Information Memorandum on the Processing of Personal Data of the Company
The information memorandum serves to provide information on the processing of personal data by ENCZ, a. s., hereinafter referred to as ENCZ.
When processing personal data, ENCZ is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the Regulation.
Content:
- Introductory provisions
- Company contact details (Art. 13, point 1a,b of the Regulation)
- Technical terms
- Compliance with legal regulations and basic principles of processing (Article 6 of the Regulation)
- Personal data (categories of personal data – general) (Article 12 of the Regulation)
- Sources of personal data (Article 14 of the Regulation)
- Legal bases for the processing of personal data (Article 13(1c) of the Regulation)
- Purposes of personal data processing (Article 13, point 1c, d of the Regulation)
- Categories of processing of personal data (Art. 12)
- List of personal data that are processed (Art. 12,13,14 of the Regulation)
- Processing of special categories of personal data (Article 9 of the Regulation)
- Methods of processing personal data (Article 12 of the Regulation)
- Is your data analyzed? (so-called profiling) (Articles 13, 2f of the Regulation)
- Who else does our company allow to access your personal data? (Article 13, point 1e of the Regulation)
- Retention period of personal data (Article 13, point 2a, Article 22 of the Regulation)
- Transfer of personal data outside the EU (Article 44 of the Regulation)
- Cookies and Browser Policy
- Your rights (Nos. 12,14, 13, point 2b,c,d, Art. 15,16,17,18,19, 20,21 of the Regulation)
- Restrictions (Article 23 of the Regulation)
- Method of exercising the rights of data subjects and processing requests of data subjects (Article 12 of the Regulation)
- INTRODUCTORY PROVISIONS
Purpose of the information memorandum on the processing of personal data:
ENCZ, a.s., Company ID: 04806441, with its registered office: Zaječická 1857, 43111 Jirkov (hereinafter referred to as the “Company” hereinafter referred to as “we“), hereby issues this information memorandum on the processing of personal data carried out by the Company as a personal data controller (hereinafter referred to as the “Memorandum“).
The purpose of this Memorandum is to inform you (hereinafter referred to as “You“), as data subjects, i.e. persons whose personal data are processed by the Company (in particular the Company’s customers, business partners (suppliers) of the Company, job applicants in the Company, employees in the Company and visitors to the Company’s website) about the processing of your personal data by the Company and about your rights related to this processing.
This Memorandum applies only to the processing of personal data that is carried out by the Company as a personal data controller.
On the contrary, this Memorandum does not apply to the processing of personal data that is (may be) carried out by the Company, as a processor of personal data, for third parties who determine the purposes and means of such processing (and are thus in the position of personal data controllers in relation to such processing of personal data).
This Memorandum may be amended, supplemented and otherwise updated by the Company. The current version of the Memorandum can be found on the Company’s website at http://encz.cz/kontakty.html link “General Conditions for The Processing of Personal Data to be downloaded here”. We recommend that you regularly familiarize yourself with the current wording of the Memorandum.
- COMPANY CONTACT DETAILS
Personal Data Controller:
ENCZ, a.s. Tel. +420 474 614 920
Zaječická 1857 E-mail: info@encz.cz
43111
Jirkov
All questions regarding the processing of your personal data should be directed to our Data Protection Officer.
DATA PROTECTION OFFICER
Czech DPO Office s.r.o.
Anny Letenské 7, Prague 2 – Vinohrady
Website: www.czechdpooffice.eu
e-mail: poverenec@czechdpooffice.eu
You can send your questions via the contact form, which can be found on the above web portal or HERE.
- TECHNICAL TERMS
Unless expressly stated otherwise in this Memorandum, the technical terms used in this Memorandum shall be
The following – meaning is given to the Memorandum:
personal data – means any information about you that identifies you or allows you to be identified directly or indirectly;
recipient – means a natural or legal person (other company), public authority, agency or other entity to which your personal data is provided (e.g. transport companies or government bodies);
controller – means the person who determines the purposes and means of the processing of personal data. In the case of processing your personal data to the extent specified in this Memorandum, the administrator of your personal data is the Company
data subject – means your person, as a natural person, to whom the personal data relate;
third state – means a state other than a Member State of the European Union, Iceland, Norway and Liechtenstein
website user visitor to the company’s website
processing of personal data – means any handling of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
processed – means a natural or legal person, agency or other entity that processes personal data for the Company (e.g. accounting or law firms)
- COMPLIANCE WITH LEGAL REGULATIONS AND BASIC PRINCIPLES OF PROCESSING
- Legal Compliance
The protection of your personal data is our priority and when processing your personal data, we comply with all obligations and meet all the requirements set by the relevant legislation in the field of personal data protection.
- Basic principles of personal data processing
When processing personal data, we follow the following basic principles of personal data processing.
Principle of legality, fairness and transparency
We process your personal data fairly and in a lawful and transparent manner
Principle of purpose limitation
We collect (and process) your personal data only for certain, explicit and legitimate purposes, and at the same time we do not further process it in a way that is incompatible with those purposes.
Principle of data minimisation
We process your personal data only to the extent that it is reasonable, relevant and necessary for the purposes of processing your personal data.
Principle of accuracy
We only process accurate personal data and update your personal data if necessary.
Storage Restriction Policy
We process (store) your personal data only for the period that is necessary with regard to the purposes of processing your personal data, or for the period specified by the relevant legal regulations.
Principle of integrity and confidentiality
We process your personal data only in a manner that ensures appropriate security of your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Principle of accountability
We are responsible for compliance with the above processing principles and for the compliance of the processing of your personal data in accordance with the law
- PERSONAL DATA (CATEGORIES OF PERSONAL DATA)
(for more details, see point 10 of the Memorandum)
The Company generally processes the following personal data (categories of personal data) about data subjects, but in relation to a specific data subject, always depending on the nature of the relationship between the Company and the data subject concerned (i.e. whether it is, for example, a customer of the Company, a job applicant in the Company or another data subject whose personal data are processed by the Company) and depending on the specific position of the data subject concerned:
Identification data
data used to identify a person, in particular academic title, name, surname, date of birth, information about a job position or function, etc.;
Contact details
data used for contacting and communicating with a particular person, in particular telephone number, e-mail address, permanent address, or temporary residence, other contact address;
Payment information
the data used to make payments, in particular the bank account number;
Data on legal claims
data on claims of a particular person against the Company and claims of the Company against a certain person arising from the contractual and non-contractual relationship between the Company and the person concerned, such as data on a claim for damages against the Company or vice versa;
Audiovisual data
data captured in the form of audiovisual recordings, e.g. a camera system, photographs taken for the purpose of identifying a person on an entry card or that you yourself send to us, for example, as part of a CV;
Contract data
data on services supplied by the Company or vice versa delivered to the Company, related requests, complaints, complaints, including data on related communications;
Professional profile data
data on educational attainment and professional qualifications, such as those contained in professional CVs;
Other information
it is possible that we process other personal data about you not explicitly mentioned here, however, in any case, it will be personal data necessary for the performance of the purposes specified in this Memorandum.
- SOURCES OF PERSONAL DATA
Personal data processed by our company are obtained from the following sources:
- directly from data subjects, which are employees of our company, job applicants, clients, suppliers, via telephone, e-mail, contact form, web stands
- from publicly accessible registers, lists and records (Commercial Register, Trade Register, Land Register, Social Networks)
- We may also obtain your personal data from third parties, such as government bodies, your advisors, etc.
If you have any questions about the specific source of your personal data processed by our company, you can contact the Data Protection Officer – see point 2 of this Memorandum, who will provide you with all information in accordance with Article 14, Regulation of the European Parliament 2016/679.
- LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA
ENCZ processes personal data only for the purposes for which it has the relevant legal basis for processing.
- Processing based on a legal obligation
We process your personal data because we are required to do so by applicable law, for example in the context of tax and accounting agenda or archiving.
BASIC REGULATORY BASIS
Laws:
Act No. 48/1997 Coll., on Public Health Insurance, as amended
Act No. 592/1992 Coll., on General Health Insurance Premiums, as amended,
Act No. 258/2000 Coll., on the Protection of Public Health, as amended,
Act No. 65/2017 Coll., on the Protection of Health from the Harmful Effects of Addictive Substances
Other legislation:
Act No. 141/1961 Coll., on Judicial Criminal Procedure (Code of Criminal Procedure), as amended
Act No. 99/1963 Coll., the Code of Civil Procedure, as amended
Act No. 133/1985 Coll., on Fire Protection, as amended
Act No. 359/1999 Coll., on the Social and Legal Protection of Children, as amended
Act No. 106/1999 Coll., on Free Access to Information, as amended
Act No. 218/2000 Coll., BudgetAry Rules, as amended
Act No. 219/2000 Coll., on the Property of the Czech Republic and its Conduct in Legal Relations, as amended
Decree No. 62/2001 Coll., on the Management of Organizational Units of the State and State Organizations with State Property, as amended
Act No. 187/2006 Coll., on Sickness Insurance, as amended
Act No. 262/2006 Coll., the Labour Code, as amended
Act No. 40/2009 Coll., the Criminal Code, as amended
Act No. 89/2012 Coll., the Civil Code, as amended
Act No. 110/2019 Coll., on the processing of personal data of the GDPR
- processing is necessary for the performance of a contract or negotiation of a contractual relationship
The purpose of the contractual agenda includes the processing of personal data for the purpose of concluding contractual relations with the Company, their changes and termination (including pre-contractual negotiations), the fulfillment of rights and obligations under the concluded contract, including keeping records of these contractual relationships and related communication between you and the Company, etc.
- we have the consent of the data subject to the processing of personal data
We may also process your personal data on the basis of your consent to their processing, in the event that you provide us with your consent to the processing of personal data. In this case, we process the personal data in question only for the purposes of processing the personal data for which you provide us with your consent.
- we have a legitimate interest in the processing
(for more details, see point 8 of the Memorandum – Purposes of personal data processing)
The legitimacy of such data processing is always assessed in such a way that the interests of our company do not prevail over the interests and fundamental rights and freedoms of other persons, and we also take into account the reasonable expectations of the persons concerned).
- processing is necessary to protect the vital interests of the controller or a third party
Such processing includes, for example: humanitarian purposes, monitoring of epidemics and their spread, natural or man-made disasters.
- PURPOSES OF PERSONAL DATA PROCESSING ENCZ
- Acquiring new customers
Registration of demand, preparation of offers and contracts at your request, consultation with potential clients
Legal basis: legitimate interest: effective functioning of the Company, provision of services
- Recruitment activities
We process your personal data for the purposes of recruiting new employees of the Company, i.e. recruitment, processing and recording of CVs, selection (selection) of job applicants, holding job interviews, evaluating job applicants, making job offers in the Company and communicating with applicants throughout the recruitment process.
Legal basis: legitimate interest – effective functioning of the Company
- Management of personnel, payroll, accounting and tax agenda
Information from recruitment procedures, negotiation of an employment contract, establishment, administration and termination of the employment relationship, keeping time sheets and attendance records, leave records, training, communication with employees, employee accounts, occupational health inspections, property records
Tax agenda
In this case, it concerns the processing of personal data for the purposes of the tax agenda, i.e. for the purposes of preparing, processing and filing tax returns, tax reports and other tax statements, communication with the relevant state administration bodies and fulfilling other obligations stipulated by tax regulations.
Accounting agenda
This concerns the processing of personal data for the purposes of bookkeeping and accounting audits, fulfillment of registration and registration obligations, fulfillment of reporting obligations, communication with the relevant state administration bodies and fulfillment of other obligations stipulated by accounting regulations.
Archival science
This concerns the processing of personal data for the purpose of fulfilling archiving obligations stipulated by the relevant legal regulations, in particular the Act on Archiving and Records Management, tax regulations or accounting regulations. Documents and personal data contained therein are handed over to a third party who ensures the administration of the archive in order to fulfil the obligation arising from archiving.
Audits
Processing of personal data in order to enable statutory audits to be carried out in the Company, e.g. accountants, tax etc.;
Cooperation with public authorities
Processing of personal data for the purpose of providing mandatory information to public authorities, e.g. law enforcement authorities, financial administration, etc., if they are part of the information that we are obliged to provide to these authorities.
Legal basis – legal obligation, legitimate interest – ensuring the proper functioning of the Company
- Ensuring the safety and protection of the company’s property – camera recordings
The company monitors selected external and internal areas of the premises in accordance with the internal instruction I-P9-S1-007 Camera system in the current version, with which the employees are familiar.
Legal basis: legitimate interest – protection of property, ensuring the safety of clients and employees of the company
- Marketing and promotion
It concerns the processing of personal data for the purpose of promoting the Company and its services, in particular sending PF and other wishes.
Legal basis: legitimate interest-building the Company’s reputation and building good customer relationships
- Cooperation with supervisory authorities
ENCZ is obliged to cooperate with superior supervisory bodies such as social security authorities, executors, ZP, ÚP, FÚ, Insolvenční správci, ÚOOÚ.
Legal basis: legal obligation
- Performance of the functions of the Data Protection Officer and processing of requests of data subjects for the exercise of rights
ENCZ has appointed a Data Protection Officer. The Data Protection Officer is, among other things, the contact point for personal data subjects and, as part of the performance of his or her duties, he or she is also responsible for monitoring ENCZ’s compliance with personal data protection legislation.
We are also obliged to process personal data in connection with a request for the exercise of rights under the GDPR that the data subject may submit.
Legal basis: legal obligation, GDPR
- Operation of the website and soc. Networks
Basic information about the company, services provided, information about vacancies, current information and offers. Obtaining the preferences of people visiting the website.
Legal basis: legitimate interest – provision of basic information about the Company and services offered
- Cooperation with suppliers
To ensure the proper operation of the company, we use the services of external suppliers of necessary devices, providers of legal services, IT services and training services.
Legal basis: contract, legitimate interest – ensuring the proper functioning of the Company
- Protection of the legal interests (claims) of the Company
Within this agenda, it concerns the processing of personal data in connection with the protection of legal claims and legally protected interests of the Company, whether in cases where the Company asserts claims against you or third parties, or cases where the Company, on the contrary, defends itself against claims asserted by you or third parties, by out-of-court, judicial or enforcement means
Legal basis: legitimate interest – protection of the rights and interests of the Company, i.e. in enforcing the Company’s claims against third parties and in ensuring the Company’s defence against claims asserted against it.
- Effective management and administration of the Company
In this case, it concerns the processing of personal data for the purposes of ensuring the effective management and administration of the Company, i.e. in particular for the purposes of organizing and managing the Company, setting and implementing the Company’s goals, ensuring administrative processes within the Company and fulfilling compliance obligations (i.e. in the area of ensuring legal compliance of the Company’s activities and processes with the requirements of legal regulations).
Legal basis: legitimate interest – ensuring the proper functioning of the Company.
- CATEGORIES OF PERSONAL DATA PROCESSING
ENCZ processes personal data for the following categories of data subjects:
- job seekers
- staff
- suppliers and contractors (IT, legal advice, training, educational services and external payroll)
- Data of persons related to the visit to the website
- LIST OF PERSONAL DATA THAT ARE PROCESSED
- Potential employees
- identification data: name, surname,
- contact details: e-mail address, telephone
- Subject data: job position, required salary, education
- Contact records: communication via e-mail
Legal basis for the processing of personal data: legitimate interest of the controller, implementation of pre-contractual measures to provide a service – medical intervention, ensuring that data subjects are informed before the conclusion of the contract.
Purpose of processing: Records of demand, preparation of offers and contracts at your request. Based on your inquiries via the form, e-mail or personal visit, you have provided your personal data and requests so that we can subsequently contact you with an offer of our services.
- Clients – Subscribers
- identification data: name, surname, title, date of birth, birth number
- contact details: e-mail address, telephone, contact address
- Job position
- account number
- contact person
- Camera recordings: they are made in the entrance areas of ENCZ, in order to protect the company’s property and ensure security for the company’s clients
Legal basis: contract, legitimate interest, possibility of providing the requested service, legal obligation, consent.
Purpose of processing: Negotiation of a contract for the purpose of ensuring the requested service and fulfilling subsequent obligations by the administrator. These are the following services:
Consultation with clients
- Job seekers
Based on the selection procedure, we process the data provided in the professional CVs of the candidates and from the recruitment process. These are:
- identification data: name, surname, title, date of birth, birth number
- contact details: e-mail address, telephone, contact address
- information about previous work experience and current job position
- e-mail communication with candidates: invitation to an interview, continuous communication
Legal basis for the processing of personal data: the legitimate interest of the controller in carrying out the selection procedure and the possibility of a job offer.
Purpose of processing: performing actions within the recruitment procedure for the potential conclusion of an employment relationship.
- Staff
The Company processes all employee data related to the employment relationship, including information from the recruitment procedure.
- Identification data – maiden name, previous surname, place of birth, marital status, nationality, ID number
- Contact details – permanent address, correspondence address, telephone, e-mail address
- Data necessary for the processing of payroll and mandatory contributions – birth number (ID of insurance for foreigners), bank account number, bank code and bank name for sending wages; name, surname and birth number of your spouse /registered partner; names, surnames and birth numbers of your children; information on whether you claim a tax benefit (including copies of your children’s birth certificates and confirmation of the other spouse, that he does not claim the tax advantage and, in the case of adult children, a certificate of study); information on whether you are in a disability (if so, which degree) or old-age pension or holder of a ZTP/P card, including the date of the claim; data on wages; details of holidays; travel/expenditure data; records of the use of a business mobile phone, if assigned to you; records of the movement of the company vehicle, if assigned to you.
- Data on attendance, performance and possible disciplinary proceedings
- Extracts from the criminal record
- Data on completed trainings
- Data collected by security systems – recordings from the camera system
- Health records – results of mandatory occupational medical examinations.
Legal basis for the processing of personal data: legitimate interest, legal obligation
Purpose of processing: preparation of the employment contract, provision of personnel and payroll agenda (payroll settlement, attendance and vacation records), accounting and tax agenda, ensuring qualification development – training, seminars, records of assigned assets, ensuring occupational medical examinations, cooperation with supervisory authorities, ensuring property security and data protection.
- Suppliers and contractors
ENCZ processes personal data necessary for the conclusion of the contractual relationship and those provided by the contractual partners. These are suppliers of legal services, IT services, suppliers of devices and providers of training and educational services, insurance companies.
- Identification data: name, surname, titles, dates of birth, residence, RČ
- Contact details: telephone, e-mail address, registered office, correspondence address, account number
- Extracts from the criminal record
- Orders, service records
- E-mail communication
Legal basis for the processing of personal data: contractual performance, legal obligation.
Purpose of processing: use of services to ensure the proper operation of the company.
- Personal data related to the visit to the website
Identification data: IP address, MAC address.
Client preference data: movement on the website (region, time), preferences of the products viewed.
- PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
This category includes information on racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data on a natural person’s health or sex life or sexual orientation.
We process information on the state of health of the company’s employees, for the purposes of occupational medicine, as part of the assessment of the working capacity of employees.
We also process information about the results of the COVID-19 test within the scope of the regulation of the Ministry of Health of the Czech Republic.
The information is not shared with anyone and appropriate personnel and technical safeguards are taken against misuse of this data.
- METHODS OF PERSONAL DATA PROCESSING
Our company processes and stores all personal data through secure internal databases with limited access rights and adequate technical and security measures, in accordance with legislative requirements.
All paper documents containing personal data are protected by sufficient technical and organizational security (limited access, lockable areas).
- IS YOUR DATA ANALYZED? (so-called profiling)
Our company does not automatically process your data for the purpose of optimizing or sorting it.
- WHO ELSE DOES OUR COMPANY ALLOW TO ACCESS YOUR PERSONAL DATA?
Recipients who are (separate) controllers of personal data
These recipients have the status of independent controllers and process your personal data for their own purposes. These include, in particular, state administration bodies (ZP, ÚP, social security bodies, FÚ, insolvency administrators, ÚOOÚ).
No special contract for the processing of your personal data is concluded with these recipients of your personal data, as these persons have the same obligations regarding the processing of your personal data as the Company and are therefore themselves responsible for the processing of your personal data.
Other
In all other cases, your personal data is only shared on the basis of your consent to such sharing.
At the same time, your partial personal data may be provided to our suppliers in the field of legal, IT, training services, accounting services and others, in accordance with the internal GDPR directive, where further details on processing are given for employees.
Furthermore, your personal data may be processed by the Data Protection Officer – see. point 2, in order to monitor ENCZ’s compliance with data protection legislation.
Specific questions should be directed to the DPO – see. point 2.
- RETENTION PERIOD OF PERSONAL DATA
We process (store) your personal data only for the period that is necessary with regard to the purposes of processing your personal data.
In the case of processing your personal data on the basis of legal obligations, we process your personal data for the period specified by legal regulations, in particular tax and accounting regulations.
If you give your consent to the processing of personal data, we process your personal data for the period specified in this consent.
Specific deadlines for individual documents are specified in the File and Shredding Rules of the Company P-P3-A-003 in the current version.
Specific questions regarding the retention period of your personal data should be directed to the Dpo – see. Point.2.
- TRANSFER OF PERSONAL DATA OUTSIDE THE EU
We process personal data in the Czech Republic. We do not transfer personal data to countries outside the EU.
- COOKIES AND BROWSER POLICY
In accordance with the law, ENCZ websites store files, generally called cookies, on your device. Cookies are small data files made up of letters and numbers, thanks to which the websites you visit remember your actions and the settings you have made on them, so you do not have to enter this data repeatedly.
Cookies do not pose a danger, but they are important for the protection of privacy. Cookies cannot be used to identify site visitors or misuse login information. We use cookies, for example, to maintain the switching of views from mobile devices to the PC version of the website, where you can find more detailed information at the contact below to the website administrator. Most browsers automatically accept cookies unless the browser is set otherwise. By using this website, you agree to the storage of cookies. You can restrict or completely block the use of cookies in the settings of your web browser.
- YOUR RIGHTS
- Right to withdraw consent to the processing of personal data
In the event that we process your personal data on the basis of your consent, you have the right to withdraw your consent to the processing of your personal data at any time in any of the ways specified in Section (F) below.
You can withdraw your consent in full or only partially in relation to only some of your personal data or only some of the purposes of processing.
- Right of access to personal data
You have the right to obtain confirmation from the Company as to whether or not we process your personal data.
In the event that we actually process your personal data, you have the right to gain access to your personal data and the right to be provided with the information specified in this Memorandum.
We will provide you with access to the processed personal data by providing you with a copy of the processed personal data. Providing the first copy is free of charge. We may charge a reasonable fee for providing additional copies at your request (taking into account the administrative costs incurred).
The above confirmations, information and copies will be provided to you by the Company in writing or in electronic form. However, if you submit an application in electronic form, the confirmation, information and copies will be provided to you in electronic form, unless you request otherwise.
- Right to rectification and completion of personal data
You have the right to have inaccurate personal data concerning you rectified without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing an additional statement.
- Right to erasure (“right to be forgotten”)
You have the right to have your personal data erased without undue delay in the event that:
- Your personal data is no longer needed for the purposes for which it was collected or otherwise processed by the Company;
- withdraw your consent to processing if we process your personal data on the basis of your consent and at the same time if there is no other legal reason for processing your personal data;
- you object to the processing of your personal data (see Article 19 below) and at the same time there are no overriding legitimate grounds for processing;
- you object to the processing for direct marketing purposes;
- the personal data has been unlawfully processed by us; Or your personal data must be erased in order to comply with a legal obligation laid down by the relevant legal regulations by which we are bound.
In the event of exercising the right to erasure and meeting the conditions for such deletion, we will delete your personal data without undue delay, unless we need your personal data for the fulfilment of a legal obligation, for the establishment, exercise or defence of legal claims or for archiving purposes.
If your personal data has been disclosed, we will take reasonable steps, including technical measures, taking into account the available technology and costs of implementation, to inform other controllers who process the personal data that you have requested that your personal data be deleted.
- Right to restriction of processing
You have the right to have us restrict the processing of your personal data in the following cases:
- you will contest the accuracy of your personal data for as long as necessary for us to verify the accuracy of the personal data;
- the processing of your personal data is unlawful and you will oppose the erasure of the personal data and instead request the restriction of their use;
- We will no longer need your personal data for the purposes of processing, but you will require it for the establishment, exercise or defence of your legal claims; or
- you object to the processing (see Article 19 below for more details) until it is verified whether our legitimate reasons outweigh your legitimate reasons.
In the event that the processing of your personal data at your request is restricted, your personal data, with the exception of their storage, may be processed by the Company only with your consent, or for the purpose of determining, exercising or defending legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest.
In the event that the processing of your personal data is restricted at your request, we will inform you of the possible lifting of the restriction of processing.
- Right to data portability
You have the right to require us to transfer your personal data (which you have provided to us yourself) to another controller (i.e. a company you designate), but only in the following cases:
- the processing of your personal data is based on your consent or on the performance of a contract between the Company and you; and (at the same time)
- the processing is carried out by the Company automatically (i.e. not manually).
- Right to object
For reasons relating to your particular situation, you have the right to object at any time to the processing of your personal data based on your legitimate interest.
In the event of such objection, we will no longer process your personal data unless (a) we demonstrate compelling legitimate grounds for such processing that would override your interests or rights and freedoms, or (b) it is necessary for the establishment, exercise or defence of legal claims.
Furthermore, you have the right to object at any time to the processing of your personal data for direct marketing purposes – in the event of this objection, we will no longer process your personal data in any case.
- Right to lodge a complaint with a supervisory authority
In case of doubt about the lawful processing of your personal data or if the Company does not comply with your request regarding your personal data, you have the right to contact the Office for Personal Data Protection as a supervisory authority in the field of personal data protection.
You can contact the Office for Personal Data Protection with your complaint even without a prior request addressed to the Company.
If the Office for Personal Data Protection does not comply with your complaint, or does not deal with it at all, or if it does not inform you within three months of the progress in resolving your complaint, you have the right to judicial protection against such a procedure of the Office for Personal Data Protection.
- Right to judicial protection
In case of doubt about the lawful processing of your personal data or in case of detection of a violation of your rights in connection with the processing of your personal data, you have the right to an effective judicial remedy.
- Right to notification regarding rectification or erasure of personal data or restriction of processing
Since ENCZ does not transfer your personal data to other recipients, it ensures that your personal data is updated only within internal systems.
ENCZ has no restrictions on the scope of obligations and rights within the meaning of Article 23 of Regulation 2016/679 of the European Parliament.
- HOW TO EXERCISE THE RIGHTS OF DATA SUBJECTS AND HOW TO DEAL WITH DATA SUBJECTS’ REQUESTS
HOW TO EXERCISE THE RIGHTS OF DATA SUBJECTS
You can apply your requests regarding any of your rights in connection with the processing of personal data with our Data Protection Officer – see point 2., who will agree with you on the particulars of your Application and subsequently confirm the receipt of your application.
The processing of your Requests and the taking of any follow-up measures is carried out free of charge.
Manifestly unfounded or disproportionate Requests
Manifestly unfounded or disproportionate Requests (in particular repetitive Requests) may be charged a reasonable fee (taking into account administrative costs) or rejected.
Processing of the Data Subject’s Request
Requests shall be dealt with promptly and in any event within one (1) month from the date of receipt of the Request.
In exceptional cases (in particular with regard to the complexity or number of all Requests processed), this period may be extended by a maximum of another two (2) months. We will inform you of such exceptional extension of the deadline for processing the Request, no later than one (1) month from the date of receipt of your Request, together with the reasons for such postponement.
In case of rejection of your request, we will inform you about this and we will also inform you