800 233 332 office@agfoil.cz

Personal Data Protection Principles

I. Basic Provisions

1. The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) is AG-FOIL BOHEMIA, s.r.o., managing director Patrik Mrva, Company ID: 26955261, with registered office at: Bratislavská 3082, 690 02 Břeclav, Czech Republic (hereinafter referred to as: “Controller”).

2. The contact details of the controller are

Bratislavská 3082, 690 02 Břeclav, Czech Republic

email: office@agfoil.cz

phone: +420 519 323 815

Information Memorandum on the Processing of Personal Data

Dear customers and business partners,

the document you are reading now contains basic information about how we process your personal data. We appreciate that you share your personal data with us and are committed to protecting it to the maximum extent possible. We also try to be as transparent as possible in our relationship with you, especially about how we process your personal data. Given the new European Union legislation, this information memorandum has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). In this memorandum, we try to provide you with information as clearly as possible, which is why we have chosen the form of questions and answers to provide you with them. You will learn the information in the following order:

Who is the controller of personal data?
For what purpose do we need personal data?
What are our legitimate interests?
How was the personal data obtained?
What categories of personal data are processed?
What is the legal basis for processing personal data?
Will we transfer personal data to someone else?
Will we transfer personal data to a third country or international organization?
How long will we store personal data?
What are your rights related to the processing of personal data and how can you exercise them?
Is personal data automatically evaluated?
This information memorandum presents the basic information that we, as a personal data controller, are obliged to provide.

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us at the e-mail address office@agfoil.cz or by phone at +420 519 323 815.

1. Who is the controller of personal data?

The controller is a person who, alone or together with others, determines the purposes and decides on the manner in which personal data will be processed.

2. For what purpose do we need personal data?

The controller processes personal data to:
a) ensure the conclusion and subsequent performance of a contractual obligation between the controller and you (Article 6 (1) (b) GDPR). Such a relationship gives rise to other legal obligations and the controller must process personal data for this purpose as well (Article 6 (1) (c) GDPR);
b) protect its legitimate interests (Article 6 (1) (f) GDPR).
The provision of personal data to the controller is generally a legal and contractual requirement. Regarding the provision of personal data for marketing purposes, which does not constitute the fulfillment of the controller’s contractual and legal obligation, your consent is required. If you do not grant the controller consent to the processing of personal data for marketing purposes, this does not mean that the controller would refuse to provide you with its product or service on the basis of the contract as a result.

3. What are our legitimate interests?

The controller also processes personal data to protect its legitimate interests. The controller’s legitimate interests are, in particular, the proper fulfillment of all contractual obligations of the controller, the proper fulfillment of all legal obligations of the controller, the protection of the controller’s business and property and, last but not least, the protection of the environment and ensuring sustainable development.
In order to ensure the greatest possible protection of your privacy, you have the right to object to your personal data being processed exclusively for the most necessary legal reasons or to have your personal data blocked. You can read more about your rights related to the processing of personal data in Article 11 of this information memorandum.

4. How were the personal data obtained?

The administrator has obtained personal data directly from you, in particular from completed forms, mutual communication or from concluded contracts. In addition, personal data may also come from publicly available sources, registers and records, for example from the commercial register, debtors’ register, professional registers or, for example, the Land Register. Furthermore, the administrator may have obtained personal data from third parties who are authorised to access and process your personal data and with whom it cooperates, and from information from social networks and the Internet that you have placed there yourself.

5. What categories of personal data are processed?

To ensure your satisfaction with the proper performance of the obligation, to ensure the fulfillment of legal obligations, to ensure a personalized offer of goods and services of the controller and for other purposes listed above, the controller processes the following categories of personal data:
a) basic identification data – name, surname, date of birth, address of residence, birth number and identification number;
b) contact data – telephone number and e-mail address;
c) information from mutual communication – information from e-mails, records of telephone calls or other contact forms;
d) billing and transaction data – this is mainly information appearing on invoices, on agreed billing conditions and on received payments.

6. What is the legal basis for the processing of personal data?

The lawfulness of processing is given by Article 6 para. 1 GDPR, according to which processing is lawful if it is necessary for the performance of a contract, for the fulfillment of a legal obligation of the controller, for the protection of the legitimate interests of the controller or the processing is based on the consent you have given us.
The lawfulness of processing is also based, for example, on Act No. 563/1991 Coll., on accounting, according to which billing data is processed and stored, on Act No. 89/2012 Coll., the Civil Code, according to which the controller defends its legitimate interests, or on Act No. 235/2004 Coll., on value added tax.

7. Will we transfer personal data to someone else?

We must provide personal data to state authorities, such as tax administrators, courts, criminal justice authorities or capital market supervisory authorities, upon request and within the legal limits.

8. Will we transfer personal data to a third country or international organization?

We will not transfer personal data to countries outside the European Union or the European Economic Area, or to any international organization.

9. How long will we store personal data?

Personal data will be processed and stored for at least the duration of the contract. Some personal data required, for example, for tax and invoicing obligations, will be stored for longer, usually 5 years starting from the year following the occurrence of the stored fact.
Personal data specified in the contract, which are important for the exercise of the legitimate interests of the controller, will be stored for a maximum of 3 years from the end of the contractual relationship with the controller.
Personal data processed for marketing purposes will be stored for a maximum of 3 years from their acquisition.
Personal data will never be stored for longer than the maximum period specified by law. After the archiving period has expired, the personal data will be securely and irreversibly destroyed so that they cannot be misused.

10. What are your rights related to the processing of personal data and how can you exercise them?

The administrator does everything to ensure that the processing of your data is carried out properly and, above all, securely. You are guaranteed the rights described in this article, which you can exercise with the administrator.

a) How can you exercise your rights?
You can exercise individual rights by sending an e-mail to office@agfoil.cz.
All communications and statements regarding your exercised rights are provided by the administrator free of charge. However, if the request is clearly unfounded or unreasonable, especially because it is repeated, the administrator is entitled to charge a reasonable fee taking into account the administrative costs associated with providing the requested information. In the event of a repeated request for copies of the processed personal data, the administrator reserves the right to charge a reasonable fee for administrative costs for this reason.
The controller will provide you with a statement and, where applicable, information on the measures taken as soon as possible, but no later than within one month. The controller is entitled to extend the period by two months if necessary and taking into account the complexity and number of requests. The controller will inform you of the extension, including the reasons.

b) Right to information about the processing of your personal data
You are entitled to request information from the controller whether personal data is being processed or not.
If personal data is being processed, you have the right to request information from the controller, in particular about the identity and contact details of the controller, its representative and, where applicable, the data protection officer, about the purposes of the processing, about the categories of personal data concerned, about the recipients or categories of recipients of personal data, about the authorised controllers, about the list of your rights, about the possibility of contacting the Office for Personal Data Protection, about the source of the processed personal data and about automated decision-making and profiling.
If the controller intends to further process your personal data for a purpose other than that for which they were obtained, it will provide you with information about this other purpose and other relevant information prior to such further processing.
The information provided to you in the exercise of this right is already contained in this memorandum, but this does not prevent you from requesting it again.

c) Right to access personal data
You are entitled to request information from the controller whether your personal data are being processed or not and, if so, you have access to information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the period for which personal data will be stored, information about your rights (rights to request rectification or erasure from the controller, restriction of processing, objection to such processing), the right to file a complaint with the Office for Personal Data Protection, information about the source of personal data, information about whether automated decision-making and profiling are taking place and information about the procedure used, as well as the significance and foreseeable consequences of such processing for you, information and guarantees in the event of the transfer of personal data to a third country or an international organization. You have the right to be provided with copies of the processed personal data. However, the right to obtain this copy must not adversely affect the rights and freedoms of other persons.

d) Right to rectification
If, for example, your address, telephone number or other fact that can be considered personal data has changed, you have the right to request the controller to correct the personal data being processed. In addition, you have the right to supplement incomplete personal data, including by providing an additional statement.

e) Right to erasure (right to be forgotten)

In certain specified cases, you have the right to request that the controller delete your personal data. Such cases include, for example, that the processed data are no longer necessary for the above-mentioned purposes. The controller automatically deletes your personal data after the period of necessity has expired, but you can contact them with your request at any time. Your request is then subject to individual assessment (despite your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data) and you will be informed in detail about its handling.

f) Right to restriction of processing
The controller processes your personal data only to the extent strictly necessary. However, if you feel that the controller, for example, exceeds the above-mentioned purposes for which it processes personal data, you can submit a request for your personal data to be processed exclusively for the most necessary legal reasons or for the personal data to be blocked. Your request is then subject to individual assessment and you will be informed in detail about its handling.

g) Right to data portability
If you wish the controller to provide your personal data to another controller or. another company, the controller will transfer your personal data in an appropriate format to the entity designated by you, unless there are any legal or other significant obstacles preventing it from doing so.

h) Right to object and automated individual decision-making
If you find out or just believe that the controller is processing personal data in violation of the protection of your private and personal life or in violation of legal regulations (provided that the personal data are processed by the controller on the basis of a public or legitimate interest, or are processed for direct marketing purposes, including profiling, or for statistical purposes or for purposes of scientific or historical significance), you can contact the controller and ask him to explain or eliminate the problematic situation.

i) Right to file a complaint with the Office for Personal Data Protection
You can contact the supervisory authority at any time with your initiative or complaint regarding the processing of personal data, namely the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, website https://www.uoou.cz/.

j) Right to withdraw consent

11. Are personal data automatically evaluated?

Personal data is not automatically evaluated.

 

II. Personal data security conditions

1. The administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.

2. The administrator declares that only persons authorized by him have access to personal data.

III. Final provisions

1. By submitting an order from the online order form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in full.

2. The administrator is entitled to change these conditions. The new version of the terms and conditions of personal data protection will be published on its website and at the same time will send you a new version of these conditions to your e-mail address that you provided to the administrator.

These conditions come into effect on 20. 5. 2022