IN CATERING s.r.o., company bsed in Prague, Libocká 10/64, 162 00, Liboc, registered at The Municipal court in prague, C 35898, Identification number: 630 72 572 (hereinafter reffered to as "IN Catering") is governed by the following principles when processing personal data:
For processing to be lawful, IN Catering must process personal data on the basis of one of the legal titles of the GDPR and only to the extent appropriate for the intended purpose of the processing. For labour law and commercial activities, the legal bases of processing necessary for fulfilling the contractual or legal obligation, processing necessary for the purpose of legitimate interest, or processing with the consent of the data subject are particularly relevant.
IN Catering transparently informs the data subject about the nature, the extent and in what manner the personal data are to be processed, what rights he/she has in relation to the processing of such personal data, and assists in the exercise of those rights. Furthermore, the data subject should be informed about the implementation of automated decision-making and its consequences. IN Catering will inform the data subject about the risks, rules and guarantees related to the processing of personal data and about the rights that the data subject may exercise in this context. All information for the data subject is provided by IN Catering in a concise, easily accessible and comprehensible manner.
IN Catering is bound to adhere to the principles of personal data processing and is able to demonstrate compliance with them. In order to comply with the principle of accountability, IN Catering implements appropriate measures. These include, but are not limited to:
IN Catering, as a personal data administrator, is responsible for the damage caused by processing that is contrary to GDPR. If IN Catering processes personal data in the position of a processor, it is only liable for the damage caused by the processing if it fails to comply with the obligations stipulated by legal regulations for processors or if it acted in violation of or contrary to the legal instructions of the administrator. IN Catering may be exonerated if it proves that it is not in any way liable for the event that caused the injury.
For business activities to perform properly it is essential that IN Catering has up-to-date personal data of its data subjects. If, during or after the conclusion of a contract, specific indications show that inaccurate or incomplete personal data have been provided or the data have been changed, IN Catering makes the necessary deletion or correction in order to remove the deficiencies. To do this IN Catering may require maximum cooperation of the data subject.
As part of its business activities, IN Catering processes various categories of personal data that allow the identification of the data subject. These categories are as follows:
IN Catering always processes requested and obtained personal data within the above categories only for the specified processing purposes, based on the relevant legal bases for processing and to the extent applicable.
The data subject has consented to the processing of his/her personal data for one or more specific purposes.
The consent of the data subject is only one of the legal bases applicable to the processing of personal data. IN Catering uses the legal basis of consent only in cases where it cannot use any other legal basis for the processing of personal data.
IN Catering processes personal data from the time of the primary contact with the prospective customer and for the whole duration of the business relationship.
Personal data provided on the basis of performance of a contract cannot be used for other purposes for which IN Catering has no relevant legal basis.
IN Catering in the course of its business must process personal data in order to fulfil its legal obligations under national law. In general, there is a specific need for the processing of personal data.
Processing of personal data based on the fulfilment of legal obligations includes:
IN Catering processes personal data of a company or third party on the legal basis of an eligible interest in particular in the following situations:
Non-Contracting Party Data Processing - On this legal basis IN Catering processes the personal data of persons who are not parties to the commercial contract. These are in particular subcontractors, coordinators or persons otherwise necessary to secure a contract whose personal data are essential for the performance of business activities.
Marketing activities under the condition that the data subject may reasonably assume such processing due to circumstances - processing of personal data for the purposes of direct marketing is considered to be processing carried out due to an eligible interest. Direct marketing involves offering IN Catering products to the data subject as a client.
Conversely, the legal basis of an eligible interest does not apply to the transfer of personal data to third parties for marketing purposes with whom the data subject does not have a relevant existing relationship. The data subject has the right to object to the processing of personal data for direct marketing purposes. If he/she does object, his/her personal data will no longer be processed for these purposes. The data subject is notified of this right by IN Catering.
System records are stored and protected in a manner that ensures they are not accessible to unauthorized persons.
CCTV, physical and IT security - The company can use CCTV. IN Catering uses CCTV and processes personal data from CCTV records for the following purposes:
IN Catering always considers the scope of CCTV in order not to cover a larger area or more people than is required for the above purposes.
Consent is only one of the legal bases for the processing of personal data. Consent to the processing of personal data is required by IN Catering only in situations where it is not possible to process personal data on a different legal basis.
IN Catering processes personal data and its categories for purposes arising from its activities. IN Catering undertakes to determine the purposes for the processing of personal data in accordance with the law and to respect the stated purposes.
IN Catering processes personal data for various purposes, a general overview of which is given below, and needs a legal basis for the processing of personal data for each purpose. IN Catering may process personal data or a category of personal data for various purposes. IN Catering sets out specific, unambiguous and legitimate purposes for processing of personal data already at the time of the data being collected or handled.
Prior to such further processing, IN Catering shall provide the data subject with information on that other purpose and his/her rights, unless the data subject already has such information.
1. In pursuit of business activity and activities resulting from it. The performance of these activities includes:
2. Fulfilment of requirements of supervisory and other state bodies and fulfilment of legal obligations resulting from special legal regulations;
3. Protection of the rights and legally protected interests of the company
4. Prevention and detection of commercial fraud and other illegal activities
5. Internal administrative needs of the company
6. Human resources management, i.e.:
7. Commencement, duration and termination of relations with intermediaries and business partners;
8. Offering the company‘s own services (direct marketing);
9. Addressing potential customers;
10. Offering products and services of third parties and transferring personal data to the third parties for this purpose (in particular within an enterprise group);
11. Transfer of personal data for internal administrative purposes within an enterprise group, including processing of personal data of customers and employees.
When you browse our website or use a mobile application, we monitor the so-called electronic journey (i.e. we see how you reached our site). We store information (e.g. your preferred language, font size or filled-in forms) on your device by means of cookies, for which you have given individual consent in accordance with applicable legislation. This information facilitates mutual communication and helps improve our online services.
In the case of telephone communication, we can only record calls with your consent. After one month, the call is either deleted or archived together with other contract documents.
IN Catering collects client information using an internal system. This information will also be linked to other information about yourself that you have previously provided us with. This ensures that all data is up to date.
Personal data can be archived for a period of up to 10 years, in accordance with the law and the IN Catering archiving and disposing rules.
We will inform you immediately should a situation threatening your rights and freedoms arise. We do not need to notify you of a security incident if (i) we have put in place appropriate technical and organizational measures that make your personal information incomprehensible to third parties; (ii) we have taken follow-up measures to ensure that the high risk is no longer likely to materialize; (iii) this would require a disproportionate effort.
EXTRACT FROM THE GUIDE FOR THE PREPARATION OF SMALL AND MEDIUM-SIZED COMPANIES TO GDPR ISSUED BY THE MINISTRY OF INDUSTRY AND TRADE (I. EDITION, APRIL 2018, ISBN: 978-80-906942-3-1)
Consent is a free, concrete, informed and unambiguous expression of the will of the data subject by which he/she agrees to the processing of his/her personal data by a statement or in an other obvious manner. It is an active and voluntary manifestation of the will of the data subject, to which he or she must not be forced.
Consent is one of the legal reasons for which the administrator can process personal data, and it is required when the processing cannot be subordinated to purposes for which it is not necessary to require consent.
Consent is always given for a specific purpose of processing that the data subject must be aware of.
Consent is revocable. However, withdrawal of consent does not always imply the administrator's obligation to destroy personal data as the withdrawal is requested for a specific purpose for which personal data are processed, whereas the administrator may process personal data for other purposes for which it uses a different legal reason for processing than the data subject's consent. In other words, in case of withdrawal of consent, the administrator is obliged to stop processing personal data for the purposes defined in the consent. If consent was the only legal reason for processing, personal data will be destroyed.
Where processing is necessary for the performance of a contract with the data subject or for the fulfilment of a legal obligation, consent to the processing of personal data shall not be required. Consent is also not required for the other processing purposes mentioned above (except for the first point). In the case of processing for purposes which cannot be assign to the aforementioned purposes, processing must be carried out with the consent of the data subject.
The consent of the data subject is not required for the processing of data necessary e.g. for delivery of goods from an e-shop or for processing of personal data of employees for employment purposes (e.g. performance of employment contract or fulfilment of statutory obligations by the employer).
In order to achieve the freedom, specificity, informedness and unambiguity of expression of the data subject‘s will , General Regulation has been laid down. The so-called differentiation of consent is essential, which means that consent must be distinguished from other facts on which the data subject expresses his/her opinion. For example, consent must be separated e.g. from a contract or business conditions, respectively it is no longer possible for consent to form its integral part. At the same time, the conclusion of a contract (e.g. for the provision of a service) must not be subject to the consent to the processing of personal data. It goes without saying that, depending on the service or product, the administrator will have to process a certain amount of personal data without the data subject's consent for the purpose of fulfilling a contract or statutory obligation.
The data subject has the right to withdraw his/her consent at any time, for which the administrator should be prepared, including further steps connected with the withdrawal (e.g. the destruction of personal data). The withdrawal shall not affect the legality of the processing based on the consent given prior to its withdrawal. It should be noted that consent has been given for certain purposes and withdrawal of the consent may not always constitute an obligation on the administrator to destroy personal data, but will only constitute an obligation on the administrator to cease processing personal data for a specific purpose for which consent has been given. Similarly, if the administrator has used consent in cases where other legal reasons for the processing of personal data apply, the withdrawal of consent (i.e. an act that was not necessary for processing) does not imply the obligation to destroy or cease processing personal data if the data must be kept for legal purposes.
The General Regulation presumes the transfer of consent, provided that consent has been granted in a manner and in accordance with the terms of the General Regulation. This will be problematic for many administrators, as the consent they received will not meet the conditions set out in Article 7 of the General Regulation, such as the condition of differentiation of consent (consent must not be an integral part of business conditions). The presumed consent that some administrators have used (typically in the financial services, major energy providers or telephone operators) will not fall into the scope of the General Regulation. However, this cannot affect the provision of services. Any request for new consent must not be presented to the data subject as an obligation.
The administrator of personal data and the operator of the website www.incatering.cz is IN CATERING S.R.O. (hereinafter referred to as the "Operator").
COLLECTED INFORMATION AND ITS USE
Access to the website www.incatering.cz may be subject to the provision of some personal data of the User in accordance with Act no. 101/2000 Coll., on the protection of personal data and possibly other acts, as amended. In such a case, the Operator will handle these data in accordance with applicable legal regulations.
TRANSMISSION OF PERSONAL DATA
The operator does not sell, transfer or disclose personal data to third parties.
If the User wishes to correct their personal data held by the Operator, he/she can ask for it by sending an email to email@example.com or by writing to the postal address stated on the Contacts page.
LIABILITY AND JURISDICTION
Possible risks arising from the use of the website are entirely up to the User and the Operator bears no responsibility for them. Any disputes arising out of the use of this site will be settled by a local court in the Czech Republic and in accordance with the laws of the Czech Republic.
The provisions of these terms, which for any reason become unenforceable, shall be deemed separable from the remaining arrangements and shall not affect their validity and enforceability.
A cookie is a short text file that a website you visit sends to a browser. It enables the site to record information about your visit, such as your preferred language and other settings. This makes your next site visit easier and more productive. Cookies are important. Without them, browsing the web would be much more complicated.
Cookies serve a variety of purposes. For example, we use them to store your SafeSearch settings, to select relevant ads, track the number of visitors to a page, facilitate the registration of new services, protect your data, or save ads settings.
INSTRUCTING USERS ON USING GOOGLE ANALYTICS
In order to better understand the visitors to our site, we use Google Analytics, provided by Google, Inc. (hereinafter referred to as "Google").
Google Analytics cookies
Google Analytics primarily uses first-party cookies to report on user interactions on a Google Analytics customer site.