Information for Data Subjects about Processing Personal Data
Pursuant to Article 12 and Directive , the Controller of personal data: HESTEGO a.s., Na Nouzce 470/7, 6982 01 Vyškov, ID: 63475073 (hereinafter referred to as the "Controller“) is providing the Data Subjects the below stated information about processing personal data.
A Data Subject is a natural person, whose personal data are processed by the Controller.
If necessary, the Data Subjects may contact the Controller at:
Mailing address: HESTEGO a.s., Na Nouzce 470/7, 682 01 Vyškov
Data post box address: skacexj
E-mail address: email@example.com
Telephone number: 517 321 011
The Controller is not obliged to name a representative for the protection of personal data. The Data Subjects may contact the Guarantor for the protection of personal data in all matters related to processing their personal data and execution of their rights based on this Directive. Below is the contact for the Guarantor for the protection of personal data:
Title, name, surname: Mgr. Eva Vavrouchová
E-mail address: firstname.lastname@example.org
Processing personal data is primarily done for the purposes of business and marketing activities.
The Controller processes personal data based on legal processing pursuant to Article 6(1)(f) of the Directive, monitored to the extent necessary to defend its legal entitlements when fulfilling tasks related to the business activity. Processing personal data based on the consent of the Data Subjects is done exclusively for the purpose defined in the consent. The Data Subject is always informed of this purpose before granting the consent.
The legal basis for processing is facts stated in Article 6(1)(f) .
The Controller processes the following categories of personal data:
- Name of company, name, surname, e-mail address, telephone number, profession, company address
The personal data are acquired from the Data Subjects, from public sources (ie. Commercial Registers, ARES - especially for verification of correctness of already processed personal data) and from other sources (especially from the Kompas databases).
The recipients of personal data are subjects, to whom the Controller undertakes to provide personal data based on relevant generally binding legal regulations, possibly other authorized subjects with regard to the specific processing. Recipients of the personal data are not subjects, whose activity is not related to the activities and services provided by the Controller, unless the Data Subject has expressed consent.
The Controller does not intend on handing the personal data over to third countries or international organizations.
The personal data are saved for the period defined by the generally binding legal regulations, if such processing is saved or enabled. In other cases, the period of saving personal data are defined as the period necessary for the application of rights or legitimate interests of the Data Subjects, the Controller, third parties or as the period necessary to defend the legal claims of the Controller, possibly third parties. The period of saving personal data are also defined by the relevant requirements of European Union regulations, especially in the area of providing grants. When defining the period of saving personal data, all aspects of the given processing and interests of the Data Subjects are taken into consideration.
In cases, when the processing of personal data is based on the fulfilment of legal obligations and its provision is a legal requirement, the Data Subject is obliged to provide the personal data. If the personal data are not provided, it is not possible to fulfil the legal requirements, which could lead to thwarting the acts performed. If providing personal data is a contractual requirement or a requirement, which must be included in a contract (does not deal with the fulfilment of legal obligations), if the provision of personal data of the Data Subjects is refused, this could result in the fact that the contract will not be concluded. However, the Controller does not make the conclusion of the contract conditional upon receiving this personal data from Data Subjects that are not necessary for the proper conclusion of the contract.
There is no automated decision-making within the scope of processing personal data.
The Controller does not use profiling.
The Controller does not process the personal data that is directly shared by the Data Subjects for any other purposes than for the purposes that the Data Subjects were informed about at the time of handover. If the Controller intends to process this data for other purposes, the Controller shall inform the Data Subjects about the purpose and other information necessary for the application of his / her rights before the Controller begins processing the personal data.
Furthermore, the Data Subject has the following rights:
- In cases, where processing is based on Article 6(1)(a) of the Directive or Article 9(2)(a) of the Directive, so the processing of personal data is done with the consent of the Data Subject, the Data Subject has the right to withdraw the consent at any time, without affecting the lawfulness of processing based on the consent granted before the withdrawal.
- File a complaint at the Office for Personal Data Protection.
- Based on Article 15 of the Directive, the right to access the personal data and the right to receive a confirmation from the Controller regarding whether or not the personal data concerning the Data Subject are or are not processed. If the personal data are processed, the Data Subject has the right to access this personal data and information regarding its processing.
- Based on Article 16 of the Directive, the Data Subject has the right to ask the Controller to immediately correct incorrect data or add incomplete personal data concerning the Data Subject.
- The right to ask the Controller to immediately delete the personal data concerning the given Data Subject pursuant to Article 17 of the Directive.
- The right to ask the Controller to restrict the processing of personal data as stated in Article 18 of the Directive.
- Upon the Data Subject's request, the Controller undertakes to inform the Data Subject about the recipients of the personal data based on Article 19 of the Directive.
- Under the conditions stated in Article 20 of the Directive, receive personal data concerning the Data Subject and provided to the Controller in a structured, commonly used and machine readable format and the right to handover this data to another Controller.
- Under the conditions stated in Article 21 of the Directive, the right to object to the processing of personal data concerning the Data Subject.
- Under the conditions stated in Article 22 of the Directive, not be the subject of any decision exclusively based on automated processing, including profiling, which has legal effects on the Data Subject because it similarly mutually affects the Data Subject.
- Based on Article 34(1) of the Directive, the Controller must inform the Data Subject of any breach of security concerning his / her personal data, which results in high risks to his / her rights and freedoms. The Controller does not have this obligation if any of the conditions defined in Article 34(3) of the Directive are applied.
Please fill in your personal data on the next page so that we can cooperate with you.