Statement Concerning the Processing of Personal Data in accordance with Act No 101/2000 Coll., as Amended, (hereinafter “APPD” ) and Information for Data Subjects (hereinafter “Statement”)
1. Personal Data Controller
SINCLAIR Global Group s.r.o., reg. office Purkyňova 2740/45, 612 00 Brno, I9Č:15528383, registered in the Commercial Register kept by the Brno Regional Court, division C, file 788, as data controller (hereinafter “Controller” ) hereby informs you pursuant to Section 11 APPD about the processing of your personal information and your related rights.
2. The Purpose of Personal Data Processing
a) purposes covered by a data subject’s consent
b) negotiations relating to a contractual relationship
c) contract fulfilment
d) provision of sales support including marketing methods
e) protection of vital interests of the data subject
f) protection of the rights of the controller, recipient or other affected persons (e.g. recovery of claims of the controller)
g) protection of property, occupational health and safety, fire protection
h) archiving maintained based on law
ch) offering sale or services
i) creating internal databases, analyses, prognoses and statistics
j) succession matters based on legal regulations
k) recruitment and selection procedures
l) compliance with legal obligations by the controller
Provision of personal data is voluntary unless the regulation provides otherwise.
3. Category of Data Subjects
a) customers (clients) of the controller
b) employees and members of the controller
d) service providers
e) visitors and other persons present in the premises of the controller, who are monitored by the camera system
f) other persons who have a contractual relationship with the controller
g) job candidates
4. Category of Personal Data Forming the Subject-Matter of Processing Operations
a) address and identification data used for unique and unmistakeable identification of the data subject (e.g. name, surname, degree, or possibly birth identification number, birth date, permanent address, ID, TID) and data enabling contact with the data subject (contact data- e.g. contact address, telephone number, fax number, e-mail address and other similar information)
b) descriptive data (such as bank coordinates, camera system recordings)
c) further data required for contract fulfilment
d) the data provided beyond the relevant law, processed within the awarded consent on the part of the data subject (processing of photographs, usage of personal data for the purpose of human resource development, specimen signatures, photocopy of identity card in order to identify participant in trade, promissory note and guarantee declarations including personal data,
5. Personal Data Sources
a) straight from data subjects
d) camera system
e) publicly accessible registers, lists and records (e.g. Commercial register, trade register, land register, public telephone directory and suchlike)
f) B2B portal, s2p.sinclair-solutions.com
6. Scope of Personal Data Processing
Personal data is processed within the scope in which the relevant data subject has provided it to the controller, specifically in relation to entering into a contractual or other legal relationship with the controller, or which the controller collected in a different way and processes it in compliance with the legislation in force or in order to meet the legal obligations of the controller.
7. Manner of Personal Data Processing and Protection
The processing of personal data is carried out by the controller. The processing is performed in its places of business, subsidiaries and the controller’s main office by individual authorized employees of the controller, or by the processor. The processing is performed with computer technology or even manually for personal data in documentary form while all the security rules for controlling and processing of personal data are observed. For this purpose the controller adopted technical-organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to personal data, its alteration, destruction or loss, unlawful transfers for its unauthorised processing, or any other misuse of personal data. All the subjects who may be given access to personal data respect the right of data subjects to privacy protection and they shall proceed in compliance with the legislation in force concerning the personal data protection.
8. Category of Personal Data Recipients
a) wholesalers (in accordance with relevant contracts)
b) financial institutions
c) public institutions
e) contractual partners organizing recruitment and selection procedures
f) national and other bodies within meeting the legal obligations established by the relevant legislation
g) other possible recipients – based on the consent given by the data subject (e.g. handing-over of personal data abroad – EU states)
9. Time-Period for Personal Data Processing
In compliance with time-limits specified in relevant contracts, filing and retention rules of the controller or in the relevant legal regulations. It is a time-period required for ensuring the rights and obligations following from both the contractual relationship and the relevant legislation.
The controller processes data with the consent of the data subject with the exception of the legally specified instances, where processing of personal data does not require consent of the data subject. Pursuant to Section 5, par. 2, APPD, the controller can process without the consent of the data subject the following data:
a) if processing data necessary for meeting the legal obligations of the controller
b) if data processing is necessary for fulfilling a contract whose contractual party is a data subject, or for negotiation about entering into or altering of a contract, taking place on the request of the data subject,
c) if necessary e.g. for the protection of vital interests of the data subject. In this case it is necessary to obtain his consent without unnecessary delay. If the consent is not given, the controller must end the processing and dispose of the data,
d) if lawfully published personal data is concerned in accordance with a special legal regulation. This is nonetheless without prejudice to the protection of private and personal life of the data subject.
e) when it is necessary for the protection of rights and legally protected interests of the controller, recipient or another affected person; however such processing of personal data must not be in conflict with the right of the data subject to the protection of his private and personal life,
f) when the controller provides personal data about a public person, officer or public servant, which testifies to their public or official activities, their title or job classification or
g) when data processing is only performed for the archiving purposes according to a special law.
The controller provides guidance to the data subject concerning his rights included within sections 12 and 21 APPD, by mediating hereby the concerned legal regulations as amended, to the data subject.
§ 12 Access to Information of Data Subject
(1) If the data subject asks for information about his personal data processing, the controller shall be obliged to provide such information to him without unnecessary delay.
(2) The information always includes
a) the purpose of personal data processing
b) personal data, or personal data categories involved in the processing,
including all the available information about its source,
c) information about the character of automated processing in relation to its use for decision-making, if steps or decisions are taken based on such processing that involve interference with the rights and lawful interests of the data subject,
d) information about recipient, or recipient categories.
(3) The controller is authorized to request reasonable compensation for the provision of information not exceeding the necessary cost of its provision.
(4) The controller’s duty to provide information for data subject as specified in Section 12 can be carried out by the processor for the controller.
Protection of Rights of Data Subjects § 21
(1) Each data subject who will find out or suspects that the controller or processor carries out his personal data processing which contravenes the protection of private and personal life of the data subject or the law, especially when personal data is inaccurate with respect to the purpose of its processing, he can
a) ask the controller or processor for explanation,
b) request that the controller or processor removes the state arisen in this way. This may in particular involve blocking, amending, supplementing or liquidating personal data.
(2) If the request of data subject is found legitimate pursuant to par. 1, the controller or processor shall immediately remedy the incorrect state.
(3) If the controller or processor fails to satisfy the data subject’s request pursuant to paragraph 1, the data subject is entitled to appeal directly to the Office.
(4) The procedure stipulated in paragraph 1 does not preclude that the subject can appeal to the Office directly.
(5) If damages other than financial damages occur as a result of processing of the data subject’s personal data, the process for lodging a claim is governed by a special law.
(6) If the controller or processor breach the obligations imposed on them by law when processing personal data, such entities are liable for such breach jointly and severally.
(7) The controller is obliged without undue delay to inform the recipient of the data subject’s request pursuant to paragraph 1 and of blocking, amending, supplementing or liquidating the personal data. This does not apply if informing the recipient is impossible or would involve disproportionate effort.
Information about what personal data about a particular subject data the controller processes can be requested by the data subject at the registered office of the controller, or he can acquaint himself with the data processing which was recorded by the controller on the Internet site of the Office for Personal Data Protection.
This statement is publicly accessible on the Internet site of the controller.
Brno, dated 17/05/2018
SINCLAIR Global Group s.r.o.