Cork Solutions s.r.o., a company with its registered office at Pernerova 676/51, 186 00 Prague, Czech Republic, registration number 060 19 137, registered in the Commercial Register maintained by the Municipal Court in Prague under file No. 274690, (the Company or we) processes the personal data of its business partners (even potential ones), clients (even potential ones) and visitors of its website (You), and therefore provides in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) the following information about this data processing.
If you cooperate with us, regardless of whether you are our supplier, subcontractor or client, or if we are considering any form of cooperation with you, or if you visited our web site, we process some of your personal data, which you have given to us or which we have obtained by other legal means (e.g. from your company’s web site, from publicly available registers, or from the LinkedIn network).
In this document you may find the summary of which of your personal data, to what extent, in what way, for which purpose and for how long they are being processed, as well as, what are your individual rights in connection with this personal data processing.
1.2 How to contact us in connection with personal data processing?
If you have any questions related to how we process personal data, you may contact us in the following ways:
- by writing to the address of our office at Pernerova 676/51, 186 00 Prague,
- by email at the email address [email protected]
1.3 What sources do we get personal data from?
We obtain your personal data either by you providing us with them e.g. while negotiating a potential future business relationship through our website or other communication channels or during the business relationship itself, for example by registering into the service Tabidoo (identification, contact information, or profile, billing or transaction information). Alternatively, we obtain them from publicly available sources (public registers, from your web site, from your LinkedIn profile) or automatically be means of our IT systems, every time you enter our web site (browsing information and social network information)
1.4 What personal data do we process and for what purpose?
We process only the data about you that we need to fulfil our contractual obligations, or to take the necessary measures adopted before entering into a contract, based on your request (for example if you ask us to prepare an offer for you), to fulfil our statutory obligations (for example to properly keep our accounts), to realize our legitimate interests (for example offer you our products or consider the suitability of a future business cooperation), or data, with the processing of which you give us your consent. We process your personal data only to the necessary extent, which corresponds to the given purpose of the processing. We have prepared the following table to give you a clear overview about which of your data are we processing, for which purpose, and which legal basis do we have for this processing.
|Categories of personal data||What sorts of information belong there?||What is the purpose of the processing?||What gives us the legal right to do so?|
|Identification information||Name, surname, address of permanent residence, academic title||To identify business partners, in contracts, bills, and to send marketing offers||If you enter in any contract with us (whether as our client, supplier or subcontractor), we need your identification information to personalize the contract or the contractual offer (i. e. we can identify you in the contract or offer), and then fulfil this contract → the legal basis is performance of a contract (art. 6 par. 1 subpar. b) GDPR). We also need your identification information to issue bills, or to fulfil the obligations set out by law, especially the obligation to keep accounts → the legal basis is the fulfilment of legal obligations (art. 6 par. 1 subpar. c) GDPR). If we have worked together in the past or you have shown interest in our products, we also use your identification information so we can send you marketing offers of our products or demands of cooperation → the legal basis is our legitimate interest (art. 6 par. 1 subpar. f) GDPR).|
|Contact information||email, phone number, contact address||To communicate and to realize the business relationship, to send offers of products and demand for cooperation||We need your contact information to adopt the necessary measures before the contract relationship can be formed, as well as fulfil the contract you enter into with us → the legal basis is performance of a contract (art. 6 par. 1 subpar. b) GDPR). If we have communicated or worked together already, we process you contact information also so we can send you marketing offers of our products or of a potential business relationship → the legal basis is our legitimate interest (art. 6 par. 1 subpar. f) GDPR).|
|Profile information||Gender, occupation, previous employment, education||To be able to assess and prove the suitability of cooperation||Information about professional qualifications (previous employment and education) of a subcontractor (even a potential one), is necessary for us, so we can decide if we will enter into a cooperation agreement with you as a subcontractor, or so we can ensure that our tasks are being carried out by qualified experts → the legal basis is performance of a contract and implementing measures before the contract is entered into (art. 6 par. 1 subpar. b) GDPR). We process the profile data of our clients (even potential ones) also for the purpose of analysing the structure of visitors to our website and the subsequent adaptation of our marketing strategy based on this analysis → the legal basis is our legitimate interest (art. 6 par. 1 subpar. f) GDPR).|
|Browsing information||IP address, technical and analytical cookies, email address connected with the user account of the client||For marketing purposes and the purpose of analysing user behaviour on the web site and monitoring server load||We process browsing information for the purpose of analysing the behaviour of visitors to our website and analysing the load on our servers so we can ensure that the website displays without issues and functions optimally → the legal basis is our legitimate interest (art. 6 par. 1 subpar. f) GDPR). We also process browsing information so we can address again the visitors of our web site with an offer of our services (marketing) → the legal basis is also our legitimate interest (art. 6 par. 1 subpar. f) GDPR).|
|Marketing cookies||marketing cookies, Facebook pixels (containing the IP address, email address, and a Facebook cookie)||For the purposes of personalizing the content of the web site and displaying advertising on social networks||We need marketing cookies so we can inform you of our services on social sites and display our advertisements → the legal basis for this processing is your consent with the use of marketing cookies (art. 6 par. 1 subpar. a) GDPR).|
|Billing and transaction information||Information appearing on bills and agreed upon billing terms and conditions, about received payments and billing addresses||For the purpose of properly kept accounts and fulfilling obligations arising from contracts as well as obligations arising from legislation||We process the information written on bills (billing and transaction information), so we can pay them → the legal basis is performance of a contract (art. 6 par. 1 subpar. b) GDPR). We need this information so we can keep proper accounts and be ready for a potential tax inspection → our legal basis for this processing is performing our legal obligations (art. 6 par. 1 subpar. c) GDPR).|
1.5 What happens if you refuse to provide us with your personal data?
If you have not yet entered into any contract with us, you can decide not to provide us with any of the abovementioned categories of the personal data and not to enter into a contract with us.
However if we have already entered a business relationship or you are interested in entering one, we will need for the fulfilment of our obligation at least your identification, contact, billing and transaction information (in the case of subcontractors also some profile information such as achieved education and work experiences), otherwise we cannot cooperate with you, or offer you our services.
Concerning personal data that we process on the basis of your consent; you have the right to revoke this consent at any time. If you do so, you are not questioning the legality of personal data processing before the revocation, but we will not be able to process that data any longer.
1.6 How long will we keep your personal data?
We keep your personal data for a period necessary to fulfil the purpose that we process them for. After that period is completed, they are irreversibly erased. The period of keeping the personal data varies among the individual categories of data based on the purpose of their processing.
- (i) data necessary for the performance of a contract, that is identification, contact, billing and some profile information are kept for the entire duration of the contractual relationship and further until the end of the longest prescription period related to obligations and rights governed by the contract (usually the 10 year prescription period and 1 year after its end in case of claims exercised at the very end of its period, unless a longer prescription period was agreed on or it was extended);
- (ii) a special subgroup of data processed to fulfil contractual obligations are the identification and billing information of subcontractors, who during the performance of a task set out by the Company took part in the creation of an author’s work (this will in particular affect programmers, who took part in the creation of source codes) – this data will be kept for the duration of copyright protection of the work, that is 70 years after the death of the last author of the work;
- (iii) data processed for the performance of the legal obligation to keep proper accounts, that is billing and transaction information, we keep them for a maximum of 10 years from the end of the tax period in which the last billing document for your order was created or the last transaction was carried out;
- (iv) data processed on the basis of the legitimate interest of offering our services to clients, monitor potential subcontractors or business partners, that is identification, contact and profile information, are kept for a period of two years after the termination of the business relationship or our last contact (if no business relationship was entered);
- (v) data processed on the basis of your consent to display our advertisements on social networks, we only process for the period that you agree on, that is 13 months, if you do not revoke your consent earlier
1.7 To whom do we transfer your personal data to be processed? Who do we share personal data with?
Given the fact that for our business activities we use outside contractors for providing some services, we transfer them just the necessary extent of your personal data so that they can ensure these services. It concerns suppliers of:
- (i) software services (e.g. MailChimp, Tawk.to, Google Analytics, Facebook);
- (ii) accounting and tax services;
- (iii) marketing services.
While transferring personal data to these suppliers, we make sure that as data processors they utilize the transferred personal data only to attain the purposes set out by us that are expressed above. Given that we use the services of processors based in the USA (MailChimp, Tawk.to and Facebook), we also transfer data outside of the EU. There is no need to worry about the safety of your data, as with all the mentioned processors we have closed standard contractual clauses that enable the transfer of personal data to the USA, in accordance with the requirements of the GDPR and of the judgement of the Court of Justice of the European Union from July 2020 which annulled the EU- US Privacy Shield. We do not transfer personal data to international organisations.
1.8 Do we make use of automated decision-making, including profiling?
While processing your personal data no automated decision-making or profiling takes place i.e. the situation where your personal data would be processed automatically, without human interference, and the result of this automated processing would have legal effects for the subject of the personal data or would affect the subject significantly. During any handling of your personal data by us a person is present. If we wanted to make use of automated decision-making, we will inform you of our intentions.
1.9 What rights related to personal data you have and how can you utilize them?
It is our duty and a priority to ensure that all the data processing by our Company takes place properly and securely. Only authorised personnel have access to your personal data by a secured connection, and the moment your data will not be necessary, it will be erased.
We also guarantee the rights described below, which you can make us of in writing, by phone or by email at the contacts written above. We will attempt to respond promptly, and if it is possible grant you your request. All information and responses to you utilizing your rights are offered for free. Only in the case where we would consider your request clearly baseless or disproportionate, we can bill you a proportionate fee which considers the administrative costs related to the providing of the requested information. Also, if your requests to be provided with a copy of the processed personal data were repeated, we retain the right to bill you a proportional fee to cover administrative costs.
If you ask us for a statement or information about the adopted measures, we will provide them as soon as possible, at the latest within a month. We can extend this period only if it is necessary given the complexity and number of requests. We would always inform you of such extension and state its reason and length, which will not surpass two months.
- (a) Right to be informed about processing of your personal data and the right to access the data
- (b) Right to correct the data
If any pieces of your personal data that we process change (e.g. you change your place of residence or telephone number), you have the right to ask for the correction of these pieces of data. In addition, you have the right to correct incomplete personal data, even by means of providing a supplementary declaration.
- (c) Right to erasure (right to be forgotten)
You have the right to request that we erase your personal data. Your request will be submitted to individual assessment; despite your right to erasure we may have the obligation or a legitimate interest to keep your personal data, for example if it was related to bills that we have to keep for tax purposes. In any case you will be informed in detail about the decision related to your request. Data which are no longer necessary for their purpose are erased automatically, however you can always contact us with a request of erasure.
- (d) Right to restrict processing of personal data
You have the right to request that we restrict the processing of your personal data (that is, that they are not being used, while not completely erased at the same time), in the following cases:
(i) you contest the accuracy of personal data (processing will then be restricted for time necessary to verify their accuracy);
(ii) the processing is unlawful and you do not want the personal data to be erased;
(iii) we no longer need your personal data for the purposes of processing; however, you require them for the establishment, exercise or defence of your legal claims;
(iv) you objected to the processing and it is currently being verified whether your legitimate interests prevail over ours.
Even where processing has been restricted, such personal data may be processed by us in cases when is it needed for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons.
- (e) Right to data portability
If you ask us to transfer your data to a different data controller or company, we will hand over your personal data in a corresponding format to the entity of your choice, unless prevented by statutory or other significant barriers.
- (f) Right to object and automated individual decision-making
If you believe that we are conducting data processing in conflict with your right to privacy and a personal life, or in conflict with legislation, you can contact us and ask for an explanation or that the situation be rectified. If we were conducting automated decision-making or profiling, you could also object to this kind of processing.
- (g) Right to file a complaint with the Office for Personal Data Protection
If you will obtain the impression, that we are handling your personal data in conflict with our obligations, please contact the contact person listed at the beginning of the document. We believe that we can explain or resolve any irregularities. If you are not content with our reaction, you always have the right to contact with a statement or complaint related to personal data processing the oversight authority, which is the Office for Personal Data Protection (Úřad na ochranu osobních údajů), at Pplk. Sochora 27, 170 00 Praha 7, web site https://www.uoou.cz/en.