Information on the processing of personal data for suppliers and the public
In our company, we ensure that all personal data of our suppliers and the public are processed in accordance with applicable legal regulations in this area.
This information on the processing of personal data, prepared with regard to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”) and at the same time with regard to related regulations, clarifies which personal data about our suppliers and the public (hereinafter also referred to as “data subjects”) we collect in the course of our activities and how we process and protect this data.
1) About us and our contact details
We are DRFG Investment Group a.s., Company ID: 19977255, with our registered office at Vinařská 460/3, Pisárky, 603 00 Brno, registered in the Commercial Register kept by the Regional Court in Brno, Section B, File 8899, and in relation to our suppliers and the public, we act as a personal data controller within the framework of processing their personal data.
2) What data do we process?
When using the services of our suppliers and in our contact with the public, we process various personal data, which can be generally divided into the following categories:
- Identification and billing data
Identification data includes, in particular, title, name, surname, permanent address, registered office address, correspondence address, ID number, VAT number, type of personal document and its number, signature. - Contact data
Contact data includes, in particular, telephone number, fax number, e-mail address. - Movement data
Movement data includes data recorded about the entry and exit of data subjects from our premises. - Data included in communication and obtained within the scope of the provision of services
Data included in communication and obtained within the scope of the services provided include, in particular, any personal data that data subjects provide to us within the scope of the provision of services or in communication with us.
3) What do we use the data for?
We collect and use personal data of data subjects, i.e. the public, suppliers – natural persons, members of the statutory bodies of suppliers, authorized or contact persons of suppliers, recipients and senders of correspondence, in accordance with applicable legal regulations for multiple purposes, in particular:
- Contract performance
We will use personal identification, billing, contact and communication data to perform the contract concluded with data subjects, in particular for the performance of our payment obligations and communication with data subjects. The provision of data is a contractual requirement; without the provision of this data, we are unable to properly perform the contract concluded. - Fulfillment of legal obligations
We also process personal identification and billing data for the purposes of fulfilling legal obligations in the areas of accounting and taxes. The provision of data is a statutory requirement; without the provision of this data, we would not be able to properly fulfill legal obligations. - Archiving and ensuring communication
In order to protect our legitimate interests, in particular to prove our claims, we will store documents regarding contractual cooperation and communication with data subjects containing communication data for the duration of the contractual cooperation and for a further 3 years after its termination. This is not a contractual or legal requirement, but the protection of our legitimate interests in order to document past communications, contractual obligations and guarantees.
Furthermore, according to the Value Added Tax Act, we must retain tax documents from data subjects for a period of 10 years from the end of the tax period in which the performance took place. After this period, we are entitled to process personal data only for compatible purposes or for special purposes such as archiving or statistics. - Protection of entry to our premises
We value the interest of our suppliers and other persons to cooperate with us, and therefore we always look forward to every meeting together on our premises. In order to ensure safe and trouble-free movement, we may process identification data and data on the movement of our visitors. We process this data for a maximum of 2 months from the last visit, based on our legitimate interests. Providing personal data in this case is our legitimate interest in protecting the company’s assets. Although you are not obligated to provide us with this information, failure to provide it may result in denial of access to our premises.
As a guarantee of compliance with our obligations, we have also ensured that personal data will be used exclusively for the specified purpose or for a lawful and compatible purpose, with these rules applying to each of the stated purposes.
We also guarantee that as part of our processing of personal data, they are not transferred to third countries, outside the European Union or to international organizations.
We also declare that we do not carry out automated individual decision-making or profiling when processing personal data.
4) What data do we share
We always share personal data of data subjects only with trusted partners in the manner permitted by law and on the basis of relevant contracts ensuring adequate protection of personal data.
- 4.1) Processors appointed by us
We cooperate with partners who provide us with various services, such as accounting and tax services. These partners, as processors of personal data, must comply with the obligation of strict confidentiality in accordance with the relevant legal regulations and/or the contracts we have concluded with them.
Our processors are mainly persons and companies that ensure the operation of camera and security systems, product delivery, service services, legal services, debt collection, provision of technical and IT services and other advisory and consulting activities for us. The current list of recipients including processors is available on request by email to sekretariat@drfg.cz. - 4.2) Other Recipients
We share personal data with legal and natural persons, government agencies and public institutions if we have a good faith belief that access to, use, retention and disclosure of such information is reasonably necessary to:
- comply with applicable law or enforceable government requests;
- enforce applicable contractual terms, including investigating potential violations;
- protect against harm to the rights, property, or safety of our company, our clients, or the public as required or permitted by law.
We always ensure that we do not provide more data than is necessary to achieve the given purpose of processing.
5) Data subjects’ rights
The data subject has the right to decide on the handling of his or her personal data to the extent specified. Each data subject whose personal data we process may exercise the rights listed below (i) in person at our registered office, (ii) electronically via e-mail at: sekretariat@drfg.cz, or (iii) in writing at Vinařská 460/3, Pisárky, 603 00 Brno. We will try to respond as soon as possible, but we will always respond no later than one month after receiving the request from a specific data subject. In case of doubt about the identity of the data subject, we may ask him or her for additional identity verification.
The applicable legal regulations grant data subjects the following in particular:
- Right of access
The data subject has the right to request confirmation from us as to whether we are processing his or her personal data and, if so, to obtain a copy of those data and the information pursuant to Article 15 of the Regulation. In the event that this concerns a large amount of data, we may require the data subject to specify the request for specific data that we process about him or her. - Right to rectification
In order to process only up-to-date personal data, we need data subjects to notify us of any change to them as soon as possible. If we process incorrect or incomplete data, the data subject has the right to request their correction or completion. - Right to erasure
If the conditions of Article 17 of the Regulation are met, the data subject may request the erasure of his or her personal data. You may request erasure, for example if you have withdrawn your consent to the processing, have successfully objected to our legitimate interest and there is no other legal basis for the processing, or if we are processing your personal data unlawfully or the purpose for which we processed your personal data has ceased to exist and we are not processing it for another compatible purpose. However, we will not erase your personal data if it is necessary for the establishment, exercise or defence of legal claims or for compliance with a legal obligation. - Right to restriction of processing
If the conditions of Article 18 of the Regulation are met, the data subject may request that we restrict the processing of your personal data. You may request restriction, for example, when you contest the accuracy of the data being processed or when the processing is unlawful and the data subject does not want us to erase the data but needs the processing to be restricted for the period during which you exercise your rights. We continue to process personal data if there are grounds for the establishment, exercise or defence of legal claims. - Right to portability
If the processing is based on the consent of the data subject or is carried out for the performance of a contract concluded with the data subject and is carried out by automated means, the data subject has the right to receive from us the personal data that we have collected from him or her in a structured, commonly used and machine-readable format. If he or she wishes and if technically feasible, we will transmit the personal data of the data subject directly to another controller. - Right to object to processing
If we process the personal data of the data subject for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or if we carry out processing based on our legitimate interests or the legitimate interests of a third party, the data subject has the right to object to this processing. Based on such an objection, we will restrict the processing of personal data and, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the purposes of establishing, exercising or defending legal claims, we will no longer process the personal data of the data subject and will erase them. The data subject has the right to object at any time to the processing of his or her personal data for direct marketing purposes. After such an objection has been raised, we will no longer process the personal data for this purpose. - Right to lodge a complaint
If the data subject believes that we are processing his or her personal data in breach of the Regulation or other data protection regulations, he or she has the right to lodge a complaint with one of the competent supervisory authorities, in particular in the Member State of his or her permanent residence, place of work or place of the alleged infringement. For the territory of the Czech Republic, the supervisory authority is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, Holešovice, 170 00 Prague 7, Czech Republic, website www.uoou.cz, tel.: +420 234 665 111. - Right to withdraw consent
If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the processing already carried out.
6) Where do we obtain the personal information
We obtain the personal data we process directly from data subjects.
We store personal data exclusively on company servers or with our trusted partners.
7) Where do we save the data and for how long
We retain personal data for varying lengths of time, depending on the purpose of processing it. In general, we use and retain personal data for:
- the duration of the business relationship with the supplier;
- another ten years from the end of the business relationship due to our legitimate interests, in particular for the exercise, demonstration and defence of our rights, interests and claims, but no longer than until an objection to processing is lodged, in which the rights and interests of the data subjects override our legitimate interests;
- 2 months from the date of their acquisition in the case of data about visitors to our premises.
8) Changes to this information
We are entitled to change the wording of this information, in particular to incorporate legislative changes or changes in the purpose and means of processing. However, we will not limit the rights of data subjects arising from this information or the relevant legal regulations. In the event of changes to the rules that may affect the rights of data subjects, we will notify them in an appropriate manner and in sufficient advance.
Cookies
The following functions of Google Adwords, Sklik and Facebook are used on the DRFG website (www.drfg.cz). Detailed information about Cookies can be found here >
If you do not wish to download cookies or if you want your browser to inform you each time a cookie is downloaded, use the settings options of your web browser. If you block the download of all cookies, you may not be able to fully use all the features of the Site. Users can opt out of Google’s use of cookies on the Google Ads Settings page https://www.google.com/settings/u/0/ads?hl=cs
Another option to opt out of receiving cookies from third-party vendors is the Network Advertising Initiative opt-out page http://www.networkadvertising.org/choices/
The option to opt out of Google Analytics cookies is here https://tools.google.com/dlpage/gaoptout/