Processing of Personal Data

Information on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council on protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter referred to as “GDPR”)
I. Personal Data Administrator
The company Tritón Pardubice, spol. s r. o., Company ID: 601 10 422 with its headquarters at č.p. 130, 530 02 Starý Mateřov, registered in the Commercial Register maintained by the Regional Court in Hradec Králové, Section C, mark 5386 (hereinafter referred to as the “Administrator”) hereby provides information about the processing of personal data and the rights of an entity in accordance with the Article 12 of GDPR.
II. Scope of Processing of Personal Data
Personal data is processed according to the extent to which the relevant data subject has provided the Administrator consent to, in relation to the conclusion of a contractual or other legal relationship with the Administrator, or which the Administrator collected and processes them in accordance with the applicable legal regulations or to the fulfillment of statutory duties of the Administrator.
III. Sources of Personal Data
1) Directly from the data subject (contracts, registrations, e-shop purchases, emails, telephone number, website, contact form, business cards etc.).
2) Publicly accessible registers, lists and records (for example business register, trade register, cadastre etc.).
IV. Categories of Personal Data That Are Being Processed
1) Data required for the fulfillment of agreements and contracts (name, surname, address, telephone number, email address, Company ID).
2) Data required for the fulfillment of legal obligations (name, surname, date of birth, personal identification number, address, telephone number, email address, photographs).
3) Data provided in the excess of the applicable laws processed in the fulfillment of contractual obligations and/or granted by the data subject (processing of photographs, use of personal data to ensure the subject’s security, personnel management etc.).
V. Categories of Data Subjects
1) Employee of the Administrator
2) Employee of an Employment Agency
3) Customer
4) Business partner or other person that is in a contractual or other legal relationship with the Administrator
5) Visitors and other individuals entering the Administrator’s premises, which are monitored by a camera system
6) Job applicant
VI. Categories of Recipients of Personal Data
1) Subscribers
2) nsurance, financial and public institutions
3) Personal data processors
4) External providers of professional and specialized services
5) Government authorities and state administration authorities in the fulfillment of the legal obligations stipulated by the relevant legal regulations
VII. The Purpose of Processing the Personal Data
1) Fulfillment of an agreement
2) Archiving maintained according to the law
3) Fulfillment of legal obligations of the Administrator
4) Authorized interests of the Administrator
5) Selection process for vacant job opportunities
VIII. Method of Processing and Protection of Personal data
Processing of personal data is carried out by the Administrator, or the processor, on the basis of a concluded agreement or contract. When processing personal data, all security policies for managing and processing personal data are applied.

IX. Time Period of Processing Personal Data
Personal data shall be stored in accordance with the deadlines specified in the relevant agreement or contract and the retention schedule of the administrator, or the relevant legislation. This is the time necessary to ensure the rights and obligations arising from the binding relationship as well as from the relevant legal regulations.

X. Instruction
The Administrator processes personal data I) based on legally specified reasons, when the processing of personal data does not require the consent of the data subject and II) based on the consent of the data subject. The processing of personal data is necessary for the performance of the agreement or contract to which the data subject is a party, or for the implementation of measures taken before the conclusion of the agreement or contract at the request of the data subject, or alternatively if the processing is necessary to fulfill the legal obligation to which the Administrator is subject or the processing is necessary for the performance of tasks performed in the public interest or in the exercise of public authority entrusted by the Administrator.

XI. Rights of Data Subjects
The data subject has the right, in particular, to access personal data relating to the data subject, to correct its personal data, to erase its personal dat, to limit the processing of its personal data, to object to the processing of its personal data and to file a complaint with the Office for Personal Data Protection.

Where the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent at any time without prejudice to the lawfulness of the procession based on the consent given prior to his or her appeal. Withdrawal of consent can be done in writing at the Administrator’s address or electronically via Administrator’s email address: