Personal Data protection principles

Through these Personal Data Processing Principles, the company FOR H2ENERGY s.r.o. informs the data subjects, i.e. natural persons whose data are processes, about the principles of their privacy and about the processing activities carried out (in compliance with the EU Data Protection Regulation „GDPR“).

Basic information on personal data processing 

Personal Data Processing Principles apply to all clients, vendors and customers of the company, as well as to anyone else who contacts the company or otherwise provides or discloses any personal data to the company. This includes all people who use services of the company or provide services and sub-deliveries to the company, or are in any other relationship with the company.

Data controller

The company FOR H2ENERGY s.r.o., residing at Průběžná 3366, 434 01 Most, company ID: 096 26 859, registered with the Commercial Register maintained by the Regional Court in Ústí nad Labem, Section C, insert 46069 (hereinafter the „Controller“) hereby informs you about processing of your personal data and about your rights in compliance with Article No. 12 GDPR.

Personal data categories subject to processing 

  • Address and identification data serving for unambiguous and unmistakable identification of the data subject (e.g. first name, surname, degree of education or national ID, date of birth, permanent address, company ID, tax ID)
  • data enabling contact with the data subject (specific data – e.g. contact address, phone number, email address, etc.)
  • descriptive details (e.g. bank  details – bank account number)
  • other data necessary for performance of the contract
  • data provided beyond the respective laws processed under a granted consent of the data subject (processing of photographs, use of personal data for the purpose of the personal proceedings, etc.)

Data subject categories 

  • Employee of the Data controller 
  • Customer/Client of the Data controller 
  • Business partner of the Data controller 
  • Forwarder/haulier
  • Service provider
  • Visitors or other persons moving within the Data controller premises 
  • Other persons in contractual relationship with the Data controller
  • Job applicant

Personal data recipient categories 

  • Public institutions 
  • Financial institutions 
  • Processors 
  • Vendors 
  • Companies ensuring expert trainings of the employees 
  • State or other authorities when performing their statutory obligations under the relevant legal regulations 

Purpose of personal data processing 

  • the data subject granted its consent for one or more specific purposes,
  • processing is necessary for compliance with the contract 
  • processing is necessary for compliance with the legal obligation the Controller is subject to,
  • processing is necessary for protection of vital interests of the data subject or another natural person,
  • processing is necessary for the purposes of the legitimate interests of the controller or third party concerned, except where interests or fundamental rights and freedoms of the data subject requiring the personal data protection take precedence over those interests.

Method of personal data processing and protection 

Processing of the personal data is carried out by the Controller. The processing is carried out at the Controller's premises by individual authorised employees of the Controller or by the processor. Processing is performed by computer technology and manually for personal data in paper form, in compliance with all security principles for administration and processing of personal data. To achieve this, the Controller has adopted technical and organisational measures to ensure protection of the personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transmission, unauthorised processing or other misuse of personal data. All those, to whom personal data may be disclosed, shall respect the right of data subject to privacy and shall comply with applicable data protection legal regulations.

Personal data processing period  

The personal data are processed and saved for the duration of the contractual relationship and for the period for which the company is obliged, as the Controller, to keep the personal data under binding legal regulations or for the period for which the company has been granted the consent. 

Marketing, advertisement

The personal data of the data subjects may further be used by the company for the purpose of publishing them on promotional printed materials or on the company's website, including its social media profile, on the basis of the consent granted.

If the Company holds a promotional or other social event, it may make a photographic, visual or audio-visual recording of the event for the purpose of informing about the event by publishing it on its website, social media or other marketing materials. The recordings are not made with the intention to process any personal data.

Cookies

If you visit the website of an online shop or administrator and you have cookies enabled in your browser at the same time, we save and subsequently read cookies on your device.

Cookies are short text files that a website saves in your computer/mobile device. Cookies are commonly used to make websites function or work more efficiently and also to provide information to website owners. This file identifies specific information from your previous visits to the website from the respective computer/mobile device. For example, the information may include the IP address of the connecting computer/mobile device, the date and time of the visit, the referring URL, the pages visited on the online store's websites, the type of browser used, etc.. Cookies are usually deleted from the computer/mobile device when you leave the website. Permanent cookies remain on the computer/mobile device until they expire or are deleted by the user and are activated each time you visit the website that created the given cookie.

We use the following types of cookies on our websites:

Necessary cookies that help make websites usable by enabling basic functions such as site navigation and access to protected areas of the websites. They form the basis for the operation of the websites and enable the use of basic functions. The websites cannot function properly without these cookies. Without these cookies, the website administrator would not be able to provide its services through the websites, as they are essential for the website to function properly. They are cookies that exist only for the time that the user browses the websites in question. The legal basis for processing of these cookies is the provisions of Section 89(3) of Act No. 127/2005 Coll., on Electronic Communications and on Amendments to Certain Related Acts (Electronic Communications Act), as amended. These cookies are valid for a maximum of 1 year.

Marketing cookies – these are used to provide and display advertising based on the interests of website users or to collect their personal data for future marketing purposes. The purposes of using marketing cookies are as follows:

  • to analyse and improve the websites in terms of content, performance and design;
  • to target direct marketing communications more effectively, while limiting the number of ad impressions and measure the effectiveness of advertising campaigns;
  • to create and improve services optimally and continuously, to adapt the websites to the user's interests and needs, and improve their structure and content;
  • to identify which pages and features are most frequently used in order to adapt the offer optimally to the user's requirements;
  • to enable  tracking of website traffic and the utilization of its various functions;
  • to help optimise the offer for users and reach them in advertising spaces on other websites;
  • to serve for evaluation how advertising works and the different ways users arrive at a website;
  • to collect anonymous statistics and control the site to optimise it and improve the user comfort.

The legal basis for the processing of marketing cookies is your consent given through the setting/allowing of individual types of cookies in your browser.

Instruction - legal basis for the processing

The Controller processes the data with the consent of the data subject, except in cases provided for by law where the processing of the personal data does not require the consent of the data subject.

The consent of the data subject is not required in the following cases:

  • the processing is necessary for compliance with the legal obligation  which applies to the Controller
  • the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken upon the request of the data subject,
  • the processing is necessary for the purposes of the legitimate interests of the Controller or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data
  • the processing is necessary for the protection of the vital interests of the data subject or of another natural person
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Data subject rights 

In compliance with Article No. 12 GDPR and upon request of the data subject, the Controller shall inform the data subject about its right of access to the personal data and to the following information:

  • purpose of personal data processing,
  • categories of personal data concerned,
  • recipients or categories of recipients to whom the personal date have been or will be disclosed 
  • planned period for which the personal data shall be saved,
  • all available information on the personal data source, unless obtained from the data subject,
  • whether automated decision-making or profiling takes place

Any data subject, who becomes aware or considers that the controller or the processor is carrying out processing of his or her personal data which is contrary to the protection of the private and personal life of the data subject or contrary to the law, in particular where the personal data are inaccurate with regards to the purpose of the processing, may:

  • ask the Controller for explanation,
  • require the controller to rectify the situation, in particular to limit, rectify, supplement or erase the personal data,
  • in case the request of the data subject pursuant to par. 1 is found to be justified, the Controller shall rectify the defective situation without delay
  • should the Controller fail to comply with the request of the data subject pursuant to par. 1, the data subject shall have the right to apply directly to the supervisory authority, i.e. the office for personal data protection 
  • the procedure pursuant to par. 1 shall not preclude the data subject from making a complaint directly to the supervisory authority
  • the Controller shall have the right to charge a reasonable fee for the provision of the information, not exceeding the costs necessary to provide the information.

Right of the data subject to access the personal data or to correct the personal data

The data subject (employees, vendors, customers/clients) shall have the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, to obtain access to the personal data and the following information:

  • purposes of the processing and the categories of personal data concerned,
  • the recipients or categories of recipients,
  • the planned  period for which the personal data will be saved or criteria for determination of that period,
  • information on the personal data source, unless obtained from the data subject,
  • whether automated decision-making including profiling takes place,
  • the data subject (employees, vendors, customers/clients) shall have the right to request from the Controller correction, erasure or limitation of their processing, or to raise an objection against this processing,
  • the data subject (employees, vendors, customers/clients) shall have the right to file a complaint with the supervisory authority,
  • we, the Controller, hereby undertake to provide a copy of the personal data processed to the data subject (employees, vendors, customers/clients). The Controller may charge a reasonable fee based on administrative costs for any other copies requested by the data subject,
  • unless requested by the data subject otherwise, the information shall be provided in such a form corresponding to the form of request.
  • in case the personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the appropriate guarantees.

Right to personal data erasure

We (personal data controller) are fully aware that the data subject (employees, suppliers/vendors, clients) shall have the right (without undue delay) to have the personal data erased and the controller is obliged to do so, if, in particular,:

  • the personal data are no longer necessary for the purposes they  have been collected for,
  • the data subject (employees, vendors, customers/clients) withdraws its consent with the processing,
  • the data subject objects to the processing,
  • the personal data have been unlawfully processed,
  • compliance with a legal obligations.

Right of the data subject to limit personal data processing 

The data subject (employees, suppliers/vendors, clients) shall have the right to obtain from the controller limitation of the processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject,
  • the processing is unlawful and the data subject rejects the erasure of the personal data and requests the restriction of their use instead,
  • the controller no longer needs the personal data for the purposes of the processing, however they are required by the data subject for the establishment, exercise or defence of legal claims,
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject, 

The personal data shall, with the exception of storage:

  • only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of any Member State,
  • the data subject (employees, vendors, customers/clients), who has obtained limitation of processing is informed by the controller before the limitation of processing is lifted.

Right to personal data portability

The data subject (employees, vendors, customers/clients) shall have the right to obtain the personal data concerning him or her, which he or she has provided to the Controller, namely:

  • in a structured, commonly used and machine-readable format,
  • the right to transmit those data to another controller, where:
    • the processing is based on consent or on a contract and the processing is carried out by automated means,
    • the right to have the personal data transmitted directly from one controller to another, where technically feasible,
  • the exercise of the right to data portability shall be without prejudice to the right to be forgotten:
    • that right shall not apply to processing necessary for the performance of a task carried out in the public interest or while exercising official authority vested in the controller.

Right of the data subject to object

The data subject (employees, vendors, customer/clients) shall have the right to object on grounds relating to his or her particular situation (and in case of direct marketing at any time) to processing of personal data concerning him or her unless the controller demonstrates compelling legitimate grounds for the processing:

  • in legitimate interest,
  • in the public interest,
  • in the exercise of official authority.

Right of the data subject (employer, customer/client, vendor) to lodge a complaint

Every data subject shall have the right to lodge a complaint with the competent supervisory authority in the European Union, if the data subject considers that the processing of personal data relating to him or her infringes the Act on the Protection of Personal Data and/or the General Data Protection Regulation. The supervisory authority of the Czech Republic is the Office for personal data protection, residing at Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

Data protection officer (DPO)

The company has established the institution of a Data protection officer. His task is, inter alia, to communicate internally and externally and to address complaints, receive suggestions and other issues related to the processing of personal data in the company.

  • Controller´s contact details: FOR H2ENERGY s.r.o., company ID: 096 26 859
  • residing at: Průběžná 3366, 434 01 Most
  • e-mail: bozp@forh2e.com