Principles of personal data processing - Novatop

Principles of personal data processing

AGROP NOVA a. s., residing at Ptenský  Dvorek 99, 798 43 Ptení, ID: 26243237, VAT: CZ26243237 registered in the Commercial Register kept by the Regional Court in Brno, Section B, File 3590, hereinafter referred to as the “Administrator”, declares that all personal data processed are considered by AGROP NOVA a.s. to be strictly confidential and are handled in accordance with the applicable data protection legislation, in particular Act No. 101/2000 Coll., on the protection of personal data, as amended (hereinafter referred to as the “Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”.

This principles of personal data processing apply to all personal data collected by AGROP NOVA a.s. on the basis of a contractual relationship, legal obligation, legitimate interest or consent given and describe the use and protection of personal data by AGROP NOVA a.s.

BASIC PRINCIPLES OF PERSONAL DATA PROCESSING

When processing personal data, the Administrator complies with the following principles:

  • PRINCIPLE OF LAWFULNESS OF THE PROCESSING – personal data is processed for legal reasons in accordance with applicable law and on the basis of at least one legal title pursuant to Article 6 (1) of the Regulation.
  • PRINCIPLE OF CORRECTNESS AND TRANSPARENCY OF PROCESSING – all information relating to personal data processing is concise, easy to access and understandable.
  • PRINCIPLE OF PURPOSE LIMITATION – allows personal data processing solely for the purpose for which it was collected and in ways compatible with it.
  • PRINCIPLE OF DATA MINIMIZATION – requires data processing reasonably and reliably in relation to the purpose for which they are processed.
  • PRINCIPLE OF ACCURACY – requires the processing of only personal data relevant and proportionate to the purpose of their processing.
  • PRINCIPLE OF RESTRICTED STORAGE – requires personal data storage only for the time necessary for the purposes for which they are processed.
  • PRINCIPLE OF INTEGRITY AND CONFIDENTIALITY OF PROCESSING – requires personal data to be protected and secured against unauthorized or unlawful processing, loss, destruction or damage.
  • LIABILITY PRINCIPLE – requires obligation to demonstrate compliance with all of the aforementioned conditions.

PERSONAL DATA PROCESSED

The Administrator is authorized to process the following personal data according to the purpose for which they have obtained them from individual data subjects.

  • First name, Surname Name, Phone Contact – are processed for the purpose of negotiating the contract, performance of the contractual relationship, accounting and tax purposes, performance of other legal obligations, creation of internal databases, analyses and statistics, marketing purposes, legitimate interest and human Resources purposes.
  • Address – negotiation of contract conclusion, performance of the contractual relationship, accounting and tax purposes, performance of other legal obligations, marketing purposes, legitimate interest and human Resources purposes.
  • Bank account – performance of the contractual relationship, accounting and tax purposes.
  • ID, VAT – performance of the contractual relationship, accounting and tax purposes and performance of other legal tax obligations.
  • E-mail – negotiation of contract conclusion, performance of the contractual relationship, marketing purposes, legitimate interest and human Resources purposes.

PURPOSES OF PERSONAL DATA PROCESSING

Personal data may be processed by the Administrator for the following purposes:

  • Conclusion, administration and performance of contracts
  • Marketing and customer analysis
  • Sending business messages
  • Accounting and tax purposes.
  • Performance of other legal obligations.
  • Human Resources purposes.
  • Performance of employment contract, contractual obligations and human resources management

LIST OF PROCESSORS

The processor is a natural or legal person, a public authority, an agency or another entity that processes personal data for the Administrator.

The personal data of entities shall be disclosed within AGROP NOVA a.s. only to authorized employees of the company and only to the extent necessary for processing purposes. The Administrator is entitled to provide personal data to third parties, if necessary, for the purpose of performance of the contractual relationship, compliance with legal obligations or conduct of marketing activities.

These are the following categories – external tax advisors, legal advisors, hosting service providers, marketing tool operators, mass mailing tool providers, cloud service providers, SW providers, IT administrators.  Under certain conditions, the Administrator is entitled to transfer personal data on the basis of valid legal regulations to e.g. law enforcement authorities and other public authorities.

RETENTION PERIOD

Personal data shall be retained for as long as it is necessary to safeguard the rights and obligations under the contract, that is, at least for the period of securing the implementation of the contract and for the period for which the Company is obliged to maintain the data as the Administrator pursuant to generally binding legal regulations or for the period for which the Administrator has been given consent. In other cases, the processing period results from the purpose of the processing or is given by legal regulations in the area of personal data protection.

PERSONAL DATA CATEGORIES

In the course of their activities, the Administrator collects and processes personal data of customers, business partners or suppliers in order to uniquely identify a person to the extent of:

  • Your name
  • The name of your company
  • Your address
  • Your email address
  • Your phone number
  • Your bank account number
  • Your ID/VAT
  • Photograph

The Administrator collects personal data about job seekers and employees in accordance with legal regulations. This data may include personal information that you submit to the extent of:

  • Your name
  • Your address
  • Your email address
  • Your phone number
  • Your gender
  • Your bank account number
  • Your date of birth
  • Your birth certificate number
  • The number of your identity document
  • Location data – location of business trips and the use of corporate funds

THE RIGHTS OF THE DATA ENTITIES

In accordance with the Regulation, data subjects have the following rights:

  • The Right to Be Informed
  • The Right to Access
  • The Right to Repair
  • The Right to Delete
  • The Right to Limit the Processing
  • The Right to Data Portability
  • The Right to Make a Complaint
  • The Right Related to Automated Decision Making and Profiling.
  • The Right to Consent Withdrawal

The right to be informed – according to Article 15 of the Regulation, the data subject has the right to obtain confirmation from the Administrator whether the personal data relating to them has or has not been processed, and if so, they have the right to access to this personal data and the following information:

  • Processing purposes.
  • Categories of personal data concerned.
  • Recipients or categories of recipients to whom the personal data have been or will be disclosed
  • Scheduled period for which the personal data will be stored.
  • The data subject has the right to be informed of the existence of the right to repair or delete the personal data.
  • The right to file a complaint to the supervisory authority.

The right to confirmation of personal data processing and to information can be claimed in writing at the address of AGROP NOVA a.s. In the event of a repeated application, the Company is entitled to charge a reasonable fee for a copy of the personal data.

The right to access – the data subject has the right to require the Administrator to inform them whether the Administrator is processing personal data concerning them.

The right to repair – according to Article 16 of the Regulation, the data subject has the right to ask the Administrator to repair inaccurate data concerning them without undue delay. Taking into account the purpose of the processing, the data subject has the right to completion of incomplete personal data, specifically by providing an additional declaration.

The right to delete – according to Article 17 of the Regulation, the data subject has the right to delete (“the right to be forgotten”) the data relating to them, unless the Administrator demonstrates justified reasons for processing such personal data.

The right to limit the processing – according to Article 18 of the Regulation, the data subject has the right, until the complaint is resolved, to limit the processing if they deny the accuracy of the personal data, the reason for their processing or if they object in writing to the processing.

The right to data portability – according to Article 20 of the Regulation, the data subject has the right to obtain personal data concerning them provided to the Administrator in a structured, commonly used and machine-readable format and to transfer such data to another administrator without the administrator, who the information was provided with, preventing it.

The right to make a complaint – according to Article 21 of the Regulation, the data subject has the right to make a complaint about the processing of their personal data due to the legitimate interest of the Administrator.  If the Administrator does not prove that there is a valid legitimate reason for the processing that outweighs the interests or rights and freedoms of the data subject, the Administrator shall terminate the processing upon the complaint without undue delay.

The right related to automated decision making and profiling – the data subject has the right not to be subject to any decision based on automated processing, including profiling, which has legal effects or a significant impact on them.

The right to consent withdrawal – the data subject shall have the right to withdraw their consent at any time. Consent withdrawal shall not affect the lawfulness of the processing based on the consent given before its withdrawal. The withdrawal shall be made by express, comprehensible and clear expression of will, either in writing or electronically by sending it to the following address: gdpr@agrop.cz

The request can only be accepted if the data subject is clearly identified. The administrator shall process the application without undue delay, but no later than one month from the date of receipt. In exceptional cases, especially due to the complexity of the request, the Administrator is entitled to extend this period by two months.

Note: the Administrator is entitled to refuse or impose a reasonable fee, taking into account the administrative costs associated with the execution of the application, in case of manifestly unreasonable or disproportionate requests for asserting the rights of the data subject.

The Right to Contact the Office for Personal Data Protection

In case of doubts about compliance with obligations related to lawful processing of personal data, the personal data subject may contact the Office for Personal Data Protection.

In accordance with Article 6 of the Regulation, the Administrator may process the following data without the consent of the data subject:

  • The processing is necessary for the performance of the contract to which the data subject is a party or for the implementation of measures taken prior to the conclusion of the contract upon the request of the data subject.
  • The processing is necessary for the fulfilment of the legal obligation that applies to the Administrator.
  • The processing is necessary for protecting the vital interests of the data subject or another natural person.
  • The processing is necessary for the fulfilment of a task performed in the public interest or during the exercise of official authority entrusted to the Administrator.
  • The processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, except for cases where the interests or fundamental rights and freedoms of the data subject requiring personal data protection take precedence over these interests, in particular where the subject is a child.

If you have any questions, comments or requests regarding these Principles, do not hesitate to contact AGROP NOVA a.s. via the following e-mail address: gdpr@agrop.cz.

Effective Date: May 25, 2018