"Dear customer, having regard to the effectiveness of Regulation (EC) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Privacy Policy), we would like to inform you that, for possible business cooperation, our company would process the following data:

Name and surname, e-mail address, phone number, country, city/town, post code

in order to provide this information to our business partners, as a result of a possible business deal with our business partner, the conclusion of a purchase agreement and the delivery of goods from our business partner, and you are informed that we will not process the personal data we provide afterwards, for 10 years.

ADVICE TO THE DATA SUBJECT

MALFINI, a.s. in accordance with the provision of Article 13 of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, the General Data Protection Regulation, (hereinafter referred to as the “Regulation”), advises that:

the personal data will be processed based on your free consent, under the conditions mentioned above;
 
the reason for the provision of personal data is their communication to our business partners for the purpose of business negotiations with our business partner, the conclusion of the purchase contract and delivery of goods from our business partner;
 
no automated decision-making or profiling will take place during the processing of your personal data.
 
you have the right to withdraw their consent to the processing of the personal data at any time at cancelgdpr@malfini.com, the right to demand us to allows them access to their personal data, correction or deletion or, where appropriate, restriction of the processing thereof, and to object to the processing, has the right to have such data transmitted to another controller (the right to data portability), as well as the right to lodge a complaint with the Office for Personal Data Protection if the data subject considers that we proceed in infringement of the Regulation when processing the personal data.

By ticking the I AGREE WITH THE PROCESSING OF PERSONAL DATA field, you consent to the provision of personal data to the personal data controllers within the meaning of Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation”) within the MALFINI Group (hereinafter the “Controller”), provided that the personal data will be processed for the purpose of conducting a competition for a specific job position. In addition, by ticking the I AGREE WITH THE PROCESSING PERSONAL DATA field, you agree to keep your Personal Data Controller within the MALFINI Group retaining your personal data for reason of assessment for any other selection procedure held by the Controller or offering other or similar job opportunities, work experiences or traineeships for a period of 3 years. Your personal data will be exclusively processed by the employees of the Controllers and only to the extent necessary to fulfil the purpose of processing.

Your right is to withdraw consent at any time. In this context you, as the data subject, have also the rights to:

1. access the personal data;
2. correct or supplement inaccurate or untrue personal data;
3. erase the personal data where it is no longer necessary for the purposes for which it was collected or processed;
4. limit the processing of personal data;
5. the portability of personal data;
6. raise an objection if there is no legitimate interest of the controller to their processing, which prevails over the interest of the data subject;
7. address in case of a complaint to an enforcement authority or a court.

Scope of the processed personal data:

• name and surname,
• postal address,
• email address,
• telephone contact
• a photo or an image representation”

I.
Basic provisions

1.    Pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is MALFINI, a.s., ID 254 09 727, with its registered office at Oblouková 391, 403 40 Ústí nad Labem (hereinafter referred to as: “the Controller”).
2.    The Controller's contact details are the address: Oblouková 391, 403 40 Ústí nad Labem, e-mail: dev@malfini.com, telephone: +420 475 247 507.
3.    The term “personal data” refers to all the information related to an identified or identifiable natural person; “identifiable natural person” refers to any natural person that can be identified directly or indirectly, especially referring to a certain identifier such as a name, identification number, location data, network identifier or one or more special elements of physical, physiological, genetic, psychic, economic, cultural or social identity of the said natural person.
4.    The Controller has appointed a Data Protection Officer. The contact details of the Data Protection Officer are: Mgr. Ondřej Pojkar, lawyer, with his registered office at Dlouhá 67/39, 415 01 Teplice, e-mail: pojkar@advokati unl.cz.

II.
Sources and categories of personal data being processed

1.    The Controller processes the personal data that you have provided to it or the personal data that the Controller obtained based on executing your order.
2.    The Controller processes your identification and contact data necessary for fulfilling the contract. 

III.
Legal ground and purpose of personal data processing

           1.   The legal ground for processing the personal data is 
           •     the performance of a contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR;
           •     a legitimate interest of the Controller for direct marketing purposes (in particular, sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the GDPR;
           •     your consent to processing for the purpose of providing direct marketing (in particular, sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Article 7(2) of Act No. 480/2004 Coll., on certain                                 information society services if no order for goods or services has been made. 
           2.   The purpose of processing the personal data is
           •     processing your order and exercising the rights and obligations arising from a contractual relationship between you and the Controller; personal data which are required for successful order processing (name and address, contact details) have to be                                 provided  in order to enter into and perform a contract; without these data it will not be possible to enter into a contract and the Controller will not, therefore, be able to perform it;
           •     sending commercial communications and pursuing other marketing activities. 
           3.   Automated individual decision-making is used by the Controller pursuant to Article 22 of the GDPR. You have given your explicit consent to such processing. 

IV. Data storage period

           1.    The Controller stores the personal data 
            •     for the period necessary to exercise and carry out all the rights and obligations arising from the contractual relationship between you and the Controller, as well as to enforce claims derived from such contractual relationships (for a period of 10 years after                        the termination of the contractual relationship); until the consent to personal data processing for marketing purposes is withdrawn, for no more than 10 years if the personal data are processed on the basis of consent. 
           2.    The Controller shall delete the personal data once the storage period has expired. 

V. Recipients of the personal data (Controller’s subcontractors)

           1.    The recipients of the personal data are persons 
           •      involved in the supply of goods/services and in effecting payments on the basis of a contract, 
           •      involved in the operation of the services,
           •      providing marketing services.
           2.    The Controller informs you that, when providing services, personal data may be transmitted to a third country (a non-EU country) or to an international organisation. Recipients of personal data in third countries are mailing service providers / cloud service providers.

VI. Your rights

           1.   Under the terms set out in the GDPR, you have: 
            •    the right of access to your personal data pursuant to Article 15 of the GDPR, 
            •    the right to have your data rectified pursuant to Article 16 of the GDPR or to restrict the processing pursuant to Article 18 of the GDPR, 
            •    the right to have your data erased pursuant to Article 17 of the GDPR, 
            •    the right to object to the processing pursuant to Article 21 of the GDPR, 
            •    the right to the portability of your data pursuant to Article 20 of the GDPR, 
            •    the right to withdraw your consent to the processing by a written statement or electronically to the address or the e-mail address of the Controller specified in Article I of this Policy. 
            2.  Moreover, you have the right to file a complaint with the Office for Personal Data Protection if you believe your privacy has been compromised.

VII. Conditions for personal data security

           1.    The Controller hereby declares that it has adopted all the appropriate technical and organisational measures to ensure the security of the personal data.
           2.    The Controller has adopted technical measures to secure data repositories and repositories of personal data in paper and electronic form.
           3.    The Controller declares that the personal data are only accessible by persons authorised by it.

VIII. Profiling

           1.    The personal data may be used to carry out profiling, including remarketing and behavioural advertising for the purpose of targeting marketing according to specific customer needs and requests, etc.

IX. Final provisions

           1.    By submitting an online order form, you confirm that you are familiar with and accept the Personal Data Protection Policy in its entirety.
           2.    Express your consent to this Policy by checking the corresponding box in the internet form. By checking the consent box, you confirm that you are familiar with the Personal Data Protection Policy and accept it in its entirety.
           3.    The Controller is entitled to change this policy. The Controller shall publish any new versions of the Personal Data Protection Policy on its website and, where appropriate, it shall also send you the new version to the e-mail address you have provided to the                    Controller.

This Policy shall take effect on 25 May 2018.