Personal Data Processing and Protection Principles
I. Controller´s Identity and Contact Data
- The controller of the client´s personal data is Best Biz s.r.o., Company Identification No.: 27497208, with the registered office at U Menhiru 658, 252 41 Dolní Břežany (hereinafter referred to as the “Controller”).
- The Controller´s contact data is: Best Biz s.r.o., Company Identification No.: 27497208, with the registered office at U Menhiru 658, 252 41 Dolní Břežany, phone No.: +420 602 134 247, e-mail: firstname.lastname@example.org.
- The Controller did not appoint any Data Protection Officer.
II. Scope of Personal Data Processing
- The Controller processes the personal data of natural persons in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council, that replaced on 25 May 2018 in the Czech legal system the Act No. 101/2000 Coll., on personal data protection, based on which the Controller met its obligations when processing the personal data.
- The personal data, processed by Best Biz s.r.o., about its existing and potential clients – natural persons includes:
- Name and surname – for purpose of correct addressing in any further communication and issuing of an invoice;
- Address – for purpose of issuing of an invoice, eventually sending of the executed certified translation by mail;
- Phone No. – for purpose of telephone communication to specify the inquiry or during the execution of the ordered translation;
- E-mail address – for purpose of any further electronic communication when generating an offer, executing the ordered translation and sending an invoice.
III. Purpose of Personal Data Processing
- In case of personal data processing due to the performance of a contract or meeting of statutory obligations and due to the legitimate interests of the Controller, the personal data provision is obligatory. Without providing the personal data for such purposes it would not be possible to provide the services. The Controller does not need any consent of the Data Subject to process the personal data for such purposes. The basic partial purposes for personal data processing are mainly:
- Performance of a contract – among others, procedures associated with the identification and possible contacting of a client, provision of services, stating an account for provided services, issuing of tax documents;
- Meeting of statutory tax obligations;
- Legitimate interest – among others, debt recovery from a client and other client´s disputes, registration of debtors. The personal data is processed for such purposes within the scope necessary to fulfil such purposes and for a period necessary to achieve such purposes or for a period stipulated directly by the legislation. Afterwards, the personal data is erased or anonymised. The basic periods of personal data processing are specified below in Article VII.
IV. Personal Data Processing Principles
- The personal data is required only for legitimate interests, within a reasonable scope and necessary extent.
- The personal data is processed in a transparent manner.
- The Data Subjects (clients – natural persons) whose personal data is processed are informed in what manner, what level of protection and whether their personal data is to be provided to the third parties.
- There is at least one legal title for personal data processing.
- The clients´ personal data is stored and processed only for a necessary period with respect to the purpose of its processing.
- The personal data processing is subject to the rules ensuring its integrity, entirety and confidentiality.
V. Method of Personal Data Processing and Protection
- The personal data is processed by the Controller. The processing is performed in the Controller´s registered office by the individual authorized persons of the Controller, eventually by the Processor.
- When processing the personal data by the Controller, there is no automated decision-making in the meaning of Article 22, GDPR.
- The processing is performed by means of computer technology, eventually manually in case of personal data in a paper form, while keeping all the security principles for the personal data administration and processing.
- All the entities, whom the personal data may be made available to, respect the right of the Data Subjects for the privacy protection and are obliged to proceed in accordance with the valid legal regulations concerning the personal data protection.
VI. Other Recipients of Personal Data
- Based on a legal statutory reason the processed personal data may be provided to the following entities: public authorities, state and public administration bodies.
- Based on meeting of the Controller´s contractual obligation, some of the processed personal data may be provided to the suppliers which the Controller concluded contracts with, such as translators and suppliers of IT and accounting services.
- In case the obligations are not met by the client, the processed personal data may be provided to the Arbitration Court, debt recovery agency or distrainor, based on the Controller´s legitimate interest.
VII. Personal Data Storage Period
- If the clients met all their liabilities towards the Controller, the Controller is entitled to process their basic personal data in the administration database pursuant to Article II for a period of 5 years after terminating the last contract with the Controller.
- In case of an inquiry by a potential client, which does not result in order placing, the Controller does not store the data about the potential client.
- In accordance with Section 35 of the Act No. 235/2004 Coll., on Value Added Tax, the tax documents issued by the Controller are archived for 10 years after the end of a taxation period when the deliverable was provided. As it is necessary to document the legal reason to issue invoices, the orders are archived for 10 years after terminating the contract as well.
VIII. Rights of Data Subjects
- Under the terms stipulated in the Regulation, the client is entitled, among others, to ask the Controller for the access to his/her personal data, right to its rectification or erasure, eventually right to limit its processing, raise an objection against the personal data processing, and right to personal data portability. The more detailed description of individual rights is provided by The Office for Personal Data Protection (www.uoou.cz).
- The client is entitled to be informed of his/her personal data processing so that the principle of transparency is kept; the client is entitled mainly to know:
- Purpose of processing (why his/her personal data is processed);
- Identity of the Controller (Best Biz s.r.o.);
- Legitimate interests of the Controller (cf. Article III);
- Recipients of his/her personal data (cf. Article VI).
These principles come into force on 25 May 2018.