The company HIWIN s.r.o. is the personal data controller within the meaning of Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as „GDPR“, and as the personal data controller determines the purposes and means of the processing of personal data, processes personal data and is responsible for such processing.
The company HIWIN s.r.o. would therefore like to provide you with clear and comprehensible information on what personal data are being processed, for what purposes and for what reason, from where are the personal data acquired and who has access to them, what rights you have in connection with processing of your personal data, as well as other information regarding the processing of your personal data.
Information contained herein is intended for all natural persons who are, were or may become business partners of the company HIWIN s.r.o., i.e. for all existing, former and potential customers and suppliers of our company (including visitors of our websites), as well as for all natural persons with whom we negotiate with in relation to the purchase, sale or supply of goods or in relation to provision or receipt of services.
WHO IS CONTROLLER OF YOUR PERSONAL DATA
Personal data controller is the company HIWIN s.r.o., identification number: 262 70 722, with its registered office at Medkova 888/11, Tuřany, 627 00 Brno, Czech Republic, registered in the business register kept by the Regional Court in Brno under file number C 41185 (hereinafter referred to as “the company HIWIN s.r.o.”, “our company” or “we”). The company HIWIN s.r.o. is responsible for proper and lawful processing of your personal data and you can exercise your rights, specified in more detail in Section 8 below, against this company.
If you have any questions or requests regarding the processing of your personal data, you can contact us:
in writing to the address: HIWIN s.r.o., Medkova 888/11, 627 00 Brno – Tuřany, Czech Republic
by e-mail to e-mail address: gdpr@hiwin.cz
WHAT PRINCIPLES WE RESPECT WHEN PROCESSING YOUR PERSONAL DATA
When processing the personal data, we lay the emphasis on ensuring that the personal data are being processed properly and in accordance with the law and that they are being appropriately protected. Therefore, when processing the personal data, we abide by the following principles:
We process the personal data lawfully, fairly and in a transparent manner.
We collect the personal data for specified, explicit and legitimate purposes and do not further process them in a manner that is incompatible with those purposes.
We process only adequate and relevant personal data and only to the necessary extent in relation to the purposes for which they are processed.
We process only accurate and up to date personal data. If we find out that the personal data we are processing are inaccurate or outdated, we erase or rectify such inaccurate or outdated data without delay.
We keep the personal data only for as long as is necessary for the purposes for which personal data are processed.
We process the personal data in a manner that ensures appropriate security of personal data and protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
FOR WHICH PURPOSES AND FOR WHAT REASON WE PROCESS YOUR PERSONAL DATA
We use the personal data that we are processing about you for these purposes:
for performance of a contract you have concluded with us:
We process the personal data primarily for the purpose of conclusion, modification and termination of the contract, fulfilment of rights and obligations under the contract, for the purposes of communicating with you, processing your requests or inquiries concerning the contract, for the purposes of claiming, enforcing or settling claims arising out of or in connection with the contract, etc.
The provision of your personal data for these purposes is a contractual requirement; if you do not provide us with necessary personal data, we will not be able to conclude the contract with you, or we will not be able to exercise rights and fulfil obligations arising out of or in connection with concluded contract.
For these purposes, we keep your personal data for the duration of relevant contractual relationship and further, until the expiry of limitation period for individual claims arising out of or in connection with the contract, unless it is stipulated by the law that we have to keep some of your personal data for a longer period.
for fulfilment of obligations stipulated by the law:
We process your personal data for these purposes in case we are obliged to do so by the law or other generally binding legal regulation. We process personal data, for example, for the purpose of fulfilling the obligation of notification towards state authorities, the obligation of archiving, for the purpose of keeping accounting, providing of audit, etc.
For these purposes, you are required to provide us with your personal data; failure to do so may have consequences stipulated by the law, in addition to impossibility to conclude a contract or to fulfil the contractual obligation.
For these purposes, we keep your personal data only for a period specified by applicable law.
for the purposes of legitimate interests pursued by our company:
We also process the personal data for legitimate interests of our company, including:
protection of property, rights and legitimate interests of our company;
enforcement and defence of our rights and legitimate interests;
inspection of compliance with concluded contracts, resolving violation of contractual terms;
fulfilling of our obligations towards third parties;
company management, reporting and evaluation of company activities;
optimizing of activities of the company, reducing of risk business cases;
development of new products, improvement of existing products;
record keeping within the company;
business and marketing activities.
For these purposes, we keep your personal data only for as long as necessary for the realization of the relevant purpose, unless it is stipulated by the law that we have to keep some of your personal data for a longer period.
for the purposes for which you have given us consent to process your personal data:
We process the personal data with your consent especially for the purposes of direct marketing – for the purposes of sending newsletters, product offers or other business information; your consent is required for these purposes if you are not yet our customer or if you have previously withdrawn your consent to the processing of personal data for such purposes of processing.
We keep your personal data processed on the basis of your content for a period of 4 years from the day the consent was given, or until the consent is withdrawn. Then we will delete your personal data, unless we will process such data to the extent necessary for other purposes for which your consent is not required.
We process your personal data for the above mentioned purposes, always on the basis of some of the following reasons:
when we fulfil the contract you have concluded with us;
when we fulfil obligations stipulated by the law;
when we pursue any of our above mentioned legitimate interests;
when you have given us consent to process your personal data.
CONSENT TO THE PROCESSING OF PERSONAL DATA
In some cases we may process your personal data only on the basis of your consent to such processing. In particular, this includes the processing of personal data for the purposes of direct marketing – for the purposes of sending newsletters, product offers or other business information, in cases where you are not yet our customer or if you have previously withdrawn your consent to the processing of personal data for such purposes of processing.
Giving consent to the processing of your personal data is voluntary and you can withdraw your consent at any time. The consent must be withdrawn in writing and notice of a withdrawal must be sent to our company´s address: HIWIN s.r.o., Medkova 888/11, 627 00 Brno-Tuřany, Czech Republic.
Please note that the withdrawal of your consent does not affect the processing we perform for other purposes or for other legal reasons. Withdrawal of your consent also does not affect the lawfulness of processing based on consent before its withdrawal.
WHICH PERSONAL DATA WE ARE PROCESSING
We only process the personal data we necessarily need to fulfil individual purposes of processing.
In particular, the processing concerns the following categories of personal data:
basic identification data: name and surname, title, job title, signature; with regard to entrepreneurs, also company name, distinctive addendum or other designation of entrepreneur, identification number, tax identification number, address of the registered office or permanent residence address (of end customer)
contact information: telephone number, e-mail address, delivery address (if different from address of permanent residence or registered office)
transaction information: received and outgoing payments including their amount, bank account number and other payment data, information on delivered goods and provided services
information on solvency and financial situation: information on executions and insolvency proceedings, information on ownership of real estate, information from published financial statements
information on visits of our website: IP address, how long you have looked through our website, information on which sections of our website you have visited, information on time of visit
communication records
other data you provide us with or you make public
In addition to personal data of our customers and suppliers, we also process personal data of third parties, namely of persons who in individual cases act or otherwise participate in the business relationship between our company and the customer or the supplier. In particular, it includes employees, members of bodies, agent, authorized representatives, guarantors, proxies, co-debtors etc.
WHERE DO WE ACQUIRE YOUR PERSONAL DATA FROM
In the framework of its activities, our company acquires personal data:
directly from you during negotiations on the conclusion of a contract and within its subsequent performance;
from public registers, lists and records (especially from the Commercial Register, Trade Register, Insolvency Register, Central Register of Executions, Cadastre of Real Estate, etc.) and from other public sources, including Internet and social networks;
from third parties, if it is necessary for the performance of a contract, if it is stipulated by the law, or if you have given us consent to do so.
WHO HAS ACCESS TO YOUR PERSONAL DATA
Your personal data can be accessed by:
executive director of the company, business associates of the company and employees of the company who need access to personal data to fulfil their working obligations; everyone who comes into contact with the personal data is bound by duty of confidentiality;
external suppliers of our company, such as administrators of corporate server, computers and network, webmasters, providers of web hosting, cloud storage and other IT services, providers of information systems, auditors, law firms, recovery agencies, etc. These subjects have access to your personal data only to the necessary extent and if they process your personal data on behalf of our company as a processor within the meaning of Article 4 point 8 of GDPR, we have a contract with such processors governing the processing of the personal data, which contains, inter alia, a commitment that the personal data will be processed in accordance with GDPR.
law enforcement bodies, courts, administrative authorities, insolvency administrators, executors, etc., in case we are required or authorize by the law to provide your personal data to such subject.
WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH PROCESSING OF YOUR PERSONAL DATA
In connection with the processing of your personal data, you have a:
Right of access: You may require that we confirm whether we process your personal data or not; if we process your personal data, you may request access to such personal data and information regarding the processing of your personal data to the extent given by the law.
Right to rectification: If you find out that the personal data we process about you are inaccurate or outdated, you may ask us to rectify or complete such data.
Right to erasure (right to be forgotten): You have the right to require that we delete your personal data; we are obliged to do so immediately in cases stipulated by the law. This includes, for example, cases where personal data are no longer needed for the purposes for which they were collected or otherwise processed, or cases where you have withdrawn your consent to their processing and there is no other legal reason for their processing.
Right to restriction of processing: If you think that the personal data we are processing about you are inaccurate, that the processing is unlawful, that the personal data are no longer needed for the purposes of processing of if you have objected to their processing, you may request that we restrict the processing of your personal data. Then, we may process your personal data only for the purposes and to the extent provided by the law.
Right to object: If we process your personal data for the purposes of legitimate interests pursued by our company or third party, you have the right to object to such processing at any time for reasons relating to your person. You also have the right to object to processing of your personal data for direct marketing purposes. If you object to the processing of your personal data, we will not process them anymore, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. If you object to the processing of your personal data for the purposes of direct marketing, your personal data will not be further processed for this purpose.
Right to data portability: In case we process your personal data by automated means and such processing is based on your consent or on the basis of a contract between us, you may require that we provide you with personal data we process about you in a structured, commonly used and machine-readable format and that we transmit such data to another controller.
Right not to be subject to a decision based solely on automated processing: As a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In this context, we would like to inform you that no decisions based solely on automated processing of personal data, including profiling, that could produce legal effects concerning you or similarly significantly affect you, are being carried out by our company.
Right to lodge a complaint with a supervisory authority: If you think that the law was broken in connection with the processing of your personal data, you may lodge a complaint with a competent supervisory authority, which is the Office for Personal Data Protection in the Czech Republic. Contact details and other information can be found at www.uoou.cz. You also have the right to an effective judicial remedy against a legally binding decision of a supervisory authority, as well as in case where competent supervisory authority does not handle your complaint or does not inform you on the progress or outcome of your complaint.
Right to information of a personal data breach: If your personal data are breached and if such data breach is likely to result in a high risk to your rights or freedoms, we will notify you of this fact without undue delay; we will provide you with detailed information on the nature of such breach, the imminent consequences and the measures taken.
You may claim any of above mentioned individual rights from the company HIWIN s.r.o.:
in writing to the address: HIWIN s.r.o., Medkova 888/11, 627 00 Brno – Tuřany, Czech Republic
by e-mail to e-mail address: gdpr@hiwin.cz
We solve your claims and requests free of charge and without undue delay, but no later than within one month. In justified cases, we can extend this deadline by two further months; you will always be informed of such extension and its reasons.
In case your request is clearly unfounded or excessive (in particular because of its repetitive character), we may charge you with a reasonable fee taking into account the administrative costs of providing required information or communication, or we may refuse to act on the request.
If we have reasonable doubts as to the identity of the natural person claiming the above mentioned rights, we may request such person to provide us the additional information necessary to confirm the identity of that person as the data subject.
APPLICABILITY OF THIS DOCUMENT
This document is applicable from 25.5.2018.
The company HIWIN s.r.o. reserves the right to change or update this document at any time.