© All rights reserved 2019
We would hereby like to provide information in a comprehensible and transparent manner as to the way we process the personal data of data subjects and what rights data subjects have in relation thereof; the overview of all fundamental information is therefore provided below.
We process and protect personal data in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter also referred to as the GDPR) and the Czech Act on Personal Data Processing. We process personal data while adhering to the following essential principles:
The data controller is BENEFITY a.s., registered office at Zelena 1990/27, Dejvice, 160 00 Prague 6, Czech Republic, Company ID: 270 95 231, registered in the Commercial Register administered by the Municipal Court in Prague, file ID B 8967 (hereinafter referred to as the “Controller”). The Controller is responsible for personal data processing and data subjects may claim most of their rights specified below with this Controller.
The controller has not appointed a representative for personal data protection, but has designated a person responsible for this area and the overseeing of personal data processing and protection.
If data subjects have any queries related to personal data processing or wish to exercise their rights, they may contact the Controller in one of the following ways:
In certain cases BENEFITY a.s. acts only as a data processor. These are the cases when the data controller – i.e. the party determined by the purposes and means of processing your personal data – is another company (e.g. your employer as a client of BENEFITY a.s.) which authorised BENEFITY a.s. to process your personal data (or to carry out a specific processing operation), for instance in relation to offering and using employee benefits. In such cases BENEFITY a.s. acts while processing your personal data as instructed by the Controller and is not responsible for your personal data processing. This responsibility is always with the Controller. Obviously, BENEFITY a.s. complies with the GDPR and the above principles also in its capacity as the data processor. However, the questions below should in such a case be answered by the Controller, and it is also this Controller any rights, also shown below, should be exercised with.
As such, the following information concerns situations when BENEFITY a.s. is the Controller of your personal data.
We process only such personal data which is essential to our ability to comply with our legal obligations, properly perform our contractual obligations and protect our legitimate interests, or else when we have been given consent by data subjects to personal data processing. For the above reasons we process personal data of the following persons:
We always process personal data solely within the scope necessary for the purpose of processing.
We determine the purposes of personal data processing particularly with respect to contractual or other relations with data subjects or in relation to services we provide or legitimate interests we have.
We process personal data based on at least one of the legal grounds (bases). If this were not the case, we would be failing to comply with the rule of lawfulness as one of the essential GDPR principles.
Personal data processing is carried out based on the following legal grounds:
We retain personal data for the period of time necessary for the purpose of processing. If we are required to process personal data by a legislative regulation, this regulation usually also stipulates the period of time for which we are supposed to do so. If personal data is processed in order for us to be able to perform a contract entered into with a data subject, such personal data must be processed for the entire duration of the contract. Personal data processed based on consent provided is retained for the period of time such consent was provided for, and obviously only until such consent is withdrawn. If personal data processing is necessary for the purposes of our legitimate interests, such personal data is processed for as long as such legitimate interests last.
We obtain personal data primarily from data subjects directly or in relation to our contractual relations with data subjects. This allows data subjects to control which personal data they provide us with or not.
Some personal data may be obtained also from public sources such as one of the public registers or the Internet. In some cases we obtain personal data from other controllers as well; in this case, however, we have an obligation to inform the data subject.
Personal data is available to our employees, who need it for their work. We forward personal data to parties outside of our company only when necessary, particularly in the following cases:
Data subjects have a wide range of rights related to the processing of their personal data. Data subjects have some of those rights independently of the legal basis for processing (right of access, right to rectification, right to erasure, right to restriction of processing), while some rights are granted to them only when processing occurs based on specific legal grounds:
Of course, data subjects also have the right to file a complaint with a supervisory authority.
More details regarding the exercise of rights of data subjects are provided here.
Job applicants can find more information on the processing of their personal data here.
Guests at our events may find more information on the processing of their personal data here.
Our customers and suppliers will find more information on the processing of their personal data here.
Information on processing personal data of potential customers and suppliers is here.
We firmly believe that the above information is easy to understand for data subjects. However, if data subjects still do not understand or are unsure about something, they can always get in touch with their inquiries. This will prevent many misunderstandings from happening.