1. INTRODUCTORY PROVISIONS
1.3. The personal data of the Data Subjects are processed in accordance with the applicable and effective legal regulations, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).
1.4. The Data Subject acknowledges that
- personal data can be processed in the Monday platform or in the controller's own database, depending on whether the client uses the platform or not.
- the Controller’s suppliers and contractors (the "separate controllers") may mediate the submission of the request on behalf of the Data Subjects. In this case, the separate controllers are obliged in accordance with Article 13 of the GDPR to inform the Data Subjects of the processing of their data that they have handed over to the Controller for the purpose of processing the application.
2. PURPOSES OF PERSONAL DATA PROCESSING THE PERSONAL DATA PROCESSES IN THE MONDAY PLATFORM AND THE CONTROLLER’S DATABASE
3. RETENTION PERIOD
3.1. The Controller retains the personal data of the Data Subjects for the period necessary to ensure all rights and obligations arising from the relevant legal relationship and for a further period for which the Controller is obligated to retain personal data under generally binding legal regulations. In other cases, the processing period is based on the purpose of the processing to which it must be proportionate, or it is determined by legal regulations on the protection of personal data or other regulations.
3.2. The overview table below shows the retention period for the personal data of Data Subjects:
For a period of 3 years from thenconclusion of the case.
3.3. The data subject acknowledges that the termination of the contract/agreement means the completion/conclusion of the request – provision of services.
3.4. The Controller is entitled to send commercial communications (newsletter) regarding similar services to an email address or by other means of electronic communication, unless the Data Subject has opted out of receiving such messages, while the Data Subject may do so by sending a message to firstname.lastname@example.org or at any later time via a link in each of the marketing e-mails sent.
4. RECIPIENTS OF PERSONAL DATA
4.1. The personal data of Data Subjects are made available only to the authorised employees of the Controller or the individual processors of personal data contracted by the Controller or to other recipients as separate data controllers such as state authorities, municipal authorities, consulates, etc.
4.2. The Controller uses the services of https://www.monday.com/. The personal data are stored outside the EU/EEA. The Controller has entered into a data processing agreement and contractual clauses with monday.com Ltd. who provides the computing services. The text of the data processing agreement and clauses are available here.
4.3. In the cases stipulated by law, the Controller is entitled or obligated to disclose certain personal data to public authorities or law enforcement authorities under the applicable and effective legal regulations.
5. RIGHTS OF DATA SUBJECTS
5.1. The Data Subject may exercise the following rights with respect to the Controller:
- The right to withdraw consent to the processing of personal data: if personal data are processed based on the consent of the Data Subject, the Data Subject may withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right of access to personal data: the Data Subject has the right to be informed of whether his/her personal data are being processed and, if so, to gain access to his/her personal data.
- The right to rectification of inaccurate or incomplete personal data: if the data subject believes that the personal data processed by the Controller are inaccurate, false, outdated or incomplete, he/she has the right (and in certain cases, the obligation) to request their rectification or completion. The Controller will rectify/complete the data without undue delay, taking into account the technical limitations.
- Right to erasure: in the case the Data Subject requests the erasure of data, the Controller shall erase his/her personal data if (i) the data are no longer necessary for the purposes for which they were collected, (ii) the processing is unlawful, (iii) the Data Subject objects to the processing and no overriding legitimate grounds for their processing exist, or (iv) the processing is not required by statutory obligation.
- Right to restriction of processing of personal data: if the Data Subject does not wish to erase the data but only temporarily restrict the processing of his/her personal data, the Data Subject may request the Controller to restrict the processing of his/her personal data.
- Right to data portability: if the Data Subject wishes for the Controller to transfer his/her personal data processed by the controller on the basis of the Data Subject’s consent or an agreement to a third party, the Data Subject may exercise his/her right to data portability.
In the event the exercise of this right could adversely affect the rights and freedoms of third parties, the controller will not be able to comply with such a request.
- Right to object: The Data Subject has the right to raise an objection to the processing of personal data that are processed for the purposes of protecting the legitimate interests of the Controller or third parties. If the controller does not prove that there are compelling legitimate grounds for the processing which take precedence over the interest or rights and freedoms of the Data Subject, the controller will terminate the processing based on the objection without undue delay. If the main substance of the Data Subjects objection is directed against the sending of commercial communications and targeting of advertising by the Controller, the link at the end of the last commercial communication (newsletter) received from the Controller can be used as a primary means of unsubscribing from such commercial communications and the processing of personal data for this purpose.
- The right to contact the Office for Personal Data Protection (www.uoou.cz).
5.2. The Data Subjects’ rights can be exercised in writing by a letter sent to the registered office of the Controller or by e-mail to email@example.com. The Controller reserves the right to reasonably verify the identity of the person requesting to exercise the rights in question.
5.3. In the event of repeated or manifestly unfounded requests to exercise the rights above, the Controller is entitled, in accordance with Article 12(5)(a) of the GDPR, to charge a reasonable fee for the exercise of the right in question, or to refuse to comply with such a right. The Controller shall inform you of such steps in advance.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org.