Personal data processing principles TIC BRNO
Personal Data Controller:
TIC Brno, p.o., with its registered office at Radnická 365/2, Brno-město, Brno, Postcode 602 00; registration number: 00101460; entered in the Commercial Register kept by the Regional Court in Brno, File No. Pr 18 (hereinafter as the “Controller” or “TIC”)
The organisation has not assigned a data protection officer.
Legal framework for personal data processing
TIC processes personal data in accordance with EU law, especially Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), as well as international treaties binding on the Czech Republic, especially the Convention for the Protection of Individuals with Regard to Automated Processing of Personal Data (ETS 108, promulgated under no. 115/2001 Sb. m. s.), as well as national regulations, especially Act Number 101/2000 Coll., on the Protection of Personal Data and Changes to Some Acts, as amended (hereinafter referred to as the “Act”).
The lawful reason for the processing of your personal data is the fact that said processing is necessary to perform the contract between you and TIC, or to take steps necessary prior to entering into the contract pursuant to Article 6(1)(b) of the GDPR.
Where a contractual relationship has been established, TIC sends to its customers commercial communication related to the goods and services offered in order to carry out the legitimate interests of TIC in the form of direct marketing. TIC does not seek consent to the sending of said commercial communication, but it does allow customers to unsubscribe or to object to this form of processing.
So that it may carry out its legitimate interests, TIC processes personal data in order to process inquiry forms filled in by the Data Subject on the website of TIC. TIC does not seek consent to the processing of personal data for this purpose.
Regarding direct marketing by TIC without an existing contractual relationship, TIC is entitled to process your personal data solely with your consent.
Being a contracting entity for low-value public contracts, TIC also processes personal data of tenderers who are natural persons.
What categories of data do we process?
Performance of contractual obligations – included in the data processing is personal data that customers provide, at their discretion, during registration or the placing of an order or in the process of contract performance. These data typically include first name, last name, address, phone number and e-mail.
Contact forms on the website of the organisation and that of managed organisations: first name, last name and e-mail.
In the case of granting consent to TIC with the sending of commercial communication: first name, last name, e-mail.
In the case of job applicants: first name, last name, address, phone and e-mail.
Special categories of personal data (sensitive data) are not processed by TIC.
Purposes of processing of your personal data
The Personal Data Controller processes and retains the personal data of Data Subjects in relation to the provision of services of the former, within the meaning of the conditions stipulated by the legal framework, in particular Article 6(1)(a) and (b) of the GDPR, for the following purposes:
- contact and provision of information requested by the Data Subject (first name, last name and e-mail are used);
- fulfilment of contractual obligations (first name, last name, address, e-mail and phone number are used);
- keeping of database for direct marketing purposes (with the first name, last name, address, phone number and e-mail being given);
- direct marketing with the Data Subject’s consent (first name, last name and e-mail are used);
How long will we process your personal data?
Personal data will be processed for as long as the personal data is necessary for the mutual exercise of rights and fulfilment of obligations arising from the contractual relationship, i.e. while an order is processed, which includes the payment and delivery of the goods ordered, or the performance of the respective contract. TIC retains some data contained in its accounting documentation pursuant to the applicable law.
Commercial communication is sent while the consent to that effect exists. In the case of customers, said communication is sent unless unsubscribed, or unless the Data Subject objects to the processing of their data for this purpose. In any event, commercial communication is sent for a period of seven years, whereupon the organisation must seek renewal of the consent.
Any further personal data processing beyond the conditions referred to herein will only be done as long as it is necessary for the fulfilment of obligations arising from legal regulations applicable to TIC.
Once the purpose of processing has ceased to exist or the Controller no longer has a lawful reason for the processing of personal data, the Controller will erase the personal data.
Other information on personal data processing
Personal data of the Data Subject is processed manually by TIC employees.
Personal data of Data Subjects will also be processed by the following personal data processors:
- processors who provide Internet, server or cloud related services to the Controller;
- in the case of e-shop and goods delivers – Česká pošta, s.p. (Czech Post), company registration number: 47114983.
Rights of the Data Subject
The Controller hereby informs Data Subjects on the fundamental principles in accordance with the provisions of Article 13 et seq. of the GDPR according to which TIC, as the Personal Data Controller, handles your personal data.
The Data Subject will have the rights to obtain from the Controller confirmation as to whether or not personal data concerning them is processed, and where that is the case, access to the personal data will be granted to the Data Subject.
The Data Subject will have the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data or, taking into account the purposes of the processing, the Data Subject will have the right to have incomplete personal data complemented, including by means of providing a supplementary statement.
The Data Subject will have the right to obtain from the Controller the erasure of personal data of it is no longer necessary in relation to the purposes of processing, or where the Data Subject has withdrawn their consent to the processing, or where the Data Subject objects to the processing and where there exists no other legal reason for processing.
The Data Subject will have the right to obtain from the Controller restriction of processing if the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of said personal data, or where the Controller no longer needs the personal data for the purposes of the processing, but it is required by the Data Subject for the establishment, exercise or defence of legal claims, or where the Data Subject has objected to processing of their personal data.
The Data Subject will have the right to withdraw, at any time, their consent to personal data processing without any sanction. The Data Subject may do so in any manner using the aforementioned contact information of the Controller. The withdrawal of consent by the Data Subject is without prejudice to the lawfulness of processing based on the valid consent prior to withdrawal.
The Data Subject will have the right to lodge a complaint with the relevant supervisory authority if the Data Subject believes that processing violates the applicable regulations. In the Czech Republic, the relevant authority is the Office for Personal Data Protection.
The Data Subject will have the right to object to processing of their personal data related to them if processing is necessary for the purpose of a task carried out for reasons of public interest or the exercise of public powers entrusted to the Controller, where processing is necessary for the purpose of legitimate interests of the Controller or a third party, for the purpose of direct marketing or scientific or historical research or statistical purposes.
TIC hereby declares that the handling of personal data is fully in accordance with the applicable legal regulations. The Data Subject’s personal data is secured by TIC using appropriate technical and organisational measures.
All personal data in electronic form is stored in databases and systems accessed solely by persons who need to handle said personal data for the purposes stipulated in these principles, and only in the extent necessary. The access to this personal data is secured via password and firewall.
These rules are in effect as of 25 May 2018.