Declaration of personal data processing according to the European Parliament and Council Regulation (EU) No 2016/679 on the protection of individuals with regards to the processing of personal data and instructions to the data subjects („GDPR“).
- The personal data administrator: Maximus Resort, a.s., VAT no.: 269 65 437, with registered offices at Hrázní 327/4a, 635 00 Brno, a company registered in commercial register by Brno Regional Court, section B, insert 4332, hereby informs you about processing of your personal data and about your rights, in accordance with the article 12 of GDPR.
- Scope of the personal data processing
Personal data are processed in the scope that the relevant data subject provided to the administrator in connection to a contractual or any other legal relationship conclusion with the administrator, or which the administrator gathered differently and are processed in accordance with applicable law, or so that the administrator can fulfil their legal obligations.
- Sources of the personal data
- directly from the data subjects (e-mails, telephone, web pages, web contact forms, business cards, etc.)
- publicly accessible registries, lists and databases (e.g. Business Register, Trade Register, Cadastre, etc.) with the purpose to create accounting documents and to check information accuracy
- Categories of personal data which are the subject of processing
- address and identification data used for the data subject’s clear and unambiguous identification (e.g. name, surname, title, birth number, date of birth, permanent residency address, VAT no., company ID no.) and data enabling contact with the data subject (contact data – e.g. contact address, telephone number, e-mail address and other similar information)
- descriptive data (e.g. bank connection)
- other data necessary for contract fulfilment
- data provided beyond the applicable laws, processed within the given agreement from the data subject (photographs processing, using the personal data for personal procedures, sending commercial or informative communications etc.)
- Categories of the data subjects
- client of the administrator
- employee of the administrator
- service supplier
- other person who is in contractual relationship to the administrator
- job applicant
- Categories of the personal data recipients
The administrator has no intention to pass the personal data to a third country outside the EU. The administrator has the right to authorize a processor to process the personal data, who concluded a processing contract with the administrator and who provides sufficient guarantees of your personal data protection. Otherwise, the data subjects will be unconditionally informed about this transfer. Categories of the recipients thus are:
- financial institutes
- public institutes
- the processor
- state and other authorities within fulfilment of legal obligations given by applicable law
- Purpose of the personal data processing
- purposes included in the data subjects’ agreement
- negotiation about a contractual relationship
- contract fulfilment
- protection of rights of the administrator, recipient or other concerned persons
- archiving conducted by law
- tenders for published job positions
- legal obligations fulfilment by the administrator
- protection of vital interests of the data subject
- transfer of commercial communication or other information in case of justified interests of the administrator
- Method of the personal data processing and protection
Processing of the personal data is done by the administrator. Processing is done in their establishments, branch offices and the head office by individual authorized employees of the administrator, or by the processor. Processing happens while keeping all safety rules for the personal data administration and processing. For this purpose, the administrator accepted technical, organisational and legal precautions to provide the personal data protection, mainly the precaution to prevent an unauthorized or random access to the personal data, their change, destruction or loss, unauthorized transfers, unauthorized processing, or other misusage of the personal data. All the subjects who are allowed to access the personal data respect the data subjects’ rights to privacy and freedom protection, and they are obliged to proceed according to valid legal regulations related to the personal data protection.
- Time of the personal data processing
In accordance with the periods stated in relevant contracts and agreements, periods prescribed for handling in case of legitimate interests of the administrator or the third party, in relevant legal regulations, it is an amount of time necessary to provide rights and obligations coming from both the liability relationship and the relevant legal regulations.
The administrator processes the data with agreement of the data subject except for the legally given examples when the personal data processing does not require the data subject agreement, thus when other legal basis exists for the processing purpose. In agreement with article 6, paragraph 1 of GDPR, the administrator can process these data without the data subject agreement:
- the processing is necessary for a contract fulfilment whose contractual party is the data subject, or to execute measures accepted before the contract conduction requested by this data subject,
- the processing is necessary for legal obligations fulfilment that relates to the administrator,
- the processing is necessary for the data subject’s vital interests protection, or of other individual’s,
- the processing is necessary for fulfilment of a task executed in public interest or when exercising public authority assigned to the administrator,
- the processing is necessary for purposes of legitimate interests of the relevant administrator or the third party, except for cases when these interests are minor to the interests or basic rights and freedoms of the data subject requiring personal data protection.