1.1. The purpose of this document is to summarize basic information about the principles of
personal data processing that our company manages and which it has adopted for security purposes in compliance with EU Regulation 2016/679 (hereinafter referred to as "GDPR").
1.2. Our company has taken all the necessary steps to strengthen the security and safety of the processed data and to fulfil all the responsibilities dictated by the laws Czech Republic. 2. Basic Information
2.1. Our company, PRECO GROUP s.r.o., with registered address at Štítného 585/28, Žižkov,
130 00 Praha 3, IČO: 28383176, registered at the commercial authority led by the Prague City section C, insert 137659, for its clients, employees and select contract partners is in a position of personal data holder.
2.2. In consistency with GDPR personal data is processed for the following purposes:
a) Lawfully, correctly and transparently – We process the data only in case of a legitimate reason (for example according to law, contractual obligation, protection of your interest, protection of 3rd
party interest, or based on provided agreement from the subject)
We conduct the processing of personal data in a transparent manner and inform the subjects how their personal data is handled, who has access to it and what their rights are.
b) Purpose restrictions – We collect personal data only for specific, clear and legitimate purposes (see above)
c) Minimization of data – Processing of personal data is conducted only within the scope required for a specific purpose.
d) Accuracy – we process only information in actual time, valid for the current time.
e) Restriction of data storing – We store personal data for a period not longer than required and legal.
f) Integrity, safety – We have organized enough technical and organizational precautions to protect personal data against accidental or unlawful destruction, loss, change or unlawful sharing of provided, processed and stored personal data.
g) Responsibility – We can provide evidence of compliance to points A to G.
2.3. Majority of personal data is processed for the purposes of fulfilling responsibilities according to law and fulfillment of contracts and agreements with our clients. Data processed is specifically required for completion and signing of the contract, such as identification and contact information (title, name, last name, address, date of birth, in some cases social security number, company, name, registered address, place of business, identification number, email address, bank details)
2.4. Within the frame work of the contract processing and signing, the client is informed about the steps of the personal data processing and is aware that the data holder will make the data available to further data processors and if needed to further holders.
2.5. In case data processing is not for purposes dictated by law, it is data processing for which we require a verbal, free will, specific and informed agreement from the subject of personal data. In this case the purpose of personal data processing is for marketing use and in such case the client is informed in advance every time. Provision of such consent is voluntary, and the consent can be reseeded, or other rights can be used in accordance to the agreement. 3. Technical and organizational precautions
3.1. Our company has taken all necessary precautions to provide a secure personal data processing in a paper and online form. The following precautions such as creation of rules for working with information systems, facilitation of limited access to automated personal data processing only to persons authorized, to make sure that persons authorized have access only to information required, ensuring of electronic records, which will allow for checking of when, who and for what purposes has collected and processed the personal data. Limitation of access to data carriers, such as security passwords, levels of access rights, coding, increase of security by creation of locked spaces, etc.
3.2 All employees and persons, who have access to persona data, due to their work responsibilities have completed required training and are aware of the security and safety rules when handing personal data. 4. Sharing of information to third parties and to foreign countries
4.1. Sharing of personal data to third parties takes places only in accordance to the las applicable to such cases (mandatory provision of state organizations) or in unavoidable case to select suppliers, which provide certain services, which are necessary for providing services to our clients. With all such persons we have clear contractual relations and all our suppliers comply to the necessary rules for personal data processing in accordance to the requirements dictated by the GDPR.
4.2. Sharing of personal data to a foreign country takes place only in limited capacity when providing services to our client, and that is only to our select suppliers and in such cases all data subjects are always informed. 5. Reporting of security incidents
5.1. We have an established system of reporting of cases of security incidents. In case of loss of any data we proceed in accordance to the GDPR with the purpose of minimizing potential report to the data production authority (www.uoou.cz
) 6. Contact information
6.1. In case you are unsure if we are processing your personal data, not in line with personal data protection, or not in line with the law, in case personal data may be incorrect when considering the purpose of their processing, please send us an inquiry or request for explanation. In such cases please do not hesitate to contact us over the phone: +420 777525567 or at email@example.com 7. Data protection
7.1 By sending a message through a contact form the user shares the information with the provider, for the purposes of obtaining additional information, in this case processing of personal data takes places based on the request of the data subject. In accordance to the § 7-chapter 3 Law n. 480/2004 In some informational cases, the provider is obliged to send emails to clients, to the email obtained through personal data processing. Information concerning the products and services by PRECO GROUP s.r.o. will be send to the provided email address. In case the recipient of the emails will no longer wish to receive the information, the subject of personal data processing can decline to receive the commercial information at any time and choose an alternative means of receiving the required information.