PERSONAL DATA PROCESSING DECLARATION

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as „GDPR“)

I. PERSONAL DATA MANAGER

Company Accounting Frýdek-Místek s.r.o. with its registered office at the address V. Blodka 222, 739 25 Sviadnov, IČ: 04256247, registered in the Commercial Register of the Regional Court in Ostrava, Section C, File 62976 (hereinafter referred to as the Administrator) hereby informs you in accordance with Article 12 of GDPR and your rights.

Contact person: Ing. Jana Tiralová, e-mail: jana.tiralova@seznam.cz, phone 603 833 073

II. SCOPE OF PERSONAL DATA PROCESSING

Personal data is processed to the extent necessary for fulfilling the conditions arising from the concluded contractual relationship, fulfilling legal obligations and ensuring the legitimate interests of the Administrator.

III. PERSONAL DATA SOURCES

• from data subjects by contract, contract or other legal purpose (eg e-mail, telephone, business card, website)
• from the client or vendor as data controller of data subjects – their employees and customers
• publicly accessible registers, lists and records (eg business register, trade register, real estate register)

IV. CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING

• identification data used to identify the data subject (name, surname, title, permanent address, personal identification number, date of birth,)
• contact details (contact address, telephone, e-mail address)
• billing information (ID, VAT number, place of business, bank connection)
• other information necessary for the performance of the contract and legal obligations to the State
• data provided in excess of applicable laws and processed under the entity's consent

V. CATEGORIES OF DATA SUBJECTS

1. client
2. the final customer as the data subject
3. supplier (also processor in terms of GDPR is supplier)
4. another person who is in a contractual relationship with the Administrator

VI. CATEGORIES OF PERSONAL DATA BENEFICIARIES

• state and other authorities in the fulfillment of legal obligations laid down by the relevant legislation
• financial institutions
• external recipients in the following categories: provider, internet, hosting, IT services accounting software, building owner, business partners and other entities that carry out business or other contractual activities for Administrator

VII. PURPOSE AND DURATION OF PERSONAL DATA

• the data subject has given his or her consent for one or more specific purposes while such consent has been given,
• processing is necessary for the performance of a contract to which the data subject is a party, for the duration of the contract
• processing is necessary for the fulfillment of a legal obligation to which the controller is subject, for as long as is necessary processing is necessary to protect the vital interests of the data subject or other natural person, for as long as is necessary
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller for the period strictly necessary
• processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over such periods as are strictly necessary.

VIII. METHOD OF PROCESSING AND PROTECTION OF PERSONAL DATA

The personal data is processed by the administrator. Processing is carried out at the headquarters of the administrator by individual authorized employees of the administrator. The processing takes place through computer technology and in paper form, while observing all security principles for the management and processing of personal data. To this end, the administrator has taken technical- organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, their unauthorized processing and other misuse of personal data. All entities to whom personal data may be disclosed respect the right of data subjects to privacy and are required to comply with applicable data protection legislation.

IX. ENLIGHTENMENT

The administrator processes personal data with the consent of the data subject (for one or more specific purposes), except in certain cases where such consent is not required.

In accordance with Article 6 (1) of the GDPR, the administrator may process data for the following purposes without the consent of the data subject:

• the sub-entity has given its consent for one or more specific purposes
• processing is necessary for the performance of the contract to which the data subject is party or for the implementation of the measures taken prior to the conclusion of the contract at the request of the data subject
• processing is necessary to fulfill the legal obligation that applies to the administrator
• processing is necessary for the purposes of the legitimate interests of the administrator or a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests.
• processing is necessary to protect the vital interests of the data subject or of another natural person
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the administrator

X. RIGHTS OF DATA SUBJECTS

The fundamental rights of data subjects include:

• the right to information about the processing of personal data
• right of access of the subject to personal data (right to obtain a copy of processed personal data)
• right to correction
• right of erasure ("right to be forgotten")
• the right to limit processing
• the right to data portability
• the right to object
• the right not to be the subject of an automated decision.

In accordance with Article 12 of the GDPR, the controller shall inform the data subject of:

• purpose of processing
• the category of personal data concerned
• recipients to whom personal data have been or will be disclosed
• the planned time period for which personal data will be stored
• all available information on the sources of personal data, unless they are obtained from the data subject
• whether automated decision making, including profiling, occurs

Any data subject who discovers or considers that the controller or processor is processing his personal data in breach of the protection of his private and personal life shall have the right:

• ask the administrator for an explanation
• require the administrator to remedy this situation by performing corrections, adding or deleting personal data
• if the request of the data subject under paragraph is found justified, the controller shall immediately remedy the situation
• if the administrator to the data subject fails to comply with the data subject’s request, the data subject has the right to contact the Supervisory Authority, ie the Office for Personal Data Protection; the entity has the option of contacting the supervisory authority directly without asking the administrator

This statement is publicly available on the administrator’s website.