General Data Protection Regulation, procedure for application of the Article 13 GDPR – information obligation
If you are our customer, subscriber or a visitor of our webpages, our supplier or you apply for a job in our company, you entrust us with your personal data. We are then responsible for their protection and appropriate safety measurements.
Who is the data controller?
We are the company Dendera Inc. We deal with sheetmetal manufacturing and also we produce and sell rack storage systems.
The person, responsible in our company for the area of GDPR: Markéta Machová
We thereby declare:
We declare that as a data collector of your personal data we will meet all lawful requirements given by the legislation in force, first and foremost the General Data Protection Regulation, i.e.:
- We will process your data only on the basis of legal claims, mainly being it a legitimate interest, performance of the contract, legal obligation or a given consent,
- We comply with the obligation set in the Article 13 of the GDPR – information obligation even before the beginning of any general data processing,
- We will enable you and we will support you in the application and enforcing of your rights in compliance with the GDPR law.
Scope of the personal data and purposes of their processing
Provision of service and performance of the contract
Personal data of the customers and suppliers are as follows: all invoice data, e-mail, telephone number, respectively the address for correspondence, i.e. all the data we necessarily need for contract performance – business relationship.
When you visit our webpages, we record your IP address, how long you stay on each particular page and which page you came from. We perceive using cookies tools for measuring of the visit rate of the pages and adjusting of the viewing of the web pages as our lawful interest of the data collector, since we deem that is the way how we can provide you with even better service.
Cookies for targeting of the ads will be processed only pursuant your voluntary consent.
Our webpages can be visited also in the regime which does not allow collecting of personal data. You may additionally block cookies in your internet browser.
Safety measurements and data protection
We protect personal data as much as possible by means of modern technologies which correspond to a level of technological development. We protect them as if they were our own. We have adopted and have been performing all possible (at present known) technical and organization precautions that prevent abuse, damage or annihilation of your personal data.
Sharing of the personal data with the third party
The access to your personal data have only such our employees and partners who have confidentiality obligation and who are trained in the field of personal data processing.
We are able to manage most of the processing operations on our own and we do not need any third party.
When ensuring some particular processing operation that we cannot perform ourselves we make use of service and applications of the processors who are specialized in this given processing and are conform with the GDPR.
They are providers of the following service:
- Personal analysis and personal files of the employment candidates.
- Choice of the candidates, testing and analysing of the candidates.
- Technical and programme maintenance of the computer technology, related training, tutorials and consultancy activity, technical help with a maintenance of the programme environment, archiving of the data and related databases, remote access. Server administrator, mail client administrator, camera system administrator.
- Employment medical service.
- Insurance service.
It is possible that we will decide in the future to make use of other applications or processors to make the whole processing better and easier. In such a case we will put a strain upon the processors minimally to such an extent we put upon ourselves.
Data transfer out of the European Union
We process the data exclusively within the European Union or the countries that guarantee an adequate level of the data protection on the grounds of the European Commission Resulution.
Your rights – rights of the data subjects:
A) Automatically enforced measurements:
RIGHT OF ACCESS TO INFORMATION ON PERSONAL DATA PROCESSING
Data subject is entitled to be informed about processing of his/her data processing. That means the right to access particular information on his/her personal data processing. It is first and foremost the information about the purpose of processing, identity of the data controller, his/her lawful interests, recipients of the personal data. In this case it is a passive law since any activity must be educed with respect to data subjects from the side of the data controller in order to provide the data subject (or if need be make accessible for h m/her) the required information specified in the General Provisions. A complete list of information that the data controller can provide when collecting the personal data can be found in the Articles 13 and 14 of the General Provisions.
RIGHT NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED PROCESSING, INCLUDING PROFILING
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him/her.
Automated processing is acceptable in cases when it is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject or is based on the data subject’s explicit consent.
RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay when the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; for other compatible purposes and if the subject data for example rectifies his/her consent. If the data collector does not erase the data automatically, the data subject is entitled to require the performance of the law. The right to erasure cannot be applied due to exercising a legal duty, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical ones or for the establishment, exercise or defence of legal claims or when the data need be further stored or processed.
RIGHT TO RECTIFICATION
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. That however does not stand for a duty of the data controller to look for actively inaccurate data (though he/she is not prevented from it), at the same time it does not stand for a duty of the data subject to update annually his/her data. If the data subject feels the data controller does not process his/her data accurately, the data controller must be noticed. If the data controller is noticed by the data subject that he/she required rectification on inaccurate data, he/she is obliged to take this requirement into account.
B) By request of the data subject:
RIGHT TO ACQUIRE CONFIRMATION ON DATA FROM THE DATA COLLECTOR
Every data subject is entitled to acquire confirmation statement on data processing. This can be enforced by the medium of a request with any data controller and subsequently a confirmation statement obtained proving whether his/her data are being processed or not.
RIGHT TO ACCESS THE PERSONAL DATA OF THE DATA SUBJECT
The data subject has a right to access personal data and information, mainly being it in connection with a scope, purpose and time of the processing of his/her personal data, including the information on origin of the data.
RIGHT TO ACQUIRE A COPY OF THE PROCESSED PERSONAL DATA
The data subject is entitled to acquire a copy of the processed personal data, which may be enforced on the ground of a request to the data controller. The data controller is then obliged to provide the data subject with a copy of the processed personal data.
RIGHT TO RESTRICTION OF PROCESSING
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data, there are reasons for erasure of the data, which however cannot be performed, the data are needed for defending some legal claims or the data subject has objected to processing the data.
RIGHT TO DATA PORTABILITY
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. At the same time the data subject is entitled, if he/she requests, to have his/her data passed to another data controller in a structured, commonly used and machine-readable format, if technically possible.
Common rights for applying the right to data portability:
- the processing must be based on a legal reason of consent or contract
- the processing is carried out by automated means.
The right to data portability shall not adversely affect the rights and freedoms of others.
RIGHT TO OBJECT
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legal terms:
- if the processing is necessary for the performance of a task carried out for reasons of public interest or if the data controller was asked to perform the processing due to execution of establishment interests
- the processing is necessary for the purposes of lawful interests of the particular data controller or the third party.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If it concerns the request in compliance with the Articles 15 to 22 of the General Provisions the information on the measures taken must be provided without any further delay and in any case up to one month from the date of receiving the request. The deadline can be in exceptional cases prolonged of two months. The data subject must be however informed about this, including the reason for such prolonging.
In case when the data subject requests are evidently groundless and inadequate, especially when they recur, the data controller can charge an adequate fee or refuse to fulfil the request. It must be the data controller who documents adequateness of the request.
Responsibility of the data controller
CORECTNESS AND TRANSPARENCY IN PROCESSING
The principle of transparency requires that any information or communication relating to the processing of personal data is free of chargé, easily accessible and easy to understand, and that clear and plain language be used, optimally in a written form (orally if required by the data subject) and if possible electronically. Tangible evidence of transparency is e.g. information duty of the data collector toward the data subject.
DATA PROTECTION BY DESIGN
The data controller shall process the personal data only for a purpose they had been collected for and in a way that complies with it.
PERSONAL DATA MINIMIZATION PRINCIPLE
The personal data can be collected only in appropriate level and extent in relation to the given processing purpose.
ACCURACY OF PERSONAL DATA
EU data protection law requires that data be ‘accurate’, ‘kept up to date’ and ‘erased or rectified’ by the data controller when inaccurate.
PERSONAL DATA STORAGE LIMITATION
The data shall not be retained for a period longer than necessary in relation to the purpose for which it was collected. After its expiration the personal data should be automatically erased.
INTEGRITY AND CONFIDENTIALITY
The principle of integrity and confidentiality requires you to handle personal data in a manner [ensuring] appropriate security, which include protection against unlawful processing or accidental loss, destruction or damage.
RESPONSIBILITY OF THE DATA CONTROLLER
The data controller is obliged to comply with all his/her duties under GDPR and at the same time to prove conformity of all his/her procedures and operation of the data processing with these principles.
SECURITY OF PROCESSING PERSONAL DATA
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymisation and encryption of personal data (temporary of momentary anonymization of the data for purposes of particular part or a particular process of the data processing); the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; automatization of the processes for their restoring etc.