DECLARATION OF PROCESSING OF PERSONAL DATA
Declaration of processing of personal data under The Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons about the processing of personal data (GDPR).
I. The Controller of personal data
Freight People, s.r.o. with the registered office at Dobřanská 665, Štěnovice, 33209, VAT ID: CZ02961792, registered in the Commercial Register kept at the Municipal Court in Plzeň under the file number C35067 (hereinafter referred to as the “Controller”) in accordance with Article 12 GDPR informs you about the processing of your personal data and your rights.
II. The scale of processing personal data
Personal data is processed to the extent that the data subject has provided the data Controller in connection with the conclusion of a contractual or other legal relationship with the Controller or which the Controller has collected otherwise and processes them in accordance with the applicable legal regulations or to fulfil the statutory obligations of the Controller.
III. Sources of personal data
- directly from data subjects (emails, phone, web site, contact form on the web, social networks, business cards, etc.)
- publicly accessible registers, lists and records
IV. Categories of personal data that are being processed
- address and identification data used for the unambiguous and unambiguous identification of the data subject (eg name, surname, title, or birth identification number, date of birth, permanent address, company ID, VAT ID) and data enabling contact with the data subject (contact details such as: address, phone number, fax number, e-mail address and other similar information)
- descriptive data
- other data necessary for performance of the contract
- data provided on top of the applicable laws processed within the framework of the consent given by the data subject (photo processing, use of personal data in recruitment process, etc.)
V. Categories of data subjects
- Candidate – job seeker
- an employee of the Controller
- service provider
- another person who is in a contractual relationship with the Controller
VI. Categories of recipients of personal data
- potential employers
- State authorities within the framework of fulfilling the legal obligations established by the relevant legal regulations
- other recipients
VII. Purpose of processing of personal data
- purposes contained within the data subject’s consent
- negotiations on a contractual relationship
- performance of the contract
- fulfilment of statutory duties by the Controller
VIII. Method of processing and protection of personal data
Processing of personal data is done by the Controller. Processing is carried out at its branches – addresses to be found under Contacts, by individual authorized staff members of the Controller. The processing takes place via computer technology, or manually (personal data in paper form), while adhering to the security policies for managing and processing your personal information. For this purpose, the Controller has adopted technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All subjects to which personal data may be made available respect the data subject’s privacy rights of data protection and are required to comply with applicable privacy laws.
IX. Time of processing of personal data
In accordance with the deadlines specified in the relevant contracts, the administrator’s record and retention order, or the relevant legislation, it is the necessary time to ensure the rights and obligations flowing from both the obligation relationship and the applicable legal regulations.
The Controller processes the data with the consent of the data subject, except in cases as provided by law, where the processing of personal data does not require the consent of the data subject.
In accordance with Article 6 (1) of the GDPR, the Controller may, without the consent of the data subject, process the following data:
- The data subject has given consent for one or more specific purposes,
- Processing is essential for the performance of the contract to which the data subject is a contracting party, or for the implementation of measures taken prior to the conclusion of the contract at the request of that data subject,
- Processing is necessary to meet the legal obligation that applies to the Controller,
- Processing is necessary to protect the vital interests of the data subject or other natural person,
- processing is necessary to fulfil a task carried out in the public interest or in the exercise of public authority entrusted to the Controller,
- Processing is necessary for the purposes of the legitimate interests of the relevant Controller or third party, except when the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail over such interests.
XI. Rights of data subjects
(1) In accordance with Article 12 of the GDPR, the Controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and the following information:
- the purpose of the processing,
- the category of personal data concerned,
- the recipients or categories of recipients whose personal data has been or will be made available,
- the planned time for which personal data will be stored,
- any available information about the personal data source,
- if not acquired directly from the data subject, information, whether automated decision making, including profiling, occurs.
(2) Any data subject who discovers or considers that the Controller or processor carries out processing of his or her personal data contrary to the protection of data subject privacy, in particular if personal data are inaccurate with regard to the purpose of their processing, may:
- Ask the Controller for explanation.
- Ask the administrator to remove the resulting condition. In particular, it may be blocking, repairing, adding or deleting personal information.
- If the data subject’s request under paragraph 1 is found to be justified, the Controller shall immediately remove the defective condition.
- If the Controller does not satisfy the data subject’s request under paragraph 1, the data subject has the right to contact the Supervisory Authority, the Personal Data Protection Authority.
- The procedure under paragraph 1 does not prevent the data subject from contacting the supervisory authority directly.
- The Controller has the right to request reasonable compensation for the provision of information, not exceeding the costs necessary for such activity.
Inquiries about personal data protection are directed to the contacts listed below.
This statement is publicly accessible on the website of Controller.