IN CATERING

BASIC PRINCIPLES OF PERSONAL DATA PROCESSING


BASIC PRINCIPLES OF PERSONAL DATA PROCESSING

IN CATERING s.r.o., company bsed in Prague, Libocká 10/64, 162 00, Liboc, registered at The Municipal court in prague, C 35898, Identification number: 630 72 572 (hereinafter reffered to as "IN Catering") is governed by the following principles when processing personal data:

  • IN Catering processes all personal data in full accordance with the law, correctly, fairly, transparently and responsibly,
  • the processing is purpose-limited, which means that IN Catering only processes personal data for certain, explicit and legitimate purposes, and the personal data are not further processed in a way incompatible with those purposes,
  • in order to minimize data, IN Catering processes adequate, relevant and limited personal data to the extent that is necessary in relation to the purpose for which they are processed,
  • IN Catering processes accurate and updated personal information. If personal information is inaccurate, IN Catering will ensure that it is corrected or deleted, which may require the data subject‘s necessary cooperation,
  • IN Catering stores personal data in a form that allows identification of data subjects for no longer than is necessary for the purposes for which the data are processed, in accordance with the provisions of tax, legislative or other legal regulations,
  • IN Catering processes personal data in a manner that ensures appropriate security and protection of personal data.

For processing to be lawful, IN Catering must process personal data on the basis of one of the legal titles of the GDPR and only to the extent appropriate for the intended purpose of the processing. For labour law and commercial activities, the legal bases of processing necessary for fulfilling the contractual or legal obligation, processing necessary for the purpose of legitimate interest, or processing with the consent of the data subject are particularly relevant.

IN Catering transparently informs the data subject about the nature, the extent and in what manner the personal data are to be processed, what rights he/she has in relation to the processing of such personal data, and assists in the exercise of those rights. Furthermore, the data subject should be informed about the implementation of automated decision-making and its consequences. IN Catering will inform the data subject about the risks, rules and guarantees related to the processing of personal data and about the rights that the data subject may exercise in this context. All information for the data subject is provided by IN Catering in a concise, easily accessible and comprehensible manner.

IN Catering is bound to adhere to the principles of personal data processing and is able to demonstrate compliance with them. In order to comply with the principle of accountability, IN Catering implements appropriate measures. These include, but are not limited to:

  • developing and implementing an internal concept in the area of personal data protection,
  • creating and updating an overview of the extent of processed data,
  • and establishing a mechanism for detecting and reporting privacy breaches.

IN Catering, as a personal data administrator, is responsible for the damage caused by processing that is contrary to GDPR. If IN Catering processes personal data in the position of a processor, it is only liable for the damage caused by the processing if it fails to comply with the obligations stipulated by legal regulations for processors or if it acted in violation of or contrary to the legal instructions of the administrator. IN Catering may be exonerated if it proves that it is not in any way liable for the event that caused the injury.

For business activities to perform properly it is essential that IN Catering has up-to-date personal data of its data subjects. If, during or after the conclusion of a contract, specific indications show that inaccurate or incomplete personal data have been provided or the data have been changed, IN Catering makes the necessary deletion or correction in order to remove the deficiencies. To do this IN Catering may require maximum cooperation of the data subject.

BASIC CATEGORY OF PROCESSED PERSONAL DATA

As part of its business activities, IN Catering processes various categories of personal data that allow the identification of the data subject. These categories are as follows:

  • identification and contact details (e.g. name, surname, telephone, address, date of birth, social security number),
  • personal data relating to criminal offences and to judgements in criminal proceedings;
  • Information relating to the occasion of business,
  • data used to identify customer needs and requirements,
  • sensitive personal data (data belonging to a specific category of personal data, e.g. health data, biometric data),
  • monitoring data (e.g. data obtained from meeting records, telephone call records, online service usage records).

IN Catering always processes requested and obtained personal data within the above categories only for the specified processing purposes, based on the relevant legal bases for processing and to the extent applicable.

LEGAL BASIS FOR PROCESSING

  • processing is necessary for the performance of the contract to which the data subject is party or for the implementation of measures taken prior to the conclusion of the contract at the request of the data subject,
  • processing is necessary in order to fulfil the legal obligation of the administrator,
  • processing is necessary for the purposes of the legitimate interests of the data administrator or of a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data take precedence over those interests, in particular where the data subject is a child.

The data subject has consented to the processing of his/her personal data for one or more specific purposes.

The consent of the data subject is only one of the legal bases applicable to the processing of personal data. IN Catering uses the legal basis of consent only in cases where it cannot use any other legal basis for the processing of personal data.

PROCESSING NECESSARY FOR NEGOTIATIONS ON TRADE, CLOSING, PERFORMANCE OR CANCELLATION OF CONTRACT

IN Catering processes personal data from the time of the primary contact with the prospective customer and for the whole duration of the business relationship.

THE PROCESSING OF PERSONAL DATA ON THIS LEGAL BASIS IS CARRIED OUT IN THE FOLLOWING SITUATION:

  • communications on the negotiation of a business deal, conclusion of a business contract, even repeatedly,
  • recording of telephone calls and electronic communications for the purpose of concluding a contract and performing contractual obligations therefrom,
  • investigation of complaints, provision of compensation, etc.

FOR THE PURPOSE OF CONTRACT FULFILMENT, IN CATERING PROCESSES DATA IN THE FOLLOWING CATEGORIES:

  • client‘s identification and contact details (e.g. name, surname, social security number, telephone number, e-mail),
  • personal data related to the subject-matter of consent,
  • sensitive personal data (e.g. biometric and/or health data), the processing of which must also comply with the requirements of Article 9 of the GDPR (see 1.5. of the Standards below),
  • underwriting data (e.g. occupation, education, sports and hobbies).

Personal data provided on the basis of performance of a contract cannot be used for other purposes for which IN Catering has no relevant legal basis.

PROCESSING NECESSARY TO FULFIL LEGAL OBLIGATION

IN Catering in the course of its business must process personal data in order to fulfil its legal obligations under national law. In general, there is a specific need for the processing of personal data.

Processing of personal data based on the fulfilment of legal obligations includes:

  • identifying customer requirements, needs and financial data for the purpose of giving recommendation and advice,
  • keeping documents and minutes of meetings,
  • providing assistance to the Czech National Bank, courts, law enforcement authorities, executors, notaries, insolvency administrators and other public authorities in accordance with applicable legislation,
  • applying measures against money laundering and terrorist financing in order to prevent misuse of the financial system,
  • fulfilment of obligations arising from the application of international sanctions,
  • keeping legal records of data and its transmission to the Czech Statistical Office, etc.,
  • collection of information relating to persons taxable in another country and the transmission of such data to the competent tax authorities.

PROCESSING NECESSARY FOR THE PURPOSES OF ELIGIBLE INTEREST

IN Catering processes personal data of a company or third party on the legal basis of an eligible interest in particular in the following situations:

Non-Contracting Party Data Processing - On this legal basis IN Catering processes the personal data of persons who are not parties to the commercial contract. These are in particular subcontractors, coordinators or persons otherwise necessary to secure a contract whose personal data are essential for the performance of business activities.

Marketing activities under the condition that the data subject may reasonably assume such processing due to circumstances - processing of personal data for the purposes of direct marketing is considered to be processing carried out due to an eligible interest. Direct marketing involves offering IN Catering products to the data subject as a client.

Conversely, the legal basis of an eligible interest does not apply to the transfer of personal data to third parties for marketing purposes with whom the data subject does not have a relevant existing relationship. The data subject has the right to object to the processing of personal data for direct marketing purposes. If he/she does object, his/her personal data will no longer be processed for these purposes. The data subject is notified of this right by IN Catering.

System records are stored and protected in a manner that ensures they are not accessible to unauthorized persons.

CCTV, physical and IT security - 
The company can use CCTV. IN Catering uses CCTV and processes personal data from CCTV records for the following purposes:

  • security and protection of buildings and premises belonging to or rented by IN Catering,
  • protection of property and persons in these buildings,
  • data protection,
  • safeguarding the interests of the company, safety and interests of employees, clients and third parties,
  • prevention, detection and investigation of crime or violations of internal company rules.

IN Catering always considers the scope of CCTV in order not to cover a larger area or more people than is required for the above purposes.

PROCESSING BASED ON THE CONSENT OF THE DATA SUBJECT

Consent is only one of the legal bases for the processing of personal data. Consent to the processing of personal data is required by IN Catering only in situations where it is not possible to process personal data on a different legal basis.

IN CATERING REQUIRES CONSENT TO PERSONAL DATA PROCESSING FOR THE FOLLOWING REASONS:

  • processing of personal data for purposes other than direct marketing.
  • recording of calls and electronic communications to assess the quality of the services provided and to improve them and to train and coach employees,
  • using online tracking tools (cookies, applications, GPS).

PURPOSES OF DATA PROCESSING IN IN CATERING

IN Catering processes personal data and its categories for purposes arising from its activities. IN Catering undertakes to determine the purposes for the processing of personal data in accordance with the law and to respect the stated purposes.

IN Catering processes personal data for various purposes, a general overview of which is given below, and needs a legal basis for the processing of personal data for each purpose. IN Catering may process personal data or a category of personal data for various purposes. IN Catering sets out specific, unambiguous and legitimate purposes for processing of personal data already at the time of the data being collected or handled.

  • In accordance with the principle of data minimization, IN Catering processes personal data only to the extent appropriate, relevant and limited to the necessary purposes of their processing.
  • IN Catering processes personal data exclusively in the Czech Republic and for the specified purpose (s). If IN Catering finds out that it needs to process personal data for purposes other than those for which it originally collected the personal data, it can only do so (i) if permitted by EU or Czech legislation, (ii) if the data subject gave consent or (iii) the other purpose is compatible with the purposes for which the personal data were collected. In such a case, IN Catering shall always take into account any link between these purposes, the nature of the personal data (in particular whether it includes sensitive data), the circumstances in which the data were collected, the possible consequences of the intended further processing for the data subjects and the existence of appropriate security.

Prior to such further processing, IN Catering shall provide the data subject with information on that other purpose and his/her rights, unless the data subject already has such information.

IN CATERING PROCESSES PERSONAL DATA, IN PARTICULAR FOR THE FOLLOWING PURPOSES:

1. In pursuit of business activity and activities resulting from it. The performance of these activities includes:

  • negotiations on the contractual relationship, which in addition to the actual conclusion of the commercial contract, include the preparation, modelling and proposals,
  • identifying the client's needs and requirements and other data needed to test suitability; these data are necessary to fulfil the legal obligation of providing the customer with recommendations or advice in order for them to properly decide whether to negotiate, amend or cancel a business contract,
  • fulfilment of obligations arising from the business contract, investigation of complaints and claims, provision of substitute or supplementary settlements, etc.,
  • preparation of statistics and other necessary studies for pricing purposes,
  • client risk assessment and management using different detection methods.

2. Fulfilment of requirements of supervisory and other state bodies and fulfilment of legal obligations resulting from special legal regulations;

3. Protection of the rights and legally protected interests of the company

4. Prevention and detection of commercial fraud and other illegal activities

5. Internal administrative needs of the company

6. Human resources management, i.e.:

  • evaluation of job seekers and the recruitment process,
  • commencement, duration and termination of employment relations with employees.

7. Commencement, duration and termination of relations with intermediaries and business partners;

8. Offering the company‘s own services (direct marketing);

9. Addressing potential customers;

10. Offering products and services of third parties and transferring personal data to the third parties for this purpose (in particular within an enterprise group);

11. Transfer of personal data for internal administrative purposes within an enterprise group, including processing of personal data of customers and employees.

SPECIFIC PROCESSING

Online Communication

When you browse our website or use a mobile application, we monitor the so-called electronic journey (i.e. we see how you reached our site). We store information (e.g. your preferred language, font size or filled-in forms) on your device by means of cookies, for which you have given individual consent in accordance with applicable legislation. This information facilitates mutual communication and helps improve our online services.

Telephone Communication

In the case of telephone communication, we can only record calls with your consent. After one month, the call is either deleted or archived together with other contract documents.

Linking Information

IN Catering collects client information using an internal system. This information will also be linked to other information about yourself that you have previously provided us with. This ensures that all data is up to date.

Personal data can be archived for a period of up to 10 years, in accordance with the law and the IN Catering archiving and disposing rules.

SECURITY INCIDENTS INFORMATION

We will inform you immediately should a situation threatening your rights and freedoms arise. We do not need to notify you of a security incident if (i) we have put in place appropriate technical and organizational measures that make your personal information incomprehensible to third parties; (ii) we have taken follow-up measures to ensure that the high risk is no longer likely to materialize; (iii) this would require a disproportionate effort.

EXTRACT FROM THE GUIDE FOR THE PREPARATION OF SMALL AND MEDIUM-SIZED COMPANIES TO GDPR ISSUED BY THE MINISTRY OF INDUSTRY AND TRADE (I. EDITION, APRIL 2018, ISBN: 978-80-906942-3-1)

WHAT DOES YOUR CONSENT TO PERSONAL DATA PROCESSING MEAN

Consent is a free, concrete, informed and unambiguous expression of the will of the data subject by which he/she agrees to the processing of his/her personal data by a statement or in an other obvious manner. It is an active and voluntary manifestation of the will of the data subject, to which he or she must not be forced.

Consent is one of the legal reasons for which the administrator can process personal data, and it is required when the processing cannot be subordinated to purposes for which it is not necessary to require consent.

Consent is always given for a specific purpose of processing that the data subject must be aware of.

Consent is revocable. However, withdrawal of consent does not always imply the administrator's obligation to destroy personal data as the withdrawal is requested for a specific purpose for which personal data are processed, whereas the administrator may process personal data for other purposes for which it uses a different legal reason for processing than the data subject's consent. In other words, in case of withdrawal of consent, the administrator is obliged to stop processing personal data for the purposes defined in the consent. If consent was the only legal reason for processing, personal data will be destroyed.

Where processing is necessary for the performance of a contract with the data subject or for the fulfilment of a legal obligation, consent to the processing of personal data shall not be required. Consent is also not required for the other processing purposes mentioned above (except for the first point). In the case of processing for purposes which cannot be assign to the aforementioned purposes, processing must be carried out with the consent of the data subject.

The consent of the data subject is not required for the processing of data necessary e.g. for delivery of goods from an e-shop or for processing of personal data of employees for employment purposes (e.g. performance of employment contract or fulfilment of statutory obligations by the employer).

WHAT ARE THE CONDITIONS OF GRANTING CONSENT FOR PERSONAL DATA PROCESSING?

In order to achieve the freedom, specificity, informedness and unambiguity of expression of the data subject‘s will , General Regulation has been laid down. The so-called differentiation of consent is essential, which means that consent must be distinguished from other facts on which the data subject expresses his/her opinion. For example, consent must be separated e.g. from a contract or business conditions, respectively it is no longer possible for consent to form its integral part. At the same time, the conclusion of a contract (e.g. for the provision of a service) must not be subject to the consent to the processing of personal data. It goes without saying that, depending on the service or product, the administrator will have to process a certain amount of personal data without the data subject's consent for the purpose of fulfilling a contract or statutory obligation.

WITHDRAWAL OF CONSENT

The data subject has the right to withdraw his/her consent at any time, for which the administrator should be prepared, including further steps connected with the withdrawal (e.g. the destruction of personal data). The withdrawal shall not affect the legality of the processing based on the consent given prior to its withdrawal. It should be noted that consent has been given for certain purposes and withdrawal of the consent may not always constitute an obligation on the administrator to destroy personal data, but will only constitute an obligation on the administrator to cease processing personal data for a specific purpose for which consent has been given. Similarly, if the administrator has used consent in cases where other legal reasons for the processing of personal data apply, the withdrawal of consent (i.e. an act that was not necessary for processing) does not imply the obligation to destroy or cease processing personal data if the data must be kept for legal purposes.

CURRENT CONSENTS IN REGARDS TO THE APPLICATION OF THE GENERAL REGULATION.

The General Regulation presumes the transfer of consent, provided that consent has been granted in a manner and in accordance with the terms of the General Regulation. This will be problematic for many administrators, as the consent they received will not meet the conditions set out in Article 7 of the General Regulation, such as the condition of differentiation of consent (consent must not be an integral part of business conditions). The presumed consent that some administrators have used (typically in the financial services, major energy providers or telephone operators) will not fall into the scope of the General Regulation. However, this cannot affect the provision of services. Any request for new consent must not be presented to the data subject as an obligation.

GDPR—Website Privacy Policy

The administrator of personal data and the operator of the website www.incatering.cz is IN CATERING S.R.O. (hereinafter referred to as the "Operator").

PROTECTION OF PERSONAL DATA

COLLECTED INFORMATION AND ITS USE

Access to the website www.incatering.cz may be subject to the provision of some personal data of the User in accordance with Act no. 101/2000 Coll., on the protection of personal data and possibly other acts, as amended. In such a case, the Operator will handle these data in accordance with applicable legal regulations.

TRANSMISSION OF PERSONAL DATA

The operator does not sell, transfer or disclose personal data to third parties.
If the User wishes to correct their personal data held by the Operator, he/she can ask for it by sending an email to info@incatering.cz or by writing to the postal address stated on the Contacts page.

LIABILITY AND JURISDICTION

Possible risks arising from the use of the website are entirely up to the User and the Operator bears no responsibility for them. Any disputes arising out of the use of this site will be settled by a local court in the Czech Republic and in accordance with the laws of the Czech Republic.

The provisions of these terms, which for any reason become unenforceable, shall be deemed separable from the remaining arrangements and shall not affect their validity and enforceability.

COOKIES RULES

COOKIES

Like most websites, the Operator's website uses cookies. For example, based on anonymous data objects, the Operator monitors the total number of visitors to this site.

A cookie is a short text file that a website you visit sends to a browser. It enables the site to record information about your visit, such as your preferred language and other settings. This makes your next site visit easier and more productive. Cookies are important. Without them, browsing the web would be much more complicated.

Cookies serve a variety of purposes. For example, we use them to store your SafeSearch settings, to select relevant ads, track the number of visitors to a page, facilitate the registration of new services, protect your data, or save ads settings.

Learn about the types of cookies Google uses and how Google and its partners use these cookies in advertising. Privacy Policy describes how we protect your personal and other data when you use cookies.
If the User does not want to use cookies or wants the browser to notify the use of cookies, the user must select the appropriate option in his/her browser. If the User blocks all cookies, he/she will not be able to use some of the functions of this site.

INSTRUCTING USERS ON USING GOOGLE ANALYTICS

In order to better understand the visitors to our site, we use Google Analytics, provided by Google, Inc. (hereinafter referred to as "Google").

You may refuse the use of cookies to prevent the collection of personal data. You can do this by selecting a setting in your browser settings. For some browsers, you can install the Advertising Cookie Opt-out Plugin to prevent your data from being sent to Google.

Google Analytics cookies

Google Analytics primarily uses first-party cookies to report on user interactions on a Google Analytics customer site.

We use Google advertising cookies for customers who use Google Analytics advertising features. These allow products on the Google Display Network (like AdWords) to enable features like re-marketing. For more information about how Google uses advertising cookies, visit the Google Privacy Policy. To manage your settings for these cookies and opt out of these features, go to the Cookie Settings page or disable your browser's settings.

You may refuse the use of cookies to prevent the collection of personal data. You can do this by selecting a setting in your browser settings. For some browsers, you can install the Advertising Cookie Opt-out Plugin to prevent your data from being sent to Google.


https://policies.google.com/technologies/cookies?hl=en

IN CATERING

Inquiry form