General Terms and Conditions for Processing Personal Data of Subjects at the Company
as per Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on personal data protection) (hereinafter referred to as “Terms & Conditions”)
2.1 Personal Data includes all information on an identified or identifiable natural person (data subject); an identifiable natural person is a natural person who can be identified, directly or indirectly, especially by a specific identifier, such as a name, identification number, location data, network identifier or by one or several special features of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. A piece of personal data is also such data that may not specifically identify a person but may enable this identification if linked to another available piece of personal data. Technological resources must be considered when linking such personal data. For example an IP address can be considered personal data since thanks to technological resources it can be linked to another piece of personal data and this can enable identification even without active participation of the entity which keeps or processes the IP address. Personal data is also any type of information on purchases, used services or expropriated devices and (meta)data related to former behavior during the use of a service.
2.2 Processing personal data means any type of operation or a set of operations with personal data or personal data files, which are carried out with or without automated processes such as collecting, recording, organizing, structuring, saving, adjusting or modifying, searching, viewing, using, accessing via transfer, circulating or and other type of disclosure, sorting or combining, limiting, deleting or destroying. Such an operation or a set of operations that a controller or a processor carries out with personal data systematically, for a specific purpose or goal must be defined as personal data processing as per the GDPR as well and this regardless of the method and means of processing. It does not matter if the controller or processor processes the personal data manually, electronically or a combination of both, or if they use specific software tools or solutions. The commented definition still contains a demo list of operations, which are considered to be personal data processing. This can be the collection of data, its storage on data carriers, access, adjustments or modifications, searching, using, delivering, circulating, disclosing, keeping, exchanging, sorting or combining, blocking or liquidating.
2.3 Recipient is an entity, to whom personal data is provided – i.e. a natural person or a legal entity, a public authority, agency or another entity, to whom personal data is provided, whether they are a third-party or not. Public authorities, however, which can obtain personal data as part of special investigations under member state law are not considered to be recipients; processing of such personal data by these public authorities must be carried out according to applicable personal data regulation for that specific purpose of processing. A recipient is also a data subject, another controller, processor or a person directly reporting to the controller or processor, who is authorized to processed personal data (however not as an employee, where the controller or processor holds responsibility for the processing). Recipient status concurrently only constitutes the receipt of data. Recipients, however, are not public authorities exercising their investigative authority. In practice, this e.g. means tax authorities and customs or general administrative and regulatory authorities. The processing of personal data by these public authorities should be carried out as per valid personal data protection regulation according to the purpose of processing.
2.4 Data Subject is every natural person to whom the personal data relates. Typically this means EU residents whose rights the GDPR protects. Data subjects are not legal entities. Personal data can only relate to a living natural person since data of deceased persons is outside the scope of the GDPR.
2.5 Controller is a natural person or a legal entity, a public authority, agency or another entity, which on its own or in cooperation with others designates the purpose and means of processing personal data; if the purpose and means of this processing is designated by EU law or member state law, this right can also designate the affected controller or special criteria for its designation.
2.6 Processor is every natural person or a legal entity, public authority, agency or another entity, which processes personal data on behalf of the controller.
3.1 Personal data is processed in the scope that was granted by the corresponding personal data subject in relation to the conclusion of a contractual or another legal agreement with the controller, or which the controller accumulated in another manner and is processing it according to valid legal regulation or to fulfill the controller’s legal obligations.
3.2 Personal data is only processed in the scope necessary in relation to the purposes specified in Article 8 of these Terms & Conditions.
9.2 Other processors are used to process your personal data if it is necessary in order to fulfill the purposes listed in Article 8 especially sales representatives of the controller’s partners. The categories of these processors are listed in Article 7.
9.3 Prior to providing personal data to a third-party as is listed above, a contract is always concluded with this person. This contract covers the processing of personal data and contains guarantees for personal data processing as per the GDPR and under the law on the processing of personal data.
9.4 Personal data may be provided abroad within the EU, especially where the controller’s service is provided to a customer from another member EU state or if a supplier’s service is provided to the controller by a supplier from another EU member state. We do not send or disclose your personal data outside of the EU.
9.5 Processing personal data is carried out automatically via computing systems, where manual processing is not ruled out for personal data in paper form while maintaining all security measures for the protection of personal data.
9.6 The controller has implemented technical and organizational measures for this purpose in order to provide protection of personal data, especially measures to prevent unauthorized or accidental access to personal data, its modification, damage or loss, unauthorized transfers, its unauthorized processing as well as other misuse of personal data.
9.7 All subjects, to whom personal data may be provided, respect the data subjects’ rights to the protection of privacy and are obligated to proceed as per valid legal regulations related to personal data protection.
11.2 Cookies that can be used on websites fall under the categories listed below. These descriptions will help you determine if and how you would prefer to communicate with our website and other online services:
11.3 If you do not wish to give your consent to our or third-party cookies, you can change the setting of your viewer to reject cookies. Since this action is different browser to browser, please visit the Help menu on your web browser for further details. Please bear in mind that if you decide to decline our cookies, it can negatively affect certain functionalities of this website and services.
12.2 Each data subject who learns or has reason to believe that the controller or processor is processing their personal data in a manner that is in conflict with the protection of private and personal life of the data subject or that is in breach of the law, especially if personal data is inaccurate with regard to the purpose of its processing, then the data subject may:
12.3 The data subject can apply these rights as per the above with the controller through a personal data protection officer, whose contact is listed in sec. 13.2.
12.4 If the data subject request as per sec. 12.2 is valid, the controller shall remedy the problem immediately. If the controller does not comply with the data subject’s request, the data subject has a right to contact the supervisory office directly, which is the Office for Personal Data Protection, with a seat at Pplk. Sochora 727/27, 170 00 Prague 7- Holešovice. The process as per sec. 12.2 does not prevent the data subject from contacting the supervisory office directly with their request.
12.5 The controller shall provide the required information to the data subjects without undue delay within one month from the receipt of the request at the latest. This period may be extended to two months with regard to the complexity of the request and the number of requests; the data subject must be informed of this fact.
12.6 The controller shall provide data subjects all the requested information in a concise, transparent, clear and easily accessible manner through the use of clear and simple means. The controller does so for free.
13.1 This statement of the controller is available to the public on the controller’s website (www.arbes.com” target=”_blank” rel=”noopener”>www.arbes.com).
13.2 If you have any questions with regard to the processing of your personal data please contact us in writing or via telephone using the contact information of the personal data protection officer below:
Czech DPO Office s.r.o.
Czech Data Protection Officers Office
You can find the query form here
Tel: +420 736 456 122