We always handle your personal data confidentially. We protect it carefully, comply with all applicable legislation, and keep you fully informed.
I. Definition of Key Terms
GDPR (General Data Protection Regulation)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier (such as a name, number, or network identifier) or to one or more specific factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data Subject
The data subject is the natural person to whom the personal data relates. Data subjects are not legal entities. Personal data can only pertain to a living natural person.
Processing of Personal Data
Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Personal Data Controller
The controller is the entity, regardless of its legal form, that determines the purposes and means of the processing of personal data and is primarily responsible for the processing. The controller processes personal data for purposes arising from its activities (e.g., legally mandated obligations, contractual obligations), but may also process data for its own designated purposes, such as legitimate interests, provided these do not override the interest in protecting the fundamental rights and freedoms of natural persons.
Any entity can be a controller. A natural person can also be a controller if they process personal data in a way that excludes the personal or household exemption, i.e., if their handling of personal data meets the definition of processing.
Personal Data Processor
A natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the controller.
II. Data controller
III. Personal Data Processors
In addition to the controller, personal data of employees may also be processed by:
- External payroll accountant
- Fleet vehicle manager
- Organizer or provider of training, language schools, or instructors, etc.
- Processors who provide us with server, web, cloud, or IT services – Perspectivo s.r.o., Company ID: 03162761, registered at Nádražnà 59/112, 150 00 Prague 5, recorded with the Municipal Court in Prague, Section C, File 228355.
For more detailed information on specific personal data processors, please contact the HR department or the administrative staff of the relevant division.
IV. Purpose of Personal Data Processing and Legal Basis for Processing
Personal data of website users
We do not track users on the website; we only receive personal data that users voluntarily provide.
The data provided is used to contact the user and provide the requested information. Additionally, it is used to fulfill contracts, i.e., to provide our services.
All personal data is processed in a lawful and transparent manner. We only require reasonable, relevant, and necessary data in relation to the purpose of processing.
We may use a name, surname, and email address to send marketing communications, meaning we may inform you about events or services we provide that we think may interest you.
Providing personal data for contract fulfillment or responding to queries or requests for information is a contractual requirement. Failure to provide such data may result in not forming a contract or not receiving a response to your queries.
You can refuse the processing of your personal data for marketing communications at any time, and it will not affect our other relations. Simply send us an email with your request to info@dekonta.cz or to the address from which we sent the communication.
If users contact us through the website, they may be asked to fill in the following information.
Inquiry form
- First and last name
- Company or institution name
- Telephone number
- Email address
Data we collect and process from all website visitors
Due to the nature of internet communication, it is impossible to avoid the use of certain network identifiers, such as IP addresses and cookies.
These are primarily analytical cookies that allow us to track user behavior on the website (which pages are visited, how long users stay, etc.). More details can be found in the cookies section.
Google Analytics
For website analytics on www.dekonta.cz, we use Google Analytics. We only collect data we consider necessary or beneficial for the development of our services.
Marketing Communications
We may use your name, surname, and email address to send marketing communications, meaning we may inform you about events or services we think would be useful to you.
Providing personal data to fulfill a contract or respond to queries is a contractual requirement. Failure to provide such data may result in not forming a contract or not receiving a response.
You can refuse the processing of your personal data for marketing communications at any time, and this will not affect our mutual relationships. Just send us an email to info@dekonta.cz or reply to the email from which we sent the communication.
Personal Data of Job Applicants
We process personal data:
a. To assess the qualifications for the job based on Article 6(1)(b) of the GDPR,
b. For future job offers based on consent in accordance with Article 6(1)(a) of the GDPR.
Personal Data of Employees
We process personal data:
a. To fulfill legal obligations, especially in relation to taxes, health and social insurance, and employment, based on Article 6(1)(c) of the GDPR,
b. For the conclusion and performance of employment contracts based on Article 6(1)(b) and Article 6(1)(f) of the GDPR,
c. In relation to training and qualification verification based on consent under Article 6(1)(a) of the GDPR,
d. For promotion and presentation based on consent under Article 6(1)(a) of the GDPR.
Personal data of individuals used to demonstrate compliance with qualification requirements (e.g., for public procurement) is processed for the purpose of demonstrating compliance with qualifications based on consent under Article 6(1)(a) of the GDPR.
Personal Data of Company Officers
We process personal data:
a. To exercise rights and fulfill obligations to company officers based on Article 6(1)(b) and Article 6(1)(f) of the GDPR,
b. For registration in the company register based on Article 6(1)(c) of the GDPR,
c. To fulfill legal obligations in relation to taxes, health, and social insurance based on Article 6(1)(c) of the GDPR.
Personal data of responsible representatives (under the Trade Licensing Act) is processed for registration in the trade register based on Article 6(1)(c) of the GDPR.
Personal Data of Suppliers and Clients
We process personal data:
a. To conclude and fulfill contracts based on Article 6(1)(b) of the GDPR,
b. To fulfill tax obligations based on Article 6(1)(c) of the GDPR,
c. To determine suppliers' interest in future cooperation based on Article 6(1)(f) of the GDPR.
We do not process personal data for marketing purposes nor perform personal data profiling.
To protect property, the company operates a camera system at the SlanĂ˝ premises.
For documenting the fulfillment of our obligations, we take photographic (and occasionally video) documentation, which may also capture our employees.
V. Duration of Personal Data Processing
We process personal data only for the necessary duration required to settle the relationships that have arisen. After this period, personal data is processed only if it is a legal obligation (legal archiving periods for accounting and tax documents, payroll records, meeting minutes, etc.), unless otherwise specified. Personal data of applicants who have consented to further processing is processed for a maximum of five years. Personal data of qualified professionals is processed for ten years. Personal data of suppliers is retained for the entire duration of the company's existence. Photographs and videos are kept for the entire duration of their intended purpose.
VI. Method of Personal Data Protection
We protect personal data to the highest degree from unauthorized access, transfer, and loss. Our data protection system includes the following components:
Electronic and Physical Security
We use the most modern IT systems and applications. All applications in use are secured with encryption, and access to them is protected by login credentials.
Procedural Security
Because we have thoroughly mapped out all operations involving personal data, we only collect the data that we truly need.
Personnel Security
All individuals who come into contact with personal data as part of their job responsibilities or contractual obligations are bound by a legal or contractual confidentiality obligation. This obligation continues even after their employment or contractual relationship with us ends.
Notice to data subjects
Right to withdraw consent for personal data processing
If personal data is processed based on consent, this consent may be withdrawn at any time by the following means:
- By email sent to the contact email address;
- By phone to our contact number;
- By letter sent to our mailing address.
Right to access personal data
The data subject has the right to request information on whether we process personal data. If we process the data, the data subject has the right to access this personal data and particularly the following information:
- The purpose of processing;
- The categories of processed personal data;
- Recipients or categories of recipients to whom the personal data will be disclosed;
- The period during which the personal data will be stored.
Upon the data subject's request, we will provide access to their personal data. A fee covering the costs of creating printouts or copies may be charged.
Right to rectification
If personal data is inaccurate or incomplete, the data subject has the right to request immediate correction, i.e., rectification of inaccurate data and/or completion of incomplete data.
Right to object to processing
The data subject has the right to object to the processing of personal data at any time if we process it for purposes other than those mandated by law. After raising an objection, we will cease processing the personal data for these purposes.
Right to erasure ("right to be forgotten")
The data subject has the right to request that we delete personal data if:
- The personal data is no longer necessary for the purposes for which it was collected or processed;
- Consent for processing has been withdrawn, where consent was the legal basis for processing;
- An objection to the processing of personal data has been raised under Article 21(1) of the GDPR, which has not been sufficiently refuted, or an objection has been raised under Article 21(2) of the GDPR;
- The personal data was processed unlawfully.
If there are no legal grounds for refusing deletion, we are obliged to comply with the request.
Right to restrict processing
The data subject has the right to request that we restrict the processing of personal data if:
- They contest the accuracy of their personal data;
- The processing is unlawful, and the data subject requests restriction instead of deletion;
- We no longer need the personal data for processing, but the data subject requires it for establishing, exercising, or defending legal claims;
- The data subject objects to the processing under Article 21(1) of the GDPR.
During the restriction of processing, we are only permitted to store your personal data; further processing is only possible with your consent or for legal reasons. If processing is restricted due to an objection to processing, the restriction lasts as long as necessary to determine whether we must comply with the objection. If processing is restricted due to contested data accuracy, the restriction lasts for the period required to verify the accuracy of the data.
Right to data portability
The data subject has the right to obtain personal data they provided in a structured, commonly used, and machine-readable format and to transfer it to another data controller.
Exercising data subject rights
The data subject may exercise their rights related to personal data through the provided contact information. The data subject has the right to contact the relevant authorities, especially the Office for Personal Data Protection (http://www.uoou.cz), which oversees the protection of personal data.
If your residence, place of employment, or the location of the alleged personal data protection violation is outside the Czech Republic in another European Union member state, you may contact the relevant supervisory authority in that member state.
Issue date: Jule 12, 2024
