Information and principles of personal data processing by
the company crmango s.r.o.
These principles are taken by the company crmango s.r.o. (hereinafter referred to as the "Company") inform about the processing and protection of personal data in accordance with the general regulation GDPR on personal data protection and in accordance with the legal order of the Slovak Republic, in particular Act No. 110/2019 Coll. on personal data processing with effect from 24.4.2019, as amended. The principles provide the information on the basic principles according to which the Company processes personal data of the data subjects, and on the Company's approach to the processing, protection and security of the personal data of the data subjects.
1.1. The Company as a personal data administrator processes the personal data of the data subjects in all its main activities concerned, based on established rules and security measures, such as particularly: controlled access to such information, encryption, and anonymization of data, and other security measures taken.
1.2. The Company processes personal data of data subjects in accordance with the Regulation of the European Parliament and of the Council (EU) No. 2016/679 on the protection of the natural person with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), which is directly applicable in all EU Member States (General Data Protection Regulation "GDPR") ) from the date of its establishment, in line with its effectiveness. Furthermore, the Company processes personal data of the data subject under the rule of Act No. 110/2019 Coll. on the processing of the personal data, with effect from 24.4.2019.
1.3 The Company, as a legal entity, processes personal data and fulfills with the administrator‘s or processor‘s obligations of such data, as they are set out in applicable enactments.
1.4. The personal data subject supplies the Company with its personal data depending on the purpose of their processing, this is mainly and exclusively following definitions of the purposes of personal data processing:
• for insuring the Company's services;
• for the purposes of the legitimate interests of the Company or a third party, for the protection of its own rights and claims;
• for the performance of the contract between the data subject and the Company and the fulfillment of legal obligations, including the needs of records and statistics;
• for communication with customers, suppliers, contractors, and business partners;
• for ensuring the purpose of intermediation the Company's services,
• for training activity;
• for possible promotional and marketing activity;
• for ensuring the processes of internal security and personal data protection, management of payroll and personnel agenda and the resulting accounting obligations of the Company;
• for other purposes with the consent of the data subject to the processing of his personal data.
1.5. The data subject grants consent with the processing of personal data when another legal provision cannot be used for the purpose of processing.
The Company accepts the consent of the data subject as a free, specific, informed, and unambiguous expression of will, by which the data subject gives his consent to the processing of his personal data by a declaration or another evident confirmation. The data subject has the right to withdraw his consent at any time. The withdrawal of consent is without prejudice to the lawfulness of the prior processing of personal data of the data subject, based on the consent previously granted by him. The data subject shall be informed about it before his consent is given.
2. Purpose of the processing of personal data of data subjects
2.1. The personal data of data subjects must be collected only for specific, explicit, and demonstrable purposes and may not be further processed in a way incompatible with those purposes. The processing of personal data is carried out mainly to cover the main activities of the Company and for the purposes of processing listed in point 1 of these Principles of personal data processing of the Company, which are mainly production, trade, and services not listed in Annexes 1 to 3 of the Trade Licensing Act.
2.2. The Company further processes personal data of entities to ensure its contractual and other relationships, bookkeeping, personnel and payroll agenda, recruitment agenda, and other activities which directly relate to the main activities of the Company.
3. Categories of personal data processed
3.1. The Company collects, processes, and stores the following categories of personal data of data subjects, the composition of which always is given by the necessity of personal data processing, always in line with the defined purpose of personal data processing for a given data subject.
3.1.1. Address, contact, and identification personal data - in particular: name, surname, email, telephone, business address, and other necessary data.
3.1.2. Descriptive personal data - in particular: data of the entity related to the contractual relationship, such as in particular and in addition to the personal data already mentioned in point 3.1.1. VAT number, address of registered office and place of business, etc.;
3.1.3. Other personalized data - in particular photographs or camera recordings, payment data and data related to order, information from the use of social networks and visit rate on our web environments, and other necessary personal data necessary for the performance and provision of the Company's services.
4. Principles of working with cookies files
4.1 Cookies files are short text files which a website sends to your browser. They allow the website to record information about your visit, such as the selected language and so on. The next visit on the site can be easier and more pleasant for you. Cookies files are important because without them browsing the Internet would be much more difficult. Cookies files enable better use of our website and an adaptation of its content to your needs. They are used by almost every website in the world. Cookies file are useful because they increase the user-friendliness of repeatedly visited websites.
4.2 The administrator may use the following types of cookies on the website:
4.2.1 Relational (i.e. temporary) cookies file allows us to link your individual activities while you are browsing this website. When your browser window is opened, these files are activated and they are deactivated when you close your browser window. Relational cookies are temporary and all these files are deleted when you close the browser.
4.2.2 Persistent cookies file helps us to identify your computer when you revisit our website. Another advantage of persistent cookies is that they allow us to adapt our website to your needs.
4.5.5 And another, such as Internet browsers in particular: Opera, Safari, Mozilla Firefox, Microsoft Edge, and Internet Explorer.
4.6 In order to display targeted advertising within the advertising and social networks on other websites we pass the data of your behavior on the web to these advertising and social networks; however, we do not provide them with your identifying data.
5. The way of personal data processing and storage and the time of their storage in the Company
5.1. The Company processes the personal data of the data subject manually or in an automated manner and stores it securely for a period specified in the archiving, file, and disposal rules in paper or electronic form. Following the purpose of processing, some personal data of the data subject are kept in the information system of the Company (e.g. order management system, etc.).
5.2. The Company processes personal data in a way that ensures their proper security by means of established security measures against unauthorized or illegal processing and against accidental loss, destruction or damage namely e.g. in the form of controlled access to this information, the encryption and anonymization of personal data, the ability to restore the personal data or for example in the form of regular audits of security measures established.
6. Transfer of personal data
6.1. The Company does not transfer personal data to persons other than its personal data processors or personal data administrators (where this obligation is imposed by a contractual relationship with the administrator, processor, or subprocessor), unless the obligation to transfer them to authorities, bodies or institutions is imposed to the Company by law or the consent of the data subject has been given.
6.2. In the case of processing personal data in the Company by the personal data administrator, there is no automated decision-making, on the basis of which actions or decisions are made, which the impact would be interference into the rights or legitimate interests of the data subjects.
7. Data subject rights
7.1. Upon request, the data subject shall receive from the Company, unless further specified in the request, all information on the processing his data, in a concise, comprehensible, and easily accessible manner using clear and simple language.
7.2. The request may be submitted by electronic means, by submitting through a data box or postal service provider, or by oral submission into a record at the Company; the request cannot be submitted by telephone.
7.3. If personal data concerning the data subject are obtained directly from him, the Company shall provide him the following information at the time of personal data collection:
a) the identity and contact details of the administrator,
b) contact details of the Data Protection Officer (DPO), if appointed,
c) the purposes of the processing for which the personal data are intended and processed and the legal basis for their processing,
d) the legitimate interests of the administrator or a third party when the data processing is based on this legal provision,
e) possible recipients or categories of recipients of personal data, including the possible processor,
f) the potential intention of the administrator to transfer personal data to a third country or international organizations, including a reference to appropriate guarantees,
g) the time period for which the personal data will be stored in the Company or, if it cannot be determined, the criteria for determining this period that will be used,
h) the existence of the right to request from the Company access to personal data concerning the data subject, their correction or deletion, or the restrictions on processing, and to express objections to the processing, as well as the right to data transfer,
i) if the processing is based on the data subject consent, the existence of the right to withdraw the consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal,
j) the possibility to submit a complaint to the Supervisory Authority,
k) the fact, whether the personal data provision is a legal or contractual requirement or a requirement that has to be included in a future contract, and whether the data subject is obliged to provide the personal data, and the possible consequences of failure to provide such data,
l) the fact, whether there is automated decision-making, including profiling, and at least in these cases meaningful information on the procedure used as well as the meaning and expected consequences of such data processing for the data subject.
7.4. If the Company intends further to process personal data for a purpose other than the purpose for which they were collected, it shall provide the data subject with information on this other purpose prior to the said further processing.
7.5. The Company does not need to provide information of data processing to the personal data subject if the data subject already has the information and to the extent that he or she has it.
7.6. If personal data has not been obtained from the data subject, the Company will provide him with identical information and in addition the source from which the personal data originates and, if appropriate the information on whether the data come from publicly available sources.
7.8. The Company will not apply an information obligation in the case of obtaining personal data from someone other than the data subject if the acquisition or disclosure is expressly provided by the law applicable to the Company, which sets out security and organizational measures to protect the legitimate interests of the data subject.
7.9. A personal data subject who will recognize or believes that the Company, as an administrator or other person who processes personal data for the Company, performs the processing of his personal data in conflict with the regulation in the field of personal data protection or in conflict with legislative obligations in the field of personal data protection, may request an explanation or request that the Company or the processor will eliminate the state so created. If the Company or the relevant processor will fail with the request, the personal data subject may contact the Office for Personal Data Protection, without prejudice to the data subject's right to contact the Office for Personal Data Protection directly.
7.10. The personal data subject has the following additional rights:
1. to obtain from the Company, when the conditions for this are met, the information on the processing of his /her personal data (identity information and contact details of the administrator and his / her deputy, if any; contact details of the Data Protection Officer (DPO) eventually; purposes of the processing for which the personal data are intended, and the legal basis for the processing, potential recipients or categories of recipients of personal data and other information necessary to ensure the transparent and fair processing of his/ her personal data),
2. to obtain access from the Company to personal data, i.e. to obtain the confirmation from the Company whether it processes personal data concerning him/ her and if so, the personal data subject has the right to obtain access to such personal data and to other information to the legal extent,
3. to correct his/ her incorrect personal data, or to supplement incomplete personal data,
4. to clearance his/ her personal data if the legal conditions have been met, e.g. when personal data are no longer needed for the purposes for which they were obtained or otherwise processed, or e.g. when the data subject will withdraw his /her consent on the basis of which the personal data were processed,
5. to restriction of the personal data processing by the Company when the legal conditions are met,
6. for data portability, i.e. to obtain the personal data concerning him/ her and which he/ she has provided to the Company, in a structured, commonly used and machine-readable format,
7. at any time to express objection against the processing of personal data concerning him/ her due to his /her specific situation;
8. not to be subject of automated individual decision-making, including profiling, unless the data subject grant the consent to this, except the cases where automated processing is permitted by law;
9. to submit a complaint to the supervisory authority.
7.11. The Company is entitled to request from the data subject of personal data when submitting a request for the fulfillment of any above rights, his personal identification by verification by the relevant employee, or identification by verification by other available methods (e.g. data box, notarial verification / CzechPOINT verification of the signature at the subject's request, or at the registered office of the Company personally).
7.12. The Company is entitled, in cases defined by law, to demand an appropriate payment for the provision of information on the processed personal data of the data subject, not exceeding the costs necessary for the provision of information.
8. Final provisions
8.1. The data subject of personal data may obtain all information for the processing of his / her personal data personally or via e-mail. Current contact details are listed on our Company's website at www.crmango.com. The data subject may apply the rights arising from the valid legal regulations in the field of processing and protection of personal data at the email address of the contact person for personal data protection: email@example.com.
8.2. The data subject has the right to contact the Office for Personal Data Protection with its registered office in Prague 7, Pplk. Sochora 27, 170 00, telephone exchange +420 234 665 111, www: https://www.uoou.cz, especially in the case when the Company fails the requests for clarification or removal of the situation arising from the personal data processing, which is in conflict with legal regulations in the field of processing and protection personal data.