Information on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council General Data Protection Regulation (GDPR)
Robotive s.r.o. fully respects the privacy of individuals and takes a responsible approach to the processing of personal data. In accordance with applicable data protection legislation, we inform you how we process personal data. The legislative framework for the protection of personal data consists of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain acts (hereinafter referred to as the “Personal Data Protection Act”).
The Controller is the company Robotive s.r.o., Pulická 695, 518 01 Dobruška, Czech Republic, ID no: 04723651, registered in the Commercial Register of the District Court of Hradec Kralove, Entry No. C 46588 (hereinafter referred to as the “Controller”).
Contact details of the Controller:
Tel.: +420 722 112 063
Definition of Basic Terms
Personal data is data relating to an identified or identifiable natural person who can be identified directly or indirectly. A data subject is any natural person whose personal data is processed.
The processing of personal data for individual purposes and legal basis for processing personal data
i. Ordering of services or goods and conclusion of a sales contract, including pre-contractual relations and the related subsequent payment, delivery of services or goods.
The scope of the processed personal data is defined by the service contract or the purchase contract, in particular: the customer’s name and surname, billing address/supply address, contact details (telephone number, e-mail address), data on the goods purchased or services provided and data related to payment for the goods.
The legal basis for the processing of personal data is the performance of a contract to which the data subject (the customer) is a party or to take pre-contractual measures at the request of the data subject pursuant to Article 6 1(b) of the GDPR.
The provision of personal data is necessary for the conclusion and proper performance of the contract.
Without the provision of true information, the contract in question cannot be concluded and/or duly performed. Personal data are processed for the duration of the contractual relationship or for the duration of the exercise of legal claims.
ii. Accounting and tax purposes
Personal data is processed to fulfil obligations arising from accounting and tax regulations to the extent provided for by applicable legislation.
The legal basis for the processing of personal data is the fulfilment of the legal obligations of the Controller within the meaning of Article 6 1(c) of the GDPR.
The processing of personal data is carried out without the consent of the data subject, as the processing of personal data is provided for by a specific regulation.
iii. Register of applications for employment
For the purpose of registering job seekers, the Controller processes personal data in the scope of documents sent (CV, cover letter, certificates, confirmations) by the data subject, in particular name and surname, title, residential address, telephone number, e-mail address and other data provided by the job seeker. The legal basis for the processing of personal data is the consent given by the data subject pursuant to Art. 1(a) of the GDPR. The provision of the data subject’s consent to the processing of his or her personal data is voluntary. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. Without the consent of the data subject, that person cannot be included in the register of job seekers. The personal data is kept for 5 years after the consent is given or until the consent is withdrawn by the data subject.
iv. Running social media profiles (Fan Pages)
In order to promote the sale of the Controller’s products and services, as well as to use the social networking environment as a communication channel with the customer or potential customer, the Controller manages its profiles on social networks (Facebook and Instagram). The legal basis for the processing of personal data is the legitimate interest of the Controller, in accordance with Art. 6 1(f) of the GDPR. The legitimate interest of the Controller is mainly to raise awareness of the Controller’s services and products. The personal data are stored until the moment of removal of the post from the social network by the data subject, removal of the post by the Controller, or. until the data subject objects to the processing or until the data subject’s request to delete his or her personal data from the Controller’s profile is received. The Controller may provide information about the use of the website, or. activity on the Controller’s profiles on social networks can be used in aggregate form for statistical analyses of website traffic (social network accounts), for the purpose of improving the content and user experience of visitors to the website or the Controller’s accounts on social networks.
v. Information systems and website security
In order to ensure the safe and reliable operation of the information systems and the website of the Controller, online identifiers are processed (e.g. IP address, cookies), which, in certain circumstances, may be personal data. The legal basis for the processing of personal data is the legitimate interest of the Controller pursuant to Article 6 1(f) of the GDPR. The legitimate interest of the Controller is to ensure the information security of the operated systems. The processing of personal data for the above purpose is a legitimate requirement of the Controller. The retention period of these personal data is determined by the system settings of the individual information systems.
Recipients of personal data
The personal data of the data subjects are processed by authorized employees of the Controller, who are bound by confidentiality and have been trained in personal data protection. For the purpose of contract performance, personal data is also provided to our contractual partners in the field of accounting and transport of goods (courier and transport companies). At the request of the data subject, the Controller shall provide data on which processors are involved in the processing of the personal data of the data subject. Furthermore, the personal data of the data subjects may be disclosed to public administration bodies and state authorities pursuant to specific regulations. When managing the Controller’s profiles on social networks, the Controller of the specific social network also has access to the data. Further information on individual social network operators can be found on the website of the specific social network.
Transfer of personal data to third countries and analytics
The personal data is not transferred to a third country and personal data is not subject to automated individual decision-making or profiling. Retention period of personal data The Controller shall retain personal data for the following periods:
- for the duration of the contractual relationship and for the duration of the limitation period of the related claim,
- fulfilment of the purpose of the processing of personal data,
- the duration of the legitimate interest of the Controller,
- the period laid down by special regulations.
Rights of the data subject
As a data subject, you have the following rights under the GDPR:
Right of access – you have the right to be provided with a copy of the personal data we process about you, as well as information about how we use your personal data. Your personal data will be provided to you in the same form as you have requested, if technically possible.
Right to rectification – we take reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. If you believe that the information we hold is inaccurate, incomplete or out of date, please do not hesitate to ask us to amend, update or supplement this information.
Right to erasure (to be forgotten) – you have the right to ask us to erase your personal data, for example, if the personal data we have collected about you is no longer necessary for the fulfilment of the original purpose of processing. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain legal and regulatory obligations, which means we may not be able to comply with your request.
Right to restriction of processing – in certain circumstances you are entitled to ask us to stop using your personal data. For example, if you think that the personal data we hold about you may be inaccurate or if you think that we no longer need to use your personal data. Right to data portability – in certain circumstances you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right of portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party.
Right to object – you have the right to object to processing based on our legitimate interests. If we do not demonstrate compelling legitimate grounds for processing personal data which override the interests, rights and freedoms of the data subject or the defence of a legal claim, and you object, we will no longer process your personal data.
The right to file a petition for the initiation of a personal data protection procedure – if you believe that we are processing your personal data unfairly or unlawfully, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, www.dataprotection.gov.sk.
Right to withdraw consent – if the processing of personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on the consent given before its withdrawal.
You can exercise these rights:
- electronically by sending an e-mail to: firstname.lastname@example.org;
- in writing to: Robotive s.r.o., Pulická 695, 518 01 Dobruška, Czech Republic.