GDPR - Terms and information about personal data processing
1. Introductory Provisions
1.1 The company CEE Fresh Food Logistics s.r.o., company ID no. (IČ): 253 606 47, registered in Nemilany 301, 783 01 Olomouc, registered in the Commercial Register maintained by the Regional Court in Ostrava, C 15292 (hereinafter referred to as the “Controller”) shall state in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) these terms and personal data processing information (hereinafter referred to as the “Terms”) relating to the processing and protection of personal data.
1.2 The Controller processes personal data of its customers and business partners in the course of its business activity, whereas this personal data processing is governed by these Terms.
1.3 The Controller processes the personal data of the natural persons who conclude purchase contract with it or who place orders with it, in which they act as the buyer or the service ordering entity - business partners or Controller’s customers (hereinafter referred to as the “Subject”).
1.4 The Controller did not appoint a data protection officer.
1.5 The Controller’s contact information is as follows:
Delivery address: Nemilany 301, 783 01 Olomouc
Email address: firstname.lastname@example.org
Telephone: +420 585 433 251
2. Personal Data
2.1 The Controller is entitled to process only the personal data of the Subject, which the Subject itself provides to it and which is necessary for concluding the agreement in question between the Controller and the Subject, or possibly for bookkeeping or fulfilling another statutory duty of the Controller or for the purposes of fulfilling the authorized interests of the Controller.
2.2 The Controller processes the following personal data of the Subjects:
a) The name and surname of the natural person,
b) The delivery address, the address of the place of business,
c) Contact details - telephone number and e-mail address
(hereinafter jointly referred to as “Personal Data”).
3. Use of the General Principles for the Protection of Personal Data
3.1 In processing the personal data of the Subjects, the Controller shall, inter alia, observe the following rules, which are further specified by these Terms:
a) The principle of legitimacy
The Controller processes the personal data of the Subjects in order to fulfil the contract, to which the data subject is a party and in order to fulfil its legal obligations.
b) The principle of proportionality
When processing the personal data of the Subjects, the Controller proceeds in such a way that the principle of proportionality (reasonable nature) is respected. The method of processing personal data is proportionate especially if the given purpose cannot be achieved in a different way, which the Controller always tries to achieve.
c) The principle of transparency
The personal data of the Subjects are processed in as transparent of a way as possible. To that end, the Controller shall also comply with these Terms governing the manner, extent and other conditions for the processing of the personal data of the Subjects.
d) The principle of integrity and confidentiality
Personal data of the Subjects are processed in a manner that ensures that personal data is properly protected so that it cannot be misused, tampered with, accidentally lost, destroyed or damaged.
e) The principle of restricted storage
Personal data of the Subjects are kept only for the time necessary or set by the law, and after the expiration thereof, it must be destroyed completely.
f) The principle of data quality
The Controller shall make every effort to ensure that the processed data is flawless and complete.
4. Processing and Security of Personal Data
4.1 All processing of personal data of the Subjects is carried out in accordance with legal regulations.
4.2 The legal basis for the processing of personal data comprises
a) The performance of the contract, to which the Subject is a party,
b) The fulfilment of the legal obligation, which relates to the Controller,
c) The fulfilment of the legitimate interests of the Controller.
d) The protection of the vital interests of the Subject.
4.3 If personal data is to be processed for other legitimate reasons and for purposes other than those specified in clause 4.2 of these Terms, the consent of the data subject is necessary for such processing.
4.4 All documents containing the personal data of the Subjects are suitably technically and organizationally secured and kept in the premises of the Controller and are accessible only to a limited number of Controller’s designated employees, not to third parties, except those who are contractually bound with the Controller by the contract for the processing of personal data (auditing companies, persons ensuring security of the Controller’s premises, IT support, insurance intermediaries, labour and medical services doctor, advertising companies to promote the Controller’s companies, etc.). However, these persons are required to protect personal data in the same way as the Controller.
4.5 The Controller processes personal data in both electronic and printed form.
4.6 The Controller processes the personal data in the following ways:
e) Using for specified purposes,
f) Erasure and destruction.
4.7 Personal data that is stored electronically in the internal software is protected against third party access and possible misuse by access passwords that are regularly changed. The computer screen will lock in case of inactivity after 15 minutes. Physical electronic data carriers are protected against unauthorized access by third parties, and personal data stored on media is also protected by antivirus and security copy systems.
4.8 Personal data kept in a printed form is protected against access of third parties by restricted access by persons designated by the Controller and by other technical and security measures, in particular by physical security in the Controller’s locked areas out of the reach of unauthorized persons.
4.9 In the event of personal data being leaked by the Subjects, or if such leakage is threatening by a breach the personal data security, the Controller shall notify this fact to the supervising authority within 72 hours of becoming aware of it.
4.10 There is no automatic processing of personal data by the Controller.
5. Rights of Data Subjects
5.1 The data subjects are according to applicable laws entitled to certain rights governed by this Article of the Terms and are also recorded in a clear table annexed as Annex 1 to these Terms.
5.2 The Subject has the right to information on the processing of its personal data pursuant to Article 15 (1) of the GDPR, such as, for example, about which personal data and in which extent the Controller processes, the purpose for which it is processed, the length of time it is stored and to whom it is accessible. This information may be obtained on request from the Controller’s email address referred to in Article 1.5 of these Terms.
5.3 The Subject has the right to access personal data processed by the Controller. This right may be exercised by the Subject at the email address of the Controller referred to in Article 1.5 of these Terms.
5.4 The Subject has the right to lodge a complaint with the supervisory authority if it has doubts that the processing of personal data by the Controller is contrary to the law.
5.5 The Subject has the right to rectification and completion of erroneous or incomplete personal data, if it warns the Controller of such deficiencies at the Controller’s email address mentioned in Article 1.5 of these Terms, the Controller shall rectify the error or complete the data.
5.6 The Subject has the right to have its personal data destroyed completely; this right may be exercised at the email address of the Controller referred to in Article 1.5 of these Terms if at least one of the following reasons is given:
a) Personal data is no longer required for the purposes, for which it was collected or processed,
b) Personal data has been processed unlawfully,
c) Personal data must be erased in order to comply with legal obligations,
d) The Subject withdraws the consent, under which the personal data was processed.
5.7 The Subject has the right that the Controller limits the processing of personal data if:
a) The Subject denies the accuracy of the personal data for the period necessary to enable the Controller to verify the accuracy of the personal data,
b) The processing is unlawful and the Subject rejects the erasure of personal data and instead seeks to limit the use thereof,
c) The Subject has raised an objection to processing until it is ascertained whether the legitimate reasons of the Controller outweigh the legitimate reasons of the Subject,
d) The Controller no longer needs personal data for processing, but the Subject requests it for the determination, exercise or defence of legal claims.
6. Term of Personal Data Storage
6.1 The Controller is authorized to process the personal data of the Subject referred to in Article 2.2 of these Terms for 10 years from the date of their provision to the Controller, in accordance with applicable law; in case of the issuance of a tax document containing this personal data for 10 years after the end of the tax period, in which the performance took place. In the event of the conclusion of a purchase contract, the Controller is entitled to store and process the personal data of the Subject for the term of the purchase contract and for the next 10 years following the date of termination of this contract and fulfilment of all obligations arising therefrom. When determining this period, the Controller shall ensue from the maximum length of the limitation period for the possible exercise of the mutual rights of the Controller or Subjects resulting from the concluded purchase contract.
6.2 At the end of the period specified in Article 6.1 of these Terms, the Controller will destroy the personal data of the Subject unless it is necessary for the Controller to process the personal data of the Subject, for example to protect the legitimate interests of the Controller or to comply with a legal obligation.
7. Hand-over of Personal Data
7.1 The Controller shall only transfer the personal data for processing to the third parties referred to in Article 4.4 of these Terms.
8. Final Provisions
8.1 These Terms and Information on personal data processing are effective from 25 May 2018.
8.2 Annex 1 to these Terms is formed by the table of rights of the Subjects.
8.3 These Terms will be regularly updated.
8.4 These Terms are available in written form at the Controller’s registered office and electronically on the intranet of the Company.
How do we process your personal data?
The company CEE Fresh Food Logistics s.r.o., IČ: 253 606 47, se sídlem Nemilany 301, 783 01 Olomouc, kontaktní email: email@example.com (“CEE FF Logistics”) cares about the protection of your personal data, so please read how CEE Logistics processes your personal data, how it handles it and how it protects it.
We process your personal data if you are a business partner, customer, or visitor to the CEE FF Logistics website.
Which of my personal data do you process?
Especially those that we need to fulfil a contract concluded based on your order, such as your identification data, such as your name, surname, postal address or permanent residence address, telephone number and e-mail address.
How long will you store my personal data?
Under the applicable legal regulations, we are required to keep, for example, tax documents for 10 years from the end of the taxable period, in which the transaction took place. Even after delivery of the goods to your address, it is therefore necessary to keep your personal data due to, for example, withdrawal from the contract, claim, claiming damages, for a period of 10 years from the conclusion of the contract. Therefore, for example, we cannot always erase your personal data immediately after your request for erasure of your personal data.
Can my personal data be misused?
We have taken all possible measures to prevent misuse or leakage of your personal data. Your personal data can be accessed only by a limited number of persons subject to confidentiality obligations, your personal data is appropriately organizationally and technically secured, i.e., the computer technology is protected by access passwords and antivirus system, in written form your personal data is protected by physical security, i.e. in locked premises out of reach of unauthorized persons. Therefore, leakage or misuse your personal data should not occur.
Do you hand over my personal data to any other persons?
To ensure operation of our company, we pass on some of your information to external persons who help us secure the company’s operations and who are required to protect your personal information in the same way we do, i.e., in accordance with applicable law.
Do I have any rights in relation to the personal data processing?
Of course, you are entitled to all the rights granted to you law. You have the opportunity to request us to tell you how we process your personal data and access this data. If you suspect that we are processing incomplete or incorrect personal data, you may request remedy. If you suspect that we are violating the law or any other applicable regulations when processing your personal data, you have the option to file a complaint with the Office for the Protection of Personal Data. If you have any questions or information, please, contact us at the above mentioned email address. Below the text of this statement you will also find an overview table with your rights.
Where do I learn more information about the personal data processing and my rights?
Further information on processing your personal data is available on request at the email address firstname.lastname@example.org
The sheet of legal reasons