We consider it important to inform our clients, suppliers and visitors to our website www.gentec.cz , or others, about how we will handle the personal data they entrust to us.
Business Corporation GENTEC CHP s.r.o., Company ID: 285 99 446, with its registered office at Antala Staška 1859/34, Krč, 140 00 Prague 4, registered in the Commercial Register kept by the Municipal Court in Prague, File no. C 303497 (hereinafter also referred to as„GENTEC“ or „controller“ or „we“), in the context of activities related to the design, production and maintenance of the CHP units and the trigeneration units, processes the personal data of clients, suppliers or visitors to the website www.gentec.cz. We always ensure that the processing of personal data is transparent, predictable and that it respects the rights of all parties involved.
GENTEC as Personal Data Controller
In relation to the processing of personal data, GENTEC is the personal data controller pursuant to the Act No. 110/2019 Coll., on the processing of personal data, and the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter also referred to as “Regulation” or “GDPR”). The controller decides how the processing of personal data is carried out and is fully responsible for the processing of personal data that it carries out.
Processing of personal datameans any operation or the set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.
Personal data may be any information about an identified or identifiable natural person (hereinafter the “data subject”). The GDPR provides that an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special categories of personal data are those which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person.
The data subjects>in the context of the controller’s activities are mainly clients, suppliers and visitors to the website www.gentec.cz, or other persons.
What personal data do we process?
Our practice shows that we process mainly the following personal data::
- personal identification data (name, surname or business name, company ID or tax ID)
- contact postal address or e-mail address
- telephone number
- payment or bank details
- other personal data relating to the performance of a contract or other obligations.
What are the purposes for which we process personal data and the legal basis for processing?
The processing of personal data is carried out byGENTEC mainly for the purpose of concluding and subsequent fulfilling the contractual obligations concluded betweenGENTEC a and the data subject (client or supplier). The purpose of the processing of personal data is also the fulfilment of legal obligations arising from these contractual obligations forGENTEC (e.g. bookkeeping, order registration).
The legal basis may also be the fulfilment of a legal obligation to which the controller is subject (in particular on the basis of the Act No. 89/2012 Coll., Civil Code, as amended, Act No. 563/1991 Coll., on accounting, as amended, Act No. 280/2009 Coll., Tax Code, as amended).
GENTEC may also process personal data on the basis of its legitimate interests, which within the meaning of Article 6(1)(f) of the Regulation are, in particular, the protection of the controller’s property and that of third parties, the protection of the economic interests and reputation of the controller, the purposes of initiating and conducting legal or arbitration proceedings or the security of the website www.gentec.cz.
Sending mass e-mail messages
GENTEC also finds it convenient to inform its clients about the most important events it organizes and news in its field of activity, or about, the services it offers (currently or newly). In this case, GENTEC may also process your personal data on the basis of its legitimate interests. Clients always have the option to refuse the sending of this information.
We process personal data both manually and automatically. Profilování nebo automatizované rozhodování neprovádíme.
Do you have to provide us with personal data?
When entering into a contractual obligation, the provision of personal data may be a contractual and legal requirement (in particular in connection with the accounting and tax legislation).
The provision of personal data in connection with entering into a contractual obligation is therefore a necessary requirement for the establishment of a specific legal relationship and the performance of the rights and obligations arising from it. Without the provision of personal data for these purposes, the contractual obligation cannot be concluded.
Whom do we transfer personal data to?
The performance of the contract involves the obligation to transfer the personal data to the financial administration or other public authorities (Police of the Czech Republic, law enforcement authorities, courts, etc.). If we do so, we are fulfilling our obligations under the relevant legislation.
Personal data may also be transferred to the GENTEC’s, contractual partners, such as an external service provider (accounting), a software administrator, a supplier of legal or insurance services, etc. If the contractual partner is in the position of a processor,GENTEC egal or insurance services, etc. If the contractual partner is in the position of a processor, GENTEC shall consistently ensure that all obligations under Article 28 of the Regulation are met.
GENTEC does not transfer personal data to any third country or any international organization.
We comply with the basic principles
When we handle personal data, we always respect : the basic principles, namely:
The principle of lawfulness, fairness, transparency
- we do not process personal data for no reason, we always have a reason (legal title) for processing
- our practices are fair, we act as we would like other data controllers to treat our personal data
- we will always provide you with more information about how your personal data is processed
The purpose limitation principle
- we do not combine the purposes of processing unless the data subject explicitly wishes us to do so
The data minimization principle
- we only process data that we absolutely need
- during processing, we check whether the personal data is missing or exceeding in the course of processing
The accuracy principle
- we always try to ensure that all data corresponds to reality
The storage limitation principle
- we only retain personal data for as long as necessary; if we no longer need the personal data, we delete it
The principle of integrity and confidentiality
- we secure the processing both organizationally (we carefully protect documentation and secure our premises) and technically (we ensure adequate IT security for computers and the network)
How long will we process personal data?
GENTEC stores personal data in accordance with the time limits set out in the relevant legislation or for the period necessary for the purposes for which the personal data are processed (generally 3 years).
Rights of the data subject
The data subject has the right to know as much as possible about the processing of its personal data. In practice, this may mean that you have the right:
To have access to personal data
- the controller will tell you, on request, whether it processes your personal data at all
- if yes, you can ask about what data and how the controller processes it, the source of the data, in short, all information about the processing of data about a particular data subject
To correct or complete your data
- if you discover that the controller is processing incorrect data, you can request a correction (subject, of course, to technical possibilities)
To request the erasure of your data
- If the controller no longer needs the personal data, it will comply with the data subject’s request for erasure
- if the controller is unable to comply with such a request, for example because the statutory deadline for archiving the relevant documents has expired, he or she will explain everything to the data subject
To restrict the processing of their personal data
- if there is a problem or dispute about the processing of personal data, we will restrict the processing of personal data until everything is clarified
To transfer your data elsewhere
- if we process personal data in the electronic form, you can request that we transfer the data to another controller (if this is possible in your particular case)
To object to the processing of your personal data
- if you do not consent to the processing of your personal data in respect of our legitimate interest, you may object
- if we do not demonstrate a legitimate interest, we will stop processing the personal data
We will process the data subject’s request free of charge within thirty days. If the request is complex, we may extend the time limit by sixty days. If the requests are repetitive or unreasonable, a fee may be required. However, we will always inform the data subject in advance.
To exercise these rights or to obtain further information regarding the processing of personal data, you can contact us at firstname.lastname@example.org.
Compliance with the rights and obligations arising from the Personal Data Processing Act and Regulation is supervised by the Office for Personal Data Protection, company ID: 70837627, with the registered office at Pplk. Sochora 27, 170 00 Prague 7, which can be contacted by mailing to email@example.com or by sending a data message to the data box qkbaa2n. Further information on the surveillance activities is available at https://www.uoou.cz/.
Are we going to change the policy?
If the circumstances regarding the processing of personal data change, we will modify this policy to ensure that it is always comprehensive and up-to-date.