Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the information of data subjects (hereinafter referred to as “GDPR”)
1. The data controller Kosmoweb IČO: 17064619. hereby informs you about the processing of your personal data and your rights in accordance with Article 12 of the GDPR.
2. Scope of the processing of personal data
Personal data are processed to the extent that the respective data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes them in accordance with applicable law or to fulfil the controller’s legal obligations.
3. Sources of personal data:
directly from data subjects
publicly accessible registers,
lists and records (e.g. commercial register, trade register, land registry, public telephone directory, etc.)
4. Categories of personal data subject to processing:
address and identification data used to uniquely and unmistakably identify the data subject (e.g. name, surname, title, birth number, date of birth, permanent address, identity document number, gender, ID number, VAT number) and data enabling contact with the data subject (contact data – e.g. contact address, telephone number, fax number, email address and other similar information)
descriptive data (e.g. bank details, date)
other data necessary for the performance of the contract
5. Categories of data subjects:
customer of the controller
another person who has a contractual relationship with the controller
6. Categories of recipients of personal data:
state etc. authorities in the performance of their statutory obligations under the relevant legislation
7. Purpose of the processing of personal data
the purposes contained in the data subject’s consent
the negotiation of a contractual relationship
performance of the contract
protection of the rights of the controller, the recipient or other persons concerned (e.g. recovery of claims of the controller)
archival records kept on the basis of the law
the fulfilment of legal obligations by the controller
protection of the vital interests of the data subject
8. Method of processing and protection of personal data
The processing of personal data is carried out by the controller. The processing is carried out at the controller’s premises, branches and headquarters by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, in the case of personal data in paper form, manually, in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the right to privacy of data subjects and shall comply with applicable data protection laws.
9. Duration of processing of personal data
In accordance with the time limits set out in the relevant contracts, in the controller’s filing and shredding system or in the relevant legislation, this is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legislation.
The controller shall process data with the consent of the data subject, except in cases provided for by law where the processing of personal data does not require the consent of the data subject.