According to Article 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation (hereinafter the „GDPR“
In accordance with the principle of transparency, we hereby inform you, as job applicants, employees, suppliers, visitors and other persons, about the processing of your personal data and your rights.
1. Information about the personal data controller
KASPER KOVO s.r.o.
with its registered office at Žitná 476, 541 03 Trutnov, Company ID: 465 08 465, (hereinafter the „Controller”)
2. Contact details for personal data protection
More detailed information on personal data protection under the GDPR can be obtained by phone: +420 736 771 597
or by e-mail: buldoq@seznam.cz, or info@kasperkovo.cz.
3. Purpose of processing and legal basis, categories of personal data
The purpose of processing personal data is the fulfilment of the Controller's (employer's) legal obligations arising from the employment relationship with the employee and generally binding legal regulations towards the relevant authorities and bodies. In the case of processing of likeness by a camera system, it is the need to protect the Controller's property against theft, etc., as well as to ensure the safety of the Controller's employees and third parties. For suppliers and customers,
the purpose of processing is the proper performance of the contract. We process personal data both in paper form and electronically.
We process the following data about employees:
On the basis of the Controller's fulfilment of a legal obligation, we process your identification and contact details used for your clear and unmistakable identification (title, name, surname, birth number, date of birth, permanent address, or contact address), as well as data enabling contact with you (telephone number, e-mail address), data related to the provision of employer benefits, data about your bank details, health insurance and social security, special category data about your health condition (e.g. medical examinations, incapacity for work, vaccination, testing).
On the basis of our legitimate interest, we process your likeness by means of a camera system, and in the case of using a company vehicle with GPS, your coordinates for the purpose of keeping a logbook, protecting vehicles against theft, preventing unauthorized trips, etc.).
On the basis of your consent, then in such case, approved private trips with a company vehicle. If no other legal reason is met, we process personal data on the basis of the free consent of the data subject for one or more specific purposes (e.g. consent within the meaning of Sections 84 and 85 of the Civil Code). Photographs, video recordings and expressions of a personal nature intended for publication, e.g. on the Controller's website and on social networks, are processed only on the basis of expressly granted consent.
About job applicants pursuant to Section 30 of the Labour Code: contact details (titles, name, date of birth, residence, telephone, e-mail), proof of education, data from a professional CV or cover letter, qualifications, courses, interests, experience, criminal record extract.
If you are not successful in the recruitment process the first time, then if you are interested, with your consent we will retain the personal data provided for the period for which you give us consent, so that we can contact you again in the next recruitment process. You have the right to withdraw this consent at any time.
For guests, suppliers and visitors, we electronically record, for the purpose of ensuring proper identification (security reasons), the name, surname and ID card number, as well as vehicle registration plates and the data subject's likeness by means of a camera system. For suppliers, we also record contact details within the contractual relationship for the purpose of fulfilment of the contract, and for customers also including enquiries and orders.
4. Description of categories of recipients
The above-mentioned personal data of data subjects may be provided to public authorities and other entities in connection with the performance of the Controller's rights and obligations stipulated by law, to providers of maintenance of the Controller's information system, as well as to private-law entities within the framework of arranging insurance, meals and other needs of persons under point no. 3 within the Controller's business activities.
The processing of personal data is carried out by the Controller. However, personal data may also be processed on behalf of the Controller
by processors with whom the Controller has entered into a personal data processing agreement pursuant to Article 28 GDPR and who provide sufficient guarantees of the implementation of appropriate technical and organisational measures so that the given processing complies with the GDPR, including the condition of mandatory confidentiality of all their involved employees. Personal data will not be provided to recipients in third countries or international organisations.
5. Information on planned retention periods for deletion of individual categories of personal data
Personal data will be processed for the duration of the employment relationship and after its termination will be handled in accordance with the applicable legal regulations, in particular Act No. 499/2004 Coll. (the Archives and Records Service Act and the Amendment of Certain Acts) and the GDPR. If the legal basis for the processing of personal data is the consent of the data subject, personal data will be deleted without undue delay after the purpose for which the data were processed has been fulfilled, or without undue delay after withdrawal of consent by the data subject. Data from the electronic visitor database are deleted within one year from the last visit. Records from the camera system are automatically deleted every 14 days.
6. Information on rights under the GDPR
These are your rights:
Right of access = the right to request at any time that the Controller confirm whether personal data concerning you are or are not being processed, and if so, the right to obtain access to those personal data and to the information listed in Article 15 GDPR;
Right to rectification = the right to request at any time that the Controller correct personal data;
Right to erasure („right to be forgotten“) = the right for the Controller to erase personal data, especially in cases where such data are no longer necessary for the purposes for which they were collected or otherwise processed, or where consent to their processing is withdrawn; unless there is a legal reason preventing this.
Right to restriction of processing = the right to request at any time that the Controller restrict the processing of personal data if the accuracy or lawfulness of their processing is disputed;
Right to data portability = the right to obtain the data in a structured, commonly used and machine-readable format, where processing is based on consent or on a contract and is carried out by automated means.
Right to object = the right to object at any time to the Controller to the processing of personal data in the event that the processing is carried out on the basis of legitimate interest, for reasons relating to the particular situation;
Right not to be subject to automated individual decision-making = the right not to be subject to any decision based solely on automated processing, including profiling, except in cases of machine evaluation of the results of entrance exams, tests, etc.
Right to withdraw consent = the right to withdraw consent to the processing of personal data at any time, if consent constitutes the legal basis for their processing;
Right to lodge a complaint = the right to lodge a complaint at any time with the Office for Personal Data Protection, www.uoou.cz.