Company Privacy Policy

Hashbon s. r. o.

I.

Introduction and Personal Information Manager

  1. These Hashbon Customer Data Processing Principles (hereinafter referred to as the "Principles") are valid for Hashbon s. r. o., Company No.: 072 25 644, company seat U dálnice 815/6, Stodůlky, 155 00 Praha 5, entered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 297104 (hereinafter referred to as the "Administrator"), in the processing of personal data of the customers, ensuring the confidentiality and security of such personal data .
  1. These principles were developed in accordance with Act No. 101/2000 Coll. (hereinafter referred to as the "Personal Data Protection Act") and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as GDPR).
  1. For the purposes of these policies, the customer is understood to be the business partners of the company.

 

II.

Personal Data Protection Officer – Artur Kiniabayev

  1. The administrator has appointed a Data Protection Officer, as this manager's activity requires regular and systematic monitoring of the data subjects under Article 37 (1) b) GDPR.

  1. 2. The Data Protection Officer performs the tasks under Article 39 of the GDPR, in particular:
    • provides information and advice to administrators or processors and staff who process personal data about their obligations under GDPR and other Union or Member State data protection legislation;

• monitor compliance with GDPR, other Union or Member State data protection laws and the concepts of a data controller or processor, including responsibility sharing, awareness-raising and training for staff involved in processing operations and related audits;
• Provides on-demand advice on the impact assessment on the protection of personal data and monitors its application under Article 35 of the GDPR;

• cooperates with the Supervisory Authority, which is the Office for the Protection of Personal Data and

• acts as a contact point for the Supervisory Authority in matters relating to the processing of personal data, including the prior consultation under Article 36 of the GDPR, and, where appropriate, conducts consultations on any other matter.

  1. The Data Protection Officer shall take due account of the risk associated with the processing of personal data, while taking into account the nature, scope, context and purposes of such processing.
  1. The Privacy Commissioner was appointed:


III.

Processed personal data, processing purposes, personal data sources, and personal data processing

  1. The administrator processes the following personal data of the customers, especially for the purposes for which the personal data were passed to the customer, namely:

  1. Identification data - name, surname, date of birth of natural person, in case of company - company No. This is, therefore, personal data that the customer manager identifies uniquely and unambiguously, processing these personal data by an administrator to :

• fulfillment of the contractual relationship (in particular for the purpose of concluding a contract, performance of a contract, sending a business offer for dealing with complaints of the provided services, handling orders, recovering the receivables of the administrator towards the customer, including the exercise of rights in courts, insurance companies, etc.)

• fulfillment of the obligations stipulated by generally binding legal regulations (in particular fulfillment of tax obligations, statistics obligations, obligations towards law enforcement authorities, etc.)

• fulfillment and protection of the legitimate interests of the controller (in particular the sending of commercial messages and offers of products and services provided by the administrator - direct marketing, etc.).

  1. Address details - in particular address of permanent residence, delivery address, telephone number, e-mail address and other similar information. This is personal information that will allow the administrator to contact the customer, so the personal data is processed by the administrator to:

  • fulfillment of the contractual relationship (in particular for the purpose of concluding a contract, performance of a contract, sending a business offer for dealing with complaints of the provided services, handling orders, recovering the receivables of the administrator towards the customer, including the exercise of rights in courts, insurance companies,

• fulfillment of the obligations stipulated by generally binding legal regulations (in particular fulfillment of tax obligations, statistics obligations, obligations towards law enforcement authorities, etc.)

  • for the purposes of fulfilling and protecting the legitimate interests of the trustee (in particular the sending of commercial messages and offers of products and services provided by the trustee - direct marketing, etc.).

c) The data necessary for the execution of the payment system and for the recording of the payments - in particular the account number, bank code, IBAN, SWIFT. This is personal data that enables payments to be made between the customer and the administrator, so the personal data is processed by the administrator to:

• fulfillment of the contractual relationship (in particular for performance of the contract, execution of payment for the provided transactions, repayment of overpayments, execution of orders, issuance of business confirmation, recovery of receivables of the administrator towards the customer, etc.)

• fulfillment of the obligations stipulated by generally binding legal regulations (in particular fulfillment of tax obligations, obligations towards law enforcement bodies, etc.).

  1. d) Other data - in particular data on closed trades. These are personal data that will allow the administrator to secure a secure and high-quality service to the customer, which is then processed by the administrator to:

• performing a contractual relationship

• fulfillment of the obligations laid down by generally binding legal regulations (statistical obligations, obligations towards law enforcement agencies, etc.)

  2. Personal data is acquired by the trustee directly from customers or from publicly available sources (public registers, internet, etc.)

3. Personal data is processed manually both by the administrator and by the automated system. The automated processing of personal data is mainly used by the trustee to send invoices, payment orders, sales notes and deals.

IV.

Data subject's consent to the processing of personal data
In the event that the processing of personal data pursuant to Article 6 (1) (b) to (f) of the GDPR, the Trustee will always ask the customer to consent to the processing of personal data, and if the customer does not give the consent to the Trustee, the Trustee will not process the Customer's personal data.

V.

Personal data processors and transfer of personal data to third countries
1. Other entities who process personal data for administrators in the context of services provided by the controller and are also responsible for processing personal data within the meaning of Article 4 (8) of the GDPR shall also have access to the data processed by the controller. These are entities that provide the following services in particular:
• accounting consultancy, bookkeeping, tax records management, and related services,
• marketing services,
• legal services including debt recovery.
2. The Administrator has contracts for the processing of personal data in accordance with the Personal Data Protection Act and the GDPR with all entities processing Trusted Customer Personal Data, and if not, they are subject to a statutory duty of confidentiality.

VI.

Passing of personal data abroad
The administrator does not transmit personal data to third countries or international organizations under GDPR Articles 44 to 50.


VII.

Using cookies
1.
The Hashbon webmaster's websites store files that are generally called cookies, in accordance with generally binding legal regulations, on the devices of customers and other persons visiting this site ("site visitors").

  1. cookies are small data files that make it easier for visitors to remember the site visitors' actions and the settings they have made, so they do not need to enter the data repeatedly. Cookies are not a hazard, but they are important for protecting privacy. Cookies can not be used to identify site visitors or abuse their login credentials.
  2. The administrator uses cookies, for example, to keep switching views from mobile devices to PC versions of websites and to maintain preferences for site visitors when viewing them.
  3. The manager also uses third-party cookies (e.g., Google Analytics for Traffic Analysis). These cookies are managed by third parties and the administrator can not read or write this data.
  4. Agree to store cookies - Most cookies are automatically accepted unless the browser is set differently. By using this website, visitors to cookie storage sites agree. The use of cookies may be restricted or blocked by your site visitor in your web browser settings. For specific browser settings, please see:


• Internet Explorer: windows.microsoft.com

• Google Chrome: support.google.com

• Mozilla Firefox: support.mozilla.org

• Opera: help.opera.com

• Safari: support.apple.com

VIII.

Time of retention of personal data
    1.
The controller keeps the personal data of the customers only for such time as is strictly necessary for the purpose of their processing, that is to say that the retention period of the personal data is limited to the minimum necessary. The controller keeps personal data, especially for the time necessary to ensure the fulfillment of all rights and obligations arising from concluded contracts and for the time necessary for the fulfillment of all obligations arising from generally binding legal regulations.
2. Personal data shall be processed by the trustee to the extent necessary, in particular, for the fulfillment of the purposes of the transaction and for the period necessary to attain them or for a period of time determined directly by generally binding legal regulations. After the processing time has elapsed, personal data contained in the data files in Administrator's databases is irrevocably erased, and personal data contained in documents and other documents in document form is shredded.
3. The basic periods of retention of personal data by the controller are as follows:
• In the case of customers, the administrator is authorized to process basic personal, identification, contact details, service data and communication data between the customer and the trustee for 6 months from the date of termination of the last business case, unless all obligations are fulfilled by the customer. unless otherwise specified.
• In the case of negotiations on the conclusion of a contract not concluded, the administrator is entitled to process the provided personal data for a period of 3 months from the conclusion of the negotiation of the contract.
• In the case of invoices and other tax documents issued by the administrator, the administrator is obliged to archive these invoices and other tax documents in accordance with Section 35 of Act No. 235/2004 Coll. On Value Added Tax for 10 years from the date of their issue, due to the need to prove the legal reason for issuing invoices and other tax documents, the contracts for invoicing and other tax documents are also archived for 10 years from the date of termination of the contract.

  • • In the case of customers who have a debt to the administrator, the administrator maintains personal data related to the debt throughout the debt recovery process.
    • In addition, the trustee is required to store data for 6 months to prevent or detect specific threats to terrorism.

• In the case of processing of personal data for the purpose of sending commercial communications and offers of services provided by an administrator, the administrator keeps personal data for the duration of the contractual relationship in the case of direct marketing, or for the duration of the consent to the processing of personal data in other cases.


IX.

The rights of customers as data subjects

  1. 1. As a data subject, the Customer as a data subject has certain rights that derive from the GDPR and the Personal Data Protection Act and which he is entitled to claim against the Administrator, namely:


• Right to access personal data

In the event that the customer is interested in finding out how the data controller manages his or her personal data, he / she has the right to obtain information from the trustee on whether his or her personal data are being processed and, if so, at the same time, he / she has the right to access such personal data. In the case of a customer's repeated request, the administrator is entitled to request a reasonable fee from the customer for the provision of the information, in the form of a deposit, and the customer will not be provided with the information if the customer fails to pay it.


• The right to correct inaccurate or untrue personal data

In case the administrator processes inaccurate or untrue personal data about the customer, the customer has the right to request a correction. The administrator is required to correct personal data without undue delay, but always with regard to his personnel and technical capabilities.
• The right to request an explanation

In the event that the processing of customer's personal data by the administrator would interfere with the protection of the personal and private life of the customer, or if the customer's personal data were processed in violation of the law, the customer is entitled to request explanations from the controller.

• The right to contact the Office for Personal Data Protection

If the customer is convinced that a privacy violation is violated by the trustee, he / she has the right to contact the supervisory authority, such as the Office for Personal Data Protection, ID: 70837627, headquartered in Pplk. Sochora 27, 170 00 Praha 7.

  • The right to delete personal information

In case Customer's personal data is no longer needed for the purposes for which it was processed or the administrator is wrongly processed, the customer has the right to request their deletion.

  • The right to limit the processing of personal data

If the customer is not interested in deleting his or her personal data but only temporarily restricts the extent of processing of his or her personal data, he is entitled to require the administrator to restrict the processing of such personal data.

• The right to portability of personal data

In the event that the customer is interested in the trustee submitting his personal data to another entity, he has the right to transfer the data to that entity. However, if the exercise of this right could adversely affect the rights and freedoms of third parties, the administrator will not comply with such a request.

• Right to object

The Customer has the right at any time to object to the processing of personal data that is processed for the purpose of performing a task carried out in the public interest or in the exercise of public authority or for the purpose of protecting the legitimate interests of the controller. If the controller does not prove that there is a serious legitimate reason for processing a customer's personal data that prevails over the interests or rights and freedoms of the customer, the trustee is obliged to terminate the processing of personal data on the customer's objection without undue delay.


• The right to withdraw consent to the processing of personal data

In case the administrator processes personal data on the basis of the customer's consent, the customer is entitled to revoke this consent at any time.

2. In exercising the rights referred to in the preceding paragraph, customers may contact the Administrator in writing at the Hashbon Administrator's address.


3. At the customer's request under this Article concerning the exercise of the rights of the clients under paragraph 1 of this Article, the controller shall respond within 30 days from the date of receipt of the request. If necessary, the administrator is entitled to extend the deadline by a maximum of 2 months. The administrator is obliged to inform the customer about the extension of the deadline, including the reasons for its extension.



This Hashbon s.r.o. shall enter into force and effect on 01.07.2018.



Prague, 01.07.2018