PRINCIPLES OF PERSONAL DATA PROCESSING AND PROTECTION (GDPR)
These Principles of Personal Data Processing and Protection (“Principles”) represent fundamental principles followed by Liberty Ostrava a.s., with its registered office at Vratimovská 689/117, Kunčice, 719 00 Ostrava, Company ID No.: 451 93 258 (“Company”), in the obtaining and processing of personal data as a controller of personal data. These Principles implement the Company’s rights and obligations arising particularly from the General Regulation (EU)2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (General Data Protection Regulation) (“GDPR”).
PERSONAL SCOPE OF APPLICATION
These Principles apply to all supplier-buyer relationships of the Company, specifically to natural persons – employees, representatives or other co-workers of the buyers and suppliers of the Company (“Data Subjects”).
Contractual partners of the Company are obliged to inform the Data Subjects about these Principles.
In accordance with GDPR, personal data mean any information relating to an identified or identifiable natural person (i.e. not a legal person). In principle, they are any information which can individually or together with other information serve to identify a specific natural person (“Personal Data”).
CATEGORIES OF PROCESSED PERSONAL DATA
The Company processes identifying data, contact details, descriptive data, data on accesses and rights, service requirement details, delivery data, purchase order data, invoice data and trade cooperation data.
USE OF PERSONAL DATA
The Company processes the Personal Data for the following purposes:
- provision of Company’s products and services within standard supplier-buyer relationships;
- internal evaluation of the provided products and services and, where appropriate, improvement of the provision thereof; and
- protection of the Company’s legitimate interests (e.g. for the purposes of ensuring safety at the site of the Company, protection of assets of the Company and third parties, or for the purposes of any litigation or other enforcement of rights).
TRANSFER OF PERSONAL DATA
The Personal Data collected by the Company about Data Subjects are transferred:
- within Liberty Group, i.e. to related persons of the Company;
- to the Company’s business partners, e.g. carriers, banks, insurance companies, IT infrastructure providers who process the Personal Data for the Company or independently in accordance with the purpose of provision thereof, but also on the basis of the Company’s legitimate interests (e.g. in connection with credit risk coverage); and
- to other third parties to whom the Company is entitled (e.g. to an ordinary court in case of a dispute) or obliged (e.g. to law enforcement authorities) to disclose the Personal Data in accordance with the generally binding regulations.
MEANS OF PROTECTING PERSONAL DATA
In order to protect and minimize the risk of unauthorized access to Personal Data, the Company has implemented organisational and technical measures. These measures include in particular the technical security of Company’s servers against unauthorized access and organisational measures of restricting the access of Company’s workers and regulating the treatment of Personal Data by those workers. Those who come into contact with Personal Data are particularly bound by confidentiality in accordance with Article 28(3)(b) GDPR.
To obtain further information on the protection and processing of Personal Data and to file your requests, you may use the following e-mail address: GDPR.Ostrava@libertysteelgroup.com
RIGHTS OF THE DATA SUBJECTS
In connection with the protection of their Personal Data, the Data Subjects have the following rights:
- the right to withdraw the consent to the processing of Personal Data where processing is based on consent;
- the right to request access to Personal Data and to information specified in Article 15(1) GDPR;
- the right to rectification of inaccurate Personal Data and, where appropriate, to have incomplete Personal Data completed;
- the right to erasure of Personal Data under the conditions of Article 17 GDPR;
- the right to restriction of processing under the conditions of Article 18 GDPR;
- the right to receive the Personal Data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machinereadable format, and the right to transmit those data to another controller, under the conditions of Article 20 GDPR;
- the right to be informed about a personal data breach under the conditions of Article 34 GDPR;
- the right to object to processing of Personal Data under the conditions of Article 21 GDPR; and
- the right to lodge a complaint with the supervisory authority, i.e. the Office for Personal Data Protection, residing at Pplk. Sochora 27, 170 00 Prague 7, or using the data box address qkbaa2n.