INFORMATION ON PERSONAL DATA PROCESSING AND PROTECTION
STARCAM s.r.o., Company ID No. (IČO): 27289729 (hereinafter referred to as the ‘Company‘),
informs you on the basis of Regulation of the European Parliament and of the Council EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR‘ or ‘General Data Protection Regulation’) and in accordance with it, informs you that
it will process employees’ personal data and, in connection with this, that
it will/may process your personal data for the reasons, purposes and under the conditions set out below.
The Company takes the protection of your personal data very seriously and complies with data protection legislation when processing it. All handling of personal data is governed by the GDPR and Personal Data Processing Act No. 110/2019 Coll.
These pages contain, among other things, valid identification data of the website operator and an updated list of customer contacts.
Purpose of the Information
This notice is given for the purpose of providing summary information to the Company’s contractual partners about the processing of their personal data, or the processing of personal data of their employees, workers, representatives and members of statutory (and possibly other) bodies by the Company.
Identification of Personal Data Processing, Controller, Data Subjects
The Company processes such personal data that is necessary for the proper implementation of its business activities, i.e., in particular for the activities of providing software, consulting in the field of information technology, data processing, hosting and related activities and web portals, advisory and consulting activities, processing of expert studies and reports, extracurricular education and training, organising courses, training, including lecturing activities, etc., including the procurement of goods and services, the conclusion and performance of contracts, i.e., information commonly shared in the context of business.
This mainly concerns the personal data of the contractual partners, but also the data of contact persons that has been communicated to the Company by the contractual partner.
The Company processes personal data to the extent that it is required to do so by law or to the extent that the processing is justified by its legitimate interests.
Personal Data Processed
The processed data includes, in particular, the business name of the contractual partner, or its name and surname, company ID number (IČO), registered office, data on persons authorised to represent it and its contact persons, i.e., name, surname, title, function, telephone number, e-mail address. If this is necessary for the implementation of the contractual relationship, data on the banking institution, its name and bank account number are also processed. Data on the contractual relationship and its implementation, such as data on the purchase and provision of services/goods, price payments, etc., are also processed. The Company processes, among other things, other data necessary for assessing the credibility of the business partner (e.g. information on the issuance of a bankruptcy decision, information on whether the person is on the list of internationally sanctioned persons, etc.).
Personal Data Controller, Contact Details
The Personal Data Controller is the Company, i.e., STARCAM s.r.o., company ID number (IČO): 27289729, registered office Havraň 137, postal code 434 40 Most 1, registered in the Commercial Register maintained by the Regional Court in Ústí nad Labem, under File Ref. C22814, the contact details for the Company (the Controller) are: (a) for written communication, the following address: STARCAM s.r.o., Havraň 137, Postal code 434 40 Most 1, (b) for communication in electronic form: dataprivacy@starcam.cz.
The Company’s representative for communication in matters of protection and processing of personal data will be the Local Compliance Officer or another employee (staff member) authorised in writing by the Company, which the Company will then inform the data subjects of in an appropriate form.
Purpose of Processing, Legal Title of Processing
The Company processes the personal data of its business partners for the purpose of carrying out its business activities. For this purpose, the provision of personal data is completely voluntary, but necessary for the contract to be concluded and performed. For the purpose of the proper implementation of contractual obligations, the Company also processes personal data of the contact persons of the contractual partners, or persons authorised by the contractual partner for certain negotiations and to represent the contractual partner within the framework of contractual relations. The Company processes personal data, inter alia, in connection with the processing of the accounting agenda, the fulfilment of tax obligations, for the purposes of fulfilling record-keeping, documentation and archiving obligations, the protection of the Company’s property, ensuring the functionality of the Company’s organisation and communication within the Company and with contractual partners, for statistical purposes, the maintenance of other records such as visitor books, incoming mail, etc. Furthermore, the Company processes data to protect its legitimate interests, such as monitoring the payment behaviour of its customers, etc. Another purpose of processing personal data may be marketing, in which case the Company processes the data mostly on the basis of the consent of the respective data subject, unless the processing of personal data is justified by another title. Personal data may also be processed in connection with the recruitment of new employees (implementation of selection procedures for filling vacant positions). If you participate in the selection procedure, you may be asked to consent to the processing of personal data in order to verify or obtain references from previous employers, public sources and public registers of legal and natural persons, in order to verify the truthfulness of the information provided and to prevent conflicts of interest with the Company’s activities.
Legal Basis of Processing
The data processing and privacy policy set out in this notice applies to all personal data collected by the Company during your use of the www.starcam.cz website (the ‘Website’) and furthermore, the processing of personal data is carried out under the following headings:
• fulfilment of a legal obligation (Article 6(1)(c) of the GDPR),
• performance of contracts to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR);
• on the basis of the legitimate interests of the controller (Article 6(1)(f) of the GDPR), or
• on the basis of consent of data subjects (Article 6(1)(a) of GDPR). The consent is completely voluntary and can be withdrawn at any time, either by email or in writing.
Sources of Personal Data
The Company obtains personal data either directly from its contractual partners, in the ordinary course of business, or from publicly available sources. These sources are mainly public registers (e.g. commercial register, trade register, insolvency register), records (e.g. land registry) or websites. The source of personal data may be, for example, in certain situations, government bodies and authorities, insurance companies, courts, CCTV footage taken by the CCTV system, but also other persons, customers, other suppliers and other contractors of the Company, etc.
Personal Data Recipients
The processing of personal data requires the transmission of personal data in some situations. Therefore, with the exception of authorities and public authority bodies, which are not considered recipients under the General Regulation, the Company transfers personal data to its processors, who are entrusted with specific processing on the basis of a duly concluded contract for the processing of personal data or a contract for the provision of services, in necessary cases and to the minimum extent. In justified cases, the recipient of personal data may also be the parent company, or the Company’s shareholders, or other companies in the group, professional advisors of the Company such as accountants, auditors, legal advisors and lawyers, other professional advisors of the Company, insurers, banking institutions, translators and interpreters, forensic experts, etc.
Period of Personal Data Processing, Disposal of Personal Data
The personal data of data subjects is processed for the period of time which, in relation to the purpose of the processing, results from the relevant legal regulation, if the processing is necessary for the fulfilment of a legal obligation to which the Company as the Controller is subject. The Company processes personal data for the entire duration of the contractual relationship and until the implementation of all obligations arising from or related to the contractual relationship. Furthermore, the Company keeps the personal data for a period required to protect their legitimate interests. If personal data is processed on the basis of consent to the processing, the personal data is processed for the period for which consent was given.
Within the Company there are rules applicable to the handling of personal data, which are known to the employees who handle such data. The Company ensures a high standard of IT security.
Once the purpose of the processing ceases or the period for which the Company is obliged to process the data expires, the personal data will be deleted or their processing will be restricted in accordance with applicable law.
Personal Data Update
The Company is only interested in processing personal data that is accurate. For this purpose, it will update it without delay, e.g., on the basis of information received from a contractual partner or data subject about a change in personal data, etc. In the event that the Company receives information about a possible change in personal data from another source, it will take measures to verify the accuracy and veracity of the information, e.g., by asking the data subject to whom the change in personal data is to apply.
Documentary and Electronic Records
The Company uses both paper and electronic records, such as filing cabinets, archives, information systems, data storage systems, etc., to process personal data.
Environment Safety
The Company places great emphasis on the security of personal data processing. It therefore takes technical and organisational measures to protect it. The Company is solely interested in using secure information systems and carries out ongoing checks to ensure security. In order to verify security, the Company may perform security testing of information systems, either internally or externally.
The Company has an interest in ensuring that the external entities to whom personal data will be transferred also provide the required protection. For this purpose, the Company signs appropriate data processing agreements with the processors who process personal data for it. In relation to other entities, the Company takes actions and acts to notify these entities of the need to protect the personal data provided during processing and to oblige these entities to protect personal data.
Data Subject Rights
In connection with the processing of personal data, each data subject whose personal data is processed by the Company has the following rights:
- right to obtain information on the processing of personal data – e.g. the identity and contact details of the data processor or their representative, the purpose of the processing, the personal data concerned, information on the transfer of personal data to third countries, the period of retention of personal data, etc.;
- right to have access to personal data – e.g. to confirm whether or not personal data is being processed and, if so, for what purpose, or to be provided with a copy of the personal data processed;
- right to withdraw consent – if consent to the processing of personal data has been given, it can be withdrawn at any time with future effect;
- right to rectification – if personal data has been processed incompletely or inaccurately;
- right to erasure – should it become apparent that the processing of personal data has been unlawful, the Company may be asked to restrict its use or destroy it altogether;
- right to restriction of processing – personal data may be marked in order to restrict its processing in the future
- right to data transfer – the Company may be requested to transfer personal data to another controller or processor if the personal data has been obtained directly from the data subject in a structured, commonly used and machine-readable format;
- right to object to processing – this includes objections to processing on the basis of legitimate interest, the performance of a task carried out in the public interest, processing for direct marketing purposes on the basis of legitimate interest and for scientific or historical research purposes or for statistical purposes
- right to lodge a complaint with the Office for Personal Data Protection – if the processing of personal data would be unlawful.
Requests for Confirmation of the Processing of Personal Data, Handling of Requests
A request for information and/or action to provide information may be made in writing or electronically to dataprivacy@starcam.cz, or verbally.
The Company shall issue a confirmation to the data subject within one month from the date on which the request is received by the data subject. The time limit shall begin to run on the day following the date of receipt of the request.
The confirmation will be issued in writing. The confirmation will be delivered in person or sent electronically to the data subject’s email address provided by the data subject for this purpose or sent via a postal service provider to the data subject’s address known to the Company no later than the last day of the period. If the confirmation is sent electronically, a recognised electronic signature is not required.
If the request is made by the data subject in electronic form, the information will also be provided to the data subject in the electronic form commonly used by the Company, unless the data subject requests a different method of processing their request. In such cases, the Company shall always take appropriate measures to verify the identity of the person who has submitted the request in electronic form, e.g., by telephone, SMS messages or, in particular if no other suitable method is possible, by personal identification, etc.
If the Company does not intend to comply with the request, it shall state the reasons for not doing so in its response to the request.
Technical and Organisational Measures
The Company takes the necessary and suitable technical and organisational measures in place to protect personal data. The Company takes measures to prevent accidental or unauthorised access to, alteration, theft, misuse, destruction or loss of personal data. The Company shall implement, both at the time of the designation of the means of processing and at the time of the processing itself, appropriate technical and organisational measures to implement data protection principles such as data minimisation in an effective manner and to incorporate the necessary safeguards into the processing. The Company implements appropriate technical and organisational measures to ensure that only personal data necessary for each specific processing purpose is processed by default. This obligation applies to the amount of personal data collected, to the extent of data processing including storage time and data availability. When implementing the measures, the Company takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons which are entailed in the processing.
Transfer of Personal Data to Foreign Countries
The transfer of personal data will respect the rules and conditions of the GDPR and the Personal Data Processing Act. As a member of the Mercedes Benz Group, the company uses IT system consolidation and personal data is / may be stored on servers in the Federal Republic of Germany. The Company does not transfer personal data outside the EU, EEA or to international organisations.