OKsystem a.s. is aware that through its activities it processes personal data which must be protected in accordance with valid laws and regulations comprising the laws of the Czech Republic, in particular Act No. 110/2019 Coll., on Processing of personal data, and related laws and regulations, and in particular the Civil Code, the Labour Code, and also pertinent EU regulation, including case law, related to terms and conditions for protection of personal data.
As early as 2018, OKsystem a.s. implemented all requirements of regulation 2016/679 of the European Parliament and of the Council (GDPR) and declared in its policy for protecting personal data that by the effective date of this regulation (i.e. 25 May 2018) it was prepared to uphold its obligations as a Controller, processor, or another person. In response to the coming into effect of a new Czech Act No. 110/2019 Coll. on 24 April 2019, all previous procedures and internal regulations are being reviewed with the objective of completing the adaptation process and to process personal data in accordance with all obligations.
OKsystem a.s. considers protection of personal data to be part of its corporate responsibility and the company’s risk management. In accordance with this approach, OKsystem a.s. always processes only such personal data as is necessary for the agreement and fulfilment of contractual obligations or fulfilment of legal requirements which must be performed in connection to a subject of the company’s business policy.
Upholding the principles of processing of personal data:
OKsystem a.s., as a Controller or processor, upholds all principles necessary for lawful processing of personal data by the following:
Lawfulness of processing personal data – basic condition of activities:
OKsystem a.s. processes personal data only under condition of lawful processing
These conditions comprise:
Rights of the data subject – transparency and procedures:
Every individual who believes that OKsystem processes his or her personal data is entitled, in accordance with Article 15 of the GDPR, to request a confirmation at any time using a web form about whether personal data related to him or her are being processed, and, if they are, to obtain access to this personal data and to the following information:
OKsystem will provide a response, and potentially information about measures it takes, as soon as possible, but no later than within one month’s time. In case of need concerning the complexity or the number of requests, it is authorized to extend this period by two months. The applicant will be informed of any such extension, including the reasons for the extension. In resolving such request, OKsystem a.s. intends also to utilize the new procedures defined in Sections 8 and 11 of Act No. 110/2019 Coll.
OKsystem a.s. provides all communication and responses relating to the applicable rights at no charge. If, however, a request is manifestly unfounded or inadequate, in particular if it is repeated, a fee when taking into account administrative costs related to the provision of the provided information will be charged. In case of doubt concerning the applicant’s identity, proof of identification will be required in order to prevent the personal data and information concerning a specific individual from reaching an unauthorized recipient. If the applicant refuses to identify himself or herself, he or she will not be provided the requested information.
In Prague on 24 April 2019