Information memorandum on the processing of personal data
This information on the processing of personal data. They provide information in accordance with Act No. 110/2019 Coll. , the Act on the Processing of Personal Data (hereinafter referred to as the "PDPA") and Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").
We value the cooperation and trust with which you provide us with your personal data and therefore we take care of their security when processing them, we do not process more personal data than is strictly necessary and we keep them for the necessary period of time. In the following you will find the rules we follow, the purposes for which we process personal data, how we access personal data and who has access to your personal data.
Who is the controller of your personal data?
The controller of your personal data is the company teamIT s.r.o. , ID No.: 27257711, Antala Staška 510/38, Krč, 140 00 Prague 4, registered with the Municipal Court in Prague under file number C 108161 (hereinafter referred to as the "Controller").
Where can you find us and how do you contact us?
The main office is Antala Staška 510/38, Krč, 140 00 Prague 4
We are also the operator of the teamit.cz domain, where you can find current contacts and information. On our website, you will also find the current version of the information memorandum.
If you have any questions about the processing of personal data, please email firstname.lastname@example.org. If you wish to exercise your rights, further information can be found in the section "What are your rights and obligations in relation to the processing of personal data? ".
Important terms under the GDPR
The controller, in this case teamIT s.r.o., is the entity that determines the purpose and means of processing personal data, carries out the processing and is responsible for it. The controller may authorise or entrust a processor with the processing of personal data, unless a specific law provides otherwise.
Processor, natural or legal person, public authority, agency or other body which processes personal data for the controller
Central establishment (a) in the case of a controller with establishments in more than one Member State, the place where its central administration in the Union is located, unless decisions on the purposes and means of the processing of personal data are taken at another establishment of the controller in the Union and that other establishment has the power to enforce those decisions, in which case the establishment which took those decisions shall be deemed to be the central establishment; (b) in the case of a processor with establishments in more than one Member State, the place where its central administration in the Union is located or, where the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in relation to the activities of the establishment of the processor take place, to the extent that the processor is subject to specific obligations under this Regulation.
Personal data, any information about an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data of a special nature (formerly also "sensitive data") are a special group of personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person. Personal data, which by their nature are particularly sensitive in terms of fundamental rights and freedoms, deserve special protection as their processing could give rise to serious risks to fundamental rights and freedoms.
Processing, any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.
The database is an internal list of data about individuals and their personal data, maintained by the controller.
Profiling, any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or estimate aspects relating to his or her work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
A record, any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised, or divided by functional or geographical area.
Information society service , a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 (19).
Supervisory authority, an independent public authority set up by a Member State.
- Personal data are processed in a fair, lawful and transparent manner for the specific explicit purposes expressed
- Personal data are processed in a proportionate, relevant and limited manner in relation to the purpose for which they are processed
- Measures are taken to ensure that personal data are accurate and, where necessary, kept up to date
- Personal data are processed for the time necessary in relation to the specific purpose of processing.
- The processing of personal data is secured in a manner adequate to the purpose of the processing so as to ensure a level of security appropriate to any risks, including the implementation of sufficient organisational and technical measures so as to maintain integrity and confidentiality
- We provide clear information about the processing of your personal data
Cookies, in the HTTP protocol, refer to small amounts of data that the WWW server sends to the browser, which stores them on the user's computer. The browser then sends this data back to the server each time the same server is visited again. Cookies are commonly used to distinguish individual users, store user preferences, etc.
How do we process your personal data?
The company processes personal data manually but also partially automated using computer technology.
However, there is no automated evaluation or profiling with potential impact.
Personal data may be disclosed to authorised employees of the controller if necessary for the performance of the contractual relationship and if strictly necessary for the performance of their work and contractual obligations, and always only in the necessary and limited amount.
Personal data may be disclosed to processors with whom the controller has concluded a contract for the processing of personal data and, where applicable, to other persons in accordance with the law and the EU Regulation.
The processing of personal data shall be secured in an adequate manner proportionate to the purpose of the processing so as to ensure a level of security appropriate to the risks, including the implementation of sufficient organisational and technical measures to preserve integrity and confidentiality and, where necessary, availability.
At least the following means are used to secure your personal data:
- Restriction of accesses
- Password management, access control
- Encrypted drives and storage
- Antivirus programs
- Data storage rules
- Firewall with content control
- Lockers and storage spaces
- Restricted access areas
What personal data do we process?
As the Controller, we process the data you provide to us. This includes data provided by filling in one of the forms on the website, data from interviews, sent by e-mail or by telephone.
In particular name, surname, address, e-mail, telephone, professional CV and other data resulting from the communication . For some entities, payment data (account number, date and amount of payment, payment identifiers, data related to the business relationship - if it has already occurred).
We will provide you with an up-to-date list of the personal data we process in person at our address if you are interested.
What are "cookies"
The Administrator uses "cookies" on its website, which are stored on the visitor's computer and automatically recognise the visitor on the next visit. Cookies allow, for example, to adapt the website to the interests of the data subject or to store a username that does not have to be re-entered each time. If the data subject does not want his or her computer to be recognised, it is necessary to adjust the settings of the internet browser in such a way that cookies are deleted from the computer's hard drive, to block cookies or to set a warning before cookies are stored.
For what purposes, for how long do we process personal data?
We process personal data mainly for the purpose of concluding a contract and fulfilling contractual obligations and to conduct related communication with you. For this purpose, we process the following common personal data: name, surname, title, ID number, address, e-mail, telephone, or services received, contractual documents. In the case of our employees and cooperating entities, this may include: qualifications, authorizations, competencies, information about the OSH training carried out, driver training, or similar information. We process this personal data for the duration of the contractual relationship, up to a maximum of two years after its termination.
After the end of the contractual relationship, some data may then be retained for the purposes of compliance with legal obligations or for legitimate interest purposes.
We also process your personal data to comply with legal obligations. In particular, for bookkeeping, tax compliance and other legal obligations. For this purpose, we process in particular the following data: name, surname, title, ID number, address, account number, date and amount of payment made, services drawn and provided, scope of work performed. We process this personal data for the duration specified by the relevant legislation, but for a maximum of two years after the end of such obligation.
We may also process personal data for the purposes of protecting our legitimate interests. Legitimate interests can cover a range of situations. We will therefore inform you of the legitimate interests for which we process personal data. The legitimate interest is the protection and proof of our rights and legal claims, in particular from contracts entered into and/or harm caused. For these purposes, we process personal data for a maximum of five years after the end of the contractual cooperation or our last contact, if no contract has been concluded. This period is set in relation to the limitation periods for claims, taking into account that we may not become aware of any claim brought before a court immediately when it is brought by the other party. For these purposes, data from contracts and our communications with each other are stored.
The legitimate interest is also direct marketing and the offer of services. For sending commercial communications we will process the following personal data of our clients: name, surname, profession, e-mail. The sending of commercial communications is governed by Act 480/2004 Coll., and you can stop receiving these communications at any time by simply clicking on the link provided in the email.
Processing based on consent to the processing of personal data. If you enter your email address on our website to receive free information, tips and news, you consent to us sending you such information, tips and news by submitting the completed form.
Processing based on consent to the processing of personal data is also used if we want to retain your personal data in order to be able to offer you a job in the future. This is for the period of time for which you have given your consent to the retention/processing of your personal data.
You can withdraw your consent at any time. However, if we also process some of your personal data on the basis of another legal title, we will continue to process your personal data for these purposes even after you withdraw your consent, as consent is not required for these specific purposes.
Categories of personal data concerned
For individual purposes, we process only the strictly necessary categories of personal data. Typically, contact, address, billing, job reports, CVs, interview notes.
Transfer of personal data to third countries
We do not process your personal data using services provided by companies outside the European Union.
Who else processes your personal data?
We have written contracts with processors, which agree on data protection obligations to keep your data safe.
We will provide you with an up-to-date list of such processors upon request. As of the date of this Information Memorandum, our processors are:
LMC s.r.o. ID: 26441381, operator of JOBS.CZ, operator of the teamio.cz application
Microsoft s.r.o. ID: 47123737, Office 365
Google Czech Republic, s.r.o. ID: 27604977, Google Workspace
What are your rights and obligations in relation to the processing of personal data?
The subject is obliged to provide only true and accurate personal data to the controller and to inform the controller of any changes.
The subject is obliged to provide the controller with verification of the data provided.
The subject has rights to request access to his or her personal data from the controller.
The subject has the right to rectification of the personal data provided.
The subject has the right to have the personal data provided erased.
The subject has the right to restrict the processing of personal data.
The data subject has the right to data portability.
The data subject has the right to object.
If the consent of the subject is required for the processing of personal data, the subject may withdraw it at any time, according to the rules set out below.
The subject may exercise his or her rights:
In person at the company's main office during working hours: 10-16, after proving the identity of the data subject.
By email: email@example.com, from which consent was granted or was entered during registration and is in the applicant's control. Further verification of the applicant's identity may be required.
By post (signature must be officially certified).
The data subject (user) has the right to lodge a complaint with the supervisory authority if he/she believes that the processing of personal data by the association violates the legal regulations on personal data protection. You can lodge a complaint with the supervisory authority - the Office for Personal Data Protection, Pplk. Sochor 27, 170 00 Prague 7, www.uoou.cz.
Duties of the administrator
The controller has the right to verify the truthfulness and accuracy of the personal data provided.
The controller is obliged to provide the data subject with information on the scope and manner of the personal data provided, if the data subject so requests. The controller shall do so without delay and within 30 working days at the latest.
The administrator has the right to charge a fee in case of repeated and unjustified requests.
The controller shall provide the information in electronic form, unless the data subject requests otherwise.
Information at the end
If you have further questions about the processing of your personal data, you can contact us at firstname.lastname@example.org. You can also exercise your rights directly by sending a message to this email or by sending a written request to our address listed in this document.
The Administrator may change or supplement the wording of the Information on the processing of personal data.
All information herein is for informational purposes only and may not always be complete or accurate.
The current version of this document can always be found on the teamit.cz website.
This information on the processing of personal data is part of the general terms and conditions.
This document takes effect on the date of publication on 22 September 2022 and cancels all previous documents on the processing of personal data (Information Memorandum or data provided remotely pursuant to Section 8 of the ZOU).