GDPR

This document provides a comprehensive summary of how personal data is processed within Boilen s.r.o. Specifically, this document informs about the extent of data processing; the duration for which personal data processing takes place; the purpose for which personal data is processed; and also which individuals’ data and types of personal data are processed by Boilen s.r.o. It also addresses the rights that can be exercised in connection with personal data processing.

The processing of personal data and all rights associated with it are governed by Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, as well as national Act No. 110/2019 Sb., on the processing of personal data.

If there is any ambiguity in the principles described in this document below, or if you wish to inquire or have anything clarified, you may use the contact details provided in the specification of the data controller.

• 1. Data Controller

The data controller is generally the entity that, alone or jointly with others, determines the purpose, means, and methods of processing personal data, bearing the responsibility associated with it.

The data controller is Boilen s.r.o., identification number: 098 28 192, registered office at Chotěšovská 680/1, Letňany, 190 00 Prague 9, registered in the Commercial Register maintained by the Municipal Court in Prague, file number C 343114 (hereinafter referred to as the "Company").

You can contact the Company by email at info@boilen.cz or by phone at +420 777 500 669.

• 2. Data Protection Officer

Data Protection Officer: Tomáš Kukrál

• 3. Whose personal data does Boilen s.r.o. process?

The Company processes the personal data of the following persons in the course of its business activities:

• employees of the Company,
• job applicants,
• clients, customers, suppliers,
• individuals who submit a non-binding service inquiry via the Company’s website form at www.boilen.cz

• 4. What personal data does Boilen s.r.o. process?

The nature of the personal data processed by the Company varies depending on the relationship with the individual whose data is processed. Generally, it includes the following information:

• general identification and contact details, such as name and surname, academic title, date of birth, national identification number, permanent address, registered address, mailing address, email address, phone number, education, photograph, previous employment information, skills and experience, interests, professional licenses, membership in professional organizations, signature;
• records of mutual communication with the Company, including email, written, or through our online form;
• billing information, if different from general identification and contact information;
• other information, such as data collected through cookies.

• 5. Basic Principles of Personal Data Processing

The Company adheres to the strictest data protection standards when processing personal data. It processes personal data in accordance with the following principles:

• personal data is processed only for the specified purpose and only for the time necessary to fulfill the purpose of data processing,
• personal data is protected during processing to prevent unauthorized use, disclosure, etc.; employees handling personal data in the course of processing are bound by confidentiality regarding such data.
• billing information, if different from general identification and contact information;
• other data, e.g. obtained by storing cookies.

• 6. How does Boilen s.r.o. obtain personal data?

The Company primarily obtains personal data through the voluntary provision by individuals. This often occurs when a contract is concluded, an order is placed, etc. The Company also obtains data from third parties authorized to handle personal data, as well as through its own activities.

• 7. How long will your personal data be retained?

The Company retains personal data only for the necessary period required to fulfill the purpose for which the data is processed. Once that purpose is fulfilled or no other reason for retention exists, the Company deletes the data.

If you grant the Company consent to process personal data, the Company will retain this data until you withdraw consent, or for as long as the consent remains valid.

If the Company obtains your personal data during pre-contractual negotiations and the contract is not concluded, the Company will retain such data for no longer than one year from acquisition.

If the Company obtains your personal data based on a contract, it will retain the data for as long as the final limitation periods arising from the contract persist.

Accounting and tax records (containing personal billing information) are retained by the Company for the period specified by special legislation.

• 8. For what purposes does Boilen s.r.o. collect personal data?

The Company uses personal data for purposes arising from its business activities. For most such data, the Company does not require consent because a specific legal regulation authorizes such processing.

If consent is required for processing, such consent may be withdrawn at any time. Withdrawal of consent does not affect the legality of data processing conducted before consent was withdrawn.

The main purposes of data processing by the Company are:

• concluding and fulfilling contracts with our partners, suppliers, or carriers - the legal basis for this processing is contract conclusion and fulfillment;
• operating business activities (managing orders, customer records, etc.) - the legal basis for this processing is contract conclusion and fulfillment and the protection of our legitimate interests;
• communication with you and others within our operations and for service improvement - the legal basis for this processing is contract conclusion and fulfillment and the protection of our legitimate interests;
• providing assistance to public authorities - the legal basis for this processing is the fulfillment of our legal obligations;
• establishing and protecting legal rights, protecting our privacy, security, or property and/or the rights of you or others, and seeking available remedies or limiting our damage - the legal basis for this processing is the protection of our legitimate interests and the fulfillment of applicable legal obligations;
• conducting recruitment for employment at the Company - the legal basis for this processing is your consent.

• 9. With whom is your personal data shared?

The Company processes personal data primarily within its internal operations. Such data is provided to employees and long-term partners who are bound by confidentiality regarding the personal data they encounter in their work.

If necessary to achieve the purposes for which personal data was obtained, the Company shares personal data with processors or independent or joint controllers. These third parties must meet the minimum level of data protection according to applicable legal regulations.

If a legal obligation exists, the Company shares processed personal data with public authorities.

The Company may also share processed personal data based on consent from the individual concerned.

We may share your personal data under certain conditions with the following entities:

• our contractual partners and suppliers - personal data is shared to provide our services with other entities, such as postal and delivery service providers, IT service providers, debt collection agencies, law firms, accountants, tax advisors, and providers of printing, advertising, and marketing services;
• public authorities and third parties involved in judicial or similar proceedings - in compliance with our legal obligations, we are required to share your personal data with the appropriate public authorities, such as law enforcement agencies. In the case of litigation, your personal data will also be shared with third parties as participants in such proceedings;
• other third parties - we may also share personal data with payment recipients, service providers in emergencies (fire, police, and medical emergency services), etc.

• 10. What rights do you have regarding personal data processing?

Individuals whose data is processed by the Company have several rights, which they can exercise by contacting the Company using the details provided above.

These requests will be processed within one month of submission, with a possible extension to three months in justified cases. The Company is obliged to inform the applicant of any extension.

The Company will not charge any fees for handling requests, except in cases where the request is manifestly abusive, unfounded, or unreasonable (e.g., repeated requests from the same applicant within a short time). In such cases, the Company may charge a fee to cover the costs incurred.

You have the following rights:

Right to access personal data
Everyone has the right to request information about whether their personal data is processed by the Company. If so, they are entitled to information about:

• the processing of personal data,
• the legal basis for data processing,
• the recipients or categories of recipients,
• the expected retention period or method of its determination,
• the right to request correction, restriction, or deletion of data, and
• the source of the data.
• Right to rectification of personal data
  If the Company processes personal data that is outdated, individuals have the right to request correction or supplementation.
• Right to deletion of personal data

Individuals whose data is processed have the right to request deletion without undue delay if:

• the purpose for processing is fulfilled, or retention is no longer necessary; or
• the consent on which processing is based is withdrawn (and there is no other legal basis for processing); or
• an objection to processing has been successfully raised, and there are no overriding legitimate grounds; or
• the data was processed unlawfully; or
• data must be deleted to fulfill a legal obligation of Boilen s.r.o.
• Right to restriction of processing of personal data

The person whose personal data is processed by the Company has the right to request that the Company does not use their personal data but also does not delete it, under the following circumstances:

• The accuracy of personal data has been disputed. In such cases, the restriction on processing will be applied for the period needed to verify or correct the accuracy of the personal data; or
• The processing of personal data was unlawful, and the data subject does not wish it to be deleted; or
• The Company no longer needs the personal data for the purposes for which it was obtained, but the person concerned requires it for establishing, exercising, or defending legal claims; or
• An objection to the processing of personal data has been raised, and the verification of this objection is pending.
• Right to Object
  If the Company processes personal data to pursue its legitimate interests, any person whose data is processed in this way has the right to object. If this objection is successful, meaning the Company’s legitimate interests do not outweigh the individual’s rights, the processing of such personal data will be stopped immediately.
• Right to Withdraw Consent to Personal Data Processing
  Any individual who has provided consent for personal data processing can withdraw it at any time without giving a reason. Such withdrawal will not affect the legality of the processing conducted prior to the withdrawal of consent. The withdrawal must be sufficiently specific, i.e., it must include clear identification of the individual withdrawing consent, which consent is being withdrawn, to what extent, and from when, etc.
• Right to Data Portability
  If personal data processing was based on consent or for the purpose of contract conclusion or performance, the person whose data was processed has the right to obtain it in a commonly used format or to have it transferred to another data controller.
• Right to Lodge a Complaint with the Office for Personal Data Protection
  Anyone who believes that their personal data is being processed unlawfully has the right to file a complaint with the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, email: posta@uoou.cz, phone: +420 234 665 111.

• 11. Automated Data Recording

No personal data is processed automatically within the Company’s operations.

• 12. Data Transfer to Third Countries and International Organizations

The Company does not transfer personal data outside the European Union or the European Economic Area, nor to international organizations unless required by law.

• 13. Provision of Personal Data by Other Parties

If third parties provide the Company with personal data, they must:

• inform the data subjects about this document, and
• obtain all legally required consents for data collection, use, disclosure, and transfer (including international transfer) in accordance with this document.

• 14. Use of Data Analysis

To tailor website settings, the Company uses data analysis services, including Google Analytics and cookies.

• 15. Security

The Company has implemented measures to ensure the highest level of data security in accordance with applicable regulations. If you suspect that your personal data is not secure, please contact us immediately using the contact information provided above.

These policies are valid and effective as of December 1, 2021.