Declaration on the processing of personal data
Business name Mike.M Property s.r.o., Company ID No.: 118 67 434, with its registered office at Kaprova 42/14, Staré Město, 110 00 Prague 1, as the personal data controller, hereby informs about the manner and scope of personal data processing by this company, including the scope of the data subject's rights related to the processing of their personal data by the company.
The company processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealed Directive 95/46/EC (General Data Protection Regulation).
Purpose and scope of personal data processing:
The Company as a personal data controller (hereinafter also referred to as the 'Controller') collects, processes and stores personal data of the data subject in connection with the performance of its activities under the conditions and within the limits set by the applicable legislation for the following purposes:
- Conclusion and implementation of a contract to which the data subject is a party
- The scope of processing is represented by address and identification data (usually title, name, surname, date of birth, address of the subject), or bank account number.
- Fulfilling the legal obligation of the controller
- Obligations of the controller under the legislation
- The scope of the processing consists of address and identification data (usually title, name, surname, date of birth, birth number, birth name, place of birth, address of the data subject, email address)
- Business and production activities of the company
- The scope of processing is also for the purposes of business and production activities, providing contact data to a business partner in the context of business dealings
Period of personal data processing
- Personal data is processed for the period necessary to ensure the purpose for which it was provided.
Processors and recipients
In addition to the Company and its employees, personal data may also be processed by Processors for the purposes described above on the basis of personal data processing agreements concluded in accordance with the Personal Data Protection Act and the General Data Protection Regulation. In this sense, the Company provides data for legitimate purposes to the following recipients
- service providers processing payroll and accounting agenda
- data storage providers
Personal data will be provided to the following recipients
- state authorities in the performance of their statutory obligations under the relevant legislation
- public institutions (health insurance companies, etc.) in the context of fulfilling their legal obligations under the relevant legislation
- other beneficiaries in the context of fulfilling legal or contractual obligations
Method of processing and protection of personal data
Rights of the data subject
- The data subject shall have all the rights to which they are entitled under applicable law. These primarily include the following rights:
- Right of access to personal data – the data subject has the right, if they so request, to obtain information from the controller as to whether their personal data is subject to processing.
- Right to rectification and completion – the data subject has the right to have inaccurate personal data rectified by the controller without undue delay. At the same time, they have the right, with regard to the purpose of the processing, to request the completion of incomplete personal data.
- The right to erasure – represents, in other words, the obligation of the controller to erase personal data if at least one condition is met:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
- the data subject withdraws consent and there is no further legal basis for the processing,
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing,
- personal data has been unlawfully processed,
- personal data must be erased to comply with a legal obligation.
- Right to data portability – the data subject has the right to obtain the personal data concerning them that they provided to the controller in a structured, commonly used and machine-readable format and to transmit it to another controller, through the original controller.
- Right to restriction of processing – the data subject has the right to have the controller restrict processing in any of the following cases:
- the data subject contests the accuracy of the personal data for the period necessary to enable the controller to verify the accuracy of the personal data
- the processing is unlawful and the data subject refuses erasure of the personal data and requests instead that the use of the data be restricted
- the controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise or defence of legal claims
- the data subject has objected to the processing and it has not yet been verified whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
- Right to lodge a complaint with the supervisory authority
- Right to object to processing – the data subject shall have the right to object at any time to the processing of personal data on the basis of legal grounds relating to their particular situation:
- the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
- the processing is necessary for the purposes of the legitimate interests of the relevant controller or third party.
Providing consent to the processing of personal data
- The provision of personal data and consent to processing are voluntary, but failure to provide or consent to its processing may constitute an obstacle to the conclusion of a contract.
- It is also possible to revoke the consent given to the processing of personal data at any time in writing at the address of the controller's registered office, in whole or in part; however, such revocation may mean that the controller will not be able to provide the agreed performance under the contract. In both cases it depends on whether the processing is necessary for the performance of the contract.