Information on Personal Data Processing

Statement on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter as „GDPR“)

I. Personal data controller

In accordance with Article 12 of the GDPR, company Reference Screening, s.r.o. with registered office at Kurta Konrada 2517/1, Libeň, 190 00 Praha 9, ID No.: 19343671, Tax ID No.: CZ19343671,
registered in the Commercial Register kept by the Municipal Court in Prague, file C 385058 (hereinafter as „controller“), informs you about the processing of your personal data and your rights.

 II. Scope of processing of personal data

Personal data is processed to the extent that the data subject has provided the personal data to the controller in connection with the conclusion of a contractual relationship or other legal relationship with the controller; or the controller processes personal data in accordance with the applicable legal regulations or to fulfil the statutory obligations of the controller.

III. Sources of personal data

  • directly from the data subjects (registrations, emails, phone calls or messages, website, website contact form, social networks, business cards etc.)

  • publicly accessible registers, lists and records

IV. Categories of processed personal data

  • data used for the unambiguous identification of the data subject (e.g. name, surname, title, Czech Republic birth identification number, date of birth, permanent address, ID, Tax ID) and contact details of the data subject (e.g. contact address, telephone number, fax number, e-mail address)

  • descriptive data

  • other necessary data for delivery of the contract

  • data processed within the framework of the consent given by the data subject (e.g. personal data used for recruitment and selection process)

V. Categories of subjects of personal data processing

  • candidate - job seeker

  • employee of the controller

  • service provider

  • customer

  • another person who is in a contractual relationship with the controller

VI. Categories of recipients of personal data

  • processor

  • customer (potential employer)

  • public authorities in the course of fulfilling the legal obligations laid down by the relevant legislation

VII. Purpose of personal data processing

  • purposes contained in the consent of data subject

  • negotiations on a contractual relationship

  • delivery of the contract

  • the statutory obligations of the controller

VIII. Method of processing and protection of personal data

The processing of personal data takes place through information technology with all the security policies for managing and processing personal data. For this purpose, the controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration,
destruction or loss, unauthorized disclosure, unauthorized processing, and other misuse of personal data. All entities to which personal data may be available respect the right to data protection of personal data subjects and these entities are required to comply with applicable privacy protection laws.

IX. Personal data processing deadlines

In accordance with the deadlines for the purpose of management, or as stated in the data subject's consent, the relevant contracts or the relevant legislation, it is the time necessary to ensure the rights and obligations flowing from both the obligation relationship and the applicable legal regulations.

X. Instruction
The controller processes the personal data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

  • processing is necessary for the delivery of the contract to which the data subject is a subject or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,

  • processing is necessary to fulfil the legal obligation to which the controller is a subject,

  • processing is necessary to protect the vital interests of the data subject or other person,

  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller,

  • processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except in cases where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over those interests.

XI. Rights of data subjects

(1) In accordance with Article 12 of the GDPR, at the request of the data subject the data controller shall inform the data subject about the right to access to personal data and the following information,:

  • the purpose of processing,

  • the category of personal data,

  • the recipients or categories of recipients whose personal data have been or will be made available,

  • the planned time for which personal data will be stored,

  • all available information about the personal data source.

(2) Any data subject who discovers or considers that the controller processes the personal data contrary to the protection of private and personal life of the data subject, in particular if the personal data are inaccurate with respect to the purpose of their processing, may:

  • Ask the controller for an explanation.

  • Require the controller to correct the situation. In particular, it may be blocking, repairing, adding or deleting personal data.

  • If the data subject's request under article 1 is found to be justified, the data controller shall immediately remove the malfunction.

  • If the data controller does not satisfy the data subject's request under article 1, the data subject has the right to contact the supervisory authority, the Office for Personal Data Protection.

  • The procedure provided for in article 1 shall not preclude the data subject from referring the matter directly to the supervisory authority.

This statement is publicly accessible on the controller's website.