The company cloudinfrastack, s.r.o., Tachovské náměstí 290/5, Postal Code 130 00 Praha 3 – Žižkov, ID: 03350860, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 230683 (hereinafter referred to as “Controller” or “Company”) as a data controller hereby informs about the method and extent of processing of personal data by the Company, including the extent of the data subject’s rights linked to the processing of personal data by the Company, that being the users of the website cloudinfrastack.com and other affiliated websites which are clearly marked as cloudinfrastack, s.r.o or marked with the cloudinfrastack logo (hereinafter referred to as website).
The Company processes personal data in accordance with the law of the European Union. Mainly in accordance with the regulation of the European parliament and the Council of the European Union No 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as General Data Protection Regulation), furthermore in accordance with international contracts to which the Czech Republic is bound, mainly in accordance with the Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data No 108 proclaimed under No 115/200 Coll., and furthermore in accordance with the domestic legal regulations with account taken on the Czech Personal Data Protection Act No 101/200 and the change of some Acts, as amended (hereinafter referred to as “CPDPA”).
LEGAL BASIS FOR PERSONAL DATA PROCESSING
Processing by the Company shall be lawful only if and to the extent that at least one of the following applies:
- Data Subject has given consent to his or her personal data processing for one or more specific purposes;
- processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the Controller is subject;
- processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the Data Subject is a child.
THE EXTENT OF PERSONAL DATA OF PERSONS INTERESTED IN VACANT WORK POSITIONS
Personal data are any information which are related to an identified or identifiable natural person (hereinafter referred to as “Data Subject) through which the corresponding natural person can be directly or indirectly contacted.
Personal data of the Data Subject shall be processed as follows:
- contact data: telephone number, e-mail, address of service;
- identification data: name, surname, date of birth, permanent address;
- information regarding the status of achieved education and former work experience;
- your shared picture;
- information from Linkedin (if given);
- further information included in CV;
- notes and evaluation from previous interview sessions and proceedings.
THE PURPOSE OF PERSONAL DATA PROCESSING
Company as a data controller in connection with providing its services through websites shall process and preserve personal data of the Data Subjects in conditions and within the bounds of current legislation, mainly in accordance with Article 6 (1) a) and b) of General Data Protection Regulation for these purposes:
- selection of appropriate candidates for vacant work positions,
- interviews with candidates for vacant work positions,
- processing and preserving data of the selection procedure results.
THE TIME PERIOD OF PERSONAL DATA PROCESSING
Personal data of the Data Subjects shall be processed for the period necessary to process the selection procedure results and to convey the information to the candidates, or for the time period of 2 years. Personal data shall be preserved during this time in case of possible further cooperation or should the candidate be interested in other vacant work positions in the Company.
THE EXTENT OF PERSONAL DATA PROCESSED BY THE COMPANY FOR MARKETING PURPOSES
The Data Subject shall give explicit consent to manual or automated processing of personal data by filling in personal data into the contact form and by subscribing to cloudinfrastack newsletters in the extent of:
- name and surname,
- e-mail address and telephone number,
- company name.
Furthermore, in terms of access to the website the Controller shall process website access protocol files with the purpose of protecting own rights as well as interests protected by law. Protocol files shall be processed without the consent of the website visitor. Protocol files shall be preserved for the period of 14 days since visiting the website. Processing of said protocol files shall be carried out by the Controller alone or a third party shall be vested. In terms of processing protocol files, the Controller shall process following data, which can (but do not have to) include personal data of the website visitor:
- website through which the visitor enters the website’s IP address;
- date and time of access;
- the query of the client;
- http answer code;
- transferred grouped data;
- data from the web browser and operating system through which the visitor enters the website
THE PURPOSE OF PERSONAL DATA PROCESSING
The Company as a data controller in terms of providing its services through the websites processes and preserves personal data of the Data Subjects in accordance and within the bounds set by current legislation, mainly in accordance with Article 6 (1) a) and b) of General Data Protection Regulation for these purposes:
- contacting and providing information requested by the Data Subject;
- direct or indirect marketing based on the consent of the Data Subject;
- database managing and direct marketing;
- receiving information and commercial announcements.
THE TIME PERIOD OF PERSONAL DATA PROCESSING
Controller shall process and preserve personal data of the Data Subject for the period of personal data processing, at most for the period of 10 years. When the purpose of processing ceases or the Controller no longer possesses any legal ground for personal data processing, Controller shall delete personal data.
LETTER OF RIGHTS OF THE DATA SUBJECT
Controller hereby informs Data Subjects about the fundamental principles of Article 13 of General Data Protection Regulation, based on which the Company as a data controller handles personal data of its Data Subjects.
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller.
The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Data Subject shall have the right to have personal data deleted by the Controller where one of the following grounds applies:
- the personal data is no longer required for the purpose of processing,
- the Data Subject withdraws consent on which the processing is based and the data cannot be further processed in accordance with the section of purpose and legal basis for processing of the consent,
- Data Subject objects to the personal data processing and there are no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed, or,
- the personal data have to be erased for compliance with a legal obligation to which the Controller is subject.
The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or,
- the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
The Data Subject shall have the right to withdraw his or her consent at any time without sanction. The Data Subject shall withdraw the consent using any reason stated above through the contact details of the Controller. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Data Subject shall have the right to lodge a complaint with a supervisory authority if the Data Subject considers that the processing of personal data infringes this regulation. A corresponding supervisory authority in the Czech Republic is the Office for Personal Data Protection.
Data Subject shall have the right to object to the processing of personal data of his or her concern should the Controller process the personal data for any of the following reasons:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority,
- processing is necessary for purposes of legitimate interests of the data controller or a third party,
- for the purpose of direct marketing,
- for the purpose of scientific or historical research or for statistical purposes.
CONTACT DETAILS OF THE DATA CONTROLLER
The Controller informs the Data Subject about the following contact details to enable the contact between the Data Subject and the Controller:
- Data Controller shall be reached via a written letter at the address Sazečská 595/10, 108 00 Praha 10 Malešice.
- Data Controller shall be reached via the email address: email@example.com.