Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the information of data subjects (hereinafter referred to as "GDPR")
1. Personal data controller BRAND CONCEPT s.r.o. with registered office at F. X. Procházky 162/9, Brandýs nad Labem 250 01, ID No.: 24784753 VAT No.: CZ24784753, a company registered in the Commercial Register maintained by the Municipal Court in Prague under letter C, insert 174003, (hereinafter referred to as the "Controller") hereby informs you about the processing of your personal data and your rights in accordance with Article 12 of the GDPR.
2. Scope of processing of personal data
Personal data are processed to the extent that the relevant data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes in accordance with applicable law or to fulfil the controller's legal obligations.
3. Sources of personal data:
directly from data subjects
wholesale
distributor
publicly accessible registers,
lists and records (e.g. commercial register, trade register, land register, public telephone directory, etc.)
4. Categories of personal data subject to processing:
address and identification data used to uniquely and unmistakably identify the data subject (e.g. name, surname, title, birth number, date of birth, permanent address, identity document number, gender, ID number, VAT number) and data enabling contact with the data subject (contact data - e.g. contact address, telephone number, fax number, email address and other similar information)
descriptive data (e.g. bank details, date)
other data necessary for the performance of the contract
5. Categories of data subjects:
customer of the controller
service provider
another person who has a contractual relationship with the controller
6. Categories of recipients of personal data:
Processor
state, etc. authorities in the performance of their statutory obligations under the relevant legislation
7. Purpose of the processing of personal data
the purposes contained in the data subject's consent
the negotiation of a contractual relationship
performance of the contract
protection of the rights of the controller, the recipient or other persons concerned (e.g. recovery of claims of the controller)
archival records kept on the basis of the law
the fulfilment of legal obligations by the controller
protection of the vital interests of the data subject
8. Method of processing and protection of personal data
The processing of personal data is carried out by the controller. The processing is carried out at the controller's premises, branches and headquarters by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, in the case of personal data in paper form, manually, in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the right of privacy of data subjects and shall comply with applicable data protection legislation.
9. Duration of processing of personal data
In accordance with the time limits set out in the relevant contracts, in the controller's filing and shredding system or in the relevant legislation, this is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legislation.
10. Instructions
The controller shall process data with the consent of the data subject, except in cases provided for by law where the processing of personal data does not require the consent of the data subject.
In Brandýs nad Labem 1.1.2023