GDPR Statement of Compliance

INTRODUCTION

On 25 May 2018 the new EU General Data Protection Regulation (GDPR) comes into force and impacts each and every organisation that holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and a significant increase in penalties compared to the current Data Protection Act (DPA) that it supersedes.

Simply put, individuals now have greater say over how, why, where and when their personal data is gathered, processed and disposed of. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.

OUR COMMITMENT

MOVINIO App s.r.o. (hereafter as „MOVINIO“) is processing personal data in accordance with  the law and the relevant regulations applying in the territory of Czech Republic – The Personal Data Protection Act No 101/2000 and Regulation No 679/2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing (hereafter as “Regulation”).

MOVINIO is in accordance with the Regulation a controller of the personal data, which are processing in agendas of the business acitivities of the MOVINIO. Its registered office is on:  Nové sady 988/2, Staré Brno, 602 00 Brno and Comercial registration No. 06245561. The person authorised to act on behalf of MOVINIO is Mgr. Měřínský, MBA. MOVINIO has no person responsible for protection of personal data because of the size and the nature of the business activities of MOVINIO Company. Contact details of manager are provided on the website  http://www.MOVINIO.com or it shall be responsibility of each worker to provide the contact.

MOVINIO does not keep a processing records with reference to Article 30 of the Regulation.

MOVINIO processes the following categories of personal data: first name, surname, academic title, permanent address, date of birth,, address, delivery address, e-mail, telephone number, name of company, ISDS address, business/tax ID, address of the property. MOVINIO also processes these personal data: nationality, ID number, ISDS address, business/tax number, bank details, salary assessment, health insurance company, registration of tax discounts for children, information about ZTP/P and legal capacity, information about criminal matters and complete set of personal data for the conclusion of an employment or similar relation but only in the case of its employees,. It is possible that MOVINIO also processes other unspecified personal data. In these cases MOVINIO informs natural person about these personal data on request. All personal data are processed only to the extent strictly necessary within of the business activities, which are linked to objects of the business referred  in the Commercial Register. The source of legality is in accordance with the Regulation, Art. 6, paragraph 1 (b) the processing necessary for the performance of a contract to which the data subject is a party… or Art. 6, paragraph 1 (c)… processing is necessary to fulfill a legal obligation… or Art. 6 paragraph 1 (f)… for the purposes of the legitimate interests of the controller.

The purpose of the processing of personal data is a realization of the business activities of MOVINIO, which are registered in the Commercial Register and fulfilment of the legal obligation.

The processing of all agends is based on statutory obligation, that defines obligations of MOVINIO, especially these Statutory Acts and its implementing regulations:

1/1993 Sb.        Ústava České republiky/The Constitution of the Czech Republic

89/2012 Sb.       Občanský zákoník/Civil Code

563/1991 Sb.     Zákon o účetnictví/Accounting Act

262/2006 Sb.     Zákoník práce/Labour Code

586/1992 Sb.     Zákon o daních z příjmu/Income Tax Code

MOVINIO does not process any personal data as a processor for any third party (another contoller). MOVINIO uses only processors, who meet the requirements of the Regulation for the processing of personal data by a third party (e.g. for accounting)

MOVINIO does not transmit any personal data to a recipient in a third country or international organization which are not covered by this Regulation.

MOVINIO processes personal data only for as long as there is a legal reason for it or if the contractual relationship of which subject data in involved continues. At the end of the processing period, personal data are either shredded or anonymized or handled in accordance with special laws (in particular Act No. 563/1991 Coll. Accounting Act  and  Act No. 499/2004 Coll. Archiving and Records Service) .

Letter of Rights of a subject data in accordance with the Czech Law and Procedure Act – The Personal Data Protection Act No 101/2000.

MOVINIO informs each natural person, whose personal data MOVINIO processes (hereafter ,,subject data“) about these rights:

Each subject data has the right of access to personal data and the right to correct his or her personal data. The subject data who thinks that the processing of his or het personal data by the controller or processor is incompatible with the protection of his or her individual rights or incompatible with the law,  e.g. if personal data are inaccurate with respect to the purpose of their processing, may ask the controller or processor for explanation and require the controller or processor to remove the defective status. In particular, this may involve blocking, correcting, supplementing or disposing of personal data. If the data subject’s request is found to be justified, the controller or processor shall remove the defective status immediately. If the controller or the processor does not take an action to comply with the requestof the subject data, the swubject data has the right to contact the Office for Personal Data Protection directly (this procedure does not preclude the data subject from turning to the Office for Personal Data Protection without further complaint).

Letter of Rights of a subject data in accordance with the Regulation:

Natural person whose personal data is bieng processed by the Movinio (hereafter ,,subject data“)may exercise from the MOVINIO these rights:

a) to request to obtain a confirmation as to whether or not personal data concerning subject data are being processed, and the following information referred to in Article 15 of Regulation,

b) to request rectification of inacurate personal data concerning subject data,

c) to request the erasure of personal data concerning subject data in accordance with Art. 17 of the Regulation, primarily if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

d) to request restriction of processing of personal data in accordance with Art. 17 of the Regulation,

e) to receive the personal data concerning data subject, which he or she has provided to, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

b) processing is based on performance of a contract to which tha data subject is party or in order to také steps at the request of the data subject prior to enteringinto a contract

f) to object, on grounds relating to his or her particular situatin, at any time to processing of personal data concerning subject data in accordance with Article 21 of the Regulation,

g) to withdraw his or her consent to the processing of his or her personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The Movinio shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where neccessary, taking into account the complexity and number ofe the requests.

Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:

(i) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or

(ii) refuse to act on the request.

If MOVINIO does not taken action on the request of the data subject, the MOVINIO shall inform the data subject without delay and at the latest within one month of receipt of the request of the resons for not taking action.

When MOVINIO receives a request of data subject for application of these rights, but MOVINIO has reasonable doubts concernig the identity of the applicant, MOVINIO can request the provision of additional information necessary to confirm the identity of the data subject.

For any comments and asks about the protection of personal data you may either use e-mail adress legal@movinio.comor contact the person authorized to act on behalf of MOVINIO on the following link: info@movinio.comor via the ID: r2tmh7z.

If the subject data is dissatisfied with the explanations that MOVINIO has given him or her regarding the processing of personal data, or in general with processing of the personal data, he or she may contact Office for Personal Data Protection, https://www.uoou.cz, e-mail: posta@uoou.cz, data box: qkbaa2n, physically at the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7. We recommend to visit the Frequently Asked Questions section at https://www.uoou.cz/casto-kladene-otazky-podle-oblasti/ds-2619/archiv=0&p1=2611, where you will find questions and answers to the most popular topics in relation to the Regulation.