Personal Data Protection

This document provides information on personal data processing by the company CIVOP s.r.o., ID   48115398, with its registered seat  K Lindě 700/3, Satalice, 190 15 Prague 9, company registered in the register maintained by the Municipal Court in   Prague, Section C, Insert 16723 (hereinafter referred to as "CIVOP") .

1. Basic Terms

1.1.   First of all with, we would like to inform you about some of the basic terms which this information works with and which are also defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of   27 April 2016 on the Protection of Individuals in the context of personal data processing and on free movement of such data and repealing the Directive 94/46/ES ("GDPR").

Personal Data include all (any) information that relates to a particular identified or identifiable person (a natural person).

The Data Subject  is a particular person whose personal data are concerned in that case.

The Personal Information Administrator is the person who determines the purpose of the personal data processing (i.e. the reason for which they are used) and the means used for processing. The administrator may instruct the processor to process the information.

The Processor of personal data is a person who processes personal data for the administrator, e.g. a person who has been entrusted by an administrator with an activity for which it is necessary to process personal data (IT service provider, etc.).

The Recipient of personal data is a person to whom the personal data have been provided. Outside the group of processors, personal data may also be provided to another administrator who is authorized to process the data for his / her purposes (e.g. a health insurance company).

Personal data Processing means an activity that the administrator or processor performs with   personal data (processing includes e.g. collecting, recording, preserving, arranging, structuring, customizing, modifying, searching, inspecting, using, accessing, transmitting, spreading, sorting, combining, deleting, etc.).

2. Processing by the Company CIVOP

2.1.  Within the scope of its activities, the companyCIVOP carries out the processing of personal data in the sense of GDPR. When providing services in the field of Occupational Safety and Health (hereinafter referred to as "OSH"), Fire Protection (hereinafter referred to as "PO "), Environmental Protection (hereinafter referred to as "EP") and inspection and control fields, the complex OSH and PO system called CIVOP System^® , and related consequent services of OHS, PO and EP (hereinafter referred to as "Services"), the company CIVOP comes into contact with   personal data that it then processes for the purposes of Services provision. In such processing is being performed by the company CIVOP in the position of a Processor, that is for the Customer receiving the Services (hereinafter referred to as the "Customer"), who is the Administrator of the given personal data. In other cases of personal data processing by the company CIVOP, the administrator of personal data is the company CIVOP.

3. Contact Information

3.1.      You can address the company CIVOP in the matters related to personal data processing using the following contacts:

e-mail: gdpr @ civop.cz

telephone contact: 222119999

correspondence address: K Lindě 700/3, Satalice, 190 15 Prague 9

4. Scope, Purposes and Legal Basis of the Personal Data Processing

4.1. The company CIVOP processes personal data in   the extent and for the purposes as necessary in relation to its business activities, namely:

a) for the purpose of fulfilment of contractual obligations (invoicing, etc.),

b) compliance with legal obligations (e.g. legal obligations in the field of accounting and taxation, labour-law relations, etc. )

c) for the purposes of legitimate interests of CIVOP (e.g. communication of contractual parties, proof of our claims, etc.) ;

d) for pre-determined purpose based on the data subject's consent to the personal data processing.

4.2. In case that the company processes personal data as a Processor for the Customer, it does so on the basis of a processing agreement entered into by and between the Customer and the company CIVOP. In such a case, the company CIVOP follows - in the processing of personal data - not only by the generally binding legal regulations but also the processing contract as well as the Customer's instructions. The extent and purposes of processing are determined by Customer as an Administrator and they are determined mainly by the range of individual Services that the Customer orders from CIVOP, while specific definition then results in particular from the contract on Services provision as well as from the processing contract.

5. Personal Data That We Process Automatically

While you visit our website, we can collect specific information on you, such as the IP address, date and time of access to our website, information about your web browser, operation system, or your language settings. We can also process information about your behaviour on our website, i.e. for example what links you visit on our website and which goods are displayed to you. However, information about your behaviour on the web is anonymised because of your maximum privacy keeping, and we are unable to assign it to a particular user, that is, to a specific person.

If you access our website from a mobile phone or similar device or through one of our mobile apps, we can also process information about your mobile device (mobile phone data, possibly also information about the application crashes, etc.).

We also automatically process cookies.

6. Personal Data Categories

6.1.  CIVOP processes in particular the following data:

•    identification and billing (title, name, surname, function, headquarters address,  correspondence address, ID, VAT number, etc.);
•    contact details (e-mail, phone number, etc.);
•    other data necessary for the fulfilment of the contract (e.g. banking connection, etc.)  for fulfilment of legal obligations or realization of legitimate interests, or possibly data  for which consent with processing has been granted by the data subject;
•    data processed on the basis of a processing contract concluded with the Customer.

7. Processing Time

7.1. In cases when the processing time emerges directly from a generally binding legal act, the personal data are processed for time as per such legislation (e.g. archiving of tax documents, etc.). In case of consent-based processing, the data are processed for the time period for which the consent has been granted or until the consent is withdrawn. Otherwise, the processing time varies, it depends on the time when processing is necessary for the given purpose of processing, i.e. mainly on the time of duration of the contractual or other legal relation, respectively for the time of the legitimate interest duration.

7.2. If personal data are processed on the basis of a contract on processing, they are processed for the period specified by the Customer as an administrator of personal data.

8. Personal Data Recipients and Processors

8.1. If CIVOP transmits personal data to another entity, it takes care for their protection to be ensures. The recipients of personal data may include contractual partners, providing services to CIVOP while processing the personal data (e.g. IT service providers, accounting, tax and legal services providers, etc.);  personal data may also be provided to public authorities (Czech Social Security Administration, tax office, courts, authorities in criminal proceedings, etc.).

8.2. The company CIVOP is not interested in transferring personal data to third countries or to international organizations.

9. Data Source

9.1. CIVOP usually obtains personal data directly from data subjects or from business partners or from public sources (such as the trade register).

10. Rights of Data Subjects

10.1. CIVOP processes personal data transparently, correctly, in   compliance with   GDPR and generally binding legal regulations.

According to GDPR, the data subject can

a) require access to personal data,

b) require correction or update of personal data,

c) require completion of incomplete personal data,

d) require deletion or limitation of processing,

e) object to the processing,

f) require termination and/or disposal of his / her personal data processing,

g) file a complaint to Office for Personal Data Protection.

If the personal data are processed based on a consent, the data subject has the right to revoke the consent at any time without prejudice to the lawfulness of the processing based on the consent granted prior to the revocation.

11. Personal Data Protection

11.1. The company CIVOP hinges on protection of the data subjects' rights and on appropriate personal data protection; that is why the company - while processing personal data – takes care of application of appropriate technical and   organizational measures to ensure that the highest possible level of security will be arranged, as corresponding to potential risks of the relevant processing.