Principles of personal data processing at Software602 a.s.
1. Document purpose
1.1. The purpose of this document is to provide basic information on the principles of personal data processing, adopted by our company to provide compliance with EU regulation 2016/679 (hereinafter referred to as the “GDPR”).
1.2. Our company has taken all the steps necessary to provide security and confidentiality of the data processed and to meet all the obligations required by the laws of the Czech Republic.
2. Basic information
2.1. Software602 a.s., with registered office at Hornokrčská 15, Praha 4, identification number: 63078236, entered in the commercial register at the Municipal Court in Prague, section B, entry 3004, is a personal data controller to the visitors of the www.602.cz website, customers, clients, employees and selected contract partners.
2.2. In compliance with the GDPR, our company observes the following rules when processing personal data:
- Lawfulness, correctness and transparency – We only process the data when there is a legitimate reason (e.g. obligation by law, contract fulfilment, protecting our interests, protecting the interest of third parties or consent granted by the data subject). We process the data in a transparent way and inform the data subjects how we process the data, who has access to it and what their rights are.
- Purpose limit – We only collect personal data for specific, explicitly expressed and legitimate purposes (see above).
- Data minimization – We only process personal data to the extent and in the scope necessary for the given purpose.
- Exactness – We only process current personal data that match reality.
- Limited storage – We do not keep personal data for a longer time than is necessary and legal.
- Integrity, confidentiality – We adopted sufficient technical and organizational measures to protect the transferred, stored or otherwise processed personal data from random or unlawful destruction, loss, modification or being provided or made available unlawfully.
- Responsibility – We are always ready to provide evidence of observing the rules given in paragraphs above
2.3. We process most of the personal data with the purpose to meet obligations required by law and to fulfill contracts with our clients. This involves in particular personal data necessary to enter into and fulfill a contract, especially identification and contact details (title, name, surname, address, birth date, national identifier if needed, company name, registered office, place of business, identification number, e-mail address, bank details).
2.4. The data subject is duly informed when entering into contract about the principles of personal data processing and accepts that the Collector is authorized, in compliance with the current legislation, to provide the personal data to other processors or possibly collectors.
2.5. If we process personal data for other purpose than meeting obligations required by law, it is a processing of personal data for which we need explicit, free, specific, and informed consent of the data subject. This is the case especially when processing personal data for marketing purposes and the client is informed of the scope of processing in advance in every such a case. Providing such consent is completely voluntary and the data subject can revoke the consent any time or make use of other rights described in the consent.
3. Technical and organizational measures
3.1. The company adopted measures necessary to provide security of processed personal data both in their physical and electronic form. These measures include in particular setting the rules for handling the corresponding information systems, making sure that the systems for automatic processing of personal data are only used by authorized persons, that these persons only have access to personal data that corresponds to these persons' authorization, taking electronic records that allow determining and verifying when, by whom and for what purpose the personal data was acquired or otherwise processed and preventing unauthorized access to data storage devices, using especially password settings, access permissions, encryption, creating documentation for technical and organizational measures adopted, improved security by installation of locks, etc.
3.2. All employees and persons who have access to personal data as part of our activities are duly trained and acquainted with the regulations for security and confidentiality when handling personal data.
4.1. The legal basis for full use of data from cookies is the user's consent, acquired by default from the user's browser settings. If the device is used by more than one user, it is assumed that the user agrees with the device settings, otherwise they would adjust the settings.
4.2. Similarly the end device can be set by an employer at a workplace and the employee accepts the fact, although they would prefer different cookie settings.
4.3. Consent is not required for cookies necessary to provide operation of websites and internet services.
4.4. According to the GDPR, processing of data acquired from cookies is processing of personal data.
5. Passing the data to third parties and abroad
5.1. We only pass the personal data to third parties in cases when required by law (mandatory reports to public administration bodies) or, in the scope necessary, to selected suppliers who provide us some services needed to provide services to our clients. We have clearly defined contractual relationships with all such parties and all suppliers meet the required regulations for processing personal data in the scope and with parameters required by the GDPR.
5.2. We pass the personal data abroad in a clearly defined scope with the purpose to provide services to our clients, and that only to our selected suppliers, and all subjects involved are always informed of such passing.
6. Security incident reporting
6.1. We have adopted a system of reporting any security incidents. In the case of any data leak we take steps in compliance with the GDPR to minimize possible damage and, in the events when prescribed, we submit the corresponding reports to the Office for Personal Data Protection (www.uoou.cz).
7. Contact details
7.1. If you believe we process personal data in conflict with privacy protection or in breach of law, especially if the personal data is inaccurate considering the purpose of their processing, you can send us an objection or request an explanation. In such cases do not hesitate to contact us anytime by phone at: +420 222 011 602 or by e-mail at firstname.lastname@example.org.