Privacy Policy | swiss-plas s.r.o

Personal data protection policy

Company ID No.: 035 60 970
Registered office: Pivovarská 30, 756 61 Rožnov pod Radhoštěm, Czech Republic
Registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, File 94607
E-mail: info@swiss-plas.cz
Website: https://swissplas.cz/ (hereinafter the “Website”)
(Hereinafter the “Company”)
In the course of its business activities, the Company administers and processes personal data of the data subjects listed below. These Personal Data Processing Principles (the “Policy”) inform data subjects about the circumstances of such processing and about the rights they enjoy in relation thereto.

1. Data subjects, purpose, scope, period and legal basis of processing

A. CUSTOMERS – SOLE TRADERS (SELF-EMPLOYED)

The Company acts as controller when processing personal data of customers – sole traders (self-employed persons) for the following purpose, scope, legal basis and period:
a. Purpose: Negotiation, conclusion and performance of a service agreement.
Scope: Name and surname/business name, Business ID No., VAT No. (DIČ), registered office, telephone number, e-mail address, bank account No., signature.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the time necessary to negotiate, conclude and perform the contract.

b. Purpose: Creation and administration of a customer account on the Website.
Scope: Name and surname/business name, user name, Business ID No., VAT No., registered office, telephone number, e-mail address.
Legal basis: Consent.
Period: From registration until the account is deleted by the customer or by the Company due to inactivity (no earlier than five years after the customer’s last login).

c. Purpose: Accounting and tax purposes and fulfilment of archiving duties.
Scope: Name and surname/business name, Business ID No., VAT No., registered office, signature, bank account No.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: Ten years unless a longer statutory period applies.

d. Purpose: Enforcement of possible claims of the Company (retention of data necessary as evidence in judicial proceedings).
Scope: Name and surname/business name, Company ID No., registered office, signature.
Legal basis: Legitimate interest.
Period: For the duration of the contract and thereafter for the limitation periods.

B. MEMBER OF THE STATUTORY BODY OR OTHER PERSON AUTHORISED TO NEGOTIATE THE CONCLUSION AND TERMS OF A SERVICE AGREEMENT (OR ITS AMENDMENT) AND TO COMMUNICATE ON ITS PERFORMANCE ON THE CUSTOMER’S SIDE

The Company acts as processor when processing personal data of a member of the statutory body or another authorised person on the customer’s side, for the following purpose, scope, legal basis and period:
a. Purpose: Negotiation of the conclusion or amendment of a service agreement and communication concerning its performance.
Scope: Name, surname, e-mail address, telephone number, signature.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the time necessary to negotiate, amend and communicate on the performance of the contract.

b. Purpose: Enforcement of possible claims of the Company (evidentiary retention).
Scope: Name, surname, signature.
Legal basis: Legitimate interest.
Period: For the duration of the contract and thereafter for the limitation periods.

C. JOB APPLICANTS

The Company acts as controller when processing personal data of job applicants for the following purpose, scope, legal basis and period:
a. Purpose: Recruitment procedure for the specific job position.
Scope: Data contained in the CV, typically name, surname, date of birth, address, e-mail address, telephone number, education, previous experience.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the duration of the recruitment procedure.

D. EMPLOYEES

The Company acts as controller when processing personal data of its employees under employment contracts for the following purpose, scope, legal basis and period:
a. Purpose: Negotiation, conclusion and performance of an employment contract.
Scope: Name, surname, academic title, personal identification No./date of birth, address, telephone number, e-mail address, signature, health information (mandatory medical examinations), bank account No.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the time necessary to negotiate, conclude and perform the contract.

b. Purpose: Accounting, payroll and tax purposes and fulfilment of archiving duties.
Scope: Name, surname, personal identification No./date of birth, address, marital status (number of children, spouse information), name and code of health insurance company, insurance No., signature.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: As necessary, up to thirty years unless statutory periods differ.

c. Purpose: Enforcement of possible claims of the Company.
Scope: Name, surname, personal identification No./date of birth, address, signature.
Legal basis: Legitimate interest.
Period: For the duration of the contract and thereafter for the limitation periods.

E. SUPPLIERS (SOLE TRADERS)

The Company acts as controller when processing personal data of its suppliers (sole traders) for the following purpose, scope, legal basis and period:
a. Purpose: Negotiation, conclusion and performance of a supplier agreement.
Scope: Name and surname/business name, Business ID No., VAT No., registered office, telephone number, e-mail address, bank account No., signature.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the time necessary to negotiate, conclude and perform the contract.

b. Purpose: Accounting and tax purposes and fulfilment of archiving duties.
Scope: Name and surname/business name, Business ID No., VAT No., registered office, data on registration in a public register, bank account No., signature.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: Ten years unless a longer statutory period applies.

c. Purpose: Enforcement of possible claims of the Company.
Scope: Name and surname/business name, Business ID No., registered office, signature.
Legal basis: Legitimate interest.
Period: For the duration of the contract and thereafter for the limitation periods.

F. MEMBER OF THE STATUTORY BODY OR OTHER PERSON AUTHORISED TO NEGOTIATE THE CONCLUSION AND TERMS OF A SUPPLY AGREEMENT (OR ITS AMENDMENT) AND TO COMMUNICATE ON ITS PERFORMANCE ON THE SUPPLIER’S SIDE

The Company acts as processor when processing personal data of a member of the statutory body or another authorised person on the supplier’s side for the following purpose, scope, legal basis and period:
a. Purpose: Negotiation of the conclusion or amendment of a supply agreement and communication concerning its performance.
Scope: Name, surname, e-mail address, telephone number, signature.
Legal basis: Necessity for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Period: For the time necessary to negotiate, amend and communicate on the performance of the contract.

b. Purpose: Enforcement of possible claims of the Company.
Scope: Name, surname, signature.
Legal basis: Legitimate interest.
Period: For the duration of the contract and thereafter for the limitation periods.

G. PERSONS PRESENT ON THE COMPANY’S PREMISES

The Company acts as controller when processing personal data of persons located on premises where it conducts its activities, for the following purpose, scope, legal basis and period:
a. Purpose: Protection of life, health, property and safety.
Scope: CCTV audiovisual recordings of the Company’s premises.
Legal basis: Legitimate interest.
Period: Fourteen days; in the event of a captured incident, the recording may be retained for a longer period necessary for cooperation with public authorities, insurers, owners of affected property, and for assertion or defence of claims.

H. VISITORS TO THE WEBSITE

The Company acts as controller in relation to cookies processed for visitors to the Website.
Cookies are text files containing a small amount of information that are downloaded to the visitor’s computer, mobile phone or other device when the Website is visited. On each subsequent visit, the cookies are sent back to the originating Website or to another site that recognises the cookies.
The Website uses several categories of cookies for various purposes. Necessary cookies are essential for the basic functionality of the Website; without them the Website cannot fulfil its basic function and the Company may process them without the visitor’s consent. The Company does not process other categories of cookies that would require the data subject’s consent.

I. PERSON CONTACTING THE COMPANY

The Company acts as controller when processing personal data of persons who contact the Company by e-mail, telephone or via the web form on the Website for the following purpose, scope, legal basis and period:
a. Purpose: Responding to the enquiries of the requesting person.
Scope: Name, surname, e-mail address, telephone number, company name.
Legal basis: Legitimate interest in providing a response.
Period: For the time necessary to answer the enquiry and any related communication.

J. MANAGING DIRECTOR OF THE COMPANY

The Company acts as controller when processing personal data of its managing director for the following purpose, scope, legal basis and period:
a. Purpose: Corporate governance.
Scope: Name and surname, date of birth or personal identification No., domicile and permanent residence, e-mail address, telephone number, signature.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: For the time strictly necessary.

b. Purpose: Accounting and tax purposes and fulfilment of archiving duties.
Scope: Name and surname, date of birth or personal identification No., domicile and permanent residence, bank account No., marital status (number of children, spouse information), name and code of health insurance company, insurance No., signature.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: Ten years unless a longer statutory period applies.

K. CONTACT PERSONS OF THE COMPANY’S SHAREHOLDERS

The Company acts as processor when processing personal data of contact persons of its shareholders for the following purpose, scope, legal basis and period:
a. Purpose: Corporate governance.
Scope: Name and surname, e-mail address, telephone number, signature.
Legal basis: Necessity for compliance with a legal obligation to which the Company is subject.
Period: For the time strictly necessary.

2. VOLUNTARINESS OF DATA PROVISION
The data subject provides the Company with personal data voluntarily. Failure to provide such data may affect the Company’s ability to conclude a contract or provide performance dependent on essential information about the data subject, including personal data.
3. RECIPIENTS AND PROCESSORS OF PERSONAL DATA
Recipients of personal data may include competent public authorities (tax offices, social security authorities, etc.).
The Company does not transfer personal data to any third country (outside the EU) or international organisation.
No automated decision-making, including profiling, takes place in the processing of personal data.
4. METHOD OF PROCESSING PERSONAL DATA
The Company processes personal data manually (in electronic form) and electronically by automated means.

5. Personal data security
The Company takes maximum measures to secure personal data against misuse. It will continue to do everything within its power to prevent security incidents and will always employ only reliable technical solutions.
Nevertheless, a certain risk of data leakage, misuse or loss can never be completely ruled out. Should a security incident occur despite the Company’s best efforts, and should it pose a high risk to the rights and freedoms of the data subject, the Company will promptly inform the data subject via the provided e-mail address and by publishing relevant information on the Website, including all necessary details.

6. RIGHTS OF DATA SUBJECTS
Data subject has the following rights:
a) Right of access to personal data
The data subject is entitled to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, to obtain access to such personal data and to the following information:
1. the purposes of the processing of personal data;
2. the categories of personal data concerned;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
4. the envisaged period for which the personal data will be stored, or, if it is not possible to determine this, the criteria used to set this period;
5. the existence of the right to request from the Company the rectification or erasure of personal data relating to the data subject or the restriction of their processing, or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. any available information as to the source of the personal data, if they are not obtained from the data subject.

The data subject also has the right to request from the Company a copy of the personal data undergoing processing, provided that this does not adversely affect the rights and freedoms of others. The Company may charge a reasonable fee based on administrative costs for any further copies requested by the data subject. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.
b) Right to rectification
The data subject has the right to have the Company rectify without undue delay any inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c) Right to erasure (“right to be forgotten”)
The data subject has the right to obtain from the Company the erasure of personal data concerning him or her without undue delay, and the Company is obliged to erase such data without undue delay where one of the following grounds applies:
1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject withdraws the consent on which the processing is based and there is no other legal ground for the processing;
3. the data subject submits a justified objection to the processing of personal data;
4. the personal data have been processed unlawfully;
5. the personal data must be erased for compliance with a legal obligation laid down in European Union or Czech law;
6. the personal data were collected in connection with the offer of information-society services on the basis of consent given by a child.

d) Right to restriction of processing
The data subject has the right to obtain from the Company restriction of processing where:
1. the accuracy of the personal data is contested by the data subject, for a period enabling the Company to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. the Company no longer needs the personal data for the purposes of the processing, but the data are required by the data subject for the establishment, exercise or defence of legal claims.

e) Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the Company where:
1. the processing is based on consent to the processing of personal data or on the processing of personal data for the purpose of concluding or performing a contract with the data subject; and at the same time
2. the processing is carried out by automated means.

In exercising the right to data portability, the data subject shall have the right to have the personal data transmitted directly from the Company to another controller, where technically feasible. The right to data portability shall not adversely affect the rights and freedoms of others.

f) Right to object
The data subject has the right to object to the processing of personal data. If the data subject raises a justified objection to processing for the purposes of direct marketing or profiling, the personal data will no longer be processed for those purposes.
The objection will be assessed, and the Company will inform the data subject whether it has been upheld (in which case the Company will cease processing) or rejected (in which case processing will continue). Processing shall be restricted for the period necessary to resolve the objection.

g) Right not to be subject to automated decision-making, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling (i.e. any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the data subject), which produces legal effects concerning him or her or similarly significantly affects him or her. This right shall not apply where the automated decision is necessary for entering into, or the performance of, a contract between the data subject and the Company, or is based on the data subject’s explicit consent; in such cases, however, the data subject has the right to human intervention on the part of the Company, to express his or her point of view and to contest the automated decision.

h) Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint concerning the processing of his or her personal data by the Company with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.

7. FINAL PROVISIONS

The Company has not appointed a Data Protection Officer.
The Company is entitled to unilaterally amend this Personal Data Protection Policy.
This Personal Data Protection Policy enters into effect on 01.07.2025