Zásady zpracování osobních údajů | K&L Rock Group
K&L Rock Group / Personal data processing principles

Personal data processing principles

Companies K&L Rock s.r.o.
ID: 08731357
registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 324163,
Registered office: Tržiště 372/1, Malá Strana, 118 00 Prague 1
Represented by: Jan Lobo, Managing Director
(hereinafter referred to as the "Company")

The Company hereby informs the Clients or partners of the Company, as data controllers of personal data, in accordance with the General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter referred to as "GDPR") and in accordance with the applicable national legislation, of the scope, purpose and duration of the processing and storage of their personal data and of the rights arising from the GDPR.
The Company processes personal data in accordance with the GDPR, respecting the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.
The Visitor and the Client or any other person providing personal data (e.g. Partner) are obliged to provide the Company with true, accurate and complete information about their person and to inform the Company in writing of any change to the information provided.
The Company undertakes to collect personal data to the extent necessary for the fulfilment of the stated purpose and to process it only in accordance with the purpose for which it was collected; in this context, it undertakes in particular to:
ensure that personal data is always processed in accordance with the GDPR, is up-to-date, accurate and true, and that it is relevant to the purpose of the processing within the meaning of paragraph 3 above;
take appropriate measures to provide all information and make all disclosures required by the GDPR to Clients in a concise, transparent, comprehensible and easily accessible manner using clear and plain language;
ensure that the systems for automated processing of personal data are used only by authorised persons who will only have access to personal data corresponding to the authorisation of these persons, on the basis of specific user authorisations established exclusively for these persons;
put in place technical, organisational, personnel and other appropriate measures within the meaning of the GDPR to ensure and be able to demonstrate at any time that the processing of personal data is carried out in accordance with the GDPR so as to prevent unauthorised or accidental access to, alteration, destruction or loss of, unauthorised transmission of, or other unauthorised processing of, personal data and data media containing such data, as well as other misuse of such data, and to review and update such measures as necessary;
maintain and keep up-to-date records of the processing of personal data in accordance with the GDPR;
properly and timely report any personal data breaches to the Data Protection Authority and cooperate with the Data Protection Authority to the extent necessary;
maintain confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data, even after the end of the relationship;
comply with the other requirements of the GDPR, in particular to comply with the general principles of personal data processing as set out in paragraph 2 above, to comply with its information obligations, not to transfer personal data to third parties without the necessary authorisation, to respect the rights of Clients as data subjects and to provide them with the necessary cooperation in this regard.
The Client acknowledges that the Company processes personal data in electronic form in an automated manner. Personal data is secured in a manner that is fully compliant with the principles of data protection set out in the GDPR.
The Client provides consent to be contacted by the Company for more information relating to marketing offers in view of the law which, pursuant to Section 96(1) of the Electronic Communications Act, prohibits the offering of marketing advertising or any other similar method of offering goods or services over electronic communications networks or services to subscribers or users who have not indicated in the public list pursuant to Section 95(1)(b) or 95(2) that they wish to be contacted for marketing purposes.
The Company shall only process the personal data of Clients in accordance with the GDPR and the law, and shall only process such personal data for the stated purposes, to the extent necessary below, for the duration of the contractual relationship between the Company and the Client and for as long as is strictly necessary. Most often, the Company processes personal data without the Client's consent for the following purposes:
Fulfilling a legal obligation (e.g. bookkeeping, Act No. 253/2008 Coll. on Certain Measures against the Legalization of Proceeds of Crime and Terrorist Financing).
Performance of contractual obligations (rights and obligations under contracts)
For the purpose of the Company's legitimate interests (e.g. complaints procedure, legal claims),
The processing of personal data by the Company's data controller may also occur due to the consent from the processing of personal data granted by the Client.
The processing does not involve automated decision-making or profiling.
The Company processes the personal data of the Clients to the extent of the personal data provided by the Client in the course of registration on the website, in particular: name, surname, title, year of birth, ID number, VAT number, e-mail, telephone, place of business, registered office, copy of ID, copy of passport, permanent residence, IP address, telephone number, bank account number, e-mail address.
The Company's priority is not to disclose the processed personal data to other persons outside the Company mutually. Exceptions are persons:
Exercising their authority, where personal data is provided for the purpose of carrying out legal obligations,
Law enforcement and law enforcement or other authorities who are applying the law within their jurisdiction,
Controllers to whom personal data is provided for the purpose of fulfilling contractual obligations (insurance companies, banks, etc.).Processors whose processing complies with all the requirements of the GDPR and other legislation and who provide appropriate safeguards to protect the rights of Clients and Visitors and their personal data. However, these entities, which are, for example, the Company's tax, accounting, legal, IT or marketing consultants, will only be granted access to personal data for the necessary period and to the extent necessary, and the confidentiality obligations of this Policy apply to these entities mutatis mutandis. The Company will provide the Client and the Visitor with a list of processors upon request.
Entities where required by law
The Company shall retain personal data for the period necessary to comply with contractual or legal obligations, in particular for the duration of the contractual relationship between the Company and the Client, but for a maximum of 10 years from the termination of the contractual relationship between the Company and the Client. After the expiration of the given period, the Company shall remove, i.e. permanently destroy, all personal data of the Client and the Visitor on all devices and media within 14 days, except in cases where their removal is not possible or where their further storage is required by law or the legitimate interests of the operator or results from the consent of the Client or other legal reason under the GDPR.
In particular, Clients or other persons who have provided the Company with their personal data have the right as data subjects to:
Information and access to their personal data pursuant to Article 15 of the GDPR
Correction of inaccurate data pursuant to Article 16 GDPR
Erasure of their personal data pursuant to Article 17 GDPR
Restriction of processing pursuant to Article 18 GDPR
To the portability of personal data pursuant to Article 20 GDPR
To object to the processing of personal data pursuant to Article 21 GDPR
To withdraw consent, in the event that personal data has been provided on the basis of consent to the processing of personal data.
Data subjects may exercise their rights in writing at the Company's registered office or by email to: lobo@klrock.com.
The data subject has the right to lodge a complaint with the Office for Personal Data Protection if they believe that their rights have been violated (www.uooz.cz).
We are bound by confidentiality, as are our employees and associates. Please be assured that we are very vigilant when processing personal data and we, as well as our employees, processors and possible collaborators, are contractually bound by confidentiality of the data we process about you and the security measures for this data to prevent its leakage that could put your person at risk. Nor will it be released to any third party without your consent.
You will be notified first in the event of any changes to this policy and the latest version can be found at this page: www.klrock.com.
We appreciate your trust and if you have any questions, please feel free to contact us at lobo@klrock.com. We are here for YOU!
In Prague on 09.12.2019