Information regarding data processing pursuant to Articles 13 and 14 of the general Data Protection Regulation (GDPR)
We hereby inform you of the processing of your personal data and of your rights related to personal data protection. The content and scope of personal data processing is largely dependent on the products and services that you request or whose provision has been agreed with you.
1. Who is the data controller and who can you contact?
Philip & Frank s.r.o. (hereinafter referred to as “Philip & Frank”)
Viktora Huga 359/6, Smíchov, 150 00 Praha 5
Reg. no.: 04116232
Telephone: +420 ........................................
Email address: .....................................
2. What data are processed and what are the sources of the data?
We process the personal data received from you within a business relationship. Besides that we process such data that we have received in a permitted manner from public sources (e.g. the Register of Companies, Land Registry, media, Internet). Personal data include your detailed personal data and contact information (name, address, date and place of birth, citizenship, email address, telephone number, etc.) as well as identification data (e.g. travel documents, proof of identity).
3. What are the purposes and the legal basis for data processing?
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and with the 2018 Data Protection Act.
- For the purpose of the discharge of contractual obligations (Article 6(1b) of the GDPR):
Personal data processing (Article 4(2) of the GDPR) is performed for the purpose of discharging our contractual obligations (e.g. appreciation / handing over of properties to our clients). The purposes of data processing primarily depend on the specific business relationship.
- For the purpose of the discharge of legal obligations (Article 6(1c) of the GDPR):
Personal data processing may be based on different legal obligations (e.g. the Civil Code, Act on Business Corporations, Act on Consumer Protection, Act on Certain Measures Preventing Money Laundering and Funding of Terrorism, etc.).
- As part of your consent (Article 6(1a) of the GDPR):
If you have provided us with your consent to the processing of your personal data for certain purposes (e.g. approaching clients directly), we only process your data in compliance with the purpose specified in the statement of consent and to the extent specified in it. The consent may be withdrawn at any time, with an effect on the future.
- Regarding the protection of legitimate interests (Article 6(1f) of the GDPR):
- If necessary, we or a third party may process data beyond the scope of the actual performance of a contract for the purpose of protecting Philip & Frank’s or a third party’s legitimate interests. Personal data are processed for the purpose of protecting legitimate interests in the following cases
- advertising or market or opinion survey, unless you have objected, pursuant to Article 21 of the GDPR, to your personal data being used;
- measures for business activity management and for other development of services and products;
- measures protecting Philip & Frank’s clients, suppliers, employees and property;
- within a legal dispute;
- legal claims and defence in the event of legal disputes;
- ensuring IT security and IT operation.
4. Who receives my data?
Within Philip & Frank your data are received by employees who need them for discharging contractual and legal obligations and for the protection of legitimate interests. Apart from that, your data are made available to authorised service providers and those who process contracts (in particular, legal representatives, tax advisers, IT services providers, accounting companies and brokers with whom our company has entered into a cooperation agreement) if they need your data in order to do their jobs. All processors are contractually obligated to keep your data confidential and to process them only as part of providing services. Besides that, the recipients of your personal data may be public institutions and authorities (such as revenue offices, courts, etc.).
Other recipients may be places specified in your consent as authorised recipients of your personal data.
5. How long will my personal data be stored?
If necessary, we process your personal data for the time of the whole business relationship (from beginning the relationship to contract performance and termination) and also according to the periods of data storage and documentation (especially claims resulting from legal claims) resulting from the Civil Code, Act on Business Corporations, Consumer Protection Act, Act on Certain Measures Preventing Money Laundering and Funding of Terrorism, etc.).
6. What data protection rights do I have?
You have the right for information, correction, deletion or restriction of the processing of your personal data, the right to object to processing and the right for data portability in compliance with data protection legislation. Complaints can be sent to the Office for Personal Data Protection, address: Pplk. Sochora 27, 170 00 Praha 7.
7. Do I have to provide my personal data?
In a business relationship you have to provide such personal data that are necessary for beginning and performing the business relationship as required by the law. If you do not provide such data, we will usually have to refuse to enter into a contract with you or to fulfil your order. However, you do not have to provide consent to the processing of such personal data that are not relevant for the performance of the contract or that are not required by the law.
8. To what extent does automated decision-making happen?
In order to begin and perform a business relationship we never use automated decision-making pursuant to Article 22 of the GDPR. If we wanted to use such procedures in individual cases, we will notify you of it specifically if such notification is required by the law.
9. Is profiling carried out?
We do not process any personal data in order to evaluate certain personal aspects (profiling).