GDPR

Statement on personal data processing pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “Regulation”).

1. Personal data controller

Sprinx Systems, a.s., Company ID No.: 26770211, having its registered address at Údolní 212/1, Braník, 147 00 Prague 4, hereby, in accordance with Article 12 of the Regulation, notifies you of the processing of your personal data and your rights (hereinafter referred to as the “controller”).

2. Scope of personal data processing

Personal data are processed to the extent that the data subject has provided them to the controller in concluding a contractual or other legal relationship with the controller, or to which the controller has otherwise collected and processes them in accordance with applicable legislation or to fulfil its legal obligations.

3. Sources of personal data
   1. data subjects
   2. partners
   3. customers

4. Categories of personal data
   1. Address and identification data used to clearly and unmistakably identify data subjects: name, surname, title,
   2. Data enabling contact with the data subject: contact address, phone number, e-mail address

5. Categories of data subject
   1. employees and associates
   2. customers
   3. partners

6. Categories of personal data recipients
   1. company employees and other persons contributing to its activities
   2. personal data processors

7. Purposes of processing personal data
   1. handling the purchase of a service
   2. customer communication
   3. marketing purposes

8. Method of processing and protection of personal data

Personal data are processed by the controller. Processing is carried out at the controller’s premises by individual authorised employees of the controller, or by the processor. Processing is carried out by computer or manually in the case of personal data in paper form, in compliance with all security standards for the management and processing of personal data. For this purpose, the controller has adopted technical and organisational measures to protect personal data, in particular measures to prevent unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, unauthorised processing, or other misuse of personal data. All entities to which personal data may be disclosed shall respect data subjects’ right to the protection of privacy and shall be required to comply with applicable data protection legislation.

9. Period for which processed data shall be stored

The length of time for which the data subject consents to the processing of personal data and for which the processed data shall be stored is given in the data subject’s written consent, which is the period of time necessary to ensure the rights and obligations arising from contractual or other relationships or from the relevant legislation.

10. Legal basis for the processing of personal data

The controller shall process data with the data subject’s consent, except in cases stipulated by law where the processing of personal data does not require the data subject’s consent. In accordance with Article 6 (1) of the Regulation, the controller may process personal data without the data subject’s consent only in the following cases:

1. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
2. processing is necessary for compliance with a legal obligation to which the controller is subject
3. processing is necessary in order to protect the vital interests of the data subject or of another natural person
4. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
5. processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data

11. Data subjects’ rights

In accordance with Article 12 of the Regulation, the controller hereby notifies the data subject of his or her rights relating to the processing of personal data. Specifically, the data subject has the following rights:

1. the right to lodge a complaint to a supervisory authority pursuant to Article 13 of the Regulation
2. the right of access to personal data pursuant to Article 15 of the Regulation
3. the right to rectification, erasure and restriction of processing of personal data pursuant to Articles 16 - 19 of the Regulation
4. the right to data portability pursuant to Article 20 of the Regulation
5. the right to object pursuant to Article 21 of the Regulation
6. the right to not be subject to a decision based solely on automated processing, including profiling, within the meaning of Article 22 of the Regulation
7. the right to be informed of a personal data breach which is likely to result in a high risk to the rights and freedoms of natural persons pursuant to Article 34 of the Regulation

12. Authorised officer of the controller

For access to their personal data, to withdraw their consent to their processing or for any other action related to the processing of personal data, data subjects may contract the controller’s authorised officer: Jiří Jinger, tel.: +420 251 014 211 and  e-mail: isms@sprinx.com.