GDPR

Reasons for Processing Data

We process information and personal data of our clients, representatives of suppliers, visitors to our websites, and potentially other individuals in the role of a data controller for three main reasons:

  • Legal reasons – processing to comply with legal obligations or to conclude and fulfill contractual relationships.
  • Legitimate interest of the controller – processing in the form of analyzing anonymized data, handling business and operational communication, protection of property and health of individuals, etc.
  • Consent of the data subject (e.g. for sending marketing communications).

Purposes of Personal Data Processing

  • Preparation and fulfillment of contracts with customers, suppliers, employees, and job applicants (career).
  • Communication with customers, supplier representatives, and other data subjects.
  • Improvement and evaluation of services provided to clients.
  • Protection of property and health of individuals.
  • Sending marketing communications.
  • Accounting.

What Data We Process and How

All data that you provide while browsing our website or when requesting or using our services and products are divided into two groups:

  • Anonymized
  • Non-anonymized

Anonymized Data

Anonymized data are such data and information that cannot be used in any way, even by simple matching or combination, to identify a specific individual.

Anonymized data, such as cookies, device identifiers, browsing records, IP addresses, date and time of visit, method of using our services and websites, server log information (e.g. search queries on our website), geolocation data, or personal preferences, are processed automatically in secure applications and on the company’s own servers. These data are not matched with specific users or customers in a way that would allow identification as personal data.

Non-anonymized Data

Non-anonymized data are data that can be easily linked to a specific user or customer, and by combining them, personal data of an individual can be obtained. These include, in particular:

  • first name and surname
  • address
  • age
  • personal identification number
  • phone number
  • email address
  • gender
  • date of birth
  • nationality
  • ID document numbers and others

These data are processed only in secure applications that comply with GDPR requirements and in internal company storage with restricted access, where only trained and authorized employees handle them. In printed form, such information is stored in locked archives and accessed only by authorized and trained staff.

All data are stored and processed based on an internal policy on handling personal data, whose public part can be provided upon request (see your rights below), and in accordance with ISO 27001 Information Security Management System requirements.

How Long We Process Data

All information and personal data are processed depending on the purpose for which they are stored.

  • Data used for analysis, service improvement, and marketing purposes are processed based on your consent for a maximum of 10 years, unless consent is renewed in the meantime.
  • Data obtained through the website, such as cookies and usage records, are stored for a maximum of 4 years. Their storage can be limited, for example, via the Google Analytics Opt-out Browser Add-on.
  • Information and data arising from contractual relationships (invoices, contracts, receipts, etc.) are stored for the period required by law.

Data Processed by Third Parties

When using third-party applications, we ensure that data are stored and transmitted in encrypted form and that the applications comply with GDPR requirements.

Your Rights

According to the General Data Protection Regulation (GDPR), you have the right to:

  • access your data
  • correct your data
  • transfer your data
  • delete your data (unless prevented by legal obligations)

You also have the right to obtain information about how your data are processed.

How to Exercise Your Rights

You can request information about data processing or storage by:

  • email: barbora@safeproduction.org
  • or in writing to the company’s registered address

Depending on the nature of the data, you may be asked to verify your identity before the information is provided.

You can request deletion of your data in the same way.

You also have the right to object to the processing of your data for direct marketing purposes, which can be exercised in the same way.

All information about rights and obligations arising from GDPR can be found on the website of the Office for Personal Data Protection.