This document provides you with the information how we treat your personal data obtained from you or in connection with our business. Your privacy rights are regulated in Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). This document is to inform you on the most important privacy rights you have and the processing practices.
Basic Controller’s Data
Data Protection Officer
No data protection officer has been appointed.
Purpose of Personal Data Processing
We primarily process your personal data in order to be able to provide you with the contracted performance. We are authorised to process your personal data for such a purpose if that is necessary for us to perform the contract you have made or plan to make with us.
We also process personal data to fulfil the duties owed to public authorities. We also process your personal data in order to comply with our statutory duties. We are authorised to process your personal data for such a purpose if that is necessary for us to comply with a duty we have.
Also, we may process your personal data if we have a legitimate interest to do so. Our legitimate purposes are document the performance provided by us, defend and exercise our rights, and process and respond to your comments and queries; we process your personal information to no higher extent than necessary for us to pursue these legitimate purposes.
We also process your personal data in order to inform you about our special offer campaigns and interesting business information. Consequently, such processing’s purpose lies in direct marketing, particularly offering news, products and services, purchasing opportunities or other corporate events. Such processing’s legal basis lies in our legitimate interest. We have obtained your contact information from you or you have willingly published it or provided for publication.
If you do not wish to receive our marketing information, just opt out any time by clicking the link included in each email message, send an email to firstname.lastname@example.org
Extent of Personal Data Processed
We only process the personal data provided for us by you knowingly and willingly, the data generated in the course of our business and the information published or provided for publication willingly by you, and only that information that is necessary for us to achieve the purpose for which the information has been collected. We only request those data which are necessary for us to perform our contractual obligations or statutory duties or achieve our legitimate interests communicated to you.
Personal data will be subject to no decision-making based solely on automated processing that would produce legal effects concerning you or affect you significantly.
Transfers of Personal Data
We transfer no personal data to any entity without the knowledge of the affected data subject. Sometimes personal data may be transferred to third countries outside the European Economic Area (EEA), such as the USA. If personal data are transferred to countries outside the EEA or countries lacking adequate level of protection under the applicable legislation, the GDPR in particular, and other EU or national personal data legislation, such transfers will be effected on the basis of an exception related to the specific situation or we will make sure to obtain adequate guaranties to ensure a GDPR-compliant level of protection.
Time of Processing
We keep personal data for a time necessary for us to pursue the purpose for which we have obtained the data. Given statutory duties and statutes of limitation, personal data will usually be processed for a period of 10 years of the termination of contract and the lapse of warranty or other periods. The personal data processed by us in reliance on our legitimate interest are usually processed for a period of three years. Where justified by special reasons, we may decide to keep the data beyond this period.
Rights of Affected Persons
In connection with personal data processing you enjoy a range of rights which you may exercise with us under the conditions set out in the General Data Protection Regulation (GDPR):
Right to access to your data – we will tell you whether or not we process you personal data; if we do, we will also disclose your data to you and tell you how we process them.
Right to rectification – if you find out the data we have about you are incorrect, you may request any time that we should rectify the data and we will do so.
Right o erasure – at your request we will erase the personal data which concern you if we need your data no longer, you withdraw your consent to our processing your data, you object to the processing of your data, your data are processed contrary to law, we are required by law or other legal regulation to erase the data or the data have been collected in connection with an information society services offer addressed to a child. We only may refuse to erase your data on the grounds set out in the GDPR.
Right to restricted processing – you may also request restricted processing. This means we will keep your data but will not access and dispose of them.
Right to data portability – if you have provided us with your data in a structured and machine-readable format, we will transfer such data to other controller at your request.
Right to object to processing – you may raise objection if you believe your right to the privacy of the data we process about you is stronger than our interest in processing those data; if you raise such an objection, we will carefully review the degree of our legitimate interest and notify you of our conclusion. Until that time we will discontinue processing your data.
Right to complain with Personal Data Protection Authority – if you believe we infringe on your rights, you may complain about us with the Personal Data Protection Authority. However, we kindly ask you to communicate your complaints to us first. You may contact us any time by email on email@example.com.
Access to Personal Data. Security Measures
We make sure that access to the personal data we process is only provided to our employees on the need-to-know basis. Personal data is secured against unauthorised manipulation and alteration.
In some instances we use personal data processors for rendering our services and processing your personal data. These processors process your personal data at our direction and are bound to comply with the personal data protection regulations in force. It is usually companies that provide us with server, web, cloud or IT services and any other persons or companies as we may require.
Your personal data are only transferred to third parties if necessary. All processors and third parties will only have access to your personal data to the extent and for the time as necessary to provide products or services, discharge contractual obligations or statutory duties or exercise our legitimate interests in accordance with law.
If we are requested by judicial or administrative authorities to disclose personal data, we only do so where the law compels us to.
We never transfer, sell and exchange your personal data with third parties for trading purposes.
If you are a legal entity, you undertake to communicate these guidelines to your agents, contact persons and employees. If you provide us with third parties’ personal data, you undertake to communicate these guidelines to those third parties.
These guidelines take force and in effect on 01st April 2020