Information about the processing of personal data
Dear Customers,
we appreciate your confidence and assure you that we manage personal data protection with responsibility and in their processing we are governed by legal regulations, primarily by Regulation No. 2016/679 of the European Parliament and of the Council (EU) on the protection of individuals in connection with personal data processing, as effective from 25 May 2018 (hereinafter referred to as the “Regulation”), and by Act No. 101/2000 Coll., on the Protection of Personal Data, as amended. Hereafter you will find an information as to which personal data are gained when visiting and using services through the website NB2B www.b2b.k-b.cz, www.b2b.k-b.sk, for what purpose these data are used and what are other conditions for their processing.
This information does not relate to personal data of legal entities, including name, legal form and contact data of the legal entity.
This information is published on our website www.kappenberger-braun.cz, www.k-b.sk, so that you may consult it anytime in the future.
Identity and contact details of the administrator
The Controller of your personal data is the company K+B Progres, a.s., with the registered office U Expertu 91, 250 69 Klíčany, Identification No.: 63993503, Tax Identification No.: CZ63993503 (hereinafter referred to as the “Controller”), operating within the territory of the Slovak Republic through its branch K+B Progres, a.s. organizačná zložka, with the registered office Mlynské nivy 71, 821 05 Bratislava, Identification No.: 50712501, Tax Identification No.: SK4120069492 (hereinafter referred to as the “Branch”). The Controller is simultaneously an operator of the B2B websites www.b2b.k-b.cz and www.b2b.k-b.sk, (hereinafter referred to as the “web B2B”).
The Controller informs that it has not appointed a Personal Data Officer.
Purpose and scope of processing
The Controller is processing your personal data as data of its business partner or customer (hereinafter referred to as the “Business Partner”) for the purpose of wholesale of goods performed through the website B2B and delivery of the purchased goods, namely in the following extent: name, surname, business company, Identification No., Tax Identification No, invoice data (street, city, Postal Code), delivery address (business company, street, city and Postal Code) and a contact person (name, surname, email, telephone) IP address, logging name to the web B2B and password.
The condition for granting access to the web B2B is establishment of the contractual relationship between the Controller (or through the branch, as applicable) and the business partner. Personal data displayed on the web B2B are transmitted from the Controller´s information system. In case of termination of the contractual relationship the personal data transmission to the web B2B is terminated and thus made impossible login of the particular partner.
Upon login of the business partner to web B2B through login and password the IP address of the logged business partner is registered.
For sending commercial communications to business partners, the Controller is processing their email address (in case of sending email commercial communications) and name, surname and address (in case of sending paper commercial communications).
The Controller is processing your personal data both in automated form in information systems and manually through their employees, or employees of recipients (for recipients see below).
The Controller does not apply automated individual deciding within the meaning of Article 22 of the Regulation.
The Controller, in the position of a processor, is also processing your personal data in the extent name, telephone contact, address, or a contact person, if applicable, necessary for mediation of communication between you and other business partners in the position of controllers for the purpose of performing business and marketing events organized by them. Further information is available with individual business partners who realize the business and marketing events at issue.
Legal basis
The legal basis for processing of your personal data by the Controller is the fact that such processing is necessary for:
-
- performance of the agreement concluded between you (as a business partner) and the Controller within the meaning of Article 6(1) b) of the Regulation;
- fulfilment of the legal obligations applicable for the Controller within the meaning of Article 6(1) c) of the Regulation and following from generally binding regulations (in particular from the Civil Code or no more applicable Commercial Code, from the Act on Value Added Tax and from the Act on Accounting etc.);
- a legitimate interest of the Controller within the meaning of Article 6(1) f) of the Regulation, more precisely consisting in support of the Controller´s business activity, in particular by sending the Controller´s electronic or paper business communications to its business partners, while such distribution may be objected (for more information see the chapter “Objection to direct marketing”).
Resources of personal data
Personal data processed by the Controller about you are coming from the following resources:
- you have provided yourself the data to the Controller, in particular in connection with concluding an agreement;
- the data come from compatible public resources, lists and registers, such as Commercial Register, Trade Register or Insolvency Register.
Retention period
Your personal data are processed during the term of your contractual relationship with the Controller, afterwards until the moment of warranty period expiration and further for the period necessary for the purposes of archiving according to generally binding legal regulations, but not exceeding the period provided by generally binding legal regulations.
Your personal data shall also be processed during the period of litigations, if any, and during the period within which claims may be made by you against the Controller or by the Controller against you.
Recipients of personal data
In order to execute your order on the web B2B the Controller transfers your personal data to the following recipients:
- logistics and delivery companies
- providers of IT solutions
Transfer of your personal data to contractual partners of the Controller is made on the basis of the concluded agreement on personal data processing.
In so far as necessary for fulfilment of the Controller´s legal obligation, the Controller may further provide your personal data to financial administration authorities or another public authority in cases where the Controller is obliged thereto by generally binding regulations.
Personal data of business partners are not published or transmitted to third countries (to countries outside the EU) or to international organizations.
Instructions about rights
You are not obliged to provide your personal data to the Controller. However, provision of personal data is a necessary requirement for concluding an agreement with the Controller and for its performance, so that it is not possible to conclude the agreement or perform it by the Controller without provision of personal data.
As regards your personal data, you have the following rights vis-à-vis the Controller:
- 1. Right of access
You may ask the Controller for access to personal data it is processing about you.
The Controller shall provide information on personal data administration to the data subject on the basis of a written request. Provision of the information is free of charge, unless it is demonstrated that the request is unjustified or inappropriate or that it is of repeated nature. In such case the Controller is entitled to require an adequate administrative fee or refuse such request. In doubts connected with identity of a natural person the Controller has the right to require provision of additional information which shall result in additional confirmation of the natural person´s identity.
The Controller shall provide the necessary information in concise, transparent, understandable and easily available form, formulated clearly and simply, no later than within 30 days from delivery of the request. Information shall be always provided in such form in which it was asked for (electronically by email or in paper form).
- 2. Right to rectification
You may ask the Controller for a rectification of inaccurate or incomplete personal data it is processing about you.
- 3. Right to erasure
You may ask the Controller to erase your personal data in case there arises any of the following situations:
- 1. personal data are no more necessary for the purposes for which they were collected or otherwise processed;
- 2. you have withdrawn your consent on the basis of which your personal data were processed and there does not exist any other legal reason for their processing;
- 3. you have raised an objection to be subject to a decision based on automated processing of your personal data and there do not exist any prevailing legitimate reasons for such processing or you have raised objections to processing of your personal data for the purposes of direct marketing;
- 4. your personal data were processed unlawfully;
- 5. your personal data must be erased in order to fulfil legal obligations provided by the law of the European Union law or the law of the member state which is applicable for us as a Controller;
- 6. your personal data were collected in connection with an offer of information society services.
- 4. Right to restrict processing
You may ask the Controller to restrict processing of your personal data, in case there arise any of the following situations:
- 1. you have denied the accuracy of your personal data, namely for the period needed for verification of accuracy of the personal data by the Controller;
- 2. processing of your personal data is unlawful but you refuse erasure of these data and instead you require restriction of their using;
- 3. the Controller does not need the personal data for processing purposes any more but you require them in order to specify, perform or defend legal claims;
- 4. you have objected to processing of your personal data according to Article 21(1) of the Regulation unless it is verified that the Controller´s legitimate reasons prevail over your legitimate reasons.
- 5. Right to data portability
In cases of processing personal data based on a consent or agreement processed automatically you have the right to acquire the personal data related to you and provided by you to the Controller, and the right to transfer these data to another controller, namely in a structured, normally used and machine-readable form provided that this right shall not adversely affect rights and liberties of other persons.
- 6. Right to withdrawal of consent
If the processing of your personal data is based on a consent, you have anytime the right to withdraw your consent to processing of your personal data for the purpose for which you have given such consent to the Controller, to be effective in the future.
- 7. Right to object processing
You may anytime raise objection against processing of your personal data by the Controller, carried out on the basis of a legitimate interest of the Controller and for the purposes of direct marketing performed on the basis of the Controller´s legitimate interest. You may find more information on the right to object in individual cases of your personal data processing in the chapter “Objection to direct marketing”.
- 8. Right to be informed
You have the right to be informed by the Controller in case of an infringement of your personal data security, where it is probable that this case will result in a high risk for rights and liberties of natural persons, including you.
- 9. Right in relation to automated processing
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or which affects you significantly in a similar way.
- 10. Right to complaint
Should you believe that the Regulation was infringed or has been infringed by processing of your personal data, you have the right to lodge a complaint with the supervisory body which is in the Czech Republic The Office for Personal Data Protection with the registered office Pplk. Sochora 27, 170 00 Praha 7, website: www.uoou.cz.
For the purpose of enforcement of your rights in accordance with the Regulation or in case of any questions or complaints you may contact the Controller by email oou@kbprogres.cz or in written at the address:
– in cases of processing your personal data in relation to the Czech Republic: K+B Progres, a.s., U Expertu 91, Klíčany 250 69, Czech Republic;
– in cases of processing your personal data in relation to the Slovak Republic: K+B Progres, a.s., organizačná zložka, Mlynské Nivy 71, Bratislava 821 05, Slovak Republic.
The Controller shall investigate each complaint and shall inform the complainant about the result of the investigation within 30 days from delivery of the complaint. Should settlement of the complaint require a longer period, the complainant shall be informed of prolongation of the period of settlement of the complaint.
Objection to direct marketing
Anytime, you have the right to raise free of charge an objection with the Controller to your personal data processing for the purpose of direct marketing which is performed without your consent, by email to email address oou@kbprogres.cz or in written to the address:
– in case of processing of your personal data in relation to the Czech Republic: K+B Progres, a.s., U Expertu 91, Klíčany 250 69, Czech Republic;
– in case of processing of your personal data in relation to the Slovak Republic: K+B Progres, a.s., Branch Office, Mlynské Nivy 71, Bratislava 821 05, Slovak Republic.