Declaration of personal data processing according to the European Parliament and Council Regulation (EU) 2016/679 on the protection of individuals with regards to the processing of personal data and instructions to the data subjects („hereinafter referred to as the GDPR“).

1. Personal data controller NDT1 KRAFT s.r.o. registered at Nademlejnská 600/1, 198 00 Prague 9, Czech Republic, company identification number: 28902131, VAT number: CZ28902131, registered in the Commercial Register by the Municipal Court in Prague under file number C 152079, informs about the processing of your personal data.

2. Scope of the personal data processing

Personal data are processed to the extent that the relevant data subject has provided to the controller, in connection with the processing of the subject’s request, the conclusion of a contractual or any other legal relationship with the controller, or otherwise collected by the controller and processed in accordance with applicable law or fulfillment of legal obligations of the controller.

3. Sources of personal data:

• directly from data subjects
• wholesale
• distributor
• publicly accessible registers,
• lists and records (eg commercial register, trade register, real estate cadastre, public telephone directory, etc.)

4. Categories of personal data subject to processing:

• address and identification data used for unambiguous and unmistakable identification of the data subject (eg name, surname, title, or birth number, date of birth, permanent residence address, identity card number, identification number, VAT number) and data enabling contact with the data subject ( contact details – eg contact address, telephone number, fax number, e-mail address and other similar information)
• descriptive data (eg bank details, date)
• other data necessary for the performance of the contract

5. Categories of data subjects:

• customer of the controller
• service provider
• another person who is in a contractual relationship with the controller

6. Categories of personal data recipients:

• processor
• state and other authorities within fulfilment of legal obligations given by applicable law

7. Purpose of the personal data processing

• purposes included in the data subjects’ agreement
• negotiation about a contractual relationship
• contract fulfilment
• protection of rights of the controller, recipient or other concerned persons
• archiving conducted on the basis of law
• legal obligations fulfilment by the controller
• protection of vital interests of the data subject

8. The rights of users and data subjects

With regard to the data processing users and data subjects have the right

• to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data
• to correct or complete data
• to the immediate deletion of data concerning them, or, alternatively, if further processing is necessary, to restrict said processing
• to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers
• to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions

9. Method of the personal data processing and protection

Processing of the personal data is carried out by the controller. Processing is carried out in their establishments, branch offices and the head office by individual authorized employees of the controller, or by the processor. Processing happens while keeping all safety rules for the personal data administration and processing. For this purpose, the controller accepted technical, organisational and legal precautions to provide the personal data protection, mainly the precaution to prevent an unauthorized or random access to the personal data, their change, destruction or loss, unauthorized transfers, unauthorized processing, or other misusage of the personal data. All the subjects who are allowed to access the personal data respect the data subjects’ rights to privacy and freedom protection, and they are obliged to proceed according to valid legal regulations related to the personal data protection.

10. Time of the personal data processing

In accordance with the periods stated in relevant contracts and agreements, periods prescribed for handling in case of legitimate interests of the controller or the third party, in relevant legal regulations, it is an amount of time necessary to provide rights and obligations coming from both the liability relationship and the relevant legal regulations.

11. Information

The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject.