menu
Home
Home
Controller’s records of personal data processing activities

Controller’s records of personal data processing activities

according to Article 30(1) of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016,

of the General Data Protection Regulation (hereinafter referred to as the "Device"), maintained by the company:

PKS windows a. s.

with registered office at Brněnská 126/38, 591 01 Žďár nad Sázavou

Number: 65276507

company registered in the Commercial Register kept at the Regional Court in Brno, Section B,

entry 1950

contact email address: zelezna@pks.cz, telephone contact: 724 944 740

(hereinafter referred to as "Rapporteur")

1. Description of categories of data subjects, categories of personal data and purposes of processing

a) Business partners of the Controller

Categories of personal data: identification and contact details of business partners

Purpose of personal data processing: conclusion and performance of the contractual relationship between the business partner and the Controller, performance of related legal obligations towards business partners and public administration authorities

Legal basis for processing personal data: performance of the contractual relationship and statutory obligations

b) Employees of the Controller

Categories of personal data: first name, surname, title, address data - permanent and contact, date of birth, telephone number, e-mail address, bank account number and money institution, birth number, marital status, nationality, place of birth, health status, data on family members, health insurance company, OP number, photograph, data on education, information on deductions from wages (executions,...)

Purpose of personal data processing: personnel and payroll of employees, conclusion of labour-law contractual relations, receipt, acceptance and processing of proposals for change and termination of labour-law contractual relations, cooperation in resolving work accidents, provision of benefits

Legal basis for the processing of personal data: performance of the contract and statutory obligations, e.g. registration and notification obligations to the relevant authorities

c) Job applicants

Categories of personal data: first name, surname, e-mail address, telephone number, details of education, qualifications and experience and other personal data which the job seeker provides at his/her own discretion on the CV

Purpose of the processing of personal data: job selection procedure

Legal basis for processing personal data: consent of the job applicant

d) Persons entering the Controller's monitored premises

Category of personal data: visual recordings without sound track

Purpose of the processing of personal data: protection of life and health of persons and property of the Controller by means of a permanent CCTV system

Legal basis for processing personal data: legitimate interest of the Controller

2. Description of the categories of recipients to whom personal data have been or will be disclosed or transferred, including recipients from third countries or international organisations

Personal data of subjects of all categories referred to in point 1 are disclosed to varying degrees to service providers.

The list of processors is available on request.

Personal data are not disclosed to recipients in third countries or to international organisations.

3. Information on the planned time limits for erasure of each category of personal data

The personal data of the subjects of all categories referred to in point 1 shall always be erased without undue delay after the expiry of the statutory period for which the Data Controller is obliged to keep such data. Where personal data are processed on the basis of consent, they shall be erased without delay after the data subject has withdrawn consent.

4. Description of technical and organisational security measures for the protection of personal data

The processing of personal data is carried out by means of computer technology, or manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Controller has taken technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction, loss, unauthorised transfer, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the data subject's right to privacy and shall comply with applicable data protection laws.

Personal data at the Controller's registered office may be accessed only by persons who use it in the performance of their professional duties, and only to the extent necessary. Access to databases containing personal data is secured by passwords, and paper documentation is locked.

All employees have been briefed on data protection and made aware of the GDPR.