Information regarding the processing and protection of personal data for employees of business partners, for customers and for suppliers of Cement Hranice, akciová společnost
1. Who is responsible for the data processing and who can I contact?
The data controller is:
| společnost Cement Hranice, akciová společnost email: Protection.Data@cement.cz |
|---|
Our Data Protection Officer can be contacted at:
| Data Protection Officer of Dyckerhoff GmbH |
|---|
2. What data do we process about you?
We process personal data that we receive during the course and development of our busi-ness relations, or those that are necessary to meet our obligations arising from the contrac-tual relationship. These include, for example, master data, contact data, organisational data, contract data, billing data, and any recorded data, which we receive from you directly or from sources that are publicly available, as well as information databases and credit agencies.
In addition, we process data that you provide to us voluntarily, such as your date of birth.
3. What is the legal basis and what are the purposes for the processing of your data?
We process your personal data in compliance with the General Data Protection Regulation (GDPR), the Czech data protection laws and all other relevant legal provisions. Processing is carried out:
a. to comply with contractual obligations (Article 6 para. 1 b GDPR)
Personal data is processed for the execution of the respective contractual relationships and related contractual obligations (e.g. delivery, billing, quality assurance, etc.).
b. after weighing up interests (Article 6 para. 1 f GDPR)
Where necessary, we process your data beyond the extent required to fulfil our contractual obligations, in order to safeguard our legitimate interests and those of third parties.
Examples:
- Video monitoring to safeguard property rights, occupational safety and quality assurance
- Measures to ensure IT security and data protection compliance
c. based on consent (Article 6 para. 1 a GDPR)
Provided that you have consented to our processing of your personal data for specific purposes (e.g. identity credentials, customer information), the processing is deemed to be lawful based on your consent. Any consent given may be withdrawn at any time. Withdrawing consent does not affect the lawfulness of the data processed up to the withdrawal.
d. based on legal requirements (Article 6 para. 1 c GDPR)
That includes fulfilment of legal obligations in compliance with obligatory legal regulations.
4. Who receives your personal data?
Within our company, access to your data is only granted to those offices that require them to fulfil our contractual and statutory obligations. With respect to forwarding your personal data to recipients outside our company, offices
receive the data if contractual or statutory provisions dictate this (e.g. accountants, auditors). In addition, we avail ourselves of the support of service providers, known as “data processors”, depending on the occasion and in each case based on appropriate agreements. This may also include Group companies.
5. Are your data transferred to any third country?
No personal data are transferred to third countries. If, however, we forward personal data in the future to offices in countries outside the European Economic Area (EEA), we will only forward them provided the third country has
had an appropriate level of data protection confirmed by the EU Commission, or provided other suitable data protection guarantees are in place (e.g. an agreement with the standard contractual clauses of the EU Commission).
6. How long will your data be stored?
We process and store your personal data for as long as required to fulfil our contractual and statutory obligations (in particular in accordance with commercial law and tax legislation). In this regard, it must be noted that the retention period varies according to the purpose of the data processing. If the data are no longer required to fulfil contractual or statutory obligations, they are erased or anonymised on a regular basis.
7. What are your data protection rights?
Every data subject has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to objection pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. In addition, you have the right to complain to the competent supervisory authority. Furthermore, you may contact our aforementioned Data Protection Officer at any time. You may withdraw consent granted to us for the processing of personal data at any time. Please note that withdrawal only has future effect. Any processing that occurs prior to the withdrawal is not affected by this.
8. Are you obligated to provide your personal data?
Within the scope of the contractual relationship, you must provide the personal data that are required to record and execute the contract and to fulfil the contractual obligations associated with it, or which we are legally obliged to collect. Without these data, as a rule, we will not be in a position to conclude or execute the contract with you.