1. What Data Are Collected
We collect data about users who use any of the contract forms on the cad-enginnering.cz website. We also collect anonymised data about the traffic at cad-enginnering.cz through third-party analytical tools.
When using a form at cad-enginnering.cz, the user may be asked to enter his/her name, surname, address and e-mail address. However, the website can also be visited anonymously.
Your personal data will not be sold, exchanged, transferred or disclosed to any other company for any reason without your consent, except where it is necessary to meet a requirement and/or execute a transaction.
The e-mail address provided by the user may be used for sending information, other requests or queries.
Cookies are small files transmitted from the service provider’s website to your computer through a web browser, which enable websites or system service providers to recognise your browser and record and remember certain information.
Cad-enginnering.cz will not sell, trade or otherwise transfer users’ personal data to third parties. This shall not include third parties which assist in the operation, business management and maintenance of the cad-enginnering.cz website, provided that these parties agree to keep the information confidential. Users’ data may also be disclosed if such disclosure is in accordance with the law, required by the law or necessary to protect the security and rights of others. Other than personal identification details of a visitor may be provided to other persons for marketing or advertising purposes.
3. Third-Party Links
4. User’s Consent
5. Contact Us
6. Information on Processed Personal Data
Information on Processed Personal Data
The company: CAD engineering s.r.o., with its registered office at: tř. Svobody 596/21, 779 00 Olomouc Město, ID No.: 27811697, represented by: Marcela Balášová and Petr Baláš, Directors acting individually, entered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 52478 (hereinafter the “Controller”) hereby informs you that, under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), it processes personal data of data subjects for its activities and is therefore the Controller of personal data, as it determines the means and purposes of processing of the personal data listed below.
You can contact the Controller by mail or in person at: tř. Svobody 596/21, 779 00 Olomouc, by e-mail: firstname.lastname@example.org, or by phone: +420 585 229 476.
The Controller hereby informs you that it has no data protection officer as it is not required to appoint a data protection officer pursuant to Article 37 of GDPR and it has decided not to appoint one voluntarily, therefore you can exercise your rights by contacting directly the Controller by any of the above-mentioned means.
Processing of Personal Data
The Controller processes personal data primarily for the following purposes:
agenda related to property protection where there is a camera system used in the Controller’s registered office exclusively for the legitimate interest in protecting its property;
agenda related to the management and maintenance of its property where the legal title for the processing is the legitimate interest of the Controller to manage and maintain its property and, for this purpose, enter into contractual relationships with suppliers and customers, more information in the last point;
agenda related to the company management, management planning and control, corporate records and associated register obligations where the legal title for the processing is the law, agreement or legitimate interest in the protection of the Controller’s property;
personal data protection agenda where provided consents to the processing of personal data are collected, confidentiality agreements and outcomes of addressing individual requests in relation to personal data protection under GDPR, i.e. law-based processing, are recorded;
personnel and wage agenda in relation to employees;
entering into contractual relationships with suppliers and customers, where the data of these subjects are processed under the legal title of performing an agreement and where the Controller is not able to fulfil the agreements without such processing. Agreements are stored for as long as they are effective, invoices by virtue of compliance with Act 563/1991 Coll., on accounting, as amended, where the processing is required by law and the Accounting Act determines the retention period for invoices. In connection with the fulfilment of the above, the Controller also processes personal data of suppliers’ and customers’ employee provided in e-mail or telephone communication, on invoices and also by virtue of a legitimate interest in the event possible complaints, out-of-court settlement of disputes, litigation or another dispute arising from legal relationships.
The Controller can also use the legal title arising from a consent, under which everything is specified in detail for the data subject and the data subject is provided with detailed information about his/her rights, in particular about the right to withdraw the consent at any time in the future without any negative consequences, without affecting the lawfulness of processing based on consent before its withdrawal;
Retention Periods for Personal Data
When processing personal data, the Controller follows the statutory deadlines and if these deadlines are not provided by law, then it follows the deadline stipulated in internal regulations, which are determined to minimise the period of retention of personal data for the purpose of their processing and to prevent any damage to the data subject.
In the case of consents, the retention period is always specified and after this period expires, personal data in printed form are shredded and electronic personal data deleted and removed from databases.
With whom do we share personal data?
Personal data are transferred only insofar as is strictly necessary:
in relation to suppliers and customers to accountants and providers of postal services, the tax authority;
in relation to the employee agenda to the relevant payroll processor, Social Security Administration, tax authority, relevant insurance company or another insurance company, auditors, Labour Inspectorate, assessment physicians;
to subsidy authorities;
for promoting the Controller’s website: https://www.cad-engineering.cz/wp/,
to other national authorities or institutions that come into question in accordance with Czech or European legislation.
Personal data are not transferred to third countries or to international organisations.
The legitimacy of each transfer is considered before the transfer and data are transferred only if it is necessary to meet obligations stipulated by the law, an agreement or for other purposes, if the data subject provided his/her consent. In all cases where the Controller transfers personal data, the need for personal data protection is strongly emphasised so as not to damage the rights of data subjects.
Rights of Data Subjects
GDPR stipulates a number of rights which can be exercised in relation to us as the Controller through the above-mentioned contacts to ensure that data subjects can decide on the scope of personal data processing as far as possible. If you decide to exercise any of your rights, please contact the Controller through the contacts above.
Right to Access Personal Data
It is your fundamental right to request information on whether the Controller processes your personal data at any time. It means that you are entitled to receive a confirmation from the Controller about whether your personal data are processer and if they are, you have the right to gain access to these personal data, e.g. you will have access to a part of the database with your personal data or a copy of documents, if held by the Controller.
You will be informed about:
the purpose of the processing of your personal data;
the categories of processed personal data;
the reasons for using the legal title of legitimate interest under Art. 6(1f) of GDPR;
the personal data retention period or the criteria for determining the retention period;
the fact that you have the right to access, rectification, erasure, restriction of processing, the right to object, data portability and how you can exercise these rights;
the fact that personal data are processed under the law and the data subject was obliged to provide the data while being subject to the consequences of withholding or to complete the data in an agreement if necessary;
your right to withdraw your consent of the data are processed solely based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal;
your right to lodge a complaint with a supervisory authority, i.e. the Office for Personal Data Protection, with its registered office at: Pplk. Sochora 27, 170 00 Praha 7, e-mail: email@example.com;
from where your personal data have been obtained, unless they have been provided directly by you, e.g. from publicly available sources;
the existence of automated decision-making and if it is used, whether and how profiling is used.
Right to Rectification or Supplementation of Personal Data
If you find that the processed data are inaccurate, you have the right to request their rectification or supplementation. The accuracy of personal data is verified upon receipt of a request for rectification of processed personal data. After the verification is completed, the Controller will rectify the personal data as soon as possible.
As a data subject, you also have the right to supplement additional personal data for a certain legitimate reason to make processed incomplete personal data more accurate by providing an additional statement of a change, which is any statement addressed to the Controller.
Right to Erasure of Personal Data
If you believe that our processing of your personal data is not lawful, you can exercise your right to erasure of personal data.
Data subjects have the right to erasure of personal data which relate to them and the Controller is obliged to erase the personal data without undue delay, unless any of the following reasons occurs:
the personal data is no longer necessary for the purposes for which they were collected or processed;
the data subject withdraws the consent under which the personal data were processed and there is no further legal reason for processing;
the personal data must be erased to comply with a legal obligation to which the Controller is subject;
the personal data have been processed unlawfully.
If the personal data have been published and the Controller is obliged pursuant to the above to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers which are processing the data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
After the request for erasure is verified, the Controller will erase the data without undue delay.
Right to Restriction of Processing under Art. 18 of GDPR
The data subject has the right to request restriction of processing in any of these cases:
when the accuracy of the personal data is contested by the data subject, for a period needed to verify the accuracy of the personal data;
when the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
when the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
when the data subject has objected to processing until it is verified whether the legitimate grounds of the Controller override those of the data subject.
Where processing has been restricted under the above, the personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
If the processing of your personal data has been restricted at your request, the Controller will inform you in advance that the restriction will be cancelled and properly explain the reason for this.
Right to Data Portability under Art. 20 of GDPR
The data subject has the right to data portability if the data processing is based on a consent or agreement, i.e. not based on the law. In other cases, the right to portability shall not apply.
If the data subject with the right to data portability requests the data to be transferred to another Controller, the data will be transferred electronically in a commonly used and machine-readable format either directly to the designated Controller or to cloud storage specified by the data subject.
The Controller will address the request for data transfer without undue delay, but no later than within 30 days.
Right to Object under Art. 21 of GDPR
The data subject has the right to object at any time to the processing of personal data which relate to the data subject and are processed based on these legal grounds: if the processing is necessary for the legitimate interests of the Controller or a third party.
After the objection has been lodged, the Controller will not process the personal data until it is established that material legitimate reasons for the processing prevail over the interests or rights and freedoms of the data subject or for the determination, enforcement or defence of legal claims, and the Controller will then inform the data subject about the resolution.
Controller’s Statement Regarding the Protection of Personal Data
The Controller hereby declares that it has made every effort to ensure the protection of personal data, that it assumes its responsibility, has verified the scope, content and period of personal data processed to avoid processing of redundant personal data beyond the necessary period for the purpose of processing in question. The Controller has mapped the current protection of personal data and has taken a number of physical, technical and organisational measures in order to protect provided personal data to the greatest extent possible. The Controller has obliged all employees to sign a confidentiality clause, instructed them in personal data protection under GDPR, even when working with computer technologies.
If you are not satisfied with anything or you think that we have not resolved your request appropriately, you have the right to lodge a complaint with the Office for Personal Data Protection, address: Pplk. Sochora 27, 170 00 Praha 7, exchange phone: +420 234 665 111, official e-mail: firstname.lastname@example.org.
We will respect if you decide to exercise your right as your legal claim and will not disadvantage you in this regard.
It is in the Controller’s interest to process personal data properly, i.e. in full compliance with legal regulations, particularly with GDPR, and not to interfere with your rights. If you believe that we have not done everything necessary in this context, please contact us and let us know what we can do for the protection of your rights when processing your personal data.