Updated Dec 9, 2020
Personal Data Controller:
Dramox s.r.o., with its registered office at Bucharova 2928/14a, Stodůlky, 158 00 Prague 5, Aspira Business Centre, a company registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 332337
Data Processing Principles
- The objective of this website is to summarise basic information on the principles of personal data processing within the DRAMOX service, which we observe and have adopted in order to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter the “GDPR”), effective in the territory of the Czech Republic from 25 May 2018, and Act No. 110/2019 Coll., on personal data processing, as amended.
- In accordance with the GDPR, we comply with the following principles in processing of personal data:
- Lawfulness, fairness and transparency– We perform processing only for legitimate reasons (e.g. statutory duty, performance of a contract, protection of our interests, protection of interests of third parties, or consent granted by the data subject). We perform processing in a transparent manner and we always inform you of how your personal data are handled, who has access to them and what are your rights in connection with the processing.
- Purpose limitation – We collect personal data only for specified, explicit and legitimate purposes (see above).
- Data minimisation – We process personal data only to the extent and within the scope necessary in relation to the given purpose.
- Accuracy - We process only up-to-date personal data.
- Storage limitation – We do not keep personal data for a period longer than necessary and permitted by law.
- Integrity, confidentiality – We have adopted sufficient technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to the personal data transmitted, stored or otherwise processed.
- Responsibility – We are able to prove compliance with the principles pursuant to paragraphs 1 to 6 at any time.
Legal Grounds for Processing
- Most of the personal data are processed for the purpose of performing the contract entered into with you. If we did not have these data, we would not be able to agree with you on the details of our service, process the payment made and enter into the contract with you. We do not request any other data from you and if you do provide us with them, we believe you are doing so voluntarily.
Extent of Personal Data Processing
- Within our activities, we process especially the following personal data:
- name, surname (for the purposes of entering into and performing the contract);
- e-mail address (for the purposes of communication);
- payment card information (for the purpose of payment processing).
- If we perform processing that is not aimed at fulfilling the statutory duties, this constitutes personal data processing for which we need an explicit, freely given, specific and informed consent. Such consent is absolutely voluntary and may be withdrawn at any time, or other rights may be exercised as described specifically in the written consent. If we require such consent from you, we will ask you first and will not process the data without this consent.
- We have also adopted the necessary measures to ensure security of the personal data being processed in both physical and electronic form. These measures include, among other things, rules for using information systems, ensuring that only authorised persons have access to the data and that it is at any time possible to verify when, by whom and for what reason the personal data were recorded or otherwise processed. We are, of course, able to prevent unauthorised access to data carriers, especially by setting passwords, access rights, encryption, and other technical and organisational measures.
Transfers of personal Data
- We transfer personal data to third parties only in cases prescribed by law (mandatory reports to governmental authorities) or to the necessary extent to selected suppliers providing certain services for us, such as bookkeeping, administration of information technologies (IT) or payment gates used for processing of payments for services. We have clearly set contractual relationships with all such persons and all suppliers comply with the necessary rules for personal data processing within the scope and parameters required by the GDPR.
- We do not transfer personal data abroad and if this would be necessary, we would ask for your consent in advance.
Rights of data subjects
- In relation to the processing of your personal data, you have a number of options you can use at any time. This includes, in particular, the following rights:
- Right of access to personal data;
- Right to rectification of personal data;
- Right to erasure of personal data (right to be forgotten);
- Right to restriction of processing;
- Right to data portability;
- Right to object against processing;
- Right to withdraw consent to personal data processing if the processing is performed on the basis of the consent;
- Right to lodge a complaint with a supervisory authority.
- In case of breach of security of personal data in spite of all the described measures, we have a system in place of reporting any security incidents. In case of any breach of security of personal data , we proceed in accordance with the GDPR in order to minimise possible damage and we submit the relevant reports to the Office for Personal Data Protection (www.uoou.cz).
- Should you have any questions regarding the scope and manner of personal data processing, please do not hesitate to contact us at any time by e-mail at firstname.lastname@example.org.