Information on the processing of personal data (Information Memorandum for Other Data Subjects)
With this document, we provide you, as a data subject, with information and instructions about your rights related to the processing of your personal data pursuant to Regulation (EU) No. 679/2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the "General Data Protection Regulation", abbreviated as "GDPR".
We assure you that we handle your personal data with due care and in accordance with applicable legal regulations. We protect your personal data to the maximum extent possible, which corresponds to the technical level of available means. Our company has strict rules that stipulate under what conditions and what personal data we can process.
Your personal data controller:
Firma: Hepos, spol. s r.o.
with registered office: Masarykova 753, Valašské Meziříčí
IČ: 46580549
tel.: +420 606 028 784
email: hepos@heposvm.cz
A personal data protection officer has not been appointed by the Controller.
It hereby declares and at the same time assures that:
1. acts as a personal data controller within the framework of business cooperation with its customers, i.e. data subjects, in relation to personal data that it has obtained directly or indirectly from data subjects;
2. when collecting and further processing personal data, it proceeds in accordance with applicable legal regulations, as well as with the relevant regulations of the European Union;
3. complies with the requirements of applicable data protection legislation and implements the requirements of the GDPR and related legislation; 4. has implemented appropriate technical and organizational measures to ensure and be able to demonstrate that processing is carried out in accordance with applicable and effective data protection legislation;
4. is aware of its full responsibility for the processing of personal data and the consequences associated with a breach of the obligations imposed on it as a personal data controller by valid and effective personal data protection legislation, represented in particular by the GDPR.
Personal data that we mainly process (customer/recipient, supplier, representative of a legal entity, natural person doing business):
1) identification data (name, surname, title, date of birth)
2) contact details (address of permanent residence, registered office and business premises, contact telephone number, e-mail address)
3) IČ
4) VAT number – personal identification number
5) job position
6) bank details and account number
7) other data necessary for the performance of the contract
We do not transfer personal data to any third country or international organization, and we do not plan to do so.
As a data subject, you have the following rights:
• request access to personal data that we process about you as the controller in accordance with Article 13, Article 14 and Article 15 of the GDPR
• request the correction or deletion of personal data within the meaning of Articles 16 and 17 of the GDPR,
• request restriction of processing of personal data pursuant to Article 18 of the GDPR • object to processing of personal data pursuant to Article 21 of the GDPR
• the right to the portability of your personal data pursuant to Article 20 of the GDPR
• the right not to be subject to automated decision-making, including profiling within the meaning of Article 22 of the GDPR
• withdraw your consent to processing at any time
• to be notified that there has been a breach of the security of his personal data within the meaning of Article 34 of the GDPR
• the right to file a complaint with the supervisory authority under Article 13, Article 14 and Article 15 of the GDPR, which is the Office for Personal Data Protection, Prague, Pplk. Sochora 27, 170 00 Prague 7
Exercising any of your rights under the GDPR: The exercise of your rights must be submitted in writing to our company headquarters, with your demonstrable identification and its authentication by an authorized employee.
We will provide you with the information to which you as a data subject are entitled upon your request, also at the company's registered office after proving your identity and authenticating it.
When submitting a request by post or email, the applicant will be informed that if they are not properly identified, the administrator will not be able to process their request.
When a request is sent via a data mailbox, it is assumed that the person using the data mailbox is properly identified for the purposes of submitting the request.
The administrator is obliged to process the request for access to information immediately, but no later than within 30 days.
Published by: Hepos, spol. s r.o., Ing. Petr Mašek
Release date: 14.11.2023
Effective from: 14.11.2023