THE CONTROLLER’S RECORDS OF PERSONAL DATA PROCESSING ACTIVITIES
pursuant to Article 30 (1) of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation (hereinafter referred to as the “Regulation“), kept by ABM REAL a. s., with registered office at V Korytech 3234, 100 00 Prague 10, ID No.: 25709941, (hereinafter referred to as the “Controller”)
contact email address: info@abmreal.cz, telephone contact: 499433327
1. Contact details of the Data Protection Officer
The Data Protection Officer has not been appointed by the Controller.
2. Description of categories of data subjects, categories of personal data and purposes of processing
a) Customers of the Controller
Categories of personal data: identification and contact details of customers.
Purpose of processing of personal data: conclusion and performance of the contract between the customer and the Controller, performance of related legal obligations towards customers and public authorities.
Legal basis for processing personal data.
From whom the data is collected: the customers themselves.
Who has access to the data. In addition, an external accountant who works with this data only at the above address.
How data is protected: in a locked and electronically protected office at Lyžařská 123, Špindlerův Mlýn, only employees with a place of work at this address have access to the premises.
b) Staff of the Administrator
Categories of personal data: employees’ identification and contact details, bank account details, health insurance and social security details.
Purpose of the processing of personal data: conclusion and performance of the employer’s obligations under the employment contract and generally binding legal provisions.
Legal basis for the processing of personal data: performance of the contract and statutory obligations, e.g. registration and notification obligations to the competent authorities.
From whom the data is collected: the employees themselves.
Who has access to the data: Authorised employees according to the employment contract with the place of work at Lyžařská 123, Špindlerův Mlýn. In addition, an external accountant who works with the data only at the above address.
How data is protected: in a locked and electronically protected office at Lyžařská 123, Špindlerův Mlýn, only employees with a place of work at this address have access to the premises.
c) People entering the monitored premises of the Administrator
Category of personal data: image recordings without sound track.
Purpose of processing personal data.
Legal basis for the processing of personal data: the legitimate interest of the Controller (protection of property).
Who has access to the data: the manager of each building (operational), company management.
How the data is protected: on a computer in each building, access to the computer is secured by an access password.
3. A description of the categories of recipients to whom personal data have been or will be disclosed or transferred, including recipients from third countries or international organizations.
Personal data of subjects of all categories under point 2 may be provided to providers of delivery, legal and accounting services who cooperate with the Controller on the basis of a contract.
Personal data will not be disclosed to recipients from third countries or international organizations.
4. Information on the planned time limits for erasure of individual categories of personal data
The personal data of the subjects of all categories referred to in point 2 will always be deleted without undue delay after the expiration of the statutory period for which the Controller is obliged to keep such data. The personal data of employees will be erased after 40 years from the end of the employment relationship. The personal data of customers will be deleted after 10 years from the end of the performance under the contract concluded between the customer and the Controller or within 3 days from the withdrawal of consent to the processing of personal data, the processing of which the Controller has no other legal reason in accordance with the Regulation. Image recordings of the Controller’s monitored premises are deleted after no more than one month after their acquisition.
In Spindleruv Mlyn on 22 May 2018
Ing. Bohumil Španihel, CSc.
Statutory Director