INFORMATION REGARDING PERSONAL DATA PROCESSING
According to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereafter referred to as ‘Regulation’ or ‘GDPR’
1) Contact details of the Controller:
Names: Martin Novotný, Marie Čermáková
E-mail: osobniudaje@juta.cz
tel.: 499 314 211
address: JUTA a.s., Dukelská 417, 544 01, Dvůr Králové nad Labem
2) Purposes and lawful bases for processing:
Besides the personal data of its employees, determined by legal requirements, JUTA a.s. processes the personal data of its customers and business partners, in the cases listed below:
Contractual agreements:
- Retail
- Wholesale
- Offer of products and intermediate material
- Supplier contact
- Rent of recreational chalet
- Rent of tennis courts
- Canteen reservation system
- Tennis club data processing
- Freight
- Sale of extended warranty
Categories of personal data: Identification, contact, invoice data (first name, last name, address, Business Registration No. (IČ), Tax Registration No. (DIČ), e-mail, Business name, product information)
Legitimate interest:
- Marketing purposes – sending invitations for Customer Events
Categories of personal data: Identification, contact data (first name, last name, address, invoice data, e-mail)
Legal processing:
Categories of personal data: Identification, contact, invoice data (first name, last name, address, Business Registration No. (IČ), Tax Registration No. (DIČ), phone, e-mail, Business name, product information)
Customs:
- Customs processing
- Video surveillance system – processing of recorded video – as a result of customs audits
Categories of personal data: Identification, contact, invoice data (first name, last name, goods to declare, delivery address, contact address, responsible person, phone number, Business Registration No. (IČ), Tax Registration No. (DIČ), Business name)
3) Recipients or categories of recipients of personal data:
Delivery service / Shipping company for delivery of goods to customer
Categories of personal data: Identification, contact, invoice data (first name, last name, address, Business Registration No. (IČ), Tax Registration No. (DIČ), phone, e-mail, Business name)
4) Transfer of personal data to a foreign country:
Personal data are not transferred to any foreign country.
5) Personal data retention period:
Contractual agreements – for the effective period of the agreement and the following the archiving period determined by the legislation of the Czech Republic.
Marketing purposes – for the period of the contractual agreement (only for current/active customers)
Administration of claims – determined by the effective legislation of the Czech Republic
All personal data are processed only the time necessary for completing the given purpose or fulfilling the requirements of the legislation of the Czech Republic.
After the retention period, the data will be
- safely removed or destroyed
- anonymized
- transferred into archives (according to the effective legislation of the Czech Republic)
6) Access to personal data:
Your personal data are accessible to employees of JUTA a.s. who only access them to the extent necessary for their given purposes and for fulfilling their work duties, as well as to IT suppliers, accountants and other subjects that may process your personal data to the extent necessary for proper operation of our company.
7) Security of personal data:
Our company follows security standards which guarantee confidentiality and safety of your personal data. In addition to these standards we have added novel mechanisms of security measures for working with both electronic and printed documents.
8) You have the following rights regarding the protection of your personal data:
- You have the right to ask the Controller to grant you access to your personal data regarding you as a subject; you have the right to correct the data.
- You have the right to limit data processing in the following cases:
- if you question the accuracy of the data – for the time period necessary for the Controller to check their accuracy,
- if the processing is unlawful and the data subject refuses data removal, requesting for usage limitation instead,
- if the Controller does not need the personal data for processing purposes, but the data subject requests these data for establishment, exercise, or defence of legal claims,
- if you have already objected to the data processing in the case of processing in legitimate interests of the Controller or a third party, until it has been verified that legitimate interests of the Controller prevail over those of the data subject.
- You have the right to object to the processing if:
- the processing is necessary for completing a task which is in the public interest or during an exercise of the official authority or
- the processing is done in a legitimate interest of the Controller or a third party – this includes the rights to data portability.
- You have the right to object at the supervisory authority in case you may suspect that the processing of your data leads to an infringement of GDPR. You may object at a the supervisory authority:
- at the location of your permanent address,
- at the location of your work,
- at the location where the data infringement has allegedly occurred.