Personal data protection memorandum - SOPRG

PERSONAL DATA PROTECTION MEMORANDUM

(the “PDPM”)

Individual principles, procedures for the protection of personal data – PDPM

  1. Principles of the personal data proceeding
    1. Mr. Milan Průcha – SOPRG, reg. number 70373426, with registered office at Karmelitská 270/30, Praha 1 – Malá Strana, Postal Code 118 00 (the “SOPRG”) complies with and fully subscribes to the protection of personal data which are provided to it and is aware of the importance and need to protect such personal data. For these reasons, the SOPRG processes individual personal data under the following principles.
    1. legality, correctness and transparency– all processing takes place in accordance with the SOPRG’s law and legitimate interests and with the emphasis on the protection of personal data from customers or other persons who have provided them (the “Customer“);
    2. suitability – personal data are processed only for legitimate, well-defined and declared purposes;
    3. data minimization – only the necessary scope of personal data is processed within the defined purpose;
    4. accuracy – we care about the accuracy and recency of the processed personal data, according to customer requirements,
    5. limitation of storage – we do not keep personal data longer and in broader scope than is necessary for the purpose,
    6. Integrity and Confidentiality – We have implemented, in order to protect personal data, such technical and organizational measures as are appropriate to ensure their protection against unauthorized processing or accidental loss and damage.
  1. Important terms
    1. Basic terms, i.e. the personal data, the controller, the subject, the processing and/or the profiling have the same meaning as stated in General Data Protection Regulation (“GDPR“).
  2. The personal data categorisation
    1. SOPRG analysed and processed the following purpose for the Personal data processing:

processing personal data, i.e. name, surname, e-mail address for SOPRG marketing via email, on the SOPRG ‘s website, social networks, or in printed media, including sending newsletters or other promotional materials.

The general purpose of marketing is to inform about SOPRG’s business and its other related activities.

    1. In connection with the services provided to Customers, we process the following personal data within the above-mentioned categories of purposes:
    1. name and surname
    2. electronic contact information – email address or another address of the Customer for electronical communication (via social networks etc.);
    3. other electronic data – IP address, cookies.
  1. Method of personal data processing
    1. All your personal data is handled manually or automatically, on the basis of any of the GDPR’s given reasons, such as:
    1. performance of the contract – in connection with the conclusion of an agreement on provision of services for the purposes of properly performing the obligations under this agreement to the extent regarding the provided personal data;
    1. fulfilment of the legal obligation – in the case of legitimate requirements of the public authorities, we are obliged to provide personal data also to public authorities;
    2. legitimate interest – in the case where, considering the nature of the legal relationship between the controller and the Customer, the legitimate interests / rights of the controller prevail over the interests / rights of the Customer, the controller is entitled to processing even without consent to the processing of personal data or contract. It may consist e.g. protection of the SOPRG’s rights resulting from generally binding legal regulations and contracts in connection with disputes, inspections and similar proceedings;
    3. Personal Data Processing Consent – any other case, the collection and processing of personal data other than those mentioned above requires clear and free consent of the Customer.

For other purposes than the abovementioned, the SOPRG does not process any personal data.

  1. Time of processing of personal data
    1. In accordance with the principle of limitation of the storage and retention of personal data, the SOPRG processes personal data only for the time necessary for the purpose and reason of its processing, for a maximum period of 10 years.
  2. The subject´s / Customer´s rights
    1. Anyone who has provided the SOPRG with personal data has GDPR rights and may ask the SOPRG for information about:
    1. the handling of his personal data, including the provision of information, which specific personal data are processed about it;
    2. the processing purposes, the categories of personal data concerned;
    3. all entities to whom personal data was or will be accessed, i.e. about processors, and for what purpose;
    1. how long the SOPRG will process his personal data and what determines this period
    2. his personal profile maintained by the SOPRG, its use and processing;
    3. all cases of processing of his or her personal data by third parties on the basis of a legitimate interest, including the specification and explanation of a legitimate interest in each individual case;
    4. where his personal data was obtained (contract, consent, public resource, etc.);
    1. Apart from information about his personal data processed, anyone who provided personal data to the SOPRG has the right to apply its own personal rights and procedures, as:
    1. to access to all personal data processed by the SOPRG, to view his / her personal account in the database and to modify / update, limit / expand their processing or to erase personal data (the SOPRG is obliged to change the processed personal data immediately, modify the processing method or delete it unless the SOPRG is obliged to store such personal data for another purpose, in particular as a result of a statutory obligation);
    1. to take an objection to the processing of its personal data, the way of its protection by the SOPRG or its processors and if the SOPRG does not prove him the legitimacy of such processing, it is obliged to stop processing the personal data and to remove it immediately;
    2. to submit a complaint to the supervisory authority (The Office for Persona Data Protection – OPDP);
    3. to withdraw the Personal Data Processing Consent that the Customer has granted to the SOPRG;
    4. to obtain a confirmation from the SOPRG as to whether the personal data provided by him are processed or not;
    5. an immediate deletion of all processed personal data in the following cases (according to GDPR):
      1. personal data is no longer required for purposes for which it was collected or otherwise processed;
      1. if the subject withdraws the Personal Data Processing Consent and there is no other legal reason for its processing;
      2. there were taken objection against the personal data processing and there is no other legal reason for further processing;
      3. personal data has been processed unlawfully;
      4. personal data must be deleted to comply with a legal obligation under the EU or national law applicable to the SOPRG;
      5. personal data was gathered in connection with the provision of information society services.
    1. The SOPRG is aware of the importance of the personal data protection, therefore, in cases stated below, restricts their processing, in the following cases:
    1. the data subject disclaims the accuracy of personal data for the time necessary for the SOPRG to verify the personal data accuracy;
    1. the processing is unlawful and the data subject refuses to erase the personal data and requires restrictions on their use instead;
    2. the SOPRG no longer needs the personal data for processing, but the data subject requires them to establishment, exercise or defence legal claims;
    3. the data subject has objected to processing, until is verified whether the SOPRG’s legitimate reasons override the legitimate reasons of the data subject;
    4. obtaining proprietary personal data provided by the SOPRG in structured, commonly used machine-readable form, and the right to provide those data to another controller when the processing is based on the consent;
    5. exclusion of the processor’s decision possibility which could have legal consequences for a customer and which would result only from the outcomes of the automated personal data processing.
    1. If the Customer discovers or suspects that the SOPRG or any of the processor’s handle personal data in violation of their legal protection or stores incorrect data, the Customer is entitled to request an explanation and a removal of the defective situation. When such request is submitted, the SOPRG shall carry out an investigation without undue delay and inform the Customer about its outcome, and, if the request is substantiated, the SOPRG shall promptly remedy the defective situation.
  1. Application of the Customer’s Rights
    1. Due to the personal data protection standard applied by the SOPRG it was idetified specific ways for Customers to exercise their rights regarding their personal data. For this reason, the SOPRG has determined following means of contact for exercising of individual customer rights, unless other options are provided in specific cases.
    2. The right to (i) information about personal data processed by the SOPRG, (ii) access, (iii) rectification / updating of inaccurate or incorrect personal data, (iv) object, (v) restriction of personal data processing, (vi) personal data portability, (vii) erasure of personal data and/or (viii) revoke consent with personal data processing can be exercised:
    1. via e-mail, the address is milan.prucha@soprg.cz (the e-mail must content an electronical signature with a qualified certificate, if not, the matter shall be solved only after the identity verification of such person).
    1. The front desk of the SOPRG is located in the registered office of the SOPRG with the address 1.1. Mr. Milan Průcha – SOPRG, reg. number 70373426, with registered office at Karmelitská 270/30, Praha 1 – Malá Strana, Postal Code 118 00. Please, send mail to this address as well.
  1. Cookies
    1. When visiting the website www.soprg.com the Customer’s internet browser may save data, so called “Cookies”, in the Customer’s computer. Cookies are used for automatic recognizing of the website visitors on their next visit, making it easier for visitors (saved username for easy log in) and website providers. The website www.soprg.com automatically notifies every visitor about the fact that the cookies are used, and every visitor is automatically asked to confirm his consent with the usage of Cookies technology for the purposes of www.soprg.com website. If such consent is not granted, the Cookies technology shall not be used.
  2. Conclusion
    1. This PDPM is issued on 1 October 2021 providing that it becomes valid and effective at this time as well.
    2. The SOPRG reserves the right to change and amend the PDPM in the event of a change in relevant regulation, as a result of increasing personal data protection or within its legitimate interest.
    3. The PDPM is permanently available on the SOPRG’s website www.soprg.com.