Dear Clients,
this document contains basic information about how we process your personal data. It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
The controller is the person who, alone or jointly with others, determines the purposes for which and decides how personal data will be processed.
The controller of your data is
PELERMA CENTRAL EUROPE S.R.O., ID No. 10826700, with registered office at Havelská 500/25, 110 00, Prague 1,
You can contact the controller via the following contacts:
We process your personal data for the following purposes:
1. ensuring the conclusion and subsequent performance of a contractual obligation between the controller and you (Article 6(1)(b) GDPR). Such a relationship gives rise to other legal obligations and the controller must therefore also process personal data for this purpose (Article 6(1)(c) GDPR);
2. marketing purposes, in order for the controller to best tailor the offer of its products and services and commercial communications about them to your needs, for which purpose the controller obtains your unambiguous consent (Article 6(1)(a) GDPR);
3. the protection of its legitimate interests (Article 6(1)(f) GDPR), which is to ensure the protection of the data you have entrusted to us for processing, the protection of our property.
Providing personal data to the controller is generally a legal and contractual requirement. With regard to the provision of personal data for marketing purposes, which does not constitute the fulfilment of a contractual and legal obligation of the controller, your consent is required. If you do not consent to the controller processing your personal data for marketing purposes, this does not mean that the controller will refuse to provide you with its product or service under the contract as a result.
Our legitimate interests include, in particular, the proper performance of all contractual obligations, the proper performance of all legal obligations, the protection of our business and property and, last but not least, the protection of the environment and ensuring sustainable development.
The lawfulness of the processing is determined by Article 6(1) of the GDPR, according to which processing is lawful if it is necessary for the performance of a contract, for the fulfilment of a legal obligation of the controller, for the protection of the legitimate interests of the controller or if the processing is based on the consent you have given us.
The lawfulness of the processing is also based, for example, on Act No. 563/1991 Coll., on accounting, according to which invoicing data is processed and stored, Act No. 89/2012 Coll., Civil Code, according to which the controller defends its legitimate interests, or Act No. 235/2004 Coll., on value added tax.
We process the following personal data:
1. basic identification data - name and surname, or name and address of the company and its VAT number and VAT number for self-employed persons,
2. contact details - telephone number and email address (this is your unique identifier for us)
3. information about the services we provide to you
4. information about our communications with each other - information from emails, phone records or contact forms
5. billing and transactional information - this includes information appearing on invoices, agreed billing terms and payments received
6. location data - the addresses you provide to us for the performance of services
3.1. Source of personal data
Personal data has been obtained directly from you, in particular from completed forms, communications between us or contracts entered into.
In addition, personal data may also come from publicly available sources, registers and records, such as the commercial or trade register.
3.2. Processing time
Information that we are required to keep based on the time limits set by legislation is kept for the period of time specified in the law (this applies in particular to accounting documents).
We keep other contract information for 5 years from the end of the contract or handover of the goods, and we dispose of the documents supplied for each contract immediately after handover of the goods.
We dispose of your identification, contact and communication records for 5 years after the last contact between us.
Personal data processed for marketing purposes only will be processed until consent is withdrawn, for a maximum of 7 years.
After that period, personal data will be securely and irretrievably destroyed so that it cannot be misused.
3.3. Data transmission
Within the limits of the law, we must disclose personal data to government authorities, such as tax authorities, courts, law enforcement agencies.
We will also pass on the necessary personal data (address, contact person and their telephone number) in the case of using contractors - transport companies or suppliers of postal services, or other subcontractors.
These subcontractors may include other companies in the group PALERMA CENTRAL EUROPE s.r.o.
In the processing of goods and services, we then use various systems that we have mostly installed at our facilities. If this is not the case and the system is operated by an external supplier, we have concluded appropriate contracts with them and we make sure that they also take care of your data with due responsibility and in accordance with the GDPR.
We also use external suppliers to send us business offers via email and SMS, to whom we only pass on the absolutely necessary data (name, email, phone number).
We ensure that all processors process your personal data securely and in full compliance with GDPR.
We will not transfer personal data to countries outside the European Union or the European Economic Area, or to any international organisation.
In connection with the processing of your personal data, you are guaranteed the rights described in this article. You can exercise them by contacting the controller at the above-mentioned contacts, either by sending an email to the addresses listed or by writing to the address of the company's registered office.
All communications and statements regarding the rights you have exercised are provided by the controller free of charge. However, if the request is manifestly unfounded or unreasonable, in particular because it is repetitive, the controller is entitled to charge a reasonable fee taking into account the administrative costs involved in providing the requested information. In the event of a repeated request for copies of the personal data processed, the controller reserves the right to charge a reasonable fee for administrative costs for this reason.
The controller will provide you with a statement and, where appropriate, information on the measures taken as soon as possible and within one month at the latest. The administrator is entitled to extend the deadline by two months if necessary and in view of the complexity and number of requests. The administrator will inform you of the extension, including the reasons for it.
4.1 Right to information about the processing of your personal data
You are entitled to request information from the controller as to whether or not personal data is being processed. If personal data are processed, you have the right to request information from the controller, in particular about the identity and contact details of the controller, its representative and, where applicable, the data protection officer, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients of the personal data, the authorised controllers, a list of your rights, the possibility to contact the Office for Personal Data Protection, located at pplk. Sochora 27, 170 00 Prague 7, about the source of the personal data processed and about automated decision-making and profiling.
If the controller intends to further process your personal data for a purpose other than that for which it was collected, it will provide you with information about this other purpose and other relevant information before the further processing.
The information provided to you in exercising this right is already contained in this document, but this does not prevent you from requesting it again.
4.2 Right of access to personal data
You are entitled to request information from the controller as to whether or not your personal data is being processed and, if so, you have access to information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the period of retention of the personal data, information about your rights (rights to request from the controller rectification or erasure, restriction of processing, to object to such processing), the right to lodge a complaint with the Data Protection Authority, information on the source of the personal data, information on whether automated decision-making and profiling takes place and information concerning the procedure used as well as the significance and foreseeable consequences of such processing for you, information and safeguards in the event of transfer of personal data to a third country or an international organisation. You have the right to be provided with copies of the personal data processed. However, the right to obtain this copy must not adversely affect the rights and freedoms of others.
4.3 Right to rectification
In certain situations, you generally have the right to have your personal data rectified. However, in the case of CCTV footage, this right is not relevant.
4.4 Right to erasure (right to be forgotten)
In certain specified cases, you have the right to request that the controller erase your personal data. Such cases include, for example, that the data processed is no longer necessary for the purposes mentioned above. The controller deletes personal data automatically after the period of necessity has expired, but you can contact the controller at any time with your request. Your request will then be subject to an individual assessment (despite your right to erasure, the controller may have an obligation or legitimate interest to retain your personal data) and you will be informed in detail about the processing of your request.
4.5 Right to restriction of processing
The controller will only process your personal data to the extent necessary. However, if you feel that the controller is, for example, going beyond the purposes for which it processes personal data as set out above, you may submit a request that your personal data be processed solely for the strictly necessary lawful purposes or that the personal data be blocked. Your request will then be subject to an individual assessment and you will be informed in detail about the processing of your request.
4.6 Right to data portability
If you wish the controller to provide your personal data to another controller or another company, the controller will transfer your personal data in an appropriate format to the entity you have designated, provided that no legal or other significant obstacles prevent it from doing so.
In the case of CCTV footage, this right is not relevant.
4.7 Right to object and automated individual decision-making
If you become aware or believe that the controller is processing your personal data in breach of the protection of your private and personal life or in breach of the law (provided that the personal data are processed by the controller on the basis of a public or legitimate interest, or are processed for direct marketing purposes, including profiling, or for statistical purposes, or for purposes of scientific or historical interest), you may contact the controller and ask it to explain or rectify the deficiency.
You can also object directly to automated decision-making and profiling (in the case of CCTV footage, there is no automated decision-making and profiling, so this right is not relevant).
4.8. Right to lodge a complaint with the Office for Personal Data Protection
You may at any time contact the supervisory authority, namely the Office for the Protection of Personal Data, with your complaint or suggestion regarding the processing of personal data, with its registered office at Pplk. Sochor 27, 170 00 Prague 7, website https://www.uoou.cz/.
4.9. Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time, either by filling in the form on the website or by sending a revocation to the e-mail or address of the controller's registered office or by using the link in the e-mail communication.
If you entrust us with the processing of documents containing personal data or if we process an order for which the personal data of other persons is necessary (preparation of various events, production of personalised materials, etc.), then we are in the position of a processor in relation to this personal data.
When carrying out the order, we then act in full compliance with the client's instructions. These are usually part of the contract or order for more complex orders.
We process the documents for such orders (which may contain personal data) for as long as necessary and delete/destroy them after the order has been completed (within 30 days of handover, unless there are any problems).
This document is valid from 1 June 2021 and may be updated at any time. The current version will always be published on the Company's website.
