GDPR

GDPR

1. General Statement

1.1. Vertfox, s.r.o. (hereinafter referred to as the Company) fulfills its obligations regarding the processing of personal data that have been transferred to it for the purpose of fulfilling contractual and legal obligations.

1.2. The protection of personal data results in particular from the EU Regulation on the Protection of Personal Data No. 2016/679/EU GDPR (General Data Protection Regulation) and the subsequent Act on the Processing of Personal Data 110/2019 Coll.

1.3. The Company acts as a personal data controller if it determines the purpose and means of processing personal data in accordance with Article 4(7) GDPR.

1.4. The Company acts as a personal data processor if it processes personal data for the controller in accordance with Article 4(8) GDPR.

2. Principles of Personal Data Processing

2.1. When processing personal data, we comply with the highest standards of personal data protection and adhere in particular to the following principles:

1. a) we always process personal data for a clearly and comprehensibly specified purpose, by specified means, in a specified manner, and only for the period necessary for the purposes of their processing; we only process accurate personal data and their processing corresponds to the specified purposes and is necessary for the fulfillment of these purposes;
2. b) personal data are protected in a manner that is in line with current technical developments; the highest available level of security for these data is ensured, which prevents any unauthorized or accidental access to personal data, their alteration, destruction or loss, unauthorized transfers, their other unauthorized processing, as well as other misuse;
3. c) data subjects are informed about the processing of personal data and about their rights to accurate and complete information about the circumstances of this processing, as well as about other related rights;
4. d) the Company adheres to appropriate technical and organizational measures to ensure a level of security appropriate to all possible risks; all persons who come into contact with personal data are obliged to maintain confidentiality of information obtained in connection with the processing of such data;

3. Information on the Processing of Personal Data

3.1. General information about the company:

Vertfox, s.r.o.
Company ID: 09406468
Registered office: Pernerova 697/35, Prague 8, 186 00
Contact email for withdrawing consent to the processing of personal data: petra.roubickova@vertfox.cz, marketa.souckova@vertfox.cz

3.2. The Company processes personal data for the purpose of:

1. a) fulfilling statutory obligations when it acts as a personal data controller;
2. b) fulfilling contractual obligations when personal data were transferred by data subjects based on the consent provided;
3. c) fulfilling contractual obligations when personal data were transferred to the Company by the personal data controller;
4. d) protection of the rights and legitimate interests of the Company, in particular marketing and direct marketing;
5. e) offering suitable job positions for candidates in accordance with the consent given;

3.3. Scope of personal data processed:

The Company processes personal data to the extent necessary to achieve the above-mentioned objectives. The following personal data are processed in particular:

1. a) name and surname;
2. b) address;
3. c) email address;
4. d) telephone number;
5. e) date of birth;
6. f) and other personal data that the Company is obliged to manage based on legal regulations or the performance of a contract, and which it has obtained from data subjects or based on its own activities.

3.4. Method of processing personal data:

The method by which the Company processes personal data includes manual and automated processing in the Company’s information systems.

Personal data is processed primarily by the Company’s employees and, to the necessary extent, also by third parties. Before any transfer of personal data to a third party, a contract is concluded with this person, which contains the same guarantees for the processing of personal data as the Company observes in accordance with its legal obligations.

3.5. Recipients of personal data:

Personal data are made available in particular to the Company’s employees in connection with the performance of their work duties, during which it is necessary to handle personal data, but only to the extent necessary in the given case and in compliance with all security measures.

Personal data may be made available to third parties who participate in the processing of personal data, or these personal data may be made available to them for another reason in accordance with the law.

Before any transfer of personal data to a third party, a written contract is always concluded with this person, which regulates the processing of personal data so that it contains the same guarantees for the processing of personal data as the Company observes in accordance with its legal obligations.