Poptávkový formulář byl úspěšně odeslán
Děkujeme za Váš zájem.
Vaším dotazem se budeme v co nejkratší době zabývat a budeme vás kontaktovat.
INFORMATION ON PERSONAL DATA PROCESSED BY TRITREG - TŘINEC, S.R.O.
The company TRITREG - TŘINEC, s.r.o., with registered office at Frýdecká 390, Staré Město, 739 61 Třinec, ID No.: 48390372, registered in the Commercial Register maintained by the Regional Court in Ostrava, File No. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "Regulation"), informs all data subjects concerned about the personal data processed by the Company.
1. Identity and contact details of the controller and his representative, if any
(Article 13(1)(a) of the Regulation)
2. Contact details of the Data Protection Officer, if any
(Article 13(1)(b) of the Regulation)
The company is not obliged to and does not voluntarily establish a data protection officer. For this reason, no further details are given in this point.
3. Purposes of processing for which the personal data are intended and legal basis for processing
(Article 13(1)(c) of the Regulation)
a) Personal data of employees
The Company processes personal data of employees for the purpose of fulfilling rights and obligations arising from employment relationships and related legal obligations arising for the Company as an employer from the applicable legislation of the Czech Republic. The legal basis for the processing is the provisions of Article 6(1)(b) of the Regulation1 and the provisions of Article 6(1)(c) of the Regulation2 .
The Company processes employees' personal data to the following extent:
first name, surname, maiden name, all former surnames, date of birth, residential address and contact address (if different from permanent address), gender, birth number, nationality, identity card (passport) number, personal status (single, married, widow/widower), education or qualification, pension, bank account, employee contact details, employee private telephone numbers and email addresses, employee
dependants and dependants of the same children within the same household (in the scope of name, surname, birth number, residential address, employer and employer's address, only for the purpose of processing the taxpayer's declaration of personal income tax from dependent activities), data on the attending physician of employees who do not use the services of the Company's company doctor; data on any court, enforcement and insolvency proceedings, data on persons living in the same household as the employee in the scope of name, surname, birth number, only for the purpose of processing sickness insurance benefits; data on the size of work and protective equipment - size of work clothes, coats and work boots and the employee's internal number.
1 The processing is necessary for the performance of contractual obligations.
2 The processing is necessary for compliance with a legal obligation to which the controller is subject.
b) Personal data of customers and suppliers - self-employed persons
The company also processes personal data of customers and suppliers - self-employed persons, in order to fulfil the rights and obligations arising from the concluded commercial contracts between customers and suppliers (delivery and collection of goods). The processing relates solely to the Company's business activities (including offering trade and services, sending newsletters and marketing).
The Company processes personal data of self-employed persons to the following extent:
name, surname, company name, registered office, registration number, VAT number, contact telephone number, email address, bank account number.
c) Processing of personal data of job applicants
The Company processes personal data of job applicants on the basis of their consent, i.e. on the basis of the legal title pursuant to Article 6(1)(a) of the Regulation.
In particular, the Company processes the following personal data in relation to job applicants:
address and identification data used to uniquely and unmistakably identify the data subject (e.g. name, surname, title, possibly birth number, date of birth, permanent address) and data enabling contact with the data subject (contact data - e.g. contact address, telephone number, fax number, e-mail address and other similar information).
(d) Personal data from CCTV footage
The Company operates an industrial CCTV system to monitor buildings and land owned by the Company. It retains the camera footage for a period of 24 hours. The CCTV system only records images, not sound. The Company also operates a CCTV system on the premises of its production halls, but only for the purpose of checking technological procedures and identifying defects in the production process and correcting them (in the case of the production of 'rejects').
The CCTV system is not installed in the changing rooms and toilets and does not have parameters that allow excessive invasions of privacy, such as high resolution or the processing of certain biometric characteristics. All areas monitored by the Company are properly marked and persons entering them are informed about the monitoring. The legal title for this processing is Article 6(1)(f) of the Regulation3.
3 processing based on the legitimate interest of the Company.
e) Google Analytics
The Company uses Google Analytics to monitor website traffic, which enables it to better optimize its website (e.g.: how many visitors have visited the Company's website, how many pages they have viewed, from which location (city, town) they visit the website). The Company uses this data only for its own use and does not share it with other entities.
The Company's server uses two types of cookies. The first are so-called session cookies, which are automatically deleted after the user's visit to the website. This type of cookie helps the Company to remember data about the user. They are also partly used for statistical purposes so that the Company can find out how many people have visited its website and improve the content of the website accordingly.
The second type of cookie is called persistent cookies, which remain on the user's computer or mobile phone for the time specified in the cookie parameters or until they are deleted from the browser. Persistent cookies facilitate the sharing of information using social network plugins (e.g. Facebook.permanent popup_counter), help the Company measure the effectiveness of advertising messages and limit the display of advertising.
Cookies are not harmful, do not contain viruses and therefore the Company recommends not to block these cookies. Users can, of course, change their web browser settings so that no cookies are stored, or they can delete cookies already stored.
4. Legitimate interests of the controller
(Article 13(1)(d) of the Regulation)
The processing of personal data by the controller from the CCTV system is carried out on the basis of the legitimate interest of the Company. The Company has an interest in (i) protecting the life, health and safety of human beings on the Company's premises, (ii) protecting its property, (iii) improving the quality of its production, technological and innovative production processes and guaranteeing its competitive ability in the market. The Company has (i) carried out a so-called balancing test, (ii) implemented and taken all measures to mitigate or completely eliminate the impact of these legitimate interests of the Company on the fundamental rights and freedoms of individual data subjects.
The processing of personal data of self-employed persons relates exclusively to the Company's business activities (including offering trade and services, sending newsletters and marketing); the Company processes only necessary personal data and does not process special categories of personal data in any case. The Company does not make use of technical or other means and technologies that would excessively interfere with the privacy of data subjects. The Company has (i) carried out a so-called balancing test, (ii) implemented and taken all measures to mitigate or completely eliminate the impact of these legitimate interests of the Company on the fundamental rights and freedoms of individual data subjects.
5. Potential recipient or categories of recipients of personal data
(Article 13(1)(e) of the Regulation)
Pursuant to Article 4(9) of the Regulation, the recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party ("Recipient").
The Company provides the necessary personal data to the extent provided for by the legislation of the Czech Republic to health insurance companies, the Czech Social Security Administration, tax authorities, state archives, insurance companies in the case of insurance claims, auditors and legal representatives of the Company. If requested, the Company provides necessary personal data to law enforcement authorities (Police of the Czech Republic, State Prosecutor's Office, Probation and Mediation Service), courts and bailiffs. In such cases, the Company shall provide data upon request and to the extent necessary for the fulfilment of the Company's legal obligation under the law.
Due to capacity constraints of the Company's archives, it is possible that the Company will transfer employees' personal data (in particular payroll and pension records) to an authorised commercial filing office for archiving for the period of time required by law for archiving documents.
6. Any intention of the controller to transfer personal data to a third country or an international organisation
(Article 13(1)(f) of the Regulation)
The Company does not transfer personal data to third countries or international organisations. For this reason, no further details are provided in this point.
In order to ensure fair and transparent processing of personal data, the Company provides the information below:
1. The period for which the personal data is stored
(Article 13(2)(a) of the Regulation)
The Company stores personal data for the period necessary for processing, but at least for the period required by law. After the end of the processing purpose, the personal data, depending on their nature, are stored in the Company's filing cabinet or in a commercial filing cabinet. After the expiry of this period, the Company submits a "Proposal for the disposal of documents" addressed to the Provincial Archive in Opava, branch of the State District Archive Frýdek-Místek. Subsequently, after the issuance of the "Protocol on the shredding procedure" by the Provincial Archive in Opava, branch of the State District Archive Frýdek-Místek, the Company shall carry out physical shredding.
Employment law documentation is kept by the administrator in the Company's file room A for the period of time prescribed by law. Accounting and tax documentation for employment documents shall be kept by the Company in the Company's file room A for the period of time prescribed by law. After the expiry of this period, the Company submits a "Proposal for the disposal of documents" addressed to the Provincial Archive in Opava, branch of the State District Archive Frýdek-Místek. Subsequently, after the issuance of the "Protocol on the shredding procedure" by the Provincial Archive in Opava, branch of the State District Archive Frýdek-Místek, the Company shall carry out physical shredding.
Business documentation with customers and suppliers is kept for the duration of the contractual relationship, extended by the period of the guarantee for the quality of goods and for the period of time resulting from the legal regulations. Subsequently, personal data is shredded by the Company according to the procedure described above.
The personal data of job applicants is kept for 5 years after it is provided, after which the Company physically shreds it.
2. Instructions to data subjects on their rights in relation to the processing of personal data
(Article 13(2)(b) of the Regulation)
3. Information on the right to lodge a complaint with a supervisory authority
(Article 13(2)(d) of the Regulation)
Any data subject is entitled at any time to lodge a complaint with a supervisory authority in connection with the processing of personal data by the Company. Any data subject shall have the right to request the rectification of a situation that is contrary to the law, in particular by suspending or stopping the processing of personal data, correcting, supplementing or deleting them. He or she has the right to contact the Data Protection Authority in the event of the aforementioned suspicion or refusal to remedy the situation that is in breach of the law.
4. whether the provision of data is a legal or contractual requirement or a requirement to be included in a contract, and whether the data subject is obliged to provide personal data and the possible consequences of not providing such data.
(Article 13(2)(e) of the Regulation)
Without the provision of the employee's personal data, it is not possible to validly conclude an employment contract, process wages, pay wages and make statutory contributions to health insurance and social security, including the payment of taxes. The provision of such data therefore has both a contractual and a legal basis.
5. Automated decision-making, including profiling
(Article 13(2)(f) of the Regulation)
The company does not carry out automated decision-making or profiling, nor does it collect or process personal data for this purpose. For this reason, no further details are provided in this point.
In Trinec, 23 May 2018
For TRITREG - TŘINEC, s.r.o.
Janusz Hóta Managing Director