STATEMENT ON PROCESSING OF PERSONAL DATA In this document, you will find information about how FBT steel, s.r.o., registration No. 26169665, with the registered office at Praha 4 - Braník, Zelený pruh 1560/99, postal code 140 02 (hereinafter referred to as "FBT steel"), processes personal data of its business partners, customers and subscribers to commercial messages. In this document, you will find answers to the following questions: Does this statement apply to you if you are a legal entity?... 1 What personal data of you or your representatives do we process, for how long and why?... 2 Where do we get your personal data from and who do we transfer them to?... 3 What are your rights in connection with the processing of personal data?... 4 Does this statement apply to you if you are a legal entity? In this connection, we would like to observe that personal data within the meaning of the relevant legislation enshrined in the European Regulation No. 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR"), are always only personal data of natural persons. Therefore, if you are a business company (limited liability company, joint-stock company, etc.) or any other legal entity (municipality, school, etc.), the protection of personal data enshrined in the GDPR does not apply to data related to the legal entity (e.g. name, registration No., address, etc.). The protection of personal data only applies to personal data of particular natural persons who negotiate, communicate, etc. with us on behalf of your company, i.e. usually persons who act as representatives of your company in contractual or technical matters (hereinafter referred to as "Your Representatives") and whose (first name, surname, email address, phone number, etc.) we have. If you are a legal entity, you undertake to acquaint Your Representatives with this information about the processing of personal data of FBT steel s partners and customers. If you are a natural person (and it doesn t matter whether you act as an entrepreneur, or as a consumer in relation to FBT steel), the protection of personal data pursuant to the GDPR applies to you in the full extent.
What personal data of you or your representatives do we process, for how long and why? FBT steel processes the below mentioned personal data of you or Your Representatives for the purpose and the period of time as described next to these data: Information Purpose Legal basis Period of storage (particularly first name, registration No., VAT No., phone number, email address, own signature, bank account) Establishment, administration and termination of contractual relations, i.e. for the purpose of mutual fulfilment of contractual obligations on the basis of FBT steel s contractual relationship with business partners or customers (e.g. making payments, delivering goods) Performance of contract (Article 6(1)(b) of the GDPR) For the duration of the contractual relationship Contact details (particularly email address) Sending commercial messages (especially advertising messages, commercial offers, etc.) Legitimate interest in case of direct marketing 1 towards customers (Article 6(1)(f) of the GDPR) For an indefinite period of time, or until this processing is objected to (particularly first name, registration No. and VAT No.) Compliance with legal obligations resulting from Act No. 563/1991 Coll., on accounting, and Act No. 235/2004 Coll., on value added tax Securing documentary and other evidence for the protection of FBT steel s legal claims in the event of any Compliance with legal obligations (Article 6(1)(c) of the GDPR) Legitimate interest (preventing damage to FBT steel s property and reputation) 10 years after the termination of the relevant accounting period to which accounting and tax documents containing personal data, pursuant to Act No. 235/2004 Coll., on value added tax, apply 2 For the duration of the 10-year objective period of limitation pursuant to the provision of Sections 1 Direct marketing means sending commercial messages and offers to customers whose used for direct marketing were obtained by us in connection with the performance of a contract concluded between us, under which we offered goods or services to the customer. 2 Pursuant to Section 29(1), a tax document must contain, inter alia, (a) designation of the person who renders performance, (b) tax identification number of the person who renders performance, (c) designation of the person to whom performance is rendered, (d) tax identification number of the person to whom performance is rendered. Pursuant to Section 29(4), a designation means (i) trade name or name, (ii) addition to the name and (iii) registered office.
(particulary first name, registration No., VAT No., phone number, email address, own signature, bank account) extrajudicial, judicial, administrative or criminal proceedings (Article 6(1)(f) of the GDPR) 629, 636 and 638 of Act No. 89/2012 Coll., the Civil Code, extended by one more year given the possible delay between the initiation of a court dispute and the serving of the action Where do we get your personal data from and who do we transfer them to? In the first place, we obtain personal data directly from you, i.e. our business partners and customers, within the framework of our contractual relations. We obtain personal data in this manner not only when establishing the contractual relationship (when concluding a contract, confirming an order, etc.) but also in the course of our contractual relationship (e.g. bank account from which you make payments to us, email address through which you communicate with us, etc.). If you are our client as a legal entity, we obtain personal data of Your Representatives primarily also directly from you (e.g. first name, surname, email address, phone number of Your Representatives in technical or contractual matters). In the course of our contractual relationship, we receive them also directly from Your Representatives (e.g. their own signatures on handover reports, etc.). We obtain certain personal data about you also from publicly available sources. This includes, for example, checking your identification data against public records (public register, register of economic entities) or checking published bank accounts and the status of a reliable (unreliable) VAT payer against the VAT register. We may and in certain cases must transfer your personal data to other persons who handle the transferred personal data either on the basis of our instructions (processors), or use them for their own activities (recipients). We always transfer personal data to them only in the absolutely necessary extent, namely to the following entities: to Účetní a daňová společnost s.r.o., registration No. 25710613, which processes accounting for us and for this purpose we transfer your identification data and to that company in the necessary extent, to transportation and logistics companies, particularly to FBT logistics, s.r.o., registration No. 25829289, which arrange for us transportation of goods from you and to you and for this purpose we transfer your identification data and to these companies in the necessary extent,
to the statutory auditor, Ing. Jaroslava Staňková, who carries out the statutory audit of financial statements for us and for this purpose has access also to accounting documents containing especially identification data and, to postal service providers in cases where we need to deliver a postal consignment to you and for this purpose we transfer your contact details to these providers in the necessary extent, to contractual IT providers when servicing our programs and applications, it being understood that in such case, your personal data are disclosed to these IT providers only as a result of their service work on the program or application in which these personal data are located, and these external IT providers are contractually bound not to process the disclosed personal data in any manner, to contractual providers of legal services (lawyers), and possibly also to public authorities (especially courts and executor s offices) in cases where we need to protect our own legal claims, and for this purpose we transfer your personal data in the necessary extent, to public administration authorities, courts and law enforcement bodies if they request us to do so in accordance with the relevant legal regulations. What are your rights in connection with the processing of personal data? The below rights are the rights of the so-called data subjects 3, i.e. of our business partners and customers who are natural persons and, if you are a legal entity, of Your Representatives (all these persons together hereinafter referred to as "data subject"). If you are a data subject, you have the following rights: Right of access you have the right to know what data about you we process, for what purpose, for how long, where we obtain such data and to whom we transfer it and what your rights are. FBT steel puts the right of access into practice through this document titled "Statement on Processing of Personal Data". Right to rectification you have the right to request that we rectify or supplement your personal data if they are incorrect or incomplete. Right to erasure you have the right to request that we erase your personal data without undue delay if any of the reasons specified in Article 17(1) of the GDPR is met (e.g. personal data are no longer necessary for the purpose for which they were collected) and, at the same time, there exists none of the reasons specified in Article 17(3) of the GDPR, which justify continuation of the processing. 3 Pursuant to Section 4(1) of the GDPR, a data subject shall mean an identified or identifiable natural person.
Right to restriction of processing you have the right to request, in certain cases, that some of your personal data be designated and that these personal data should not be the subject matter of any further processing operations. Unlike the right to erasure, however, it is a temporary restriction of processing, not permanent erasure of personal data. Situations in which this right can be exercised are enshrined in Article 18 of the GDPR. Right to data portability you have the right to request that we transfer your personal data, that you submitted to us based on the performance of a contract (pursuant to Article 6(1)(b) of the GDPR), to you or directly to another personal data controller that you inform us about, in a structured, commonly used and machine-readable format. However, this right only applies to personal data we process by automated means. Based on this right, we cannot transfer always and under all circumstances all data (e.g. own signature). Right to object you have the right to object to the processing of your personal data which occurs on the legal basis of our legitimate interest (see above). If it is an objection against processing of personal data for the purpose of direct marketing (see above), we will not process your contact details for this purpose from the day on which the objection was raised. If it is an objection against processing of personal data for purposes other than direct marketing, we will examine this objection and if we find out that there are no serious legitimate reasons on our part that would justify such processing, we will no longer process such personal data for the given purpose. Right to lodge a complaint exercise of any of the above rights does not affect in any manner your right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz). You may exercise any of the aforementioned rights with us free of charge, either electronically (at the email address osobniudaje@fbtsteel.cz) or in writing through the postal service provider at the address of our seat. Please, always specify (i) the right you want to exercise (e.g. right to rectification), (ii) the reasons your right relies on (e.g. that we have an incorrect registration number recorded in your file), and (iii) what you request (e.g. rectification and stating correct registration number for your person).