PODMÍNKY ZPRACOVÁNÍ OSOBNÍCH ÚDAJŮ / TERMS OF THE PROCESSING OF PERSONAL DATA.
CZ / EN

1. PERSONAL DATA CONTROLLER AND THE PURPOSE OF THE PROCESSING TERMS

1.1. The personal data controller is BAKOTECH s.r.o., Id No.: 24804983, with its registered office at Prague 10 - Hostivař, Štěrboholská 1434/102a, Postal Code 10200, Email: info.cz@bakotech.com (hereinafter referred to as the “Controller”).

1.2. The purpose of this document is to fulfil the information obligations of the Controller arising from the Regulation (EU) of the European Parliament and Council 2016/67, dated on April, 27 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ES (general regulation on the protection of personal data; hereinafter referred to as “GDPR“) towards the natural persons using login portal services which is operated on the Controller’s website: https://bakotech.cz/ (hereinafter referred to only as the ”Participant“ or the “Participants“).

2. PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

2.1. The processing of Participants’ personal data is done for the following purposes:

- organising marketing seminars and other events for the introduction and business presentation of the Controller, the BAKOTECH Group or a third party (legitimate interest);

- organising educational trainings (performance of a contract);

- handing over the Participants’ personal data to subjects presenting their products or performing trainings within the trainings and other events organised by the Controller (consent);

- interest in recruiting new clients and raising awareness of the services and activities of the Controller, the BAKOTECH Group or a third party (legitimate interest);

- sharing information of property-related entities within the BAKOTECH Group (legitimate interest);

2.2. The legal basis for the processing of Participants’ personal data is performance of a contract, legitimate interest and consent.

3. CATEGORIES OF PROCESSED PERSONAL DATA

3.1. The Controller performs the processing of Participants’ personal data within the scope of:

3.1.1. address and identification data: name, surname, telephone number, email.

3.1.2. descriptive data: organisation name, work position and department, the way in which the Participant has learned of the particular seminar or event.

4. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

4.1. The recipients of Participants’ personal data may include, in particular cases, entities of the BAKOTECH Group and subjects presenting their products or performing their training within the training or other events organised by the Controller.

4.2. In the case the personal data are in addition to the Controller processed also by the processors, it is on the basis of the contracts on the processing of personal data concluded in accordance with GDPR.

5. THE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

5.1. The Participants’ personal data are transferred by the Controller to Ukraine, to BKT Solutions se sídlem Office 12, 29-B Bulvarno-Kudriavska str., Kyiv, 01054, Ukrajina, registration number: 37930901 and further to Cyprus to SOLBER HOLDINGS LIMITED with its registered seat at Nicosia, Zinonos Kitieos, Kato Lakatamia 8, P.C. 2322, the Republic of Cyprus, registration number: HE 282306, where both mentioned companies are a part of the BAKOTECH Group.

5.2. The Controller informs the Participants that in relation to Ukraine, there is no European Commission decision to ensure a corresponding level of personal data protection. Nevertheless, Ukraine is a signatory to the Convention on the protection of individuals with regard to automatic processing of personal data of 28. 1. 1981 (Hereinafter referred to as the “Convention“), Ukraine ratified this international treaty on 30. 9. 2010, having been in effect in Ukraine since 1. 1. 2011. In the Czech Republic, the Convention was announced under No. 115/2001 Coll. m. s.

5.3. The transfer of Participants’ personal data to the territory of Ukraine is carried out under the conditions set out in article 46 GDPR where appropriate safeguards for the purposes of transferring personal data are provided through the standard clauses on the protection of personal data adopted by the European Commission that are available.

6. PERIOD FOR WHICH THE PERSONAL DATA WILL BE PROCESSED

6.1. The Participants’ personal data are processed for the duration of the Controller’s legitimate interest in the processing of personal data, no longer than 5 years from the date of their collection or until the Participants object to the processing. In the case of processing on the basis of the contract, the personal data are processed for the duration of the contract and for a period of 4 years from the date of termination of the contractual relationship. In the case of processing based on the consent, the personal data are processed for 5 years from granting of the consent to the processing of personal data or until revocation of the consent.

7. THE RIGHTS OF THE DATA SUBJECTS (THE PARTICIPANTS)

7.1. As a result of the processing of the Participants’ personal data, each Participant shall have the following rights:

7.1.1. right to access to his/her personal data from the Controller;

7.1.2. right to rectification of inaccurate personal data processed by the Controller about the Participant;

7.1.3. right to restriction of processing. Restriction of processing means that the Controller must identify the personal data whose processing has been restricted and may not process them for the duration of the restriction, except for their storage. The Participant has the right to restriction of processing if:

7.1.3.1. he denies the accuracy of the personal data for the time necessary for the Controller to verify the accuracy of the personal data;

7.1.3.2. the processing is unlawful and the Participant refuses the erasure of personal data, requesting instead the restriction of their use;

7.1.3.3. the Controller does not the need personal data for the purposes of processing anymore but the Participant request them to identify, exercise or defend legal claims;

7.1.3.4. the Participant has objected the processing which is referred to in point 7.1.7. of these terms until it is verified whether the Controller’s legitimate interests prevail over Participant’s interests, rights or freedoms;

7.1.4. right to erasure of personal data. The right to erasure of personal data pertains only to the personal data processed by the Controller for purposes others than meeting his legal obligation. The right to erasure is granted exclusively, provided that the personal data being processed are not necessary for the given purpose anymore, the processing is based on consent and this consent is revoked by the Participant, the Participant objects and there are no prevailing reasons for further processing, the personal data have been processed illegally, the Controller is obliged to do the erasure by law or when the personal data have been collected in relation with the provision of the information society services under Article 8, Paragraph 1 GDPR;

7.1.5. right to data portability. The Participant may request the Controller to provide him with the Participant’s personal data in order to hand them over to another data controller or to be handed over by the Controller to another personal data controller directly. However, the Participant, shall have this right only concerning the data processed by the Controller by automated means based on the consent of the Participant or a contract concluded with the Participant;

7.1.6. right to file a complaint with the Supervisory Authority, in the event the Participant assumes that the legal regulations on the protection of personal data have been violated by processing the personal data, the Participant may file a complaint with the Supervisory Authority at his domicile, place of employment or at place where the alleged violation took place. In the Czech Republic, the Supervisory Authority is Office for Personal Data Protection, having its registered office at plk. Sochora 27, 170 00 Prague 7, web: www.uoou.cz;

7.1.7. In the event the Controller process the Participant’s personal data for the purposes of his or other subject’s legitimate interests, the Participant may object anytime to the processing. The Participant may object at the Controller’s registered office or at his email address which are specified in paragraph 1.1 of these terms. Should the Participant object, the Controller is entitled to continue in such processing only if he proves justified reasons for the processing that prevail over the Participant’s interests or rights and freedoms and if the processing is necessary to determination, exercise or defend legal claims;

7.1.8. If the Controller processes Participant’s personal data for the purposes of direct marketing, the Participant has the right to object anytime to the processing of the personal data pertaining to him for this marketing, which includes also profiling, if it relates to this direct marketing. If the Participant object to the processing for the purposes of direct marketing, the personal data won’t be processed for these purposes any longer;

7.1.9. If the processing of personal data is based on consent, the Participant shall have the right to revoke this consent anytime, without further notice. The Controller declares that the revoking of the consent won’t have any negative consequences for the Participant. Consent can be revoked by a Participant by sending e-mail request to info.cz@bakotech.com.

8. THE METHOD OF PROCESSING AND PROTECTION OF PERSONAL DATA

8.1. The Participants’ personal data are processed, in particular, in Controller’s premises, subsidiaries and registered office by authorised Controller’s employee or processors. The processing is done by computing systems or manually in personal data in paper form.

8.2. The Controller has introduced proportional organizational and technical measures in accordance with Articles 24 and 25 GDPR in order to ensure the protection of processed personal data and the performance of the processing in compliance with GDPR.

9. FINAL PROVISIONS

These terms are also available at the Controller’s website: https://bakotech.cz/gdpr-en/