Personal data processing information

Commity.cz s.r.o., with its registered office at Jiráskova 1016/34, Jihlava 586 01, Czech Republic, ID No.: 061 07435, registered with the Regional Court in Brno, Section C, Insert 100092 informs, in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”), and in accordance with Act No. 110/2019 Coll., on the processing of personal data, as amended, about the processing of personal data.

Basic concepts of personal data protection

Personal data means any information relating to an identified or identifiable natural person.

Sensitive personal data (special category of personal data) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life or sexual orientation of a natural person. Genetic and biometric data are also special categories when processed for the purpose of uniquely identifying a natural person.

Data subject means the natural person to whom the personal data relate.

Controller means the entity that determines the purposes and means of processing personal data, carries out processing, and is responsible for it.

Processor means the entity that processes personal data on the basis of specific legislation or the controller’s mandate.

Processing of personal data means any operation or set of operations which the controller or processor systematically carries out with personal data, whether automated or otherwise. Processing includes in particular collection, storage on information media, disclosure, alteration or modification, retrieval, use, transmission, dissemination, publication, retention, exchange, sorting or combination, blocking, and erasure.

Data protection officer means the person supervising personal data processing, appointed to fulfil obligations in the field of personal data protection within the meaning of Chapter IV, Section 4 of the GDPR.

Controller contact details

Commity.cz s.r.o., Jiráskova 1016/34, Jihlava 586 01

ID No.: 061 07 435

Email: info@commity.cz

Contact person: Leoš Přikryl, managing director

Phone: +420 792 375 582

Data box (Czech ISDS): bt3iypd

Data protection officer contact details

No data protection officer has been appointed.

Commity.cz s.r.o. has designated the following for the field of personal data protection:

Leoš Přikryl, managing director

tel.: 792 375 582

data box: bt3iypd

Purposes of processing and legal bases

Commity.cz s.r.o. processes personal data only in accordance with the legal bases set out in the GDPR and other generally binding legislation.

Commity.cz s.r.o. collects and processes personal data only for defined purposes, to the extent below, for a period that is strictly necessary and determined for individual processing purposes and document types by the GDPR, the adaptation act, and generally binding legal regulations (e.g. the Archives Act and records management rules).

Purposes of personal data processing

• processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract;
• processing is necessary for compliance with a legal obligation to which the controller is subject;
• processing is necessary to protect the vital interests of the data subject or another natural person;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• the data subject has given consent for one or more specific purposes;
• processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Scope of personal data processing

To fulfil statutory and contractual obligations, processing on the basis of public or legitimate interest, or with the data subject’s consent, Commity.cz s.r.o. processes in particular the following categories of personal data:

• basic identification data — name, surname, date of birth, place of birth, birth number;
• address and contact data — permanent residence, correspondence or delivery address, phone number, email address, etc.;
• information from mutual communication — from paper mail, emails, phone call records, contact forms, tax declarations of employees, etc.;
• information on social circumstances — in particular age, gender, marital status, education, profession, data on last employer, number of children, etc.;
• photographs from social, cultural, and sports events or important life events.

Recipients or categories of recipients of personal data

Personal data processed to fulfil obligations under special legislation are disclosed by Commity.cz s.r.o. to third parties only where required by law; an exception is disclosure or access under a processing agreement. Where processing is based on consent, data are transferred only to the extent of that consent.

Retention period for personal data

All documents processed by Commity.cz s.r.o. are stored in accordance with the Archives Act and records management rules, or with internal company regulations, in particular internal rules on personal data protection and guidelines.

Rights of the data subject

For each processing activity, the data subject has the rights listed below.

Certain exceptions apply, so these rights cannot be exercised in every situation. If the data subject exercises their rights and the request is justified, the controller will take the requested measures without undue delay, within one month (in justified cases this period may be extended by up to two further months).

• right of access — the data subject has the right to obtain access to their personal data processed by the controller;
• right to rectification — the data subject may request correction of inaccurate personal data;
• right to erasure — the data subject may request erasure of personal data, in particular under the conditions of Article 17 GDPR;
• right to withdraw consent — the data subject may withdraw consent to processing at any time and thus prevent further processing for the purpose stated in that consent; withdrawal does not affect the lawfulness of processing before withdrawal;
• right to object — where the controller processes data on the basis of legitimate interests, the data subject has the right to object to processing concerning them;
• right to restriction of processing — in certain cases the data subject may request that the controller restrict processing (e.g. until objections are resolved);
• right to data portability — the data subject may request that the controller transmit personal data processed on the basis of contract or consent to the data subject or a third party in electronic form.

If the data subject believes that their personal data are processed in breach of law, they may ask the controller to remedy the situation. If the request is justified, the controller will remove the issue without delay. This does not affect the data subject’s right to lodge a complaint directly with the Office for Personal Data Protection (supervisory authority: UOOU, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic).

Exercising rights with the controller

The rights described above may be exercised directly with the controller:

Commity.cz s.r.o.

Jiráskova 1016/34, Jihlava 586 01

ID No.: 061 07 435

Email: info@commity.cz

Contact person: Leoš Přikryl, managing director

Phone: 792 375 582

Data box: bt3iypd

Rights may also be exercised with the professional guarantor and consultant for personal data protection — by email to lucie.janco@centrum.cz or by phone at 731 188 336. For clear identification, phone requests may receive only basic and general information.

Security of personal data

Paper documents containing personal data are stored in lockable cabinets or in a locked office and are never left unattended without authorised supervision.

Rules for employees of Commity.cz s.r.o. handling personal data are contained in the following internal regulations:

• Internal directive on personal data protection
• Directive on principles for data subject requests
• Directive on reporting security incidents
• Directive on data protection on PCs

All employees of Commity.cz s.r.o. who are authorised to handle personal data have been familiarised with rights and obligations under personal data protection regulations, in particular the GDPR, and receive regular training. Technical security is implemented so that files are protected and access is password-controlled in line with access rights.

Prepared by: Bc. Lucie Janco, DiS., professional guarantor and consultant in the field of personal data protection