Statement concerning the personal data processing under the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and guidance to data subjects (hereinafter referred to as “GDPR”)
REIWAG Facility Services s.r.o., registered office at Perucká 2542/10, 120 00 Praha 2, Company ID:40763544, VAT registration no.: CZ40763544, registered on 21 Aug 1991 in the Company Register kept by the Prague Municipal Court, Part C, File 3581 (hereinafter referred to as “Controller”), hereby informs you on the processing of your personal data and advises you on your rights in accordance with GDPR, Article 12.
2. Extent of personal data processing
Personal data are processed in an extent in which the personal data have been provided to the Controller in relation to entering into a contract or another legal relationship with the Controller, or that have been collected and processed by the Controller in accordance with the applicable legal regulations or for the Controller’s compliance with legal obligations.
3. Sources of personal data
- directly from data subjects (e-mails, phone calls, chat, websites, contact forms on websites, social networks, business cards, etc.)
- publicly accessible registers, lists and files (e.g. Company Register, Trade Register, Real Estate Register, public telephone directory, etc.)
4. Categories of personal data subject to processing
- address and identification data allowing unique and distinct identification of the data subject (e.g. name, surname, academic degree, or birth identification number, date of birth, permanent address, company ID, VAT registration number) and contact details allowing to contact the data subject (contact details – e.g. contact address, phone number, fax number, e-mail address and other similar information)
- description data (e.g. bank details)
- other data necessary for the performance of a contract
- data provided beyond the applicable laws, processed within the consent given by the data subject (processing of photographs, personal data used for the purposes of human resource procedures, etc.)
5. Categories of data subjects
- customers of the Controller (only for subjects registered in the e-shop system)
- employees of the Controller
- service providers
- other persons who have a contractual relationship with the Controller
- job candidates
6. Categories of personal data recipients
- financial institutions
- public institutions
- national and other authorities in terms of compliance with legal obligations set out by the applicable legal regulations
- other recipients (e.g. transfers of personal data abroad – EU countries)
7. The purpose of personal data processing
- purposes covered by the data subject’s consent
- negotiations on contractual relations
- performance of a contract
- protection of the rights of the Controller, recipient or other persons concerned (e.g. recovery of the Collector’s claims)
- archiving performed under the law on recruitment for vacant positions
- compliance with legal obligations by the Controller
- protection of the data subject’s vital interests
8. Methods of personal data processing and protection
The processing of personal data is carried out by the Controller. The processing is performed in the Controller’s places of business, branches and registered office by individually authorised employees of the Controller, or by the processor, as the case may be. The processing is performed with the help of computer technology or, in case of personal data in documentary form, also manually while observing all security rules applicable to personal data management and processing. To meet this purpose, the Controller has implemented technical and organisational measures in order to ensure the protection of personal data, particularly measures to prevent unauthorised or accidental access to, alteration, destruction or loss, unlawful transfers, unauthorised processing, or any other misuse of personal data. Any and all subjects that may be given access to personal data shall respect the right of data subjects to privacy protection and shall act in compliance with the applicable legal regulations concerning the personal data protection.
9. Duration of personal data processing
In compliance with the time limits referred to in relevant contracts, record management and retention policy of the Controller, or in the applicable legal regulations, the duration means a period of time strictly necessary to safeguard the rights and obligations resulting from both the contractual relationship and the applicable legal regulations.
The Controller processes data with the consent of the data subject with the exception of cases provided for by law when personal data processing does not require any consent of the data subject. In accordance with Article 6, para 1 of GDPR, the Controller is permitted to process the following data without the consent of the data subject:
- the data subject has given consent for one or more specific purposes,
- processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract,
- processing is necessary for compliance with a legal obligation to which the Controller is subject,
- data processing is necessary in order to protect the vital interests of the data subject or that of another natural person,
- data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller,
- data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data
11. The rights of data subjects
1) In accordance with Article 12 of GDPR, the Controller shall, at the data subject’s request, inform the data subject of the right of access to personal data and the following information:
- the purposes of processing,
- the category of personal data concerned,
- recipients or categories of recipients to whom the personal data have been or will be disclosed,
- the envisaged period for which the personal data will be stored,
- any available information as to the source of personal data,
- where the personal data are not collected from the data subject, the existence of automated decision-making, including profiling.
2) Every data subject who becomes aware of or considers that the Controller or processor carries out processing of their personal data in infringement of the protection of the data subject’s private and personal life or of the law, especially when such personal data are inaccurate with respect to the purpose of the processing, shall have the right to:
- Ask the Controller or processor for explanation.
- Request the Controller to rectify the condition. This may, in particular, include blocking, correcting, completing or deleting of personal data.
- If, pursuant to para 1 herein, the request of the data subject is found justified, the Controller shall rectify the detrimental condition immediately.
- If the Controller fails to satisfy the data subject’s request pursuant to para 1 herein, the data subject shall have the right to bring their complaint directly to the attention of the supervisory authority, i.e. the Office for Personal Data Protection.
- Acting in accordance with the procedure referred to in para 1 shall not preclude the data subject’s right to bring their complaint directly to the attention of the supervisory authority.
- The Controller shall have the right to request reasonable compensation for the provision of information not exceeding the necessary costs of its provision.
Matomo (formerly Piwik)
On this website we use the software „Matomo“ (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is an open source web analytics platform. A web analytics platform is used by a website owner in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing their website. The Matomo software sets a cookie (text file) on your system by which your browser can be recognised. If subpages on our website are accessed, the following data is stored:
- IP address, shortened by the last two bytes (anonymised)
- location of the user
- page being viewed and time
- referrer page (URL of the previous page you visited)
- URLs of pages viewed after the first subpage
- browser and plug-ins, operating system and screen resolution used
- time spent on our website
The data collected by Matomo is stored on our own servers. No data is transferred to a third party.
The legal basis for data processing is Art. 6 para. 1 lit. f) DSGVO.
Purpose of data processing / legitimate interests
Processing your personal data such as cookies is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Our team is benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better. Your data will be used only to improve the user experience on our website and help you find the information you are looking for. The data will never be used to personally identify a website user and will never be merged with other data. By anonymising the IP address, we take into account the user’s legitimate interest of the protection of personal data.
Recipient of the personal data
The personal data received through Matomo are sent to:
- Our company
- Our service providers: rockit GmbH, A-1150 Wien
- Our Hosting-company World4You, Internet Services GmbH, Hafenstraße 35, A-4020 Linz
The data are deleted as soon as they are not anymore used for our purposes.
As Matomo is processing personal data on legitimate interests, you can exercise the following rights:
1. Right of access: You can ask us at any time to access your personal data.
2. Right to erasure: You can ask us at any time to delete all the personal data we are processing about you.
3. Right to object: You can object to the tracking of your personal data for a period of two years by using the following opt-out feature. Please be aware of the fact that the opt out cookie you set by unchecking the following box is deleted when you delete all cookies.
This statement is publicly available on the Controller’s website.