Personal data processing information

Statement on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter as „GDPR“).

I. Personal data controller
In accordance with Article 12 of the GDPR, company Datacruit s.r.o. with registered office at Václavské náměstí 846/1, Nové Město, 110 00 Praha 1, ID No.: 03545652, VAT ID: CZ03545652, registered in the Commercial Register kept by the Municipal Court in Prague, file C 233459, informs you about the processing of your personal data and your rights.

II. Scope of processing of personal data
Personal data is processed to the extent that the data subject has provided the personal data to the controller in connection with the conclusion of a contractual relationship or other legal relationship with the controller; or the controller processes personal data which the controller has collected otherwise and which are processed by the controller in accordance with the applicable legal regulations or to fulfill the statutory obligations of the controller.

III. Sources of personal data

  • directly from the data subjects (registrations, emails, phone calls or messages, web site, contact form on the web, social networks, business cards, etc.)
  • publicly accessible registers, lists and records

IV. Categories of processed personal data

  • data of address and identification used for the unambiguous identification of the data subject (e.g. name, surname, title, permanent address, ID, VAT ID) and contact details of the data subject (for example contact address, telephone number, fax number, e-mail address and other similar information)
  • descriptive data
  • other necessary data for performance of the contract
  • data provided in excess of the applicable laws processed within the framework of the consent given by the data subject (processing of photo, use of personal data for personnel management, etc.)

V. Categories of personal data subjects

  • candidate - job seeker
  • employee of the controller
  • service provider
  • another person who is in a contractual relationship with the controller

VI. Categories of recipients of personal data

  • processor
  • public authorities in the course of fulfilling the legal obligations laid down by the relevant legislation
  • other recipients (e.g. ECOMAIL.CZ, s.r.o. - as a supplier of email MKT)

VII. Purpose of processing of personal data

  • purposes contained in the consent of data subject
  • negotiations on a contractual relationship
  • performance of the contract
  • the statutory obligations on the part of the controller

VIII. Method of processing and protection of personal data
The processing of personal data is carried out by the controller. The processing is carried out at its premises, branch offices and registered office of the controller and processors by individual authorized employees of the controller, resp. processor. The processing of personal data takes place through computer technology, or manually to personal data in paper form, with all the security policies for managing and processing personal data. For this purpose, the controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized disclosure, unauthorized processing, and other misuse of personal data. All entities to which personal data may be made available respect the privacy rights of data protection of personal data subjects and these entities are required to comply with applicable privacy laws.

IX. Time of processing of personal data
In accordance with the deadlines for the purpose of management, or as stated in the data subject's consent, the relevant contracts or the relevant legislation, it is the time necessary to ensure the rights and obligations flowing from both the obligation relationship and the applicable legal regulations.

X. Instruction
The controller processes the personal data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

  • if the data subject has given consent for one or more specific purposes of processing,
  • processing is necessary for the performance of the contract to which the data subject is subject or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
  • processing is necessary to fulfill the legal obligation to which the controller is subject,
  • processing is necessary to protect the vital interests of the data subject or other natural person,
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller,
  • processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except in cases where the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over those interests

XI. Rights of data subjects
(1) In accordance with Article 12 of the GDPR, at the request of the data subject the data controller shall inform the data subject of the right of access to personal data and the following information,:

  • the purpose of processing,
  • the category of personal data,
  • the recipients or categories of recipients whose personal data have been or will be made available,
  • the planned time for which personal data will be stored,
  • all available information about the personal data source,
  • the fact that automated decision making, including profiling, occurs, if the personal data are not obtained from the data subject.

(2) Any data subject who discovers or considers that the controller or processor processes his personal data contrary to the protection of private and personal life of the data subject, in particular if the personal data are inaccurate with respect to the purpose of their processing, may:

  • Ask the controller for an explanation.
  • Require the controller to correct the situation. In particular, it may be blocking, repairing, adding or deleting personal data.
  • If the data subject's request under article 1 is found to be justified, the data controller shall immediately remove the malfunction.
  • If the data controller does not satisfy the data subject's request under article 1, the data subject has the right to contact the supervisory authority, the Office for Personal Data Protection.
  • The procedure provided for in article 1 shall not preclude the data subject from referring the matter directly to the supervisory authority.
  • The controller is entitled to require reasonable compensation for the provision of the information; the compensation shall not exceed the costs necessary to provide the information.

This statement is publicly accessible on the controller's website.