Data Policy

DECLARATION ON PERSONAL DATA PROCESSING

Thank you for visiting our website. We care about your privacy as it is very important to us. The text below is designed to inform you of what information we collect, why we collect that information and how we use it. We will only share your personal information with third parties in the ways that are described below and will never sell them to anyone.

Declaration on personal data processing according to the European Parliament and Council Regulation (EU) No 2016/679 on the protection of individuals with regards to the processing of personal data and instructions to the data subjects (‘GDPR’).

I.

The personal data administrator

Jiří Novák, Blanenská 37/7, 621 00 Brno, Czech Republic, IČ: 12187151, DIČ: CZ6603141369, hereby informs you about processing of your personal data and about your rights, in accordance with the article 12 of GDPR.

Contact e-mail address: info@jng-technology.com

II.

Scope of the personal data processing

Personal data are processed in the scope that the relevant data subject provided to the administrator in connection to a contractual or any other legal relationship conclusion with the administrator, or which the administrator gathered differently and are processed in accordance with applicable law, or so that the administrator can fulfil their legal obligations.

III.

Sources of the personal data

• directly from the data subjects (e-mails, telephone, e-shop orders, business cards, web pages, web contact forms, business cards, data used for contract elaboration etc.)
• from data administrator of the subjects upon a legal title of performance of a contract
• publicly accessible registries, lists and databases (e.g. Business Register, Trade Register, Cadastre, etc.) with the purpose to create accounting documents and to check information accuracy

IV.

Categories of personal data which are the subject of processing

• address and identification data used for the data subject’s clear and unambiguous identification:

e.g. name, surname, title, permanent residency address, birth number, date of birth, VAT no., company ID no. and data enabling contact with the data subject (contact data – e.g. contact address, telephone number, e-mail address and other similar information)

• descriptive data (e.g. bank connection)
• other data necessary for contract fulfilment
• data provided beyond the applicable laws, processed within the given agreement from the data subject (photographs processing, using the personal data for personal procedures, sending commercial or informative communications etc.)

V.

Categories of the data subjects

• client of the administrator
• employee of the administrator
• carrier
• service supplier
• visitor of the administrator
• other person who is in contractual relationship to the administrator
• job applicant
•  

VI.

Categories of the personal data recipients

• the processor
• external accountant
• carrier companies
• financial institutes
• state and other authorities within fulfilment of legal obligations given by applicable law (Inland Revenue Office, health insurance company, etc.)

VII.

Purpose of the personal data processing

• purposes included in the data subjects’ agreement
• sale of goods in the e-shop
• negotiation about a contractual relationship
• contract fulfilment
• protection of rights of the administrator, recipient or other concerned persons (e.g. debt collection by the administrator)
• archiving conducted by law
• tenders for published job positions
• legal obligations fulfilment by the administrator
• protection of vital interests of the data subject
• transfer of commercial communication or other information in case of justified interests

VIII.

Method of the personal data processing and protection

Processing of the personal data is done by the administrator. Processing is done in their establishments, branch offices and the head office by individual authorized employees of the administrator, or by the processor. Processing happens while keeping all safety rules for the personal data administration and processing. For this purpose, the administrator accepted technical, organisational and legal precautions to provide the personal data protection, mainly the precaution to prevent an unauthorized or random access to the personal data, their change, destruction or loss, unauthorized transfers, unauthorized processing, or other misuse of the personal data. All the subjects who are allowed to access the personal data respect the data subjects’ rights to privacy and freedom protection, and they are obliged to proceed according to valid legal regulations related to the personal data protection.

IX.

Time of the personal data processing

In accordance with the periods stated in relevant contracts and agreements, periods prescribed for handling in case of legitimate interests of the administrator or the third party, in relevant legal regulations, it is an amount of time necessary to provide rights and obligations coming from both the liability relationship and the relevant legal regulations.

X.

Information

The administrator processes the data with agreement of the data subject except for the legally given examples when the personal data processing does not require the data subject agreement, thus when other legal basis exists for the processing purpose.

In agreement with article 6, paragraph 1 of GDPR, the administrator can process these data without the data subject agreement:

• the data subject granted agreement for one or more specific purposes,
• the processing is necessary for a contract fulfilment whose contractual party is the data subject, or to execute measures accepted before the contract conduction requested by this data subject,
• the processing is necessary for legal obligations fulfilment that relates to the administrator,
• the processing is necessary for the data subject’s vital interest protection, or of other individual’s,
• the processing is necessary for fulfilment of a task executed in public interest or when exercising public authority assigned to the administrator,
• the processing is necessary for purposes of legitimate interests of the relevant administrator or the third party, except for cases when these interests are minor to the interests or basic rights and freedoms of the data subject requiring personal data protection.

XI.

Rights of the data subjects

1. You have especially the following rights related to your personal data:

• right to withdraw the agreement at any time;
• right to correct or complete the personal data;
• right to require restriction of the processing;
• right to raise an objection or complaint against certain cases of processing;
• right to require data transfer;
• right to access the personal data;
• right to be informed about the breach of personal data protection in certain cases;
• right to have the personal data erased (‘be forgotten’) in certain cases; and
• other rights defined in the Personal Data Protection Act and in the General Data Protection Regulation No. 2016/679 after the entry into force.

1. In compliance with Art. 12 of GDPR, the administrator informs the data subject upon the data subject's request about the right of access to the personal data and the following information:

• purpose of processing,
• category of the involved personal data,
• recipient or recipient category to whom the personal data was or will be made available,
• planed time for which the personal data are to be stored,
• all available information on the source of personal data,
• unless they were received from the data subject, if automated decision making including profiling is being used.

1. Each data subject who finds out or assumes that the administrator or processor processes the data subject's personal data in contrary to protection of the data subject's private or personal life or contrary to the law, especially if the personal data are inaccurate with respect to the purpose of processing, may:

• ask the administrator for explanation,
• require the administrator to rectify the status (it may mainly concern blocking, correction, completion or erasing of personal data),
• if the data subject's request according to paragraph 1 is found eligible, the administrator immediately removes the defective status,
• if the administrator fails to comply with the data subject's request according to paragraph 1, the data subject is entitled to directly address the supervision authority, i.e. the Office for Personal Data Protection,
• proceeding according to paragraph 1 does not exclude the possibility that the data subject directly accesses the supervision authority,
• for repeated and in administrator's opinion groundless providing of information, the administrator is entitled to request adequate payment not exceeding the necessary cost of the repeated providing of information.

XII.

FINAL PROVISIONS

Fulfilment of the duties of the employees of JNG Technology, s.r.o., implied by this directive is supervised by Mr …

The directive is binding for all employees of JNG Technology, s.r.o., as well as for other persons authorised by the company to process the personal data.

This declaration is publically accessible on the administrator's e-shop website www.jng-technology.com.

The directive was approved and came into force on 25^th May 2018.

In Brno on 25^th May 2018