Privacy Policy at SIGNUM 1995 s.r.o.

Personal data is all information relating to an identified or identifiable natural person. Since 25 May 2018, the General Data Protection Regulation (GDPR) applies throughout the European Union. GDPR affects anyone who collects or processes personal data of individuals, including natural persons doing business.

The General Regulation on the protection of personal data is a source of European Union legislation and is also binding other European Economic Area countries including Norway, Iceland and Liechtenstein. This legislation does not have to be transposed into the law of a Member State by any national legislation, but 24 April 2019 Act No.110/2019 Coll., The Personal Data Processing Act 2019, implements certain aspects of GDPR into Czech law.

The SIGNUM 1995 s.r.o. company undertakes, as the controller of the personal data provided to it under contracts with the client, to process such personal data in accordance with the law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC.

This privacy statement at SIGNUM 1995 s.r.o. is stated on the company’s website. The company SIGNUM 1995 s.r.o. declares that it has no affiliates and does not share the personal information of its clients or employees with third parties for resale.

Information for clients when receiving personal data by SIGNUM 1995 s.r.o.

Personal Data Manager

Business name:

SIGNUM 1995 s.r.o.

Company ID:

08862257

Residence:

Příčná 129/3, 779 00 Olomouc, Czech Republic

E-mail:

info@signum.in

Phone:

+420 585 420 007

Legal basis for the processing of personal data

SIGNUM 1995 s.r.o. enters into a contract with a client, respectively employee.
The provision of personal data is the duty of the data subject (hereinafter referred to as the “client”), which arises from the above mentioned contract.

Purpose of processing

Provision of goods and services according to the contract with the client.
Fulfilment of legal obligations - in particular obligations under accounting and tax legislation, obligations under GDPR.
Protection of the legitimate interest of SIGNUM 1995 s.r.o.
Protection of the client's legitimate interest.
Advising on our products and services.

Recipients of personal data

Recipients according to the client's needs and instructions.
Public authorities.
Person processing accounting agenda.
IT company maintaining our system.

Processing time of personal data

Personal data will be processed for the period of validity of the aforementioned contract and after its termination will be handled in accordance with the applicable legislation, in accordance with Act No. 499/2004 Coll. (Archiving and Records Management Act and amending certain acts) and Regulation 2016/679 of the European Parliament and of the EU Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (GDPR Regulation).

Client’s rights

The rights specified below may be used by the client via the Data Subject's Request Form, which is available for download from the website of SIGNUM 1995 s.r.o.
The right to access personal data means that the client has the right from the administrator - SIGNUM 1995 s.r.o. to obtain information on whether it processes its personal data and, if so, what data it is and how it is processed. The client also has the right to have the administrator rectify inaccurate personal data concerning him/ her without undue delay. The client has the right to add incomplete personal data at any time.
In other words, the right to delete personal data constitutes an obligation of the controller - SIGNUM 1995 s.r.o. to dispose of personal data it processes about the client if certain conditions are met and the client requests it.
The client has the right to limit the processing of his / her personal data in certain cases. The client has the right to object at any time to processing based on the legitimate interests of the Administrator, a third party or necessary for the performance of a task performed in the public interest or in the exercise of official authority.
The right to data portability gives the client the opportunity to obtain the personal data provided to the controller in a common and machine-readable format. The client may then pass on such data to another controller or, if technically possible, request that they will be transmitted between them.
The right to revoke consent to the processing of personal data at any time does not apply, since the client's personal data are processed for the purpose of fulfilling the contract concluded with the client, not on the basis of consent to the processing.
In the event that the client is in any way dissatisfied with the processing of his / her personal data carried out by the controller - SIGNUM 1995 s.r.o. , s/he can file a complaint directly to him or contact the Office for Personal Data Protection.
More information about the rights of the client is available on the website of the Office for Personal Data Protection (https://www.uoou.cz/6-prava-subjektu-udaj/d-27276).

In the event of repeated or manifestly unfounded applications for the exercise of the above rights, it is possible to charge a reasonable fee for the exercise of the right, or refuse to exercise it.

Records of personal data processing at SIGNUM 1995 s.r.o.

Categories and characteristics of personal data processing

Name and contact details of the controller and of any joint controller, deputy controller and data protection officer [Article 30 (1) (a) of GDPR]:

SIGNUM 1995 s.r.o.
Company ID: 08862257
Residence: Příčná 129/3, 779 00 Olomouc, Czech Republic
phone: +420 585 420 007
e-mail: info@signum.in

Identification of relevant personal data processing [Article 30 (1) (b) of GDPR]:

Client agenda;
Employees;
Company operations, taxes and accounting;
Business and marketing, online communication.

Why (what purpose for) and under what legal title is personal data processed in the course of processing [Article 30 (1) (b) of GDPR]?

Performance of the contract with the client.
Fulfilment of legal obligations - in particular obligations in terms of accounting and tax legislation, obligations in terms of GDPR.
Protection of the legitimate interest of SIGNUM 1995 s.r.o.
Protection of the client's legitimate interest.
Advising on our products and services.

Ways of personal data processing:

Collecting.
Saving.
Recording.
Insight.
Use.
Sorting.
Archiving.

What personal data is processed in the course of processing [Article 30 (1) (c) of GDPR]?

Clients: name and surname, gender, address, date of birth, social security number, bank account, IP address, e-mail address, telephone number, ID number, VAT number.

Employees: name and surname, gender, address, date of birth, social security number, bank account, working hours, marital status, education, place of birth, photo, e-mail address, and telephone number.

Exceptionally, and only when the circumstances of the contract require so, we process special categories of personal data of our clients (religious or philosophical).

What sources is personal data obtained from [Article 30 (1) (c) of GDPR]?

Clients: data subjects, public registers, publicly accessible information (e.g. internet).

Employees: data subjects, public registers, publicly accessible information (e.g. internet).

Third parties: clients, data subjects, public registers, publicly accessible information (e.g. internet).

Categories of recipients to whom personal data has been or will be disclosed, including recipients in third countries or international organizations:

Personal data is made available to the following recipients:

Accounting company (bound by confidentiality).
IT company maintaining our system (bound by confidentiality).

The company SIGNUM 1995 s.r.o. does not disclose personal data to recipients in third countries or international organizations.

What date by and how personal data is to be destroyed [Article 30 (1) (f) of GDPR]?

According to our Q SM 03 A directive - file and shredding rules.

How is personal data updated [Article 30 (1) (g) of GDPR]?

Personal data is updated with information from data subjects, third parties, or through public sources (e.g. internet, public registers, etc.).

Which paper and electronic records (registries, archives, IT systems, data repositories) carry out processing [Article 30 (1) (g) of GDPR]?

The SIGNUM 1995 s.r.o. company uses two ways of archiving - physical ("custom bag" stored in a lockable archive) and electronic. SIGNUM 1995 s.r.o. operates an encrypted database system. All data containing client personal information is stored on a secure server. Server access is protected by a unique password. Personal data is processed for the duration of the contractual relationship between the client and SIGNUM 1995 s.r.o. and 10 years from 1 January of the year following the year in which the contractual relationship was terminated or, in justified cases, there is no need to retain data for a longer period in connection with a particular case. Personnel documents are kept for 45 years.

Is the company environment regularly security tested (especially IT systems)? Internally or by external consultants? [Article 30 (1) (g) of GDPR].

Yes, IT systems are regularly security tested by an external IT company once a month.

How is the security of data transmission in client communication ensured [Article 30 (1) (g) of GDPR]?

An external accounting company is connected to our IT system.

How is the security of data sharing with external entities ensured? Do all external suppliers processing personal data have contracts for the processing of personal data providing adequate safeguards [Article 30 (1) (g) in conjunction with Article 28 of GDPR]?

Yes, we have contracts for the processing of personal data with the following suppliers:

Accounting company.
IT company maintaining our system.

Is irreversible destruction of data within the database system ensured [Article 30 (1) (g) of GDPR]?

Yes, data is being deleted, not just deactivated.
The SIGNUM 1995 s.r.o. company operates an encrypted database system. All data containing client personal information is stored on a secure server.
Server access is protected by a unique password.
Irreversible data destruction is provided by a complete erasure from the server hard disk.

Is there a procedure available to determine the rights of data subjects and their exercise with respect to their data processed in the processing?

Yes, we allow each data subject to submit an application using the Application form of the data subject available on the SIGNUM 1995 s.r.o. website.

The prescribed information shall be provided to authorize data subjects, in particular on:

The scope and purpose of processing.
Personal data processing.
To whom personal data can be disclosed?

Yes, we provide information the following form:

On our website.
In contract with clients.
In responses to the data subject's requests.

Do the technical means employed and the organizational measures applied prevent accidental or unauthorized access to alteration, theft, misuse, destruction or loss of personal data [Article 30 (1) (g) of GDPR]?

Yes, we take the following precautions when receiving client's personal information:

Only our employees have access to the files being processed.
When accepting personal data, we apply strict procedures and security features (for these see below in the Security Elements chapter).
Documents in physical form are located in a lockable archive.
Access to the IT system is restricted by a password.
The IT system is regularly tested and maintained.

Is personal data transferred abroad or accessed from abroad [Article 30 (1) (e) of GDPR]?

No, the processed personal data is not transferred abroad, nor it is accessible from abroad.

Are employees having access to personal data in the processing of personal data trained? Do they have a confidentiality obligation in their contracts in relation to the personal data being processed [Article 30 (1) (g) of GDPR]?

Yes, the training takes place both at the start of employment and once every 18 months.

Yes, employees have a confidentiality obligation in their employment contracts.

A confidentiality agreement has also been concluded with the accounting and IT company ensuring the security of our system.

Cookies

The SIGNUM 1995 s.r.o. company uses cookies on its website. A cookie is a short text file that a website you visit sends to a browser. It allows the site to record client’s visit information, such as your preferred language and other settings. For example, cookies are used to store SafeSearch settings, to select relevant ads, to monitor the number of visitors to a page, to protect data, to save advertisements, etc. You can enable or disable the use of cookies in your browser settings. However, it should be noted that cookies are quite commonly used and do not harm the computer system.

Only Google analytics cookies exist on the website of SIGNUM 1995 s.r.o. currently (for more information, please visit this website: https://policies.google.com/technologies/cookies?hl=en).

Cookie usage categories:

Settings.
Security.
Processes.
Advertisement.
Session state.
Analytics.

SIGNUM 1995 s.r.o. does not track or process any information or personal data regarding the website.

Safety features

Upon receipt of client's personal data by SIGNUM 1995 s.r.o. strict procedures and security features are applied to protect personal data. SIGNUM 1995 s.r.o. runs on HTTPS protocol. This protocol does not collect any confidential information or contacts through forms.

The SIGNUM 1995 s.r.o. website contains links to the websites of major clients. Please note that clicking this link will take you to the official websites of our clients, where they have their own privacy policies. The company SIGNUM 1995 s.r.o. declares that it does not accept any responsibility for the privacy policies of our clients.

Questions

If you have any questions regarding (not only) the protection of personal data, please do not hesitate to contact us at info@signum.in.