Personal data is all information relating to an identified or identifiable natural person. Since 25 May 2018, the General Data Protection Regulation (GDPR) applies throughout the European Union. GDPR affects anyone who collects or processes personal data of individuals, including natural persons doing business.
The General Regulation on the protection of personal data is a source of European Union legislation and is also binding other European Economic Area countries including Norway, Iceland and Liechtenstein. This legislation does not have to be transposed into the law of a Member State by any national legislation, but 24 April 2019 Act No.110/2019 Coll., The Personal Data Processing Act 2019, implements certain aspects of GDPR into Czech law.
The NEW SIGNUM Ltd. company undertakes, as the controller of the personal data provided to it under contracts with the client, to process such personal data in accordance with the law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC.
This privacy statement at NEW SIGNUM Ltd. is stated on the company’s website. The company NEW SIGNUM Ltd. declares that it has no affiliates and does not share the personal information of its clients or employees with third parties for resale.
Personal Data Manager
NEW SIGNUM Ltd.
Holická 421/66, 779 00 Olomouc, Czech Republic
Legal basis for the processing of personal data
Purpose of processing
Recipients of personal data
Processing time of personal data
Personal data will be processed for the period of validity of the aforementioned contract and after its termination will be handled in accordance with the applicable legislation, in accordance with Act No. 499/2004 Coll. (Archiving and Records Management Act and amending certain acts) and Regulation 2016/679 of the European Parliament and of the EU Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (GDPR Regulation).
In the event of repeated or manifestly unfounded applications for the exercise of the above rights, it is possible to charge a reasonable fee for the exercise of the right, or refuse to exercise it.
Categories and characteristics of personal data processing
Name and contact details of the controller and of any joint controller, deputy controller and data protection officer [Article 30 (1) (a) of GDPR]:
Identification of relevant personal data processing [Article 30 (1) (b) of GDPR]:
Why (what purpose for) and under what legal title is personal data processed in the course of processing [Article 30 (1) (b) of GDPR]?
Ways of personal data processing:
What personal data is processed in the course of processing [Article 30 (1) (c) of GDPR]?
Clients: name and surname, gender, address, date of birth, social security number, bank account, IP address, e-mail address, telephone number, ID number, VAT number.
Employees: name and surname, gender, address, date of birth, social security number, bank account, working hours, marital status, education, place of birth, photo, e-mail address, and telephone number.
Exceptionally, and only when the circumstances of the contract require so, we process special categories of personal data of our clients (religious or philosophical).
What sources is personal data obtained from [Article 30 (1) (c) of GDPR]?
Clients: data subjects, public registers, publicly accessible information (e.g. internet).
Employees: data subjects, public registers, publicly accessible information (e.g. internet).
Third parties: clients, data subjects, public registers, publicly accessible information (e.g. internet).
Categories of recipients to whom personal data has been or will be disclosed, including recipients in third countries or international organizations:
Personal data is made available to the following recipients:
The company NEW SIGNUM Ltd. does not disclose personal data to recipients in third countries or international organizations.
What date by and how personal data is to be destroyed [Article 30 (1) (f) of GDPR]?
According to our Q SM 03 A directive - file and shredding rules.
How is personal data updated [Article 30 (1) (g) of GDPR]?
Personal data is updated with information from data subjects, third parties, or through public sources (e.g. internet, public registers, etc.).
Which paper and electronic records (registries, archives, IT systems, data repositories) carry out processing [Article 30 (1) (g) of GDPR]?
The NEW SIGNUM Ltd. company uses two ways of archiving - physical ("custom bag" stored in a lockable archive) and electronic. NEW SIGNUM Ltd. operates an encrypted database system. All data containing client personal information is stored on a secure server. Server access is protected by a unique password. Personal data is processed for the duration of the contractual relationship between the client and NEW SIGNUM Ltd. and 10 years from 1 January of the year following the year in which the contractual relationship was terminated or, in justified cases, there is no need to retain data for a longer period in connection with a particular case. Personnel documents are kept for 45 years.
Is the company environment regularly security tested (especially IT systems)? Internally or by external consultants? [Article 30 (1) (g) of GDPR].
Yes, IT systems are regularly security tested by an external IT company once a month.
How is the security of data transmission in client communication ensured [Article 30 (1) (g) of GDPR]?
An external accounting company is connected to our IT system.
How is the security of data sharing with external entities ensured? Do all external suppliers processing personal data have contracts for the processing of personal data providing adequate safeguards [Article 30 (1) (g) in conjunction with Article 28 of GDPR]?
Yes, we have contracts for the processing of personal data with the following suppliers:
Is irreversible destruction of data within the database system ensured [Article 30 (1) (g) of GDPR]?
Yes, data is being deleted, not just deactivated.
The NEW SIGNUM Ltd. company operates an encrypted database system. All data containing client personal information is stored on a secure server.
Server access is protected by a unique password.
Irreversible data destruction is provided by a complete erasure from the server hard disk.
Is there a procedure available to determine the rights of data subjects and their exercise with respect to their data processed in the processing?
Yes, we allow each data subject to submit an application using the Application form of the data subject available on the NEW SIGNUM Ltd. website.
The prescribed information shall be provided to authorize data subjects, in particular on:
Yes, we provide information the following form:
Do the technical means employed and the organizational measures applied prevent accidental or unauthorized access to alteration, theft, misuse, destruction or loss of personal data [Article 30 (1) (g) of GDPR]?
Yes, we take the following precautions when receiving client's personal information:
Is personal data transferred abroad or accessed from abroad [Article 30 (1) (e) of GDPR]?
No, the processed personal data is not transferred abroad, nor it is accessible from abroad.
Are employees having access to personal data in the processing of personal data trained? Do they have a confidentiality obligation in their contracts in relation to the personal data being processed [Article 30 (1) (g) of GDPR]?
Yes, the training takes place both at the start of employment and once every 18 months.
Yes, employees have a confidentiality obligation in their employment contracts.
A confidentiality agreement has also been concluded with the accounting and IT company ensuring the security of our system.
Only Google analytics cookies exist on the website of NEW SIGNUM Ltd. currently (for more information, please visit this website: https://policies.google.com/technologies/cookies?hl=en).
Cookie usage categories:
NEW SIGNUM Ltd. does not track or process any information or personal data regarding the website.
Upon receipt of client's personal data by NEW SIGNUM Ltd. strict procedures and security features are applied to protect personal data. NEW SIGNUM Ltd. runs on HTTPS protocol. This protocol does not collect any confidential information or contacts through forms.
The NEW SIGNUM Ltd. website contains links to the websites of major clients. Please note that clicking this link will take you to the official websites of our clients, where they have their own privacy policies. The company NEW SIGNUM Ltd. declares that it does not accept any responsibility for the privacy policies of our clients.
If you have any questions regarding (not only) the protection of personal data, please do not hesitate to contact us at firstname.lastname@example.org.