Dům nad vodouDům nad vodou

Privacy Policy

The controller and processor of personal data is Stanislav Hromada, Novy Svet 54, Dolni Cerekev 588 45, ID No.: 61735591, Tax ID: CZ6007040303

Scope of Personal Data Processing

Personal data are processed to the extent provided by the respective data subject to the controller in connection with entering into a contractual or other legal relationship with the controller, or which the controller has collected by other means and processes in accordance with applicable legal regulations or to fulfil the controller's legal obligations.

Sources of Personal Data

  • directly from data subjects (emails, telephone, websites, contact form on the website, business cards, etc.)
  • publicly accessible registers, lists and records (e.g. commercial register, trade register, land registry, etc.) for the purpose of creating accounting documents and verifying the accuracy of information

Categories of Personal Data Subject to Processing

  • address and identification data used for unambiguous and unmistakable identification of the data subject (e.g. name, surname, title, possibly personal identification number, date of birth, permanent residence address, ID No., Tax ID) and data enabling contact with the data subject (contact details -- e.g. contact address, telephone number, email address and other similar information)
  • descriptive data (e.g. bank account details)
  • other data necessary for the performance of a contract
  • data provided beyond the scope of the relevant laws, processed within the framework of consent granted by the data subject (processing of photographs, use of personal data for personnel management purposes, for the purpose of sending commercial or informational communications, etc.)

Categories of Data Subjects

  • client of the controller
  • employee of the controller
  • service provider
  • other person in a contractual relationship with the controller
  • job applicant

Categories of Personal Data Recipients

The controller does not intend to transfer personal data to a third country outside the EU. The controller has the right to entrust the processing of personal data to a processor who has concluded a data processing agreement with the controller and provides sufficient guarantees for the protection of your personal data. Otherwise, data subjects will be unconditionally informed of such transfer. The categories of recipients are therefore:

  • financial institutions
  • public institutions
  • processor
  • state and other authorities within the scope of fulfilling legal obligations stipulated by the relevant legal regulations

Purpose of Personal Data Processing

  • purposes contained within the consent of the data subject
  • negotiation of a contractual relationship
  • performance of a contract
  • protection of the rights of the controller, recipient or other affected persons
  • archiving conducted on the basis of law
  • selection procedures for advertised positions
  • fulfilment of legal obligations by the controller
  • protection of the vital interests of the data subject
  • delivery of commercial communications or other information in the case of the controller's legitimate interests

Method of Processing and Protection of Personal Data

Personal data are processed by the controller. Processing is carried out at the controller's establishments, branches and registered office by individually authorised employees of the controller or by the processor. Processing is carried out in compliance with all security principles for the management and processing of personal data. For this purpose, the controller has adopted technical, organisational and legal measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transfers, unauthorised processing, as well as any other misuse of personal data. All entities to which personal data may be disclosed respect the right of data subjects to the protection of privacy and freedoms and are obliged to act in accordance with applicable legal regulations concerning the protection of personal data.

Duration of Personal Data Processing

In accordance with the time limits set out in the relevant contracts and consents, the time limits prescribed for handling in the case of the legitimate interests of the controller or a third party, and in the relevant legal regulations, this means the time strictly necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.

Information

The controller processes data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject, i.e. where another legal basis exists for the purpose of processing. In accordance with Art. 6(1) of the GDPR, the controller may process data without the consent of the data subject as follows:

  • processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data

Rights of Data Subjects

A. Right of Access to Personal Data

In accordance with Art. 12 of the GDPR, the controller shall, upon request of the data subject, inform the data subject of the right of access to personal data and to the following information:

  • the purpose of processing
  • the categories of personal data concerned
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed
  • the envisaged period for which the personal data will be stored
  • all available information about the source of the personal data
  • where the data are not obtained from the data subject, whether automated decision-making, including profiling, takes place

The controller has the right to charge a reasonable fee not exceeding the costs necessary to provide the information, for the second and each subsequent copy, within the administrative costs associated therewith.

B. Right to Rectification

Any data subject who finds or believes that the controller or processor is carrying out processing of their personal data which is in conflict with the protection of the data subject's private and personal life or in conflict with the law, in particular where the personal data are inaccurate with regard to the purpose of their processing, may:

  • Request an explanation from the controller.
  • Require the controller to remedy the situation. This may include blocking, correction, supplementation or deletion of personal data.
  • If the data subject's request is found to be justified, the controller shall immediately remedy the defective state.
  • If the controller fails to comply with the data subject's request, the data subject has the right to contact the supervisory authority directly, i.e. the Office for Personal Data Protection.
  • The above procedure does not preclude the data subject from contacting the supervisory authority directly with their complaint.

C. Right to Withdraw Consent

The data subject has the right to withdraw consent to the processing of personal data which they have previously granted to the personal data controller.

D. Other Rights

The rights of data subjects include: the right to rectification, erasure, the right to be forgotten, and the right to restriction of processing. Furthermore, the right to data portability, where technically or organisationally feasible.