Declaration on personal data processing pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and instructions for data subjects (hereinafter the “Regulation”)
1. Personal data controller
OLTIS Group a.s., with its registered office at Olomouc,
Dr. Milady Horákové 1200/27a, Identification No. (IČ): 26847281, entered in the Companies Register administered by the Regional Court in Ostrava, Section B, Entry No. 2844, contact
e-mail: (hereinafter the “Data Controller”) hereby informs you in compliance with Article 12 of the Regulation of the processing of your personal data and of your rights.
2. Extent of personal data processing
Personal data are processed in the extent in which the relevant data subject provided the same to the data controller in connection with concluding a contractual or any other legal relationship with the data controller or that the data controller otherwise collected and processes such data in compliance with the applicable legal regulations or to fulfil the legal obligations of the data controller.
3. Personal data sources::
- Directly from the data subjects;
- Publicly accessible registers; or
- Lists, records and registers (such as the Companies Register, Trade Register, Cadastral Register, public telephone directory, etc.)
4. Categories of personal data , that are subjects of processing:
- Address and identification data used for unambiguous and unmistakable identification of the data subject (such as name, surname, title, Identification No. (IČ) or Tax Identification No. (DIČ) and data enabling contact with the data subject (contact data, such as business name, contact address, telephone number, e-mail address and other similar information);
- Descriptive data (for example bank data or date); and
- Other data necessary for the performance of the agreement
5. Categories of data subjects:
- Data controller’s client;
- Service provider; or
- Any other person that has a contractual relationship with the data controller
6. Categories of personal data recipients:
- Processor; or
- State and other authorities when performing legal obligations set forth by the applicable legal regulations
7. Purpose of personal data processing
- Purposes contained within the framework of the data subject’s consent;
- Negotiations on the contractual relationship;
- Performance of the agreement;
- Protection of the rights of the data controller, recipient or other relevant persons (for example collection of the data controller’s claims);
- Archiving by law;
- Fulfilment of legal obligations by the data controller; and
- Protection of vitally important interests of the data subject
8. Method of personal data processing and protection
- Personal data are processed by the data controller. The data are processed in the data controller’s establishments and branches and in its registered office by the data controller’s authorized employees or by the processor. The data are processed using computer technology or manually in case of personal data in the documentary form subject to fulfilling all security principles for personal data administration and processing. For such purpose, the data controller took technical and organizational measures to protect personal data, in particular those preventing unauthorized or accidental access to personal data, change, destruction or loss thereof, unauthorized transmission, unauthorized processing as well as any other misuse of personal data. All subjects to which personal data may be made available respect the data subjects’ rights to protection of privacy and are obliged to act in compliance with the applicable legal regulations concerning the personal data protection.
- the data subject’s personal data will be processed on the basis of his/her free consent under the above-mentioned conditions;
- the reason for providing the data subject’s personal data is the data subject’s interest in sending information and invitations or business offers and bids concerning organized events connected with the data controller’s activities, which would be impossible without providing such data;
- the data controller did not appoint a data protection officer, did not authorize any processor to process personal data and did not appoint a representative for fulfilling the obligations within the meaning of the Regulation;
- the data controller does not wish to provide personal data to a data subject to any third country, to any international organization or to any third parties other than those mentioned above; and
- the data subject is entitled to revoke his/her consent with personal data processing at any time, to request access to his/her personal data from the data controller, correction or deletion of such data or restriction of the processing, and to raise an objection against
the processing, has the right to transferability of such data to any other data controller as well as the right to lodge a complaint with the Personal Data Protection Authority, if
the data subject believes that the data controller processes personal data in conflict with the Regulation.
9. Period of personal data processing
- In compliance with the deadlines set out in the relevant agreements, in the data controller’s filing and shredding rules or in the applicable legal regulations, it is a period necessary to ensure rights and obligations arising both from an obligatory relationship and from
the applicable legal regulations.
- The data controller processes data with the data subject’s consent, save for the events set forth by law where the personal data processing need not be approved by the data subject.
The data controller hereby informs in compliance with the provisions of Article 13 of the Regulation that: