Processing of personal data

This statement on the processing of personal data (hereinafter referred to as the “Statement”) represents the basic principles that TRIGA-MF spol. s r.o. with its registered office at Rváčovská 1350, Lomnice nad Popelkou, 512 51, Company ID: 609 16 826
(hereinafter referred to as the “Company”) follows when collecting and processing personal data.
This Statement regulates the fundamental rights and obligations of the Company arising in particular from the following normative
legal acts:

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”)
• Act No. 480/2004 Coll., on certain information society services and amending certain acts (Act on certain information society services), as amended;
• Act No. 127/2005 Coll., on electronic communications and amending certain related acts (Act on electronic communications), as amended
• Act No. 110/2019 Coll., on the processing of personal data

DEFINITION OF PERSONAL DATA AND CATEGORIZATION OF PROCESSED DATA

In accordance with the Regulation, personal data means all information about an identified or identifiable natural person (not a legal person). In principle, it is any information that, either separately or in aggregate with other information, can serve to identify a specific natural person (hereinafter referred to as “Personal Data”).
Personal data are in particular data that are provided in a completed registration, order or other form, or that are communicated to the Company via email, telephone or other remote communication device.

PRINCIPLES OF PROCESSING PERSONAL DATA

The Company processes Personal Data:

• fairly, lawfully and transparently;
• only for specific, explicit and legitimate purposes;
• to a reasonable extent;
• accurate and up-to-date;
• for no longer than is necessary for the purposes for which they are processed;
• in a manner that ensures their appropriate security, including their protection against unauthorized

or unlawful processing and against accidental loss, destruction or damage.

DATA CONTROLLER

The data controller is:
TRIGA-MF spol. s r.o.
with its registered office at Rváčovská 1350, Lomnice nad Popelkou, 512 51
Certificate of incorporation: 609 16 826
entered in the Commercial Register kept by the Regional Court in Hradec Králové, Section C, Insert 6568
(hereinafter referred to as the “Controller”)

Contact details:
gdpr@triga.cz, postal (delivery) address: TRIGA-MF spol. s r.o., Rváčovská 1350, Lomnice nad Popelkou, 512 51

DATA SUBJECT

A data subject is a natural person who has provided the Administrator with their personal data on the basis of a purchase contract or other contract concluded with the Administrator or on the basis of consent to the processing of personal data as part of subscribing to newsletters sent by the Administrator (hereinafter referred to as the “Subject”). A data subject may also be a natural person whose Personal Data the Administrator has obtained from other lawful sources.

SCOPE AND CATEGORIES OF PROCESSED PERSONAL DATA

The Administrator processes Personal Data to the extent that it is provided by Data Subjects or to the extent that the Administrator obtains them from other lawful sources.
Personal data means in particular:

• address and identification data used for the unambiguous and unmistakable identification of the Data Subject (e.g. name, surname, title, date of birth, permanent address, identity document number, ID number, VAT number)
• data enabling contact with the Data Subject (contact data – e.g. delivery address, telephone number, email address and other similar information)
• bank details and other data necessary for the performance of the contract
• appearance and image information of recorded persons (camera recordings)

PURPOSE OF PROCESSING PERSONAL DATA (GENERAL CONSENT)

The Administrator processes the Personal Data of the Data Subjects for the purpose of fulfilling the contract concluded between the Administrator and the Data Subject, via electronic means of communication at a distance or in writing, fulfillment of legal obligations and for the purpose of direct marketing (i.e. offering goods/products and services of the Administrator) including sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services.
The Administrator sends commercial communications only if the Data Subject has signed up to receive newsletters and has expressed (second) consent to the processing of Personal Data for marketing purposes.

PURPOSE OF PROCESSING PERSONAL DATA (CONSENT FOR MARKETING PURPOSES)

The Administrator processes Personal Data of Data Subjects in order to fulfill the contract concluded between the Administrator and the Data Subject, via electronic means of distance communication or in writing, fulfillment of legal obligations and for the purpose of direct marketing, offers, information about activities and activities. The Data Subject has the possibility to unsubscribe from newsletters in a simple way and free of charge.

ASSESSMENT OF THE NECESSITY OF PROCESSING

The Administrator is concerned with the protection of the privacy of Data Subjects and therefore processes only Personal Data that is strictly necessary for the specified purposes of processing.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

The legal basis for processing carried out for the purpose of direct marketing is the consent of the Data Subject to the processing of Personal Data (subscription to newsletters) or the legitimate interest of the Controller (obtaining electronic contact in connection with the sale of a product or the provision of a service by the Controller pursuant to Act No. 480/2004 Coll.). In other cases, the legal basis for processing is the fulfillment of the contract (settlement of rights and obligations), the protection of the legitimate interests of the Controller (protection of property, website security, exercise of claims under the contract in legal proceedings, etc.), keeping accounting and other prescribed records (including administrative purposes) and fulfilling legal obligations under special legal regulations (e.g. regulations relating to the prevention of crime, etc.).

METHOD OF PROCESSING PERSONAL DATA

The processing of Personal Data is carried out by the Controller. The processing is carried out in its premises, branches and registered office by the Controller’s individual authorized employees.
The processing takes place using computer technology, or alternatively manually for Personal Data in paper form, in compliance with all security principles for the management and processing of Personal Data. For this purpose, the Controller has adopted technical and organizational measures to ensure the protection of Personal Data, in particular measures to prevent unauthorized or accidental access to Personal Data, its alteration, destruction or loss, unauthorized transfers, its unauthorized processing, as well as other misuse of Personal Data.
When processing Personal Data, profiling based on automated processing does not occur.
Personal data are not transferred to third countries.

PERSONS HAVING ACCESS TO PERSONAL DATA

The Administrator entrusts personal data only to partners who are able to ensure such technical and organizational data security that there can be no unauthorized or accidental access to the data or its misuse.
Partners are bound by a duty of confidentiality and may not use the provided data for any other purpose than for which it was made available to them.
Third parties who may have access to Personal Data depending on the nature of the delivery or the service provided and/or used are:
(I) contractual partners for the implementation (fulfillment) of orders, whether in the position of subcontractors or providers of transportation and other services related to the delivery (delivery) of goods (products);
(II) persons who ensure the technical operation of a certain service or operators of technological infrastructure (especially ICT services);
(III) persons providing the Administrator with other services (OHS, training, education, legal, tax, economic consultancy, etc.);
(IV) persons who ensure sufficient security and integrity of the services and the website;
(V) ​​payment service providers and payment processors for the purpose of securing the transfer of funds and the implementation of payment transactions;
(VI) business partners who participate in the organization of promotional and advertising events, conferences,
workshops, seminars, etc.
Under certain precisely defined conditions, the Administrator is obliged to transfer some Personal Data on the basis of the law to bodies involved in criminal proceedings, or to state or local government bodies.

PERIOD OF PROCESSING PERSONAL DATA

In the case of Personal Data processed for the purpose of fulfilling the subject matter of the contract, the Administrator processes Personal Data for the duration of the contractual relationship and subsequently for a further 10 years, taking into account the length of the limitation period for compensation for damage or harm. In the case of processing for the purpose of fulfilling a legal obligation, the Administrator processes Personal Data for the period specified by legal regulations. The specific processing period also results from the purpose for which the specific Personal Data is processed. In the case of Personal Data processed on the basis of the explicit consent of the Data Subject, the Administrator processes Personal Data for the period specified in this consent (if a specific period is specified in the consent), or until the moment of withdrawal of consent to the processing of Personal Data. Personal data that are necessary for the proper delivery of goods and/or provision of services, or for the fulfillment of obligations arising from a contract or legal regulations, must be processed by the Administrator regardless of the consent granted for the period specified by the relevant legal regulations or in accordance with them, even after the possible withdrawal of consent.

COOKIES

Cookies are small text files that store certain information for a limited period of time. When a person first accesses a website, the browser automatically downloads these files and stores them on the device (computer, tablet, phone, etc.). A cookie file contains at least two components, namely the name and value of the file.
It usually also contains a date when it will be automatically deleted (this is set according to the planned lifespan of the file). There is a difference between session cookies and persistent cookies. Session cookies are automatically deleted immediately after the respective browsing session ends. Persistent cookies remain stored on the computer for the entire lifespan of the respective cookies and are deleted only at the end of the specified period.
Cookies are generally used to make websites work more efficiently, make their visit more user-friendly, may contain data related to the function or display of pages, or may allow websites to “remember” activities or preferences for a certain period of time.

OVERVIEW OF COOKIES USED

Only technical/functional cookies are used, which are necessary for the websites to be displayed
and to function properly.
Cookies necessary for the functionality of the website are always kept only for the time strictly necessary for its functioning.
In the browser settings (Chrome, Firefox, Internet Explorer, Seznam, Android, Microsoft Edge, etc.), the permission to use cookies can be adjusted so that it more closely matches user needs. Most browsers allow
to accept or delete all cookies or to allow the use of only certain types of cookies.
You can prevent the storage of cookies on your end device by selecting the “do not accept cookies” function in the browser settings.
The setting of consent to the use of cookies on the website www.triga.cz can be done on the Cookie Settings page.

DATA SUBJECTS’ RIGHTS

In accordance with Article 12 of the Regulation, the Controller shall, at the request of the Data Subject, inform the Data Subject of the right to access personal data and the following information:
(I) the purpose of the processing;
(II) the category of Personal Data concerned, the recipient or category of recipients to whom the Personal Data have been or will be made available;
(III) the planned period for which the Personal Data will be stored.
Right to request information and access to the processing of Personal Data: The Data Subject has the right to obtain information on whether his/her Personal Data are being processed and, if so, to obtain access to the Personal Data. In the event of unfounded, unreasonable or repeated requests, the Administrator shall be entitled to charge a reasonable fee for a copy of the Personal Data provided or to refuse the request (the above applies mutatis mutandis to the exercise of the rights listed below).
Right to rectification and completion of Personal Data: The Data Subject has the right to request the correction of inaccurate data and the completion of incomplete data. The Administrator shall correct or complete the data without undue delay, always taking into account technical possibilities.
Right to restrict the processing of Personal Data: if the Data Subject requests the restriction of processing, the Administrator shall make the Personal Data inaccessible, temporarily delete or store it or perform other processing operations that will be necessary
for the proper exercise of the exercised right

Right to erasure (right to be forgotten) in certain cases: if the Data Subject requests erasure,
the Controller will erase Personal Data if (i) they are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) there are objections to the processing and there are no overriding legitimate grounds for the processing of the Personal Data, or (iv) the Controller is required to do so by a legal obligation.
Right to data portability: if the Data Subject wishes the Controller to transmit the Personal Data to a third party, the Data Subject may exercise his or her right to data portability. If the exercise of this right would adversely affect the rights and freedoms of other persons, the Controller will not be able to comply with the request.
Right to object: the right to object to the processing of Personal Data that is processed for the purpose of fulfilling a task carried out in the public interest or in the exercise of public authority or for the purpose of protecting the legitimate interests of the Controller. If the Controller does not demonstrate that there is a compelling legitimate reason for the processing that overrides the interest or rights and freedoms of the customer, the processing based on the objection will be terminated without undue delay. Right to file a complaint with the Office for Personal Data Protection (www.uoou.gov.cz): The data subject may file a complaint with the supervisory authority at Pplk. Sochora 727/27, Prague 7, 170 00, or by data box at the following address:
qkbaa2n or by e-mail: posta@uoou.cz

WITHDRAWAL OF CONSENT TO THE PROCESSING OF PERSONAL DATA

The data subject who has given the Administrator consent to the processing of personal data may revoke his/her voluntarily given consent to the processing of Personal Data at any time free of charge, electronically at the address gdpr@triga.cz or in writing – by submitting a request to the address of the Administrator’s registered office.
If consent is revoked, the Administrator is obliged to delete or anonymize the Personal Data obtained on the basis of the revoked consent, unless there are other (legal) reasons for their further processing.