Consent to the processing of personal data

FTS company – Fluid Technology Solutions s.r.o., with its registered office at Srázná 5113/1, 586 01 Jihlava, Company Registration Number: 05489687, hereinafter as “Administrator”, shall be governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter as “GDPR”) and Act No. 101/2000 Coll. on the protection of personal data, as amended. 

Definitions of terms
Data subject: an identified or identifiable natural person, i.e., for example: 
• employee of the Administrator, 
• job applicant, 
• purchaser,
• representative of the purchaser
• external worker, 
• representative of the supplier,
• customer
• natural person
• natural person with a registration number

Personal data: all information regarding a natural person, which may be used directly or indirectly to identify this individual, ex: first name, last name, date of birth, personal identification number, locational information (address), network identifiers (telephone number, email address, social media, etc.). 

Especial category of personal data: especial element being physical, physiological, genetic, psychological, economic, cultural or of the social identity of a natural person, i.e. personal data corresponding to one’s nationality, race or ethnic origin, political stances, membership in labour unions, religious and philosophical persuasion, criminal convictions, health condition and sex life and biometric data, which would directly enable the data subject to be identified or authenticated.

Administrator responsibilities

As Administrators, we are responsible for all and any processing of your personal data in terms of administrative work used by us within our organization. Furthermore, we manage your requests (ex. amendments, deletion, and information regarding your personal data) and objections, and we provide you with further information about how and why we manage your personal data.

Principles of processing personal data

When processing your personal data, we uphold the highest standards of personal data protection and, in particular, we maintain the following principles:

a) we always process personal data for a clear and comprehensibly intended purpose, by the means laid down, in the manner prescribed, and only for such time as is necessary for the purposes of the processing; we process only accurate personal data and its processing meets the stated purposes and is necessary for the fulfilment of these purposes;

b) your personal data is protected in a manner consistent with current technological developments; the highest available security of such data shall be ensured, preventing any unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transmission, other unauthorized processing, and other misuses;

c) data subjects are informed of the processing of their personal data and of claims for accurate and complete information on the circumstances of such processing as well as other related rights;

d) as Administrators we maintain all corresponding technical and organizational provisions,

Information regarding the processing of personal data 

The Administrator processes personal data for the purpose of:

fulfilling statutory obligations when that individual or persons act as the Personal Data Administrator:

fulfilling contractual obligations when personal data has been handed over by data subjects;

fulfilling contractual obligations when personal data has been handed over by the Administrators to the personal data administrators of other parties and the Administrator acts as the processor;

fulfilling contractual obligations, where the data subject is a contractual participant;

protecting the Administrator’s rights and authorized interests;

trade and marketing purposes, assuming consent has been given by the data subjects or if the Administrator’s authorized interests are in question (or those of the clients’ and the Company’s cooperating subjects, if applicable).

Extent of processing personal data:

The Administrator processes personal data to the extent necessary for fulfilling the above-stated objects. In particular, the following data is processed:

a) first and last name;
b) date of birth;
c) personal identification number;
d) address;
e) email address;
f) telephone number;
g) IP address and other electronic identifiers
h) and other information that the Administrator is obligated to manage based on the specific legal titles regarding individual cases of processing personal data.

The Administrator does not process special personal data categories if its processing thereof is not enforced by means of legal obligation.

Method of processing personal data:

The method used by the Administrator for processing personal data includes both manual and automated processing within the Administrator’s information systems. The Administrator’s employees are primarily responsible for processing personal data, or a third party may also be involved if the extent of data calls for outside assistance. Before any personal data is handed over to a third party, a contract is concluded with that individual, which contains the same guarantees for processing data as the Administrator upholds concurrent to their own legal obligations.

The Administrator has taken technical-organizational measures to ensure the protection of personal data, in particular, measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuses of personal data.

Receivers of personal data

In particular, personal data is made available to employees of the Administrator in connection to fulfilling their work responsibilities in which it is necessary to manage personal data, however, only to the extent of cases, where it is necessary and where the employees are able to uphold all security measures. Personal data may be handed over to third parties, who are participating in processing the personal data, or when necessary, personal data may be made available to third parties due to a separate reason in accordance with the law. Before any personal data is handed over to a third party, a written contract is concluded with that individual, which arranges the processing of personal data, so that it contains the same guarantees for processing personal data as the Administrator upholds concurrent to their own legal obligations.

In accordance with the relevant legal regulations, the Administrator is authorized or directly obligated to hand over your personal data to:

a) relevant state administrative authorities, courts and law enforcement authorities for the purpose of fulfilling their responsibilities and for purposes relevant to decision-making;

b) paid service providers, assuming it is necessary for reasons of preventing fraud in the field of payment relations, meaning both investigations and discoveries;

c) state administrative subjects and other public authorities for reasons relating to fulfilling legal responsibilities;

d) other persons to the extent of the established legal regulations, for instance, to third parties for debt recovery purposes;

e) subjects providing services for the Administrator based on outsourcing and operating in the position of a personal data processor;

Transferring personal data to foreign countries

Your personal data is processed within the bounds of the Czech Republic.

Period of processing personal data

The Administrator only processes data during the period necessary for fulfilling the purposes of its processing. The retention period for personal data results from individual legal titles and regulations, on the basis of which the Administrator processes personal data and the retention period is further in accordance with the Administrator’s File, Archiving and Shredding Rules.

Rights of the data subject 

1. Right to information

You hold the right to request your information of the Administrator, including your personal data, the extent of your personal data and for what purpose we process your personal data. We will provide you with this information in accordance with the principles stated in the General Regulations within the 90-day time limit, excluding outstanding situations. In the event of an outstanding situation, we will inform you in due time regarding the time limit’s extension. Should you request your information on which we keep a record, to be shared, we will first and foremost need to verify that you are in fact the individual pertaining to this information. Thus, we ask that you provide adequate identification in your request for information. If necessary, we hold the right to request additional information regarding your identification before we will provide you with your personal data.

We subsequently hold the right to decline requests for information, which are groundless, or rather unreasonably repeated, or their acquisition requires disproportionate effort or would be difficult to obtain (typically from backup systems, archival records, etc.).

2. Data actualization, amendment rights

Since your personal information may change over time (such as a change made to your last name), we would be pleased if you were to inform us when there has been a change, so that we may keep your personal information up to date and to avoid or any errors. The submission of information regarding a change in data is essential to enable the Administrator to properly perform their activities.

This also relates to your right to amend the personal data, which we keep on record about you. Should you discover that our data is not up to date, you have the right to request its amendment. 

3. Objections

If you believe that your personal data was not processed in accordance with legislature valid in the Czech Republic and European Union, you have the right to object to its processing and we will subsequently verify the legitimacy of your claim. We are hereby informing you that you hold the right to also object the processing of your personal data by contacting the relevant Supervisory Authority for the Protection of Personal Data at:

The Office for Personal Data Protection:

Pplk. Sochora 27

170 00 Prague 7

4. Right of erasure

If you have given consent at any time for us to process your personal data, you also have the right to withdraw your consent at any time and the data, which we process solely on the basis of your consent, will be erased. The right of erasure does not apply to data processed within in terms of the obligation to perform the contract, legal reasons or legitimate interests. If some of your data is stored in backup systems that automate the resilience of all our systems and fulfil the data loss protection function in the event of a disaster, we are not in a position to erase the data from the backup systems as it is often not technically feasible. Nevertheless, this data will not be processed further in any way and will not serve to fulfil other processing purposes.

5. Right to limit processing

This is the right to object the processing of your personal data in the event that you discover, or you believe that your personal data has been processed in contradiction with the valid legislature or that the processing could threaten your rights and freedoms. The following are cases where this occurs:

Amendment right – you deny the accuracy of your personal information. While we are verifying the accuracy and exactness of your personal information as data administrators, you have the right to request that we limit the use of this inaccurate data.

The processing of your personal data is unlawful, but you are not requesting that the data be erased, but rather that this data is only limited.

We, as the administrator of personal data, no longer need personal data for processing (and we should erase this data), but you are requesting it for the purpose of determining, enforcing or defending legal claims.

You object to the processing of your personal data. It is necessary to limit the processing of such data while we are verifying whether our interests as the administrator or your interests as the data subject prevail.

6. Right to the portability of your personal data

1. You, as the data subject, have the right to receive personal data that refers to you, and data that you have provided to the administrator, in a structured, commonly used and machine-readable format, and you have the right to transfer this information to another administrator without preventing the administrator to whom the personal information was provided, in the event that:

processing is established in accordance with Art. 6, Para. 1, Let. a) or Art. 9, Para. 2, Let. a) or in the contract under Art. 6, Para. 1, Let. b); and

processing performed automatically.

2. In exercising your right to data portability under paragraph 1, you, as a data subject, have the right to have personal data transferred directly by one administrator to another administrator, if technically feasible.

3. Exercising the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right does not apply to processing, which is necessary for fulfilling a purpose performed in public interest or during the performance of public interest of which is commissioned by the administrator.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of other individuals

7. Right to not participate in automated decision-making

As a data subject, this right ensures that you will not be the subject of decision-making established solely on automated processing, including profiling, which carries legal effects for you or is significantly relevant to you in an analogous manner. In other words, this right is ensuring that legal effects are not decided by automated procedures without human interference, except for possible exceptions.

Automated decision making is permissible when it is necessary for the conclusion or fulfilment of a contract between you and the administrator if permitted by EU law or a Member State or based on your explicit consent.

Contact information should you have any further questions

You can turn to the following email with your questions regarding the protection of personal data: info@fluidtech.cz or you may write to the Administrator at the following address:

FTS – Fluid Technology Solutions, s.r.o.

Srázná 5113/1,

586 01 Jihlava