Principles of personal data protection at KASTT, spol. s r.o.

With these principles of personal data protection (hereinafter referred to as “Principles”), we provide information about how KASTT, spol. s r.o. obtains and processes personal data, primarily in connection with orders and deliveries of HVAC supplies and in the context of its other activities, claims, other customer-supplier relationships and the operation of the website. We would also like to inform you of your rights in relation to the processed personal data.

When processing personal data, we are governed by the applicable legislation, with effect from 25 May 2018 in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, the General Data Protection Regulation (hereinafter referred to as GDPR) and Act No. 110/2019 Coll. on personal data processing.

Personal data processing always takes place in connection with our production and business activities (especially in connection with inquiries, orders and deliveries of our goods and services) and in accordance with the defined purpose of processing.

This document will be updated periodically as the need arises to update it. The updated version of the Principles is effective upon posting on the website https://www.kastt.cz/.

We recommend that you read this information carefully. If anything is unclear, we will be happy to explain any term or passage to you. Please direct any questions to the contact person set forth in Article 1 below.

1. Controller of your data, contact person

The controller of personal data is KASTT spol. s r.o., address: Jižní 870, Hradec Králové 3, 500 03.

The contact details of the person responsible for personal data protection are: finance@kastt.cz, Phone: +420 495 404 060, contact person: Ing. Jan Horák

The Company is not obliged to appoint a Data Protection Officer nor has it voluntarily appointed one. The controller of collects your data, handles them and bears responsibility for their proper and lawful processing. You may exercise your rights vis-à-vis the controller as set out below.

2. Data we process, purpose and reason for processing

We only process such data in order to provide you with quality deliveries in the area of our business and to properly deliver the ordered goods or perform the work or service or respond to your request for goods or work or provision of services. It is a fact that the vast majority of our business partners are commercial companies and the data of legal entities are not personal data under the EU regulation.

As far as personal data are concerned, we process personal data in the following ways and for the purposes listed in the table below:

3. Explanation of the table and processing

Legal titles – are the lawful justifications for processing and are defined in the GDPR, Articles 6 and 9.

Storage period – means the period for which we are entitled or obliged to process and store your data.

Other recipients – here we indicate to which other recipients we transfer data. If it says “None”, it means that we do not pass it on to anyone.

Source of data – here we indicate from whom we obtained the personal data. If it says “Data subject” then this means that we have obtained it directly from the person it relates to.

We do not intend to transfer your personal data outside the EU or to any international organisation.

In cases where the processing is based on the legal title “Conclusion or performance of a contract”, we need your personal data for the conclusion of the contract and its subsequent performance, without which the contract cannot be concluded.

In cases where the processing is based on the legal title “Legal obligation”, we need to process your personal data on the basis of legal requirements for the period of time specified by the law in question, and we may not restrict or erase this processing during this period.

We will only process your personal data for the purposes set out in the table.

We obtain personal data directly from the data subjects.

4. Data we process, purpose and reason for processing

4.1 Conclusion and performance of contracts for the purchase and sale of goods, provision of services and performance of works

a) Information in connection with the conclusion of the contract

The following types of personal data are among the basic identification data that we process about you in connection with the conclusion of a contractual relationship and that you provide to us:
name and surname,
permanent address,
ID number and VAT number in the case of a natural person – entrepreneur

These data are part of any concluded purchase contract, framework purchase contract, contract for work, framework contract for work. We would not be able to enter into a contractual relationship with you without your providing them.

Reason (legal basis) why we process the data:
– performance of a concluded purchase contract, contract for work (we use this reason in accordance with Article 6(1)(b) GDPR

We process personal data for a period of 10 years.

b) Information in connection with the performance of the contract

Other types of personal data we usually process about you in connection with the performance of a contract include the following:
delivery address,
data bout the content of the purchase and payments made.

These data are a normal part of any contractual relationship and related performance of the contract and are needed for the performance of the contract, including communication with you during the actual process of delivery of the purchased goods or performed work.

Reason (legal basis) why we process the data:
– performance of a concluded contract (we use this reason in accordance with Article 6(1)(b) GDPR We process personal data for a period of 10 years.

c) Data from mutual communication

Zpracováváme údaje o naší vzájemné komunikaci související s nákupem zboží či poptávkami po zboží, dále údaje související s provedením díla nebo poskytnutí služeb jako např. vyřizování vašich poptávek po určitém zboží, provedení díla nebo poskytnutí služeb, připomínky k poskytovaným plněním, komunikace o doručení zakoupeného zboží nebo realizaci díla, vyřizování reklamačních nároků, pozastávek apod. In this communication we process the following personal data that you provide to us:
name and surname, invoicing address (or different delivery address)
e-mail and telephone
ID number and VAT number in the case of a natural person – entrepreneur, your bank account number

Reason (legal basis) why we process the data:
– handling your requests when purchasing goods, performing work or services, handling claims, withdrawal from a contract – i.e. actions related to the performance of a concluded purchase contract or contract for work, in the case of the provision of services (we use this reason in accordance with Article 6(1)(b) GDPR

– handling your requests when you express an interest in the purchase of goods, performance of work or provision of services (inquiry), i.e. we carry out pre-contractual measures at your request (we use this reason in accordance with Article 6(1)(b) GDPR.

We process personal data for a period of 10 years.

4.2 Marketing communication on the basis of consent

If you have subscribed to the newsletter via the web form, we will only be able to send you the newsletter and process your e-mail address for this purpose with your prior consent.

We will start processing the personal data (e-mail) only after you fill in your e-mail address for sending the newsletter in the relevant web form, agree to the processing of these personal data and then activate and confirm the newsletter subscription according to the instructions contained in the received e-mail message. If the newsletter subscription is not confirmed in accordance with the instructions contained in the received e-mail message within 7 days, the entered e-mail will be deleted without undue delay.

Consent is voluntary and you can withdraw your consent at any time. Withdrawal of consent is only effective in the future and therefore does not affect the lawfulness of previous processing of personal data based on the consent given.

The legal basis for sending the newsletter in this case is therefore your consent in accordance with Article 6(1)(a) GDPR.

We process the personal data collected with your written consent for as long as the consent is valid (i.e. in the case of consent to receive the newsletter for 5 years or until the consent is withdrawn).

Furthermore, under the terms of Section 7(3) of the Act on Certain Information Society Services, we are entitled to use your electronic address and telephone number for the purpose of disseminating commercial communications regarding our products and services similar to those we have provided to you. Similarly, it is our legitimate interest to process personal data within the scope of name, surname and address for direct marketing purposes on the basis of prior contact with you.

In both cases, this can be done until you have expressed your disagreement or objection pursuant to Article 21(2) GDPR.

4.3 Conclusion and performance of supplier-customer relationships

For the proper functioning of our company, we need to enter into supplier-customer relationships that are related to our business activities (e.g. purchase contracts for the supply of materials, lease agreements, contracts with external IT service providers, tax advisors, legal advisors, auditors, etc.).

For these purposes, we process only a minimum amount of personal data (if provided to us, then identification data such as name and surname, residence, e-mail or telephone number, or ID number, VAT number of the natural person) that are directly related to the concluded contractual relationship and its performance.

In this context, we only store personal data for the duration of the contractual relationship (or for the fulfilment of legal obligations arising in particular from tax or accounting legislation).

The reason (legal basis) for this processing is:
– performance of the concluded contract (we use this reason in accordance with Article 6(1)(b) GDPR.

We process personal data for the duration of the contractual relationship which establishes the reason for processing personal data or potentially the period for exercising the right to claim defects in the services provided.

4.4 Accounting and taxation

We collect your identification and transactional data (in particular about cash payments of purchase prices for purchased goods and payments of prices for work and services rendered) in order to fulfil our accounting and tax obligations imposed by applicable legislation (in particular the Accounting Act and the Value Added Tax Act). These are the data that are provided on invoices, delivery notes, payment receipts.

Therefore, if we are required by law to keep these documents, we will keep your personal data that must be included in the documents together with them. This purpose applies to all contractual relationships referred to in these Principles.

Reason (legal basis) why we process the data:
– compliance with legal obligations (we use this reason in accordance with Article 6(1)(c) GDPR

We process personal data for a period of generally 10 years from the date of the taxable transaction, unless in some cases a longer period is required by legislation.

4.5 Exercise (or defence) of rights

Should a dispute arise between our company and you, we will process your personal data necessary to defend our legal claims in connection with the dispute until the dispute is resolved. As a rule, in this context we process basic customer data, data about the disputed contractual relationship, data about payments made, data from the claims procedure, data from mutual communication, data on legal actions taken and their results.

We also explicitly inform you of your right to object to the processing of your personal data on the grounds of the so-called legitimate interest of our company in accordance with Article 21 GDPR.

Reason (legal basis) why we process the data:
– processing is necessary for the legitimate interests of our company in defending our claims (we use this reason in accordance with Article 6(1)(f) GDPR).

We process personal data until the dispute is resolved and for one year thereafter.

4.6 Camera recordings

If you visit us at our premises at K Dolíkám 388, 503 11 Hradec Králové, please note that selected areas of our company are monitored and recorded by CCTV for security reasons. These areas are visibly marked with a camera pictogram and accompanied by the information required by the GDPR.

Access to these CCTV recordings is strictly restricted internally and regulated by an internal data protection directive related to the CCTV system. The camera recordings may be transferred outside the company only under specified conditions to the authorities of the Police of the Czech Republic in connection with the investigation of a suspected crime.

We also explicitly inform you of your right to object to the processing of your personal data on the grounds of the so-called legitimate interest of our company in accordance with Article 21 GDPR.

Reason (legal basis) why we process the data:
– to protect our legitimate rights and interests (we use this reason in accordance with Article 6(1)(f) GDPR.

We process personal data for 3-5 days depending on the nature of the recorded area.

4.7 Cookies

What are cookies?

Cookies are short text files that can be stored on your device (computer, mobile phone or tablet) when you view a certain website or advertisement and with your consent, and their purpose is to collect information about your navigation on a web interface and to provide you with services tailored to your device (computer, mobile phone or tablet).

Cookies are managed by your browser. The information stored about the respective cookie can only be retrieved or modified by the cookie publisher.

Cookies allows identification of the device on which they are stored, either for a set period of time or at the time of download, but they do not have access to your personal identification data.

What types of cookies do we use on our website?

Strictly necessary cookies – these are necessary for the proper functioning of the website, i.e. for searching information on our website and for accessing our products and services. Technical cookies allow us to recognize you (without, however, obtaining your personal identification data), to register your visit to the respective website and to improve your user experience: to adapt the presentation of the page to your display preferences (preferred language, display settings), to remember your user passwords and other information you have provided on the page in the attached form. Technical cookies also allow you to set up secure searches on your device. Technical cookies cannot be deactivated, or their parameters changed. Otherwise, you will not be able to access the website and/or services.

Analytical cookies – see the table List of cookies used

Marketing cookies – see the table List of cookies used

Other cookies – see the table List of cookies used

“Social network” cookies

  • Facebook
  • Twitter
  • YouTube & Google

Cookie processing time

The processing time of each type of cookie or its expiry date varies and changes over time. It is listed in the table List of cookies used

Rights of data subjects

The cookie parameters we use on our website can be set in two ways:

a) using the cookie management tool available on our website and/or

b) using your internet browser settings

You have the possibility of deleting one or all cookies at any time, using the mechanism set by the cookie parameters (activate or deactivate button) located in the notification bar under “more information about cookie parameters”, with the exception of technical cookies, which are necessary for the functioning of the website, as mentioned above.

Rejecting cookies via browser software

You can deactivate one or all cookies at any time. Your browser parameters may also be set so that the cookie publisher informs you as to which cookies your device contains and asks you whether you allow or refuse them (some or all of them at once). Deleting all cookies will prevent you from browsing our site under normal conditions, except for a few basic functions.

Rejecting cookie statistics

On our website, the cookie statistics are managed by Google Analytics. If you do not want our website to register the cookies stored in your browser for statistical purposes, you can click on the deactivate link, which will store a cookie in your browser for the sole purpose of deactivating it. Click here to reject cookies statistics.

Rejecting cookies used by one of the social networks

If you do not want our website to register the cookies stored for this purpose in your browser, you can click on the deactivation link, which will store a cookie in your browser whose sole purpose is to neutralise the use of other cookies from the same publisher. Blocking these cookies will prevent any interaction with one or all social networks.

Facebook: https://www.facebook.com

Twitter: https://twitter.com

YouTube & Google: https://www.google.com

5. Description of the rights of data subjects

As a data subject (the natural person about whom the data is processed), you have the following rights in relation to your personal data:

6. Method of exercising rights

If you wish to exercise any of these rights, you can submit a request in the following manner:

The request can be submitted to the company’s secretariat, where your identity will be verified by your ID card or passport and you will be informed of the processing date. The application cannot be accepted without identity verification.

On the date of processing, you will be given a written notice of the outcome of your request and related materials after re-verification of your identity.

We are entitled to charge a fee corresponding to the administrative costs for requests for more than one copy.

Actions related to exercising data subjects’ rights are performed free of charge.

However, if the requests are found to be manifestly unfounded or unreasonable, in particular because they are repetitive, then we may:

a) impose a reasonable fee taking into account the administrative costs
b) refuse to grant the request.

To submit a request electronically:

a) send it via e-mail to sekretariat@kastt.cz with a valid electronic signature; without this confirmation of identity it cannot be accepted.
b) or send it from your data mailbox to the data mailbox crmfamx.

In the request, state:

1) Identification data – name, surname, date of birth
2) What right you are seeking to exercise – see the section Description of data subjects’ rights
3) Clarification of the request – e.g. in case of correction of correct data
4) Telephone – for any clarifications and to arrange further action

If there is any doubt about your identity, we may ask you to provide additional information to confirm your identity.