GreMi KLIMA, s.r.o.

Information that must be provided by the controller to the data subject pursuant to Art. 13 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”), addressed to the controller´s customers and other data subjects.

1. Controller and its contact details:

Trade name:
Branch
GreMi KLIMA, s.r.o.
Registered office: J. A. Komenského 1386, CZ-399 01  Milevsko
Company Reg. No.: 07535694

E-mail: miroslava.mikova@gremi.com
Phone: +420 778 048 408

2. Information about personal data processing

     In this information about personal data processing, the controller describes why and how it processes the personal data of its customers and visitors to the controller´s website www.kontejnerovereseni.com/en.

3. Personal data

     The controller normally collects personal data directly from data subjects who provide such data.

    The controller processes the following categories of personal data:

    Basic identification data – serving for unambiguous and unmistakable identification of a data subject (such as the name and surname and/or trade name, date of birth, if provided, registered office or residence, and identification number).

    Contact details – telephone number, e-mail address, mailing address.

    Information from mutual communication – information from e-mails, recordings of phone conversations or other contact forms while communicating with the controller, content of the mutual communication, details of concluded contracts.

    Invoicing and banking details – they include especially information stated on invoices, information about agreed invoicing conditions, banking details and received payments.

    Cookies – refers to the measurement of the website traffic and creation of statistics concerning the traffic and behaviour of visitors on the website, which are specified here.

    Camera recordings – The controller processes the personal data of data subjects that are present on its premises also by means of the monitoring camera system in order to protect its legitimate interests, especially to protect the property and other values of the controller, therefore the processing of personal data is inevitable for meeting the purpose and the personal data are processed without the consent of the data subjects. Details of such camera recordings are always available in the controller´s branch.

4. The purpose of personal data processing, legal basis of processing, and categories of relevant personal data:

     The controller processes personal data for the following purposes:

     Performance and execution of a contract – The controller processes personal data of its customers as it is inevitable for the formation of a contractual relationship in selling the goods and services of the controller. The controller processes personal data without the customers´ consent in order to meet its obligations resulting from a contract of sale and other communication with them. Without providing such data, the controller cannot perform the contract with the buyer properly, so the controller cannot enter into the contract with the buyer.

    Compliance with statutory duties – These personal data are processed e.g. for bookkeeping purposes, and, by processing them, the controller meets its statutory duty resulting from special legal regulations, e.g. the Accounting Act, the VAT Act, etc., so their processing is inevitable.

    Protection of legitimate interests of the controller – The controller is entitled to protect its interests and process the basic identification data of data subjects also for these purposes, in particular: (i) to defend legal claims in court, out-of-court and execution proceedings, the legitimate interest being to prevent the occurrence of damage on the part of the controller, (ii) to send news related to the controller´s business activities and services, the legitimate interest being the formation and strengthening of the relationship with the controller´s business partners, (iii) to create internal statistics, models, records and overviews, the legitimate interest being the development and improvement of the controller´s services.

    Consent to personal data processing – in some cases, the controller processes personal data of data subjects on the basis of their consent, e.g. in sending newsletters. Data subjects are entitled to withdraw their consent at any time, e.g. by e-mail. However, even after the expiration of the period of time for which the data subject gave their consent to the processing of their data, or in case of the withdrawal of such consent, the controller is not obliged to delete all personal data and is entitled to keep data where it is enabled by its legitimate interest or law. If a data subject withdraws his/her consent, it shall not affect the legitimacy of the personal data processing prior to such withdrawal.

5. Recipients

      The controller provides personal data to processors, whom it has authorised to process personal data in writing, e.g. to providers of information systems and cloud platforms etc. The controller is entitled to provide personal data to public authorities, enforcement companies and other persons in order to assert its legal claim. At the same time, the controller states it does not provide personal data to entities in third countries, which do not guarantee the appropriate level of the protection of personal data.

     In particular, the controller provides personal data to the following entities:
– Marketing agency Zest Brand Group s.r.o., Chýnovská 148, Tábor – Měšice, 391 56, Company Registration No.: 08360685, Tax Registration No.: CZ08360685

6. Period for which the personal data will be stored:

The controller processes personal data of data subjects for the time inevitable for meeting the obligations resulting from the contractual relationship and until the purpose for which they are processed has been met, and also for meeting the duties resulting e.g. from legal regulations concerning the bookkeeping, registry etc. (accounting documents are kept for 10 years, orders for 3 years).

    Monitoring camera system recordings are kept for 5 days; in case of an incident related to damage to property and any other security incident, recordings are kept until it is investigated within the meaning of applicable legal regulations.

After the purpose of processing has been met and the period for which personal data are stored has expired, the controller shall arrange the destruction of personal data of the data subject; this does not apply when the personal data form part of a registry record.

7. Rights of data subjects:

In connection with the processing of their personal data, data subjects shall have the following rights:

a) The right to obtain confirmation as to whether or not the personal data concerning them are being processed, and where that is the case, to obtain access to the personal data and the information stated in this document.

b) The right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them and to have incomplete personal data completed.

c) The right to obtain from the controller the erasure of personal data concerning them where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and the period of time for which personal data are stored has expired.

d) The right to obtain from the controller restriction of processing if:

• the accuracy of the personal data is contested by the data subject for the period of verification of the accuracy thereof,
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims

e) The right to receive the personal data concerning them, which they have provided to the controller, and the right to transmit those data to another controller where the processing is carried out by automated means on the basis of a contract or consent, and it is technically possible.

f) The right to object to the processing of personal data concerning them which are processed on the grounds of the controller´s legitimate interests. The controller shall stop processing the personal data without undue delay unless the controller demonstrates compelling legitimate grounds for the processing which override the rights and freedoms of the data subject.

g) The right to lodge a complaint with the Personal Data Protection Authority if the data subject believes that the processing of his or her personal data by the controller is contrary to legal regulations for the protection of personal data.

h) The right to object to and to refuse to submit to a decision made by the controller, which would have legal effects or a significant impact on the data subject, if such a decision is made solely on the basis of automated processing of personal data. The controller states it does not carry out automated decision-making with legal effects for data subjects without the influence of human consideration.

i) If personal data have not been collected from the data subject, the data subject has the right to obtain the information about the source of his or her personal data, or the information whether the data have been collected from public sources.