1.1. The purpose of this document is to summarize main information on the principles of personal data processing, adopted and followed by Mivardi s.r.o. in order to ensure compliance with EU Regulation 2016/679 (hereinafter referred to as the “GDPR”).
1.2. Our company has taken any necessary action to enhance safety and confidentiality of the processed data and to meet all the statutory requirements under the Czech laws.
2.1. FLASH BARRANDOV Special Effects Ltd with its registered office at Kříženeckého nám 322, 152 00 Praha 5, company identification No.: 49618571, incorporated in the Companies Register kept by the Court in Prague, Section C, Insert 24102, is in the position of personal data controller toward visitors to www.flash-sfx.cz, customers, clients, employees and selected contractual partners.
2.2. Under the GDPR, our company processes the personal data in accordance with the following principles:
a) Lawfulness, fairness and transparency – We only process the data in case there is a legitimate reason (e.g. statutory obligation, contract performance, protection of our interests, third-party interest protection, or a consent granted by the data subject). The data are processed in a transparent method and data subjects are informed about the way their personal data are treated, who has access to them and what are the data subjects’ rights.
b) Limitation of purpose – We collect personal data only for specific, express and legitimate purposes (see above).
c) Minimization of data – We only process personal data in the scope necessary for the given purpose.
d) Accuracy – We only process current personal data, which reflect the real state of affairs.
e) Limitation of archiving – We only archive personal data for the necessary period under the law.
f) Integrity and confidentiality – We have adopted adequate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration or unauthorized provision or disclosure of transmitted, stored or otherwise processed personal data.
g) Liability – We are able to demonstrate the compliance under clauses a) to g) at any time.
2.3. Most of the personal data are processed for the purpose of meeting statutory obligations and fulfillment of contracts with our clients. These are in particular personal data needed for the conclusion and performance of a contract, i.e. identification and contact details (title, name, surname, address, date of birth or national identifier, business name, name, registered office, place of business, identification number, e-mail address, bank account).
2.4. The data subject is duly informed of the personal data processing principles during the process of contract conclusion and acknowledges that the controller is entitled to make personal data available to other processors or, as the case may be, to controllers, in accordance with applicable law.
2.5. In the case of processing for purposes other than meeting the statutory obligations, we shall need an express, free, concrete and informed consent of the data subject. This may particularly include personal data processing for marketing purposes; the client shall be informed of the scope of processing in each individual case. The provision of such consent is entirely voluntary and it may be revoked at any time. The data subject may exercise any rights described in the consent.
3.1. The company has adopted the necessary measures to ensure the safety of the personal data processed both in the printed and the electronic form. Such measures in particular include setting rules for working with information systems, ensuring that automated data processing systems are used only by authorized persons, that such persons have access only to personal data corresponding to the authorization of such persons, making electronic records to determine and verify when and for what reason the personal data were recorded or otherwise processed, and preventing unauthorized access to data carriers, in particular through setting passwords, access rights, encryption, drawing up documentation on adopted technical and organizational measures, enhancing the security of lock installations, etc.
3.2. All employees and persons with access to personal data have been properly trained and informed of the principles of safety and confidentiality related to personal data treatment.
4.2. Similarly, the end device in a workplace may be set by the employer, and the employee shall be deemed to agree therewith, even though he/she may wish a different setting for cookies.
4.3. Cookies necessary for the operation of websites and Internet services are not subject to a consent.
4.4. Under the GDPR, the treatment of data obtained through cookies is deemed the processing of personal data.
5.1. The personal data are only transferred to third parties in cases stipulated by law (mandatory reporting to public administration bodies) or in the necessary extent to selected suppliers who render certain services for clients on our behalf. We have clear contractual relations with such persons and all suppliers meet the rules for the personal data processing in the scope and under the conditions required by the GDPR.
5.2. The personal data are only transferred abroad to selected suppliers in the clearly defined scope for the purpose of rendering services to our clients; all affected persons are always informed of such transfer.
6.1. We have adopted a system for reporting security incidents. In the event of a data breach, we proceed in accordance with the GDPR to minimize potential damage and in defined cases report to the Office for Personal Data Protection (www.uoou.cz).
7.1. If you believe our processing of personal data contradicts the protection of privacy or the law, in particular if the personal data are inaccurate with respect to the processing purpose, you may lodge a complaint or demand explanation. In such cases please get in touch with us by phone at: 267073183 or by e-mail at: firstname.lastname@example.org.