According to Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Regulation on the Protection of Personal Data (hereinafter referred to as "GDPR")
In accordance with the principle of transparency, we hereby inform you as our job applicants, employees, contractors, visitors, and other persons about the processing of your personal data and your rights.
1. Information about the data controller
KASPER CZ s.r.o.
with its registered office at Ječná 550, Poříčí, 541 03 Trutnov
Company ID: 252 77 839
(hereinafter referred to as "Controller")
2. Contact information for personal data protection
More information about personal data protection under GDPR can be obtained at:
Phone: 499 827 300
Email: podpora@kaspercz.cz
3. Purpose of processing and legal basis, categories of personal data
The purpose of processing personal data is to fulfill the legal obligations of the Controller (employer) arising from the employment relationship with the employee and generally binding legal regulations towards relevant authorities and bodies. In the case of processing images by a camera system, it is also to protect the property of the Controller against theft, as well as ensuring the safety of the Controller's employees and third parties. For suppliers and customers, the purpose of processing is the proper performance of the contract. We process personal data both in written and electronic form.
We process the following data about employees:
Based on fulfilling the legal obligation of the Controller, we process your identification and contact details serving for your unambiguous and unmistakable identification (title, first name, last name, birth number, date of birth, permanent residence address, or contact address), as well as data enabling contact with you (telephone number, email address) or data of a special category regarding your health status (e.g., medical examinations, sick leave, vaccinations, testing).
Based on our legitimate interest, we then process your image using a camera system, and in the case of using a company vehicle with GPS, your coordinates for the purpose of keeping a travel log, protecting vehicles against theft, preventing fare evasion, etc. Based on your consent, in the form of a declaration, for approved private trips with a company vehicle.
If no other legal reason is fulfilled, we process personal data based on the freely given consent of the data subject for one or more specific purposes (e.g., consent in accordance with § 84 and 85 of the Civil Code). Photographs, video recordings, and personal expressions intended for publication, e.g., on the Controller's website and social networks, are processed only based on explicitly granted consent.
Using the camera system, we capture the likeness of other data subjects: guests, visitors, and suppliers, also based on the legitimate interest of the Controller.
For suppliers, we also process contact details within the contractual relationship for the purpose of fulfilling the contract, for customers including inquiries and orders.
4. Description of categories of recipients
The above-mentioned personal data of data subjects may be provided to public authorities and other entities in connection with fulfilling the rights and obligations of the Controller established by law, to providers of maintenance for the Controller's information system, as well as to private entities in the context of securing insurance, catering, and other needs of persons according to point 3 in the course of the Controller's business activities.
The processing of personal data is carried out by the Controller. However, the processing of personal data may also be carried out for the Controller by processors with whom the Controller has concluded a personal data processing agreement under Article 28 of the GDPR and who provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR, including the condition of mandatory confidentiality of all its involved employees.
Personal data will not be provided to recipients from third countries or international organizations.
5. Information about planned timelines for the deletion of individual categories of personal data
Personal data will be processed for the duration of the employment relationship and after its termination will be handled in accordance with applicable legal regulations, especially Act No. 499/2004 Coll. (Archive and File Service Act and amendments to certain acts) and GDPR.
If the processing of personal data is based on the consent of the data subject, personal data will be deleted without undue delay after the purpose for which these data were processed has been fulfilled, or without undue delay after the consent has been revoked by the data subject.
Records from the camera system are automatically deleted after 14 days.
6. Information about rights under GDPR
These are your rights:
Right of access = the right to request the Controller at any time to confirm whether personal data concerning you is being processed and if so, the right to access your personal data and the information mentioned in Article 15 of the GDPR
Right to rectification = the right to request the Controller at any time to rectify personal data
Right to erasure ("right to be forgotten") = the right for the Controller to erase personal data, particularly in cases where such data are no longer needed for the purposes for which they were collected or otherwise processed, or where there is a withdrawal of consent to their processing unless there is a legal reason preventing it
Right to restriction of processing = the right to request the Controller at any time to restrict the processing of personal data if the accuracy or legality of their processing is disputed
Right to data portability = the right to receive data in a structured, commonly used and machine-readable format, if the processing is based on consent or a contract and is carried out automatically
Right to object = the right to object at any time to the Controller against the processing of personal data if the processing is carried out on the basis of legitimate interest on grounds relating to your particular situation
Right not to be subject to automated individual decision-making = the right not to be subject to any decision based solely on automated processing, including profiling, except for cases of machine evaluation of exam results, testing, etc.
Right to withdraw consent = the right to withdraw consent to the processing of personal data at any time if consent is the legal basis for processing
Right to lodge a complaint = the right to lodge a complaint with the Office for Personal Data Protection at any time, www.uoou.cz