Information on personal data processing
GEMA ART GROUP a.s., a company with its registered office at Haštalská 760/27, 110 00 Prague 1, Id. No.: 26437741, registered in the Commercial Register kept by the Municipal Court in Prague, Section B, File 7114, as a personal data controller, hereby provides information on the manner and scope of personal data processing carried out by GEMA ART GROUP a.s., including the scope of data subjects’ rights related to processing of their personal data.
See the up-to-date contact details at http://www.gemaart.cz/en/contact.
GEMA ART GROUP a.s. processes personal data in compliance with the laws of the European Union, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and in compliance with the applicable national legal regulations, in particular Act No. 110/2019 Coll., on personal data protection, as amended (hereinafter the “Act”).
GEMA ART GROUP a.s. has implemented, maintained, and has been improving an information security management system (ISMS) pursuant to the ISO/IEC 27001 standard, which proves that our company has taken all the necessary measures for the protection of sensitive data (which means not only personal data, but our business partners’ data as a whole) against unauthorised access, brought its internal processes in line with the requirements of the norm and complies with legislative and other requirements. The applicable version is available at: http://www.gemaart.cz/en/certified-systems/quality-policy
Purpose and scope of personal data processing
GEMA ART GROUP a.s only processes accurate personal data obtained in compliance with the Act, where such personal data are collected and processed only for the relevant purpose, in the scope specified below, and for the term of the contractual relationship and 10 years after the termination thereof, unless stipulated otherwise by legal regulations and terms and conditions of the contract.
The basic purposes of personal data processing by GEMA ART GROUP a.s.
• performance of a contract and provision of services;
• negotiations of a contract;
• ensuring operational activities
• accounting and tax purposes;
• enforcement of receivables;
• performance of legal obligation;
• increasing the security of persons and protection of property.
The cope of personal data processing by GEMA ART GROUP a.s.
GEMA ART GROUP a.s. processes personal data in the following scope:
• identification data: academic degree, name, surname, tax Id. No.;
• address: mailing or other contact address, phone number, e-mail address;
• other personal data: proof of qualification (licences, authorisations), education (finished degrees, school type, specialty), CV, bank account number, and other personal data following from a specific contract or from the law.
Sources of the personal data
GEMA ART GROUP a.s. obtains the personal data in particular from the data subjects within the negotiations on conclusion of a contract and in the course of performance of the contract.
Processors and recipients
To ensure the above described purposes, the personal data may be processed by processors, other than GEMA ART GROUP a.s. and its employees, on the basis of agreements on personal data processing concluded in accordance with the Act.
Protection of personal data is technically and organisationally ensured by GEMA ART GROUP a.s. in compliance with the Act. GEMA ART GROUP a.s. requires the same level of protection from personal data processors.
Please note that on the basis of a legitimate request, the personal data may be transferred to third parties with the statutory power to require such transfers of the personal data.
Rights of data subjects
In cases stipulated by the law, the data subject is entitled to request information on the processing of his/her personal data, the right to access the personal data, the right to rectification or supplementation of personal data, portability of personal data to a third party, erasure and restriction of processing of personal data.
The data subject has the right to lodge a complaint regarding our processing of personal data with the Office for Personal Data Protection https://www.uoou.en/.
Definitions
• personal data – means any information relating to an identified or identifiable data subject; an identified or identifiable data subject is one who can be identified, directly or indirectly;
• data subject – means a natural person to whom the personal data are related;
• controller – means any entity which determines the purposes and means of the processing of personal data, and which performs, and is responsible for, the processing;
• processor – means any entity which processes personal data on the basis of a special law or an authorisation of the controller in compliance with such law;
• recipient – means any entity to which the personal data are disclosed;
• processing of personal data – means any operation or set of operations systematically performed with personal data by the controller or the processor, whether or not by automated means; processing of personal data means, in particular, collection, storage on information carriers, disclosure, adaptation or alteration, search, use, transfer, dissemination, publication, storing, exchange, sorting or combination, blocking and destruction.