(+420) 491 44 66 11

sales@level.systems
Plhovska 1997

547 01 Nachod, Czech Republic
Plynarni 1617/10

170 00 Prague, Czech Republic

Privacy Policy (GDPR)

Privacy Policy (GDPR)

1.        Introduction                                            

This guideline is dedicated to the issue of personal data protection in connection with the general regulation for the protection of personal data of natural persons (GDPR – General Data Protection Regulation) – Regulation on the protection of personal data EU 2016/679 of 27 April 2016 (GDPR).

The LEVEL, s.r.o. (hereinafter the “Company”) expresses our commitment to protecting the personal data of our customers, suppliers and business partners. The rules set forth herein define how this commitment will be implemented and the company’s position in the role of the personal data controller. It is important to point out that we may amend this Privacy Policy from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here.

    2.        Principles and rules of personal data protection

We understand the importance of protecting your privacy while processing your personal data. To this end, we have adopted policies and rules of conduct that meet or exceed existing legislation.

We emphasize cooperation with companies that uphold the applicable legislation and perform their activities in accordance with the Regulation of the European Parliament and the Council (EU) concerning personal data protection.

Our employees are bound by the company’s internal rules regarding the strict confidentiality of your data. The company provides employees with training about the rules and other obligations concerning data security and protection. Further, the company performs internal audits to assure the fulfilment of our obligations when working with personal data. Access to personal data by employees is strictly controlled so that employees view only such information necessary to perform their work. Employee access to data is limited perform their work.

When you visit our website, the personal data is collected and processed in accordance with the legal regulations valid in the Czech Republic. To optimize the system performance of our website we automatically collect and store information. This information typically consists of your IP address, type of browser and language settings, operating system, internet service provider (ISP) and the date and duration of your visit.

We use this information for the effective management of the website, to obtain information about website user behaviour, to analyze trends and collect demographic data about our users as a whole. This collected information may be used for marketing and promotional purposes and for communication).

The company’s website may include links to other websites. Should you choose to visit these other websites, you would be subject to rules of use of personal data and cookies in use by those other websites.

                  2.1.        Cookies and their use

The organization’s website, e-mail messages, online services, advertising and interactive applications may use “cookies” to optimize service.

A “cookie” is a small file, usually consisting of letters and numbers, which we send to your browser’s cookie file on the hard drive of your computer. This allows us to identify the device of the given user. The main purpose of cookies is to allow our internet server to provide the user with the website to which the user is accustomed, to make the experience of visiting the company’s website more personal and to react better to the user’s individual needs.

The company uses two types of cookies on the website:

  • Session cookies – these are temporary cookies which are saved in the cookie file of your browser until the moment you stop working with the browser. These cookies are mandatory for the proper functioning of certain applications or functions on these pages.
  • Permanent cookies – permanent cookies may be used for easier and more convenient orientation on the website by users (e.g. faster and easier navigation). These cookies remain in the cookie file of your browser for a longer time, depending on your chosen internet browser settings. Permanent cookies allow the transfer of information to the internet server during every visit to the website. Permanent cookies are also known as tracking cookies.

Personal data is collected and processed only with your express consent.

    3.        Categories and scope of processed data

With regard to your personal data, we collect only that information which is reasonable and relevant for the given business purpose. This refers to personal data for the identification and communication with you and special categories of personal data which are needed for our business activity in accordance with the respective legal regulations.

                  3.1.        Categories of personal data

Within the framework of our activity, we collect the following personal data of customers, business partners and suppliers as unique identifiers:

  • Your name
  • Your company’s name
  • Your address
  • Your e-mail address
  • Your telephone number
  • Your bank account number
  • Your company ID / tax ID / VAT number
  • Your IP address
  • Location data – the location of business trips and spending company funds (costs of fuel consumption)

We collect personal data about employment applicants and employees in accordance with applicable legislation. This information includes:

  • Your name
  • Your address
  • Your e-mail address
  • Your telephone number
  • Your gender
  • Your bank account number
  • Your date of birth
  • Your ID document number
  • Your IP address
  • Location data – the location of business trips and spending company funds (costs of fuel consumption)

                  3.2.        Special categories of personal data

The company does not process special categories of personal data including for example political views (if you are a politically exposed person pursuant to Section 4(5) of Act No. 253/2009 Coll., on selected measures against money laundering and financing of terrorism).

                  3.3.        Term of processing

We work with your personal data:

  • For the period necessary to fulfil the respective business purpose.
  • For the period necessary to fulfil legal regulations (i.e. minimally for the term pursuant to the Archiving Act).
  • To determine, exercise or defend legal claims.

Upon termination of the stipulated term for processing and storing personal data, your data will be safely deleted or destroyed, anonymized or transferred to the archive.

In the event that you consent for marketing purposes (incl. profiling for the purpose of offering suitable products and services), data is processed for the time necessary to meet such purpose.

                  3.4.        Data source

The data we process is obtained primarily from the subjects of the personal data. However, we may also learn about you from other sources in order to confirm the information provided.

We process personal data, which is disclosed to us upon entering into a contract and during the term of the contract. In the case of establishing a new business relationship, we process your personal data disclosed by you when entering into a new contract.

If you are our employee or applicant for employment, the source of data may be referenced from former employers or references from internet sources, e.g. social networks such as LinkedIn or other job portals.

We may obtain your personal data and sensitive personal data for the purpose of fulfilling a contractual obligation to you.

We also process personal data legally obtained from a publicly-available information or in cooperation with government bodies and institutions (in the meaning of Act No. 253/2008 Coll., on selected measures against money laundering and financing of terrorism).

Personal data provided by a third party may be processed but only but only with your consent.

    4.        Purposes of processing personal data

The company processes personal data only within the scope required to fulfil the respective business purpose. Personal data may be processed under one or more of the following circumstances:

                  4.1.        Legitimate purposes of processing

If you are dealing with LEVEL, s.r.o. as a customer, business partner or supplier, we will ask you to provide personal data for the following purposes:

  • Entering into, managing and performing contracts.
  • Managing customer relations, providing (online) services and contacts.
  • Improving services.
  • Marketing and customer analytics/processes.
  • Detection, prevention, in accordance with the AML act (anti-money laundering).
  • Scientific and statistical analysis.
  • Fulfilment of legal and regulatory obligations.

If you are an applicant for employment or a former or existing employee, your personal data is processed for the following purposes:

  • Satisfying an employment contract, meeting contractual obligations and/or for human resources management.
  • Internal management including evaluation of an organization or corporate culture.
  • Employee health and satisfaction.
  • Fraud detection and prevention.
  • Fulfilment of legal and regulatory obligations.
  • Protection of the vital interests of the employees.
  • Analysis of employee profiles.
  • Hiring and filling of job openings, incl. former employees and applicants for employment.

                  4.2.        Consent

If none of the variant under Art. 4.1 are in question or if consent is required by other legal requirements, consent will be obtained from the owner of personal data before processing. When granting consent, we will provide you with the following information:

  • Purpose of processing for which consent is requested.
  • Our contact data as the controller of personal data.
  • Your rights in relation to personal data processing.

If processing is reasonably required to handle the request, then consent is assumed (e.g. visiting the website, using the applications of LEVEL, s.r.o., personal visits or attendance at social events).

Consent should be the voluntary, specific, informed and definite permission of the subjects of data to the processing of personal data relating to them, expressed in the form of a written statement (also electronically) or oral declaration.

The subject of data has the right to refuse or at any time revoke consent to the processing of personal data.

    5.        Rights of data owners

With the validity of the General Data Protection Regulation, the owners (subjects) of personal data have the right to:

  • Information and access to personal data.
  • Transferability of data.
  • Restriction of processing.
  • Correction and deletion of personal data.
  • Information concerning correction or deletion of personal data or processing restriction.
  • Raise an objection.
  • Exemption from automated decision-making based on the data you provide.

The roles in which we can register your personal data and perform the definite identification of your person are:

  • You are our client – buyer, a person interested in buying, debtor.
  • You are our business partner – trade intermediary.
  • You are a partner’s customer – a customer of our partner.
  • You are our supplier – provider of services and technical support, sub-processor.
  • You are our employee – existing and former employee or applicant for employment.

Please note that in some cases your rights relating to personal data protection may result in the limitation of our activities with you as well as our contractual relationship.

                  5.1.        Application of client and business partner rights

To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01  Nachod, or at our electronic address gdpr@level.systems.

In order for us to fulfil the request, we will need proof, in written and/or electronic form, that you are the subject of the information requested. We may ask you to provide additional references for identification purposes.

                                 5.1.1.        Information and access to personal data

If we obtain personal data for processing directly from you, we are obliged to inform you of the following:

  • Identity and contact data of the company LEVEL, s.r.o.
  • Purposes of processing for which the personal data is obtained, and legal grounds for processing.
  • Justified interests of the controller or third party, if these interests are superior to the interests and rights of the subject of data.
  • Potential recipients of personal data and intent to provide your personal data to a third country or international organization.
  • A period for which the data will be used or stored.
  • List of your rights including your right to file a complaint.
  • Whether our ability to process the personal data is based on a law and/or your consent.
  • The fact that automated decision-making, including profiling, occurs.

If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.

                                 5.1.2.        Transferability

The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.

This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.

                                 5.1.3.        Restriction of processing

As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:

  • You deny the accuracy of the personal data.
  • You suspect the illegal processing of personal data, but refuse the deletion of this personal data and instead request the restriction of its use.
  • We no longer need your personal data for the purposes of processing, but you as the subject of data require the data to determine, exercise or defend your legal claims.
  • You raise an objection to processing – processing will be restricted for the period required to verify whether the controller’s justified reasons outweigh the justified reasons of the subject of data.

Please be aware that any request to restrict the processing your personal data may limit our activities with you, and further, may prevent our ability to fulfil any contractual relationship with you.

                                 5.1.4.        Correction and deletion of personal data

As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.

You can correct your personal data by sending a request with your contact details.

You can exercise the right to deletion or right to be forgotten in cases where:

  • Your personal data is no longer required for the purpose for which they were collected and processed.
  • You revoke the consent based on which we process the data, and there are no further legal grounds for processing.
  • Your personal data is processed illegally.
  • The personal data was collected under the condition of granting a child’s consent.

If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.

You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.

                                 5.1.5.        Information concerning correction or deletion of personal data or processing restriction

If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.

                                 5.1.6.        Right to objection

You have the right to raise an objection only in specific cases, namely as concerns:

  • The processing of personal data which is necessary to fulfil tasks performed in the public interest or when exercising public power or for the purposes of our justified interests and the interests of third parties (incl. profiling).
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. If our reasons do not outweigh your interests and rights, or if it is not the reason for determining, exercising and defending legal claims, the processing of personal data will be interrupted.
  • Processing for the purposes of direct marketing (incl. profiling).
    • If you raise an objection and do not want your data to be processed for this purpose, it is not necessary to state the reasons for termination. After receiving the objection, we will cease using your data for this purpose. However, if we also process the respective data for a different purpose based on other legal grounds, such processing will not be affected by the objection.
  • Processing for the purpose of scientific and historical research or statistical purposes.
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. The right can be applied only if it does not concern processing in order to perform a task carried out in public interest.
                                 5.1.7.        Exemption from automated decision-making including profiling

As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.

We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.

                                 5.1.8.        Children – application of minors’ rights and representation

In the case of providing information services to a minor, the child’s consent to the processing of their personal data is considered lawful if the child has reached at least the age of 16. The consent of a child less than 16 years of age must be approved by the legal guardian (person with parental responsibility for the child).

The foregoing does not apply to the general contractual right of member states, e.g. rules concerning the validity, conclusion or effects of contracts vis-à-vis children.

                  5.2.        Application of supplier rights

To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01  Nachod, or at our electronic address gdpr@level.systems.

If you are an individual associated with a supplier with whom we cooperate based on a contractual relationship, you might contact us to exercise your rights as set forth herein.

                                 5.2.1.        Information and access to personal data

If we obtain personal data for processing directly from you, we are obliged to inform you of the following:

  • Identity and contact data of the company LEVEL, s.r.o.
  • Purposes of processing for which the personal data is obtained, and legal grounds for processing.
  • Justified interests of the controller or third party, if these interests are superior to the interests and rights of the subject of data.
  • Potential recipients of personal data and intent to provide your personal data to a third country or international organization.
  • A period for which the data will be used or stored.
  • List of your rights including your right to file a complaint.
  • Whether our ability to process the personal data is based on a law and/or your consent.
  • The fact that automated decision-making, including profiling, occurs.

If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.

As our service supplier, you have the right to information and access to data which will be provided to you upon entering into the contract. In all and other cases, we will provide you with information within one month from when the data is processed occurs.

                                 5.2.2.        Transferability

The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.

This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.

                                 5.2.3.        Restriction of processing

As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:

  • You deny the accuracy of the personal data.
  • You suspect the illegal processing of personal data, but refuse the deletion of these personal data and instead request the restriction of their use.
  • We no longer need your personal data for the purposes of processing, but you as the subject of data require them to determine, exercise or defend your legal claims.
  • You raise an objection to processing – processing will be restricted for the period required to verify whether the controller’s justified reasons outweigh the justified reasons of the subject of data.

We would like to warn you that if you request the restriction of processing your personal data, this may result in the limitation of our activities towards you and our contractual relationship.

                                 5.2.4.        Correction and deletion of personal data

As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.

You can correct your personal data by sending a request with your contact details.

You can exercise the right to deletion or right to be forgotten in cases where:

  • Your personal data is no longer required for the purpose for which they were collected and processed.
  • You revoke the consent based on which we process the data, and there are no further legal grounds for processing.
  • Your personal data is processed illegally.
  • The personal data was collected under the condition of granting a child’s consent.

If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.

You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.

                                 5.2.5.        Information concerning correction or deletion of personal data or processing restriction

If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment when your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.

                                 5.2.6.        Right to objection

You have the right to raise an objection only in specific cases, namely as concerns:

  • The processing of personal data which is necessary to fulfil tasks performed in public interest or when exercising public power or for the purposes of our justified interests and the interests of third parties (incl. profiling).
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. If our reasons do not outweigh your interests and rights, or if it is not the reason for determining, exercising and defending legal claims, the processing of personal data will be interrupted.
  • Processing for the purposes of direct marketing (incl. profiling).
    • If you raise an objection and do not want your data to be processed for this purpose, it is not necessary to state the reasons for termination. After receiving the objection, we will cease using your data for this purpose. However, if we also process the respective data for a different purpose based on other legal grounds, such processing will not be affected by the objection.
  • Processing for the purpose of scientific and historical research or statistical purposes.
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. The right can be applied only if it does not concern processing in order to perform a task carried out in public interest.
                                 5.2.7.        Exemption from automated decision-making including profiling

As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.

We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.

                  5.3.        Application of rights of employees and applicants for employment

To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01  Nachod, or at our electronic address gdpr@level.systems.

If you are an independently gainful individual with whom we cooperate based on a contractual relationship, we are the controller of your personal data in such case and your rights can be applied to us.

                                 5.3.1.        Information and access to personal data

If we obtain personal data for processing directly from you, we are obliged to inform you of the following:

  • Identity and contact data of the company LEVEL, s.r.o.
  • Purposes of processing for which the personal data is obtained, and legal grounds for processing.
  • Justified interests of the controller or third party, if these interests are superior to the interests and rights of the subject of data.
  • Potential recipients of personal data and intent to provide your personal data to a third country or international organization.
  • A period for which the data will be used or stored.
  • List of your rights including your right to file a complaint.
  • Whether our ability to process the personal data is based on a law and/or your consent.
  • The fact that automated decision-making, including profiling, occurs.

If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.

As our employee, you have the right to information and access to data which will be provided to you at the moment of compiling the contract during the collection of personal data. Likewise, you will be provided with information after the correction, deletion or restriction of processing of your personal data. In all and other cases, we will provide you with information at latest within one month from when the fact occurs.

                                 5.3.2.        Transferability

The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.

This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.

                                 5.3.3.        Restriction of processing

As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:

  • You deny the accuracy of the personal data.
  • You suspect the illegal processing of personal data, but refuse the deletion of this personal data and instead request the restriction of its use.
  • We no longer need your personal data for the purposes of processing, but you as the subject of data require the data to determine, exercise or defend your legal claims.
  • You raise an objection to processing – processing will be restricted for the period required to verify whether the controller’s justified reasons outweigh the justified reasons of the subject of data.

Please be aware that any request to restrict the processing your personal data may limit our activities with you, and further, may prevent our ability to fulfil any contractual relationship with you.

                                 5.3.4.        Correction and deletion of personal data

As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.

You can correct your personal data by sending a request with your contact details.

You can exercise the right to deletion or right to be forgotten in cases where:

  • Your personal data is no longer required for the purpose for which they were collected and processed.
  • You revoke the consent based on which we process the data, and there are no further legal grounds for processing.
  • Your personal data is processed illegally.
  • The personal data was collected under the condition of granting a child’s consent.

If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.

You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.

                                 5.3.5.        Information concerning correction or deletion of personal data or processing restriction

If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment when your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.

                                 5.3.6.        Right to objection

You have the right to raise an objection only in specific cases, namely as concerns:

  • The processing of personal data which is necessary to fulfil tasks performed in the public interest or when exercising public power or for the purposes of our justified interests and the interests of third parties (incl. profiling).
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. If our reasons do not outweigh your interests and rights, or if it is not the reason for determining, exercising and defending legal claims, the processing of personal data will be interrupted.
  • Processing for the purposes of direct marketing (incl. profiling).
    • If you raise an objection and do not want your data to be processed for this purpose, it is not necessary to state the reasons for termination. After receiving the objection, we will cease using your data for this purpose. However, if we also process the respective data for a different purpose based on other legal grounds, such processing will not be affected by the objection.
  • Processing for the purpose of scientific and historical research or statistical purposes.
    • If you raise an objection with relevant reasons, we will inform you of the reasons for processing. The right can be applied only if it does not concern processing in order to perform a task carried out in public interest.
                                 5.3.7.        Exemption from automated decision-making including profiling

As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.

We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.

                  5.4.        Controller’s contact data

To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01  Nachod, or at our electronic address gdpr@level.systems.

The request can be accepted in the case of definite identification of the person.

We will process your request/complaint without undue delay and inform you of its handling within 30 days of receiving the request/complaint.

    6.        Prevailing/superior interest

In some cases, the rights and obligations of LEVEL, s.r.o. may be superior to the rights of individuals, if under the given specific circumstances there is a justified interest that outweighs the interest of the individual (prevailing interest). The prevailing interest exists if it is necessary:

  • To protect the justified business interests of LEVEL, s.r.o., including:
    • Health or safety of individuals.
    • Intellectual property rights, business secrets or the company’s reputation.
    • Continuity of business operations.
    • Preserving confidentiality during the proposed sale, merger or acquisition of an enterprise.
    • Involvement of trustworthy advisors or consultants for business, legal, tax or insurance purposes.
  • Preventing or investigating violations of the law, be it actual or assumed, based on justified suspicion (including cooperation with law enforcement, e.g. the Czech Police), contracts or principles of our company.
  • Otherwise protecting or defending the rights of LEVEL, s.r.o., its employees or other parties.

    7.        Transfer of personal data to third parties

Within the framework of our activity, your personal data may be provided to:

  • Entities stipulated by law, e.g. courts, the Czech National Bank, executors or insolvency administrators.
  • Other entities for the protection of rights (e.g. courts, contractual physicians, investigators, court commissioners, etc.).
  • Processors who guarantee the securing of personal data protection.
  • With your consent, to other members of the LEVEL, s.r.o. group and cooperating business partners.

Third parties are provided with personal data only as necessary to perform a business purpose.

LEVEL, s.r.o. cooperates only with processors who provide adequate guarantees of the implementation of suitable technical and organizational measures, so that the given processing meets the legal requirements and ensures the protection of rights of our clients and our employees.

    8.        List of entities that may come into contact with your contact data

                  8.1.        Controller

  • LEVEL, s.r.o., Plhovska 1997, 547 01 Nachod (company ID No.: 47469374)

                  8.2.        Processors

  • Business intermediaries authorized to process LEVEL, s.r.o. Products and Services.
  • Public authorities and courts (in particular when performing our legal obligations).
  • Auditors or other independent parties ensuring the performance of legal obligations.
  • Providers or operators of information technologies.
  • Providers of services needed to perform our activities (administrative activity, archiving, legal consultancy, receivables management, etc.).
  • Providers of health services (when investigating insured claims).

    9.        Rules for transfer of data outside the European Union

This article sets forth additional rules for providing personal data to third parties located in countries where the provision of an adequate level of personal data protection is not expected (countries with inadequate status).

Personal data may be transferred to a third party that is located in a country with inadequate status only if:

  • LEVEL, s.r.o. and the respective third party have agreed as set forth in a contract which provides guarantees that the third party will maintain a similar level of protection as that stipulated by our company.
  • The third party was certified according to a code of conduct or certification program, which is recognized under the relevant law to provide an “adequate” level of data protection.
  • The third party has introduced binding corporate rules or a similar control mechanism for the transfer of personal data, which provides the necessary guarantees according to the relevant law
  • A transfer is necessary in order to enter into or perform a contract executed in the interest of the individual between LEVEL, s.r.o. and the third party.
  • A transfer is necessary to perform the contract with the customer, supplier or business partner, or based on a request from the customer, supplier or business partner before entering into the contract.
  • A transfer is necessary to protect the vital interests of the individual.
  • A transfer is necessary to determine, exercise or defend legal claims.
  • A transfer is necessary to satisfy legal obligations to government agencies.
  • A transfer is required by any law to which LEVEL, s.r.o. is subject.

In the scope permitted by law, the last three points above require consent from the management of LEVEL, s.r.o.

10.        Monitoring and fulfilment of legal standards

Internal audits of processes and procedures involving personal data processing are performed at our company in order to make sure that we are fulfilling our obligations as mandated by law and by our contract.