a reasonable way the identity of the applicant for the subjected data.

CONTACT TO THE SUJPERVISION AUTHORITY

Address:

Úřad pro ochranu osobních údajů (Authority for the Protection of Personal Data)
Pplk. Sochora 27
170 00 Praha 7

telephone: +420 234 665 111 (Ústředna)
e-mail: posta@uoou.cz
data box: qkbaa2n

BUSINESS PARTNER

Purposes of processing personal data

On executing the contractual relationship with our business partners reasonably and in accordance with the above described principles we process the personal data of our business partners (in such cases where our business partner is a corporate body it may happen that the personal data of individuals representing such corporate body is processed). Our company processes such data particularly for the purposes:

• executing the contractual relations (rendering services);
• fulfilling the legal liabilities;
• protection of own claims, recovering receivables, and the defence in a dispute, if any;
• marketing communications towards the customers;
• sending offers of other products and services;
• handling warranty claims;
• customer support;
• communication with the corporate body via authorized persons, etc.

Processed personal data

We process the personal data not only manually, but also by an automated method in accordance with the purpose for which our company obtained it from the personal data entity, while the processing of the below categories of personal data take place:

• identification personal data (particularly the name  and surname);
• contact data (for example, e-mail address, telephone contact, addresses);
• data on the bank account.

Recipients of personal data

Your personal data which you provide to our company is further accessed only to authorized employees or individual processors of the personal data who provide guarantees of implementing adequate technical and organisational measures in such a way that the given processing of the personal data satisfies the requirements of the applicable legal regulations on the protection of personal data in accordance with the Law of the Czech Republic and Law of EU (particularly as per GDPR). The processors of personal data process the personal data only to the extent of the instructions of the Provider and particularly this is the administration of IT systems, provider of software and other processors, with whom a processing agreement regulating the rights and liabilities on processing personal data was executed. The personal data is given to processors outside of the territory of EU.

Should you wish to ascertain all those who can be in our company a recipient of your personal data, we will provide you such a list upon request. For us, it goes without saying that the data is processed in accordance with the above defined rules, hence, we access it to certain entities only to the extent being necessary for the fulfilment of the particular purposes of processing.

As in certain case we are directed by the applicable legal regulations, we can provide your personal data also to authorities of public administration providing that the concerned legal conditions are satisfied.

Personal data of third parties

All personal data of third parties (customers or employees of business partners and other individuals participating in the cooperation with our company) will be also processed in accordance with the applicable legal regulations and these rules of processing, always for the purpose for which such personal data was provided to us. This can be the case of other data which we obtain from business partners in connection with executing or fulfilling a contract.

Please be aware that we will process personal data of third persons for the duration of the contractual relationship with the business partner, and furthermore, if applicable, even after the period defined by the special legal regulations. In grounded cases a need may arise to keep certain data for a longer period, however this shall apply only occasionally in connection with a specific case (typically for the protection of the rights of our company). Please take note that this is the responsibility of each business partner to duly instruct its employees and customers about the processing of the given personal data by our company. This shall apply similarly also for the data of other individuals who cooperate with our company on the part of a business partner.

Retention time

For the proper fulfilment of the obligations which our company has towards you we process and hold your personal data for the period of the duration of the legal relations, and for the period necessarily needed in terms of the purpose of processing or according to the applicable legal regulations in the field of the protection of personal data according to which we are obliged, as the administrator of the personal data, to keep.

Consent to processing

In the event that you granted us your confidence and provided us the express consent to the processing of personal data (for example, for our marketing and  business purposes, keeping the data about the type behaviour, preparation of analyses, and further a set of activities the purpose of which is informing about products and services of the administrator, about organized events, current fairs and exhibitions related to the industry/activities of the administrator, creation of targeted offers, as well as proper addressing on behalf of the administrator with a trade offer of products and services in writing, by phone or electronic form via the contacts which the data entity provided to the administrator, etc.), you  should be informed about the other, for you important, facts. By granting the consent to the processing of personal data the providing of any services or products is not conditioned, thus you grant it voluntarily and of course free of charge. You can then recall this consent at any time by the show of will to the address of the administrator, or by another manner agreed upon beforehand, whereas through such recalling the consent there is no danger of any sanction or other disadvantage, by the manner defined for the execution of your rights (Rights of the data entities).

By recalling the consent the legality of the processing based on the consent which was awarded before recalling it shall not be affected. By recalling the consent likewise the liability of the  administrator to process the personal data on the basis of another legal reason than the  consent shall not be affected (i.e. particularly if the processing is necessary for the fulfilment of the agreement, legal liability or for other reasons defined in the appropriate legal regulations).

If such consent is not recalled earlier, it is usually granted for a period of ten (10) years unless another period is defined in the request for awarding the consent. By awarding the consent with processing own personal data the entity agrees also to the processing of such data by a third person different from the administrator (i.e. the processor of personal data) whom the administrator with processing the personal data.

EMPLOYEES

For our company it very important that you know how your personal data is treated at our place and how we secure it. It is our  goal that you always know which data we are collecting about you, what we do with it and how it is secured, how long we retain it and , if applicable, to whom we pass it. In addition we want that you are informed whom you can contact in case that you have any doubts about such processing or if you wish to howsoever influence the processing of your data.  We are prepared to advise you even as to where you can show your disagreement to our procedures and complain about them. Unless any term is clear to you, you can consult our Definitions, which we have prepared for you.

For fulfilling the labour-legal relations we process the personal data of our employees in accordance with all applicable regulations and rules in the field of the protection of personal data, and we care that they are informed about all their rights and that their data is adequately protected.

More detailed specifications of the extent of the processed personal data of the employees, the purposes of processing it, the period for which it is being processed, including the appropriate advice are integral part of the internal regulation called Rules for Processing and Protection of Personal Data which all our employees are made aware of.

JOB SEEKERS

For our company it very important that you know how your personal data is treated at our place and how we secure it. It is our  goal that you always know which data we are collecting about you, what we do with it and how it is secured, how long we retain it and , if applicable, to whom we pass it. In addition we want that you are informed whom you can contact in case that you have any doubts about such processing or if you wish to howsoever influence the processing of your data.  We are prepared to advise you even as to where you can show your disagreement to our procedures and complain about them. Unless any term is clear to you, you can consult our Definitions, which we have prepared for you.

Purposes of processing the personal data

In case you are interested in getting a job position in our company we process some of your personal data, particularly for the purposes:

• recruiting process;
• executing an employment contract;
• satisfying other legal liabilities (for example, providing information to the authorities being active in criminal prosecution, and/or to other authorities of public administration).

Processed personal data

Our company processes the personal data of job seekers in the extent of the employer's form necessitated for the choice of a suitable candidate for an open job position. We process the personal data not only manually but in an automatic manner. And in accordance with the purpose, for which our company got it from the personal data entity, the below categories of personal data are processed:

• name and surname;
• place of birth;
• address and contact data;
• date of birth (age);
• citizenship;
• health problems and risks with respect to the performance of the work;
• data about education and other data contained in the CV of the job seeker.

Recipients of personal data

Your personal data which you have provided to our company is further made accessible only to our certain authorised employees, namely to the Human Resources Department, Managerial Employee, and/or the Management for the purpose of the choice of the suitable candidate. Hence, there is no passing of the personal data of job seekers to any other processors. For us it goes without saying that the data is processed in accordance with the above defined rules, thus we access your data only in the extent necessary for the fulfilment of the particular purposes of the processing.

As in certain case we are directed by the applicable legal regulations, we can provide your personal data also to authorities of public administration providing that the concerned legal conditions are satisfied

Retention time

We process and retain your personal data for a period necessarily needed for securing the purpose of the processing, and further for a period for which the job seeker granted the consent to processing the personal data. Since we are not entitled to process the personal data of unsuccessful job seekers after the end of the competition for a post, we no longer process such personal data unless the job seeker grants consent to further processing. All the data is after the end of the competition for a post, in case of granted consent of the unsuccessful job seeker, retained and secured at the Human Resources Department with no access by unauthorized persons for the period of time defined in the consent, whereas in case of not granting the consent of the unsuccessful job seeker it shall be discarded/erased, and/or returned to the unsuccessful job seeker. The data of a successful job seeker shall be retained in the personal files of the employee.

DEFINITIONS

For the purposes of this document the below expressions shall have, in accordance with GDPR, the following meanings:

• anonymous data is such data which does not relate to the identified or identifiable individual even when he/she ceased to be identifiable even by a later process of anonymousness; such data thus is not personal data for the purposes of this document;
• biometric data personal data resulting from a specific technical processing relating to physical or physiological features or features of the behaviour of an individual which  allows or confirms a unique identification, for example, the imaging of the face, or dactyloskopic data;
• supervision authority (also as the authority of supervision) an independent authority of the public administration established for the inspection in the field of the protection of personal data; in the Czech Republic this is Úřad pro ochranu osobních údajů (Authority for Protection of Personal Data);
• records (also as database) any structured set of personal data accessible according to special criteria, regardless of whether it is centralized, decentralized or sorted out according to the functional or geographical aspect;
• limitation of processing marking of the retained personal data for the purpose of limiting the processing of it in the future;
• personal data all information about an identified or identifiable individual (see the data subject); an identifiable individual is an individual which can be directly or indirectly identified, particularly with reference to a certain identifier, for example, the name, identification number, location number, network identifier, or to one or more special elements of the  physical, physiological, genetic, psychic, economic, cultural or social identity of such an individual;
• violation of the security of personal data violation of security which leads to an incidental or illegal destruction, loss, change or unauthorized providing or making accessible of transferred, saved or otherwise processed personal data;
• profiling any form of automated processing of personal data lying in its use for evaluating some personal aspects relating to the individual, particularly for the analysis or estimate of the aspects relating to, for example, his/her work performance, economic situation, medical condition, personal preferences, interests, reliability, behaviour, place where he/she is located, or movement;
• recipient an individual or corporate body, authority of the public administration, agency  or other entity to which the personal data is provided, whether or not it is a third party (authorities of the public administration that can obtain the personal data in the framework of a special investigation in accordance with the applicable legal regulations shall not be deemed  a recipient);
• pseudonymity processing the personal data in such a manner that it is no more possible to allocate it to a certain entity without the use of additional information providing that such additional information is kept separately and technical and organisational measures relate to it so that it is ensured that it is not attributed to an identified or identifiable individual;
• consent of the data entity any free, specific, informed and unambiguous show of will  through which the data entity  gives, by statement or some other apparent confirmation, his/her consent to the processing his/her personal data;
• administrator an individual or corporate body, authority of the public administration, agency or other  entity which itself or together with others defines the purposes and means of processing the personal data; the administrator for this document shall mean our company BENVIG HEAT TRANSFER spol. s r.o. ;
• data entity identified or identifiable individual (not a corporate body – a company or organisation);
• third party  an individual or corporate body, authority of the public administration, agency or other entity which is not the data entity, administrator, processor nor the person directly reporting to the administrator or processor, which is authorized for the processing of the personal data;
• processor an individual or corporate body, authority of the public administration, agency or other entity which processes the personal data for the administrator;
• processing personal data any operation or a set of operations with personal data or sets of personal data which is/are performed using or without the use of automated procedures, such as collecting, recoding, arranging, structuring, saving, accommodating or modifying, retrieving, accessing, using, accessing by transferring, disseminating or any other accessing, lining up or combining, limiting, erasing or destruction;
• special category o personal data personal data which says about the race  or ethnic origin, political opinions, religion or philosophical belief or membership in Trade Unions, and processing genetic data, biometric data for the purpose of the unique identification of an individual and the data about the health condition or sexual life or sexual orientation of the individual.