The company cloudinfrastack, s.r.o., Tachovské náměstí 290/5, Postal Code 130 00 Praha 3 - Žižkov, ID: 03358046, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 230683 (hereinafter referred to as “Controller” or “Company”) as a data controller hereby informs about the method and extent of processing of personal data by the Company, including the extent of the data subject’s rights linked to the processing of personal data by the Company, that being the users of the website cloudinfrastack.com and other affiliated websites which are clearly marked as cloudinfrastack, s.r.o or marked with the cloudinfrastack logo (hereinafter referred to as website).
The Company processes personal data in accordance with the law of the European Union. Mainly in accordance with the regulation of the European parliament and the Council of the European Union No 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as General Data Protection Regulation), furthermore in accordance with international contracts to which the Czech Republic is bound, mainly in accordance with the Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data No 108 proclaimed under No 115/200 Coll., and furthermore in accordance with the domestic legal regulations with account taken on the Czech Personal Data Protection Act No 101/200 and the change of some Acts, as amended (hereinafter referred to as “CPDPA”).
Processing by the Company shall be lawful only if and to the extent that at least one of the following applies:
Personal data are any information which are related to an identified or identifiable natural person (hereinafter referred to as “Data Subject) through which the corresponding natural person can be directly or indirectly contacted.
Personal data of the Data Subject shall be processed as follows:
Company as a data controller in connection with providing its services through websites shall process and preserve personal data of the Data Subjects in conditions and within the bounds of current legislation, mainly in accordance with Article 6 (1) a) and b) of General Data Protection Regulation for these purposes:
Personal data of the Data Subjects shall be processed for the period necessary to process the selection procedure results and to convey the information to the candidates, or for the time period of 2 years. Personal data shall be preserved during this time in case of possible further cooperation or should the candidate be interested in other vacant work positions in the Company.
The Data Subject shall give explicit consent to manual or automated processing of personal data by filling in personal data into the contact form and by subscribing to cloudinfrastack newsletters in the extent of:
Furthermore, in terms of access to the website the Controller shall process website access protocol files with the purpose of protecting own rights as well as interests protected by law. Protocol files shall be processed without the consent of the website visitor. Protocol files shall be preserved for the period of 14 days since visiting the website. Processing of said protocol files shall be carried out by the Controller alone or a third party shall be vested. In terms of processing protocol files, the Controller shall process following data, which can (but do not have to) include personal data of the website visitor:
The Company as a data controller in terms of providing its services through the websites processes and preserves personal data of the Data Subjects in accordance and within the bounds set by current legislation, mainly in accordance with Article 6 (1) a) and b) of General Data Protection Regulation for these purposes:
Controller shall process and preserve personal data of the Data Subject for the period of personal data processing, at most for the period of 10 years. When the purpose of processing ceases or the Controller no longer possesses any legal ground for personal data processing, Controller shall delete personal data.
Controller hereby informs Data Subjects about the fundamental principles of Article 13 of General Data Protection Regulation, based on which the Company as a data controller handles personal data of its Data Subjects.
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller.
The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Data Subject shall have the right to have personal data deleted by the Controller where one of the following grounds applies:
The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
The Data Subject shall have the right to withdraw his or her consent at any time without sanction. The Data Subject shall withdraw the consent using any reason stated above through the contact details of the Controller. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Data Subject shall have the right to lodge a complaint with a supervisory authority if the Data Subject considers that the processing of personal data infringes this regulation. A corresponding supervisory authority in the Czech Republic is the Office for Personal Data Protection.
Data Subject shall have the right to object to the processing of personal data of his or her concern should the Controller process the personal data for any of the following reasons:
The Controller informs the Data Subject about the following contact details to enable the contact between the Data Subject and the Controller: