Information on Personal Data Processing
Statement on the
processing of personal data under Regulation (EU) 2016/679 of the European Parliament
and of the Council of the European Union on the protection of individuals with
regard to the processing of personal data and the instruction of data subjects
(hereinafter as „GDPR“)
I.
Personal data controller
In accordance with Article 12 of the GDPR, company Reference Screening, s.r.o.
with registered office at Kurta Konrada 2517/1, Libeň, 190 00 Praha 9, ID No.: 19343671,
Tax ID No.: CZ19343671,
registered in the Commercial Register kept by the Municipal Court in Prague,
file C 385058 (hereinafter as „controller“), informs you about the processing
of your personal data and your rights.
II.
Scope of processing of personal data
Personal data is
processed to the extent that the data subject has provided the personal data to
the controller in connection with the conclusion of a contractual relationship
or other legal relationship with the controller; or the controller processes
personal data in accordance with the applicable legal regulations or to fulfil
the statutory obligations of the controller.
III.
Sources of personal data
directly from the data subjects
(registrations, emails, phone calls or messages, website, website contact
form, social networks, business cards etc.)
publicly accessible registers, lists
and records
IV.
Categories of processed personal data
data used for the unambiguous
identification of the data subject (e.g. name, surname, title, Czech
Republic birth identification number, date of birth, permanent address,
ID, Tax ID) and contact details of the data subject (e.g. contact address,
telephone number, fax number, e-mail address)
descriptive data
other necessary data for delivery of
the contract
data processed within the framework of
the consent given by the data subject (e.g. personal data used for recruitment
and selection process)
V.
Categories of subjects of personal data processing
VI.
Categories of recipients of personal data
VII.
Purpose of personal data processing
purposes contained in the consent of
data subject
negotiations on a contractual
relationship
delivery of the contract
the statutory obligations of the
controller
VIII.
Method of processing and protection of personal data
The processing of personal data takes place through information
technology with all the security policies for managing and processing personal
data. For this purpose, the controller has adopted technical and organizational
measures to ensure the protection of personal data, in particular measures to
prevent unauthorized or accidental access to personal data, alteration,
destruction or loss, unauthorized disclosure, unauthorized processing, and
other misuse of personal data. All entities to which personal data may be
available respect the right to data protection of personal data subjects and
these entities are required to comply with applicable privacy protection laws.
IX.
Personal data processing deadlines
In accordance with the deadlines for the purpose of management, or as
stated in the data subject's consent, the relevant contracts or the relevant
legislation, it is the time necessary to ensure the rights and obligations
flowing from both the obligation relationship and the applicable legal
regulations.
X.
Instruction
The controller processes the personal
data with the consent of the data subject, except in cases where the processing
of personal data does not require the consent of the data subject.
In accordance with Article 6 (1) of the GDPR, the controller may process
the following data without the consent of the data subject:
processing is necessary for the delivery
of the contract to which the data subject is a subject or for the implementation
of measures taken prior to the conclusion of the contract at the request
of that data subject,
processing is necessary to fulfil the
legal obligation to which the controller is a subject,
processing is necessary to protect the
vital interests of the data subject or other person,
processing is necessary for the
performance of a task carried out in the public interest or in the
exercise of public authority entrusted to the controller,
processing is necessary for the
purposes of the legitimate interests of the relevant controller
or third party, except in cases where the interests or fundamental
rights and freedoms of the data subject that require the protection
of personal data prevail over those interests.
XI.
Rights of data subjects
(1) In accordance with Article 12 of the GDPR, at the request of the
data subject the data controller shall inform the data subject about the right to
access to personal data and the following information,:
the purpose of processing,
the category of personal data,
the recipients or categories of
recipients whose personal data have been or will be made available,
the planned time for which personal
data will be stored,
all available information about the
personal data source.
(2) Any data subject who discovers or considers that the controller processes
the personal data contrary to the protection of private and personal life of
the data subject, in particular if the personal data are inaccurate with
respect to the purpose of their processing, may:
Ask the controller for an explanation.
Require the controller to correct the
situation. In particular, it may be blocking, repairing, adding or
deleting personal data.
If the data subject's request under
article 1 is found to be justified, the data controller shall immediately
remove the malfunction.
If the data controller does not
satisfy the data subject's request under article 1, the data subject has
the right to contact the supervisory authority, the Office for Personal
Data Protection.
The procedure provided for in article
1 shall not preclude the data subject from referring the matter directly
to the supervisory authority.
This statement is publicly accessible on the controller's website.
