GDPR

DECLARATION ON THE PROCESSING OF PERSONAL DATA

Declaration on the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and information for data subjects

("GDPR").

1. Personal data controller

Please allow us to inform you about how we at McKay spol. s r.o., Company ID: 08866198, Všestarská 150, 251 01 Tehov, e-mail: info@mckay.eu (hereinafter referred to as the "Data ControllersprávcePlease allow us to inform you about how we at McKay spol. s r.o., Company ID: 08866198, Všestarská 150, 251 01 Tehov, e-mail: info@mckay.eu (hereinafter referred to as the "Data Controller"),

The purpose of this notice is to provide you with information about what personal data we collect, how we handle it, from which sources we obtain it, for what purposes we use it, to whom we may disclose it, where you can obtain information about your personal data and what your individual rights are in the area of personal data protection.

When processing personal data, we honour, respect standards, follow generally binding legislation and process personal data.

We only collect our clients' and employees' data to the extent necessary and do not pass it on to third parties, except those directly involved in the processes for the purpose of necessary processing.

Collaborators (employees, subcontractors) are required to subscribe to the data controller's data processing policy and are trained.

This data processing statement describes how we work with data:

    • job applicants
    • company employees
    • training participants
    • egistered users

2. Scope of processing of personal data

Personal data is processed to the extent that the relevant data subject has provided it to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, for legitimate interest or otherwise collected by the controller and processed in accordance with applicable law or to fulfil the controller's legal obligations.

The scope varies according to the relationship between the individual and the controller.

Identifying data processed:

    • name
    • surname (including former surnames)
    • birth number
    • date and place of birth

Contact details processed:

    • permanent address / contact address
    • travel document number
    • ationality
    • length of residence permit
    • gender
    • marital status
    • telephone number
    • e-mail address

Other data related to the employment relationship:

    • photo
    • information about previous employment, education and previous experience, type of work
    • results of medical examinations
    • salary statements
    • information on the employee's health insurance company
    • information on pension insurance, ZL
    • information on whether the employee is a student
    • information on whether the employee receives maternity allowance/parental allowance
    • number of children (for women)
    • information on disability
    • bank details
    • in the case of proof of expenditure, a bank statement
    • employers' liability insurance contract number
    • information on any execution or enforcement proceedings, insolvency proceedings
    • information on work-related accidents or occupational disease
    • date of commencement and termination of employment, including the reason for termination
    • communication records
    • records of time worked
    • employee card number
    • employee card number

Any other information that may be required at the time of employment

3. Sources of personal data

Personal data is processed directly from the subjects:

    • registrations, web contact forms, direct collection, chat, emails, telephone, websites, CVs, business cards, etc.
    • publicly accessible registers, lists and records (e.g. commercial register, trade register, land registry, etc.)
    • automated recording of electronic communications on the basis of Act 127/2005 Coll. and Decree 357/2012 Coll.
    • documents submitted at the personal meeting

4. Purpose of processing personal data

    • purposes occupied within the scope of the data subject's consent
    • negotiation and performance of employment contracts
    • management of the personnel agenda
    • communication with the authorities
    • payroll
    • reporting on the employment of foreigners
    • ensuring occupational health and safety
    • protection of the rights of the controller, the beneficiary or other persons concerned
    • archive records kept on the basis of the law
    • selection procedures for vacancies
    • compliance with legal obligations by the controller

5. Method of processing and protection of personal data

The processing of personal data is carried out by the controller.

The processing is carried out in the controller's premises, branches and headquarters by individual authorised employees of the controller, or by the Processor, the user (to the extent necessary to comply with our legal and contractual obligations, at least to the extent pursuant to Sections 308 and 309 of Act No. 262/2006 Coll, the Labour Code, and other data and documents necessary to check whether comparable conditions are ensured within the meaning of Section 309 of the Labour Code and to comply with the obligations in relation to the User), the relevant public authorities, if such an obligation is imposed by law, the accounting company (to the extent necessary to comply with the obligations under Act No. 235/2004 Coll., on value added tax, Act No. 563/1991 Coll., on accounting or Act No. 634/1992 Coll., on consumer protection).

The processing is carried out by computer technology or, in the case of personal data in paper form, manually, in compliance with all security principles for the management and processing of personal data.

To this end, the controller has taken technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data.

All entities to which personal data may be disclosed shall respect the right to privacy of data subjects and shall comply with applicable data protection laws.

Your data is thus processed in particular in the following systems:

    • personnel system
    • accounting system
    • data mailboxes
    • the public administration system

6. Period of processing of personal data

In accordance with the time limits set out in the relevant contracts, in the controller's filing and shredding system or in the relevant legislation, this is the time necessary to ensure the rights and obligations arising from the contractual relationship and the relevant legislation.

Typically, personal data is thus processed in its entirety only for the duration of the contractual relationship and after its termination, the data is processed only within the framework of the legal regulations. '

In particular, operational data is processed continuously during the duration of the contract and is retained for a period of 12 months, with the exception of data necessary for the processing of statistics for CSU.

After the termination of the contractual relationship, personal data is retained only for as long as is strictly necessary for the Controller's legitimate reasons or for the fulfilment of legal obligations, but for no longer than 10 years.

The above periods apply when all obligations (entrusted facilities, equipment, etc.) have been settled, otherwise your data will be retained until mutual settlement.

These time limits may also be extended, e.g. by litigation, tax audits, etc.

7. Transfer of personal data to other persons

The Data Controller will only disclose your personal data to other persons to the usual extent and only to processors or other recipients, typically external service providers, in compliance with all the principles arising from the GDPR.

Furthermore, personal data may be disclosed to the extent necessary to legal, economic and tax advisors.

Personal data relating to debtors may also be disclosed to debt collection agencies for the purpose of debt recovery.

Personal data may also be disclosed to public authorities on request or in the event of suspected unlawful conduct.

8. Transfer of personal data abroad

Personal data is mainly processed within the EU and is not intentionally transferred outside the EU. The exception is data stored in those systems that have servers located outside the EU, usually servers located in the USA. In this case, the conditions approved by the European Commission for the secure transfer of data between the EU and the US, the so-called Privacy Shield, must be met.

9. Legal basis for processing

The controller processes the data with the consent of the data subject, except in cases provided for by law where the processing of personal data does not require the consent of the data subject.
In accordance with Article 6(1) of the GDPR, the controller may process the following data without the data subject's consent:

    • the data subject has given consent for one or more specific purposes,
    • the processing is necessary for the performance of a contract to which the data subject is a party or for
    • the performance of measures taken prior to the conclusion of the contract at the request of the data subject,
    • the processing is necessary for compliance with a legal obligation to which the controller is subject,
    • the processing is necessary for the protection of the vital interests of the data subject or of another natural person,
    • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
    • the processing is necessary for the purposes of the legitimate interests of the controller concerned or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

10. Rights of data subjects

The data subject has the following rights under the GDPR:

    • to request access to personal data processed by the controller, i.e. to obtain information from the controller as to whether or not personal data concerning him or her are being processed. If this is the case, he/she has the right to obtain access to this data and to other information referred to in Article 15 of the GDPR,
    • to request the rectification or completion of personal data processed by the controller if they are inaccurate (Article 16 GDPR),
    • request the erasure of personal data in the cases provided for in Article 17 GDPR,
    • to request the restriction of the processing of data in the cases provided for in Article 18 GDPR,
    • obtain those personal data concerning him or her which are processed with his or her consent or which are
    • processed for the performance of a contract or for the implementation of measures taken before the conclusion of the contract,
    • to obtain that personal data in a structured, commonly used and machine-readable format, with the right to transmit that data to another controller, subject to the conditions and limitations set out in Article 20 of the GDPR,
    • has the right to object to processing in accordance with Article 21 of the GDPR
    • the right to lodge a complaint with a supervisory authority - the data subject has the right to lodge a complaint about an alleged breach of the General Regulation with a supervisory authority, in particular in the Member State of habitual residence or employment.

We will inform the applicant immediately of the receipt of any request under the above points and will provide the requested information or information on the measures taken without undue delay, but at the latest within 1 month. This time limit may be extended by a further two months if necessary and in view of the complexity and number of applications. In certain specific cases defined in the GDPR, we are not obliged to comply with the request in whole or in part.

This will be the case in particular if the request is manifestly unfounded or unreasonable, especially because it is repetitive. In such cases, we may impose a reasonable fee taking into account the administrative costs involved in providing the requested information or refuse to comply with the request. The applicant will always be informed of this.

Where we have reasonable doubt as to the identity of a requester, we may ask the requester to provide additional information necessary to confirm his or her identity.

We will retain information about the exercise of the data subject's rights for a reasonable period of time for the purposes of recording and documenting this, for statistical purposes, improving our services and protecting our rights.

If the data subject considers that his or her personal data has been unlawfully handled or that we have otherwise violated his or her rights, he or she has the right to lodge a complaint with a supervisory authority.

11. Right to object

If the legal basis for the processing of personal data is a so-called legitimate interest, the data subject has the right to object to such processing at any time. In such a case, the personal data shall no longer be processed unless there are compelling legitimate grounds for the processing which override the interests of the subject or his/her rights and freedoms, or unless the processing is for the establishment, exercise or defence of legal claims. The data subject may object to processing using the contact details below. Please indicate in your email the specific situation that leads you to conclude that the Controller should not process your data. In the case of data processing for direct marketing purposes, it is always possible to object without further justification.

12. Contact information

You can contact us at any time:

McKay spol. s r.o.
Všestarská 150, 251 01 Tehov
e-mail: E-mail: info@mckay.eu