This guideline is dedicated to the issue of personal data protection in connection with the general regulation for the protection of personal data of natural persons (GDPR – General Data Protection Regulation) – Regulation on the protection of personal data EU 2016/679 of 27 April 2016 (GDPR).
The LEVEL, s.r.o. (hereinafter the “Company”) expresses our commitment to protecting the personal data of our customers, suppliers and business partners. The rules set forth herein define how this commitment will be implemented and the company’s position in the role of the personal data controller. It is important to point out that we may amend this Privacy Policy from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here.
We understand the importance of protecting your privacy while processing your personal data. To this end, we have adopted policies and rules of conduct that meet or exceed existing legislation.
We emphasize cooperation with companies that uphold the applicable legislation and perform their activities in accordance with the Regulation of the European Parliament and the Council (EU) concerning personal data protection.
Our employees are bound by the company’s internal rules regarding the strict confidentiality of your data. The company provides employees with training about the rules and other obligations concerning data security and protection. Further, the company performs internal audits to assure the fulfilment of our obligations when working with personal data. Access to personal data by employees is strictly controlled so that employees view only such information necessary to perform their work. Employee access to data is limited perform their work.
When you visit our website, the personal data is collected and processed in accordance with the legal regulations valid in the Czech Republic. To optimize the system performance of our website we automatically collect and store information. This information typically consists of your IP address, type of browser and language settings, operating system, internet service provider (ISP) and the date and duration of your visit.
We use this information for the effective management of the website, to obtain information about website user behaviour, to analyze trends and collect demographic data about our users as a whole. This collected information may be used for marketing and promotional purposes and for communication).
The company’s website may include links to other websites. Should you choose to visit these other websites, you would be subject to rules of use of personal data and cookies in use by those other websites.
The organization’s website, e-mail messages, online services, advertising and interactive applications may use “cookies” to optimize service.
A “cookie” is a small file, usually consisting of letters and numbers, which we send to your browser’s cookie file on the hard drive of your computer. This allows us to identify the device of the given user. The main purpose of cookies is to allow our internet server to provide the user with the website to which the user is accustomed, to make the experience of visiting the company’s website more personal and to react better to the user’s individual needs.
The company uses two types of cookies on the website:
Personal data is collected and processed only with your express consent.
With regard to your personal data, we collect only that information which is reasonable and relevant for the given business purpose. This refers to personal data for the identification and communication with you and special categories of personal data which are needed for our business activity in accordance with the respective legal regulations.
Within the framework of our activity, we collect the following personal data of customers, business partners and suppliers as unique identifiers:
We collect personal data about employment applicants and employees in accordance with applicable legislation. This information includes:
The company does not process special categories of personal data including for example political views (if you are a politically exposed person pursuant to Section 4(5) of Act No. 253/2009 Coll., on selected measures against money laundering and financing of terrorism).
We work with your personal data:
Upon termination of the stipulated term for processing and storing personal data, your data will be safely deleted or destroyed, anonymized or transferred to the archive.
In the event that you consent for marketing purposes (incl. profiling for the purpose of offering suitable products and services), data is processed for the time necessary to meet such purpose.
The data we process is obtained primarily from the subjects of the personal data. However, we may also learn about you from other sources in order to confirm the information provided.
We process personal data, which is disclosed to us upon entering into a contract and during the term of the contract. In the case of establishing a new business relationship, we process your personal data disclosed by you when entering into a new contract.
If you are our employee or applicant for employment, the source of data may be referenced from former employers or references from internet sources, e.g. social networks such as LinkedIn or other job portals.
We may obtain your personal data and sensitive personal data for the purpose of fulfilling a contractual obligation to you.
We also process personal data legally obtained from a publicly-available information or in cooperation with government bodies and institutions (in the meaning of Act No. 253/2008 Coll., on selected measures against money laundering and financing of terrorism).
Personal data provided by a third party may be processed but only but only with your consent.
The company processes personal data only within the scope required to fulfil the respective business purpose. Personal data may be processed under one or more of the following circumstances:
If you are dealing with LEVEL, s.r.o. as a customer, business partner or supplier, we will ask you to provide personal data for the following purposes:
If you are an applicant for employment or a former or existing employee, your personal data is processed for the following purposes:
If none of the variant under Art. 4.1 are in question or if consent is required by other legal requirements, consent will be obtained from the owner of personal data before processing. When granting consent, we will provide you with the following information:
If processing is reasonably required to handle the request, then consent is assumed (e.g. visiting the website, using the applications of LEVEL, s.r.o., personal visits or attendance at social events).
Consent should be the voluntary, specific, informed and definite permission of the subjects of data to the processing of personal data relating to them, expressed in the form of a written statement (also electronically) or oral declaration.
The subject of data has the right to refuse or at any time revoke consent to the processing of personal data.
With the validity of the General Data Protection Regulation, the owners (subjects) of personal data have the right to:
The roles in which we can register your personal data and perform the definite identification of your person are:
Please note that in some cases your rights relating to personal data protection may result in the limitation of our activities with you as well as our contractual relationship.
To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01 Nachod, or at our electronic address gdpr@level.systems.
In order for us to fulfil the request, we will need proof, in written and/or electronic form, that you are the subject of the information requested. We may ask you to provide additional references for identification purposes.
If we obtain personal data for processing directly from you, we are obliged to inform you of the following:
If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.
The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.
This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.
As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:
Please be aware that any request to restrict the processing your personal data may limit our activities with you, and further, may prevent our ability to fulfil any contractual relationship with you.
As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.
You can correct your personal data by sending a request with your contact details.
You can exercise the right to deletion or right to be forgotten in cases where:
If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.
You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.
If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.
You have the right to raise an objection only in specific cases, namely as concerns:
As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.
We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.
In the case of providing information services to a minor, the child’s consent to the processing of their personal data is considered lawful if the child has reached at least the age of 16. The consent of a child less than 16 years of age must be approved by the legal guardian (person with parental responsibility for the child).
The foregoing does not apply to the general contractual right of member states, e.g. rules concerning the validity, conclusion or effects of contracts vis-à-vis children.
To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01 Nachod, or at our electronic address gdpr@level.systems.
If you are an individual associated with a supplier with whom we cooperate based on a contractual relationship, you might contact us to exercise your rights as set forth herein.
If we obtain personal data for processing directly from you, we are obliged to inform you of the following:
If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.
As our service supplier, you have the right to information and access to data which will be provided to you upon entering into the contract. In all and other cases, we will provide you with information within one month from when the data is processed occurs.
The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.
This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.
As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:
We would like to warn you that if you request the restriction of processing your personal data, this may result in the limitation of our activities towards you and our contractual relationship.
As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.
You can correct your personal data by sending a request with your contact details.
You can exercise the right to deletion or right to be forgotten in cases where:
If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.
You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.
If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment when your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.
You have the right to raise an objection only in specific cases, namely as concerns:
As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.
We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.
To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01 Nachod, or at our electronic address gdpr@level.systems.
If you are an independently gainful individual with whom we cooperate based on a contractual relationship, we are the controller of your personal data in such case and your rights can be applied to us.
If we obtain personal data for processing directly from you, we are obliged to inform you of the following:
If your personal data was not obtained directly from you, we are also obliged to provide you with information as to which category of affected personal data is in question, and the source from which the data was received.
As our employee, you have the right to information and access to data which will be provided to you at the moment of compiling the contract during the collection of personal data. Likewise, you will be provided with information after the correction, deletion or restriction of processing of your personal data. In all and other cases, we will provide you with information at latest within one month from when the fact occurs.
The owner of personal data has the right to obtain the personal data provided to us in a form in a common, machine-legible format. You, as the owner of personal data, also have the right to transfer these data to a different controller. The transfer of personal data is possible only for personal data obtained on the basis of consent or a contract, and which is processed automatically.
This right does not apply to data processed for the purpose of performing tasks in the public interest or when exercising public authority with which the controller is entrusted.
As the owner of the personal data, you have the right to restrict our processing of personal data in cases where:
Please be aware that any request to restrict the processing your personal data may limit our activities with you, and further, may prevent our ability to fulfil any contractual relationship with you.
As the subject of personal data, you have the right to the correction of inaccurate and outdated personal data relating to you.
You can correct your personal data by sending a request with your contact details.
You can exercise the right to deletion or right to be forgotten in cases where:
If you request the deletion of personal data, which we published or provided to third parties, then we will take the necessary steps to contact all the recipients of your personal data and notify them to delete all of the references.
You may request the right to deletion only after the passing of the stipulated term for determination, exercising or defence of legal claims.
If you as the data owner request it, we shall inform you about the recipients of your personal data at the moment when your personal data was disclosed to them. We shall also inform you of the corrections, deletions or restriction of processing of personal data relating to you.
You have the right to raise an objection only in specific cases, namely as concerns:
As the owner of personal data, you have the right not to be the subject of any decisions based exclusively on automated processing. This serves as protection against potentially negative decisions, which could be taken without human intervention.
We hereby confirm that according to the legal definitions, no automated decision-making including profiling is carried out at our company.
To learn more about the nature of information processed about you and/or to exercise any rights provided herein, you may submit a request at our address LEVEL, s.r.o., Plhovska 1997, 547 01 Nachod, or at our electronic address gdpr@level.systems.
The request can be accepted in the case of definite identification of the person.
We will process your request/complaint without undue delay and inform you of its handling within 30 days of receiving the request/complaint.
In some cases, the rights and obligations of LEVEL, s.r.o. may be superior to the rights of individuals, if under the given specific circumstances there is a justified interest that outweighs the interest of the individual (prevailing interest). The prevailing interest exists if it is necessary:
Within the framework of our activity, your personal data may be provided to:
Third parties are provided with personal data only as necessary to perform a business purpose.
LEVEL, s.r.o. cooperates only with processors who provide adequate guarantees of the implementation of suitable technical and organizational measures, so that the given processing meets the legal requirements and ensures the protection of rights of our clients and our employees.
This article sets forth additional rules for providing personal data to third parties located in countries where the provision of an adequate level of personal data protection is not expected (countries with inadequate status).
Personal data may be transferred to a third party that is located in a country with inadequate status only if:
In the scope permitted by law, the last three points above require consent from the management of LEVEL, s.r.o.
Internal audits of processes and procedures involving personal data processing are performed at our company in order to make sure that we are fulfilling our obligations as mandated by law and by our contract.