of individuals visiting webpages and social medias of Mlékárna Hlinsko, a.s.
This information includes the fundamental principles for the personal data processing performed by Mlékárna Hlinsko, a.s., registered office: Kouty 53, 539 01, Hlinsko, Company Registration Number: 48169188, incorporated under Section B, File 3061 of the Commercial Register held at the Regional Court in Hradec Králové (hereafter simply referred to as the “company”) with regard to the personal data of any individuals visiting webpages and social medias of Mlékárna Hlinsko, a.s..
A summary of the processed (types of) data and the data sources
This section provides information about the types of personal data that we will process about you. Personal data is considered to mean any information about an identified or identifiable natural person (also known as a “data subject”); an identifiable natural person is a natural person who can be directly or indirectly identified, especially with reference to a certain identifier, such as a name, identification number, location data or a network identifier, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of the given natural person. We usually receive the personal data that we will process about you directly from you or via our camera system.
The personal data of any individuals visiting webpages and social medias of Mlékárna Hlinsko (hereafter simply referred to as the “individuals”), which will be processed by Mlékárna Hlinsko, especially includes the information provided by said individuals (typically automatically logged data as cookies - IP address, anonymous data about web usage Google analytics and data provided by individuals typically name, surname, social media profile, contact information as e-mail address, phone number and communication with individuals. In context of communication with individuals company may process also certain technical data e.i. time of the communication, IP address the communication had been sent from. Such date might be stored in our system in case further contact with individual is needed i.e. for answering a question.
To differentiate specific computers and in case of specific setting of certain services we use on our websites cookies or other similar network identificators. Cookies are small text files, that our servers store through web browser into specific computers. You can imagine cookies as website memory, which can identify user during his next visit.
Cookies are not design to attain any sensitive personal information.
Our webpages use only so called technical cookies, that are necessary to run and display our webpages. We do not store them or give them to 3rd parties and after the end of browsing session they are automatically deleted.
Above technical cookies we use also only cookies in form of anonymous information about usage of our webpages Google analytics (i.e. how many time has the page been open) and only if you specifically agreed to our use of Google analytics via opt-in method. In such case we also store information about your consent with Google analytics as we are required by law. We use Google analytics only in accordance with and for time as set by this service operator. Due to anonymization Google analytics can not identify your person.
The purposes of the processing
This section provides an overview of the purposes, for which we use (process) your personal data. Every piece of data is commonly used for several purposes at once. The means of processing, the processing period and so on are usually derived from the set purpose. In certain cases stated in Regulation (EU) no. 2016/679 we can also process your data for purposes other than those stated below, but only in exceptional and limited cases, for which the Regulation requires further conditions to be met.
The primary purpose of the personal data processing of the individuals is to gain access survey of company webpages and social medias. The data shall be used for registry, statistical purposes, development of company services or company internal procedures, to protect legal rights of company and 3rd parties (contractual partners) from illegal activities. Data (e.i. gathered via communication with individuals like IP address, time of communication) shall be used for IT security of the company. Individuals date shall be also used in order to fulfil company legal obligations, especially legal obligations regarding personal data protection, commercial regulations etc.
The legal basis for the processing
Every case of personal data processing must be lawful, i.e. must be based on any of the legal grounds for processing stated in the Regulation. As in the case of the purpose of the processing, each piece of data may also be processed on the basis of multiple legal grounds for processing. We will cease processing your data, if all the appropriate legal grounds lapse. The possible legal grounds for personal data processing are listed in Article 6 of the Regulation. We would draw your attention to the fact that, if we are processing your personal data on the basis of your consent, you are entitled to withdraw said consent at any time (contact us using the contact information stated below to withdraw your consent). The withdrawal of consent will not affect the legality of any processing performed on the basis of the consent prior to its withdrawal. However, the individuals’ data is not usually processed on the basis of consent.
The legal basis for the personal data processing is the necessity of technical cookies usage to run and display our webpages, of communication with individuals, justified interests of company (interest of access registry, protection of company rights against illegal activities including IT security, development of further company products and services as well as protection of 3rd parties rights especially contractual partners participating on the same performance as company and fulfilling statutory obligations (typically prevention of criminal activities, fulfilling of personal data protection according to act no. 101/200 Sb. And Regulation (EU) no. 2016/679, books keeping and other obligation according to tax regulations.
Právním základem zpracování osobních návštěvníků je nezbytnost komunikace s návětěvníky, oprávněné zájmy Mlékárny Hlinsko (dané zájmem na evidenci přístupů a zájmem na ochraně jejich práv proti protiprávní činnosti včetně IT bezpečnosti, a další rozvoj produktů či služeb Mlékárny Hlinsko, zpracování pro přímý marketing) a třetích osob (zejména dalších smluvních partnerů podílejících se na plnění, na němž se bude podílet i partner) a plnění zákonných požadavků (zejména předcházení deliktní činnosti, plnění požadavků podle předpisů o ochraně osobních údajů (zejména zákon č. 101/2000 Sb. a Nařízení č. (EU) 2016/679), vedení účetnictví a plnění povinností podle daňových předpisů.
The right to object
The right to object is one of your important rights. It enables you to have any processing undertaken on the basis of our so-called justified interests reviewed in cases where your specific situation justifies it, i.e. in cases where the processing itself is admissible, but where there are specific reasons why you do not wish the processing to take place. The option of lodging an objection does not, however, pertain to all processing cases; for example, it cannot be used in cases where we process data that is essential for the fulfilment of a contract or where we are required to do so by law. The right to object is encapsulated in Article 21 of the Regulation.
If the legal grounds for the personal data processing involve the justified interests of Mlékárna Hlinsko (this especially involves the processing of information for the purposes of IT security, for statistical purposes, for the development of the services provided by Mlékárna Hlinsko and for the protection of the rights of Mlékárna Hlinsko and any third parties), the individuals are entitled to lodge an objection against any such personal data processing at any time on grounds pertaining to their specific situation. In such a case, Mlékárna Hlinsko will no longer process any such data, unless there are serious, justified grounds for doing so which outweigh the interests of the individuals and their rights and freedoms or unless the data in question is being processed to determine, exercise or defend any legal entitlements. An individual may lodge an objection against the processing using the contact information stated below or preferably in an email sent to osobni.udaje[zavináč]tatramleko.cz. Please state the specific situation, which has led you to the conclusion that Mlékárna Hlinsko should no longer process your data, in the email.
It is necessary to point out, however, that even in the aforementioned cases your personal data may sometimes be processed in parallel, including for other purposes which may provide justification for Mlékárna Hlinsko to continue processing any such data.
The period throughout which your data will be processed
Our company cannot process your data for an arbitrary period and as such the processing period is limited to the period, in which we truly need your personal data. We endeavour to limit the length of this period so that both your and our interests are duly taken into account. It can sometimes be difficult to determine the required processing period or it may not be advisable to state the given period on security grounds and so we have at least stated some of the criteria used to determine the length of the processing of your personal data below.
Your personal data will be processed for a commensurate period with regard to the purpose of the processing (for example, contracts will be filed for a period of 10 years from their termination as standard). If the processing period is set by the legal regulations, the personal data will be processed throughout the given period, unless the grounds stated below justify a longer processing period. The following points of view will especially be applied when determining the period for any personal data processing: (i) the length of the limitation period, (ii) the probability of any legal claims being raised, (iii) the usual procedures in the market, (iv) the probability and significance of any possible risks and (v) the eventual recommendations of the supervisory bodies.
Updating the data
One of our obligations as the personal data administrator is to process accurate data or to supplement any incomplete data with regard to the circumstances. You will be helping us to meet this obligation, if you provide us with any information concerning a change in your data.
If any of the provided data or any other data submitted by a partner changes, we hereby request to be sent information regarding the change in question.
It is possible to contact Mlékárna Hlinsko for the purpose of updating your data using the contact information provided below or preferably by email at osobni.udaje[zavináč]tatramleko.cz.
How will the processing take place and what will its consequences be?
At present, the majority of the processing takes place by computer, so we will usually process your data in a computer system (for example, in our information system, using the Outlook application, if it involves any emails, and so on). This, of course, does not rule out the processing of the data in a filing system, such as the system for storing paper contracts or the business card filing system, administered by our individual employees.
Mlékárna Hlinsko will especially process your personal data in its own computer systems and those of the processors. Mlékárna Hlinsko will process any written documents in its filing system. The provision of the processed data by a partner is voluntary (albeit that a contract cannot be concluded without the provision of certain data and in some cases we are required to acquire some data by law, especially by the accounting regulations).
The submission of your personal data to other entities (personal data recipients)
Not all of your personal data will be processed by our company alone. We sometimes also hire third parties, so-called personal data processors, to process the data. We try to only choose those processors who are sufficiently trustworthy.
Mlékárna Hlinsko may only provide third parties with access to the personal data in those cases where a legal regulation requires or enables it to do so or with the consent of the individual involved. Mlékárna Hlinsko only provides the processors or any other recipients, i.e. suppliers of external services (typically programming or other technical support services and suppliers of computer systems, server services, emailing services and archiving services), the operators of the (backup) servers or the operators of the technology used by Mlékárna Hlinsko, who process the data for the purpose of ensuring the functionality of the appropriate services, with access to the personal data at the usual extent. The personal data can also be provided at the essential extent to our legal, economic and tax consultants and our auditors, who will process it for the purpose of providing their consultancy services, or to any entities that form a concern together with Mlékárna Hlinsko. The personal data may also be submitted to any public sector bodies upon request or in the case of any suspected unlawful behaviour.
The transfer of your personal data abroad
Even though the Regulation promotes the principle of the free movement of individuals throughout the EU, it limits the transfer of personal data outside the EU. Our company does not standardly transfer any personal data outside the EU. It is, however, possible that your personal data will be processed in a computer system, whose servers are located outside the territory of the EU, even though we endeavour to avoid any such situations. With regard to the systems regularly used as part of our business, this would at most involve systems using servers located in the United States of America. In such a case, we would choose a contractual partner that meets the conditions approved by the European Commission for the safe transfer of data between the EU and the USA known as the Privacy Shield. If we ever transfer your personal data outside the EU, we will inform you of this in a suitable manner where necessary.
What security measures we use regarding data processing
Administrator and data processors adopted and keep such technical and organizational measures to prevent unauthorized transfer, processing or misuse of personal data as anonymization, ability to restore accessibility of data, access od data in time during physical or technical issues, process of regular testing, assessing and evaluating of measures efficiency, multi-level firewall, antivirus protection, unauthorized access control, encrypt data transfer via IT technologies, access to personal data only for authorized persons of administrator or data processor, servers with personal data stored in secured locked location.
The risks and recommended procedures
Every case of personal data processing comes with certain risks. They may differ in relation to the scope of the processed data and the processing method. We have listed some recommended procedures to help you protect your data below:
- If you are providing us with your data, always give some thought as to whether it is essential to provide the given data. You should especially carefully consider the provision of any data that involves your personal life and any aspects thereof and is not associated with the purposes for which you are providing the data or any data that is designated for publication (for example, your comments under articles and so on). If you have the feeling that we are requesting too much information from you, contact us and we will review the appropriateness of our request.
- If you provide us with data from any third parties (your family members or any other employees from your company, etc.) or publish said data in our services, give some thought as to whether the provision of this data is absolutely necessary. Acquire consent from any such third parties where necessary.
- If any of our colleagues asks you to provide data, do not be afraid to ask whether it is actually necessary and whether it is possible to achieve the given objective without the provision of this data.
- Minors under the age of 18 are especially vulnerable. If the transfer of data involves any such individuals, it is especially necessary to consider all the circumstances. At the same time, it is also necessary to consider whether the consent of these individuals or their legal representatives (i.e. their parents) is required for any such data to be provided. If you are under 18 years of age and are not sure whether you are able to make the correct decision, discuss the matter with your parents or contact us separately.
- If you are going to log in to our systems using a password, always use a strong unique password that you do not use for any other equipment or access. Do not tell anyone or share your password, not even with our employees. We will never ask you to divulge your password, so also beware of any emails requesting you to divulge your password, even if they have been signed on behalf of Mlékárna Hlinsko, a.s. This will most probably involve forgeries attempting to acquire and subsequently abuse your password.
- If you send us any confidential data, try to use a secure form of communication, for example, password protected files connected with encryption and the provision of the password using a different communication channel.
- If you have the feeling that our company has failed to meet any of its obligations, that there has been an unauthorised data leak or that somebody is wrongfully posing as one of our employees, please inform us as soon as possible either by email at osobni.udaje[zavináč]tatramleko.cz or by letter sent to our postal address at Mlékárna Hlinsko, a.s., Kouty 53, 539 01, Hlinsko.
- We always try to keep this information up to date. As such, we will occasionally make modifications to these rules. We will inform you of any more significant changes separately, but for all that it is not a bad idea to occasionally read through these rules again.
- Keep your data in our service interface up to date.
Information on the rights of data subjects
Information in compliance with Personal Data Protection Act no. 101/2000 Coll. for the period up to 24.5.2018
In compliance with the provisions of sections 5, 11, 12 and 21 of Personal Data Protection Act no. 101/2000 Coll., we hereby inform all natural persons (so-called data subjects), whose data is being processed by Mlékárna Hlinsko, of their following legal rights:
Every data subject has the right to access their personal data and the right to correct it. Every data subject who discovers or believes that the administrator or processor is processing their personal data in a manner that is at odds with the protection of the data subject’s privacy and personal life or is at odds with the law, especially if the personal data is inaccurate with regard to the purpose of the processing, may request the administrator or the processor to provide an explanation or to rectify the given state of affairs. This may especially involve the blocking, correction, supplementation or elimination of the personal data. If the data subject’s request is found to be justified, the administrator or the processor will rectify the defective state of affairs without any undue delay. If the administrator or the processor fails to comply with the data subject’s request, the data subject will be entitled to directly contact the Office for Personal Data Protection (this approach does not rule out the data subject directly contacting the Office for Personal Data Protection with their issue). If the processing of the data subject’s personal data has given rise to injury other than pecuniary damage, the data subject will proceed in compliance with the special act when making any claims.
Information for the period from 25.5.2018 in compliance with Regulation (EU) no. 2016/679 of the European Parliament and of the Council (hereafter simply referred to as the “Regulation”):
A natural person is entitled to the following in relation to our company as the administrator of their personal data:
- to request the provision of access to the personal data that the administrator is processing, which is understood to mean the right to acquire confirmation from the administrator as to whether personal data pertaining to the natural person is or is not being processed and, if that is the case, to acquire access to the personal data and to the further information stated in Article 15 of the Regulation,
- to request the correction of the personal data being processed about the natural person, if it is inaccurate. The natural person is also entitled to supplement any incomplete personal data while taking the purpose of the processing into account,
- to request the deletion of the personal data in the cases regulated by Article 17 of the Regulation.
- to request the limitation of the processing of the personal data in the cases regulated by Article 18 of the Regulation,
- to acquire the personal data that pertains to them and
- which we are processing with their consent, or
- which we are processing in order to fulfil a contract, in which the natural person is a contractual party, or for the implementation of any measures adopted prior to the conclusion of the contract at the natural person’s request
- to receive the personal data in a structured, regularly used, machine readable format, whereby they have the right to submit said personal data to another administrator under the conditions and limitations set out in Article 20 of the Regulation and
- to lodge an objection against the processing in line with Article 21 of the Regulation on grounds pertaining to the natural person’s specific situation.
If we receive such a request, we will inform the requesting party of the adopted measures without any undue delay, but within a maximum of one month of the receipt of the request. This deadline can be extended to two months, if needed, depending on the complexity and number of requests. Our company is not obliged to partially or fully comply with requests in certain cases stipulated by the Regulation. This will especially be the case, if a request is manifestly unjustified or incommensurate and especially if it has been submitted repeatedly. In such cases, we can (i) impose a commensurate fee that takes into account the administrative costs associated with the provision of the required information or statement or the performance of the required acts or (ii) refuse to comply with the request.
If we receive a request of the aforementioned type, but have justified doubts as to the identity of the requesting party, we can request them to provide any additional information that is necessary to confirm their identity.
If a partner is of the opinion that Mlékárna Hlinsko is processing their personal data without authorisation or that their rights have been breached in any other way, they are entitled to submit a complaint to the supervisory body (i.e. the Office for Personal Data Protection) or to seek judicial protection.