From 2010, our company has been produced a wide range of edible wafer labels. Our goal is to help bakeries with creating new unique designs of bread, pastry, and confectionery products to attract the attention of customers and increase sales. Contact us:
+420 775 445 511
info@bread.cz
  • en
  • cs
  • de
  • it
  • fr
  • es
Menu

Declaration on the processing of personal data

HomeDeclaration on the processing of personal data

Declaration on the processing of personal data according to the Regulation of the European Parliament and of the Council and Council of the EU 2016/679 (GDPR)

1. Personal data controller

breAd. & edible labels s.r.o., with its registered office at Jamnická 66, Frýdek-Místek, 738 01, ID: 28815084, VAT: CZ28815084, registered in the Commercial Register kept by the Regional Court in Ostrava, file number C 56233 (hereinafter referred to as the controller) hereby informs you about the processing of your personal data and your rights in accordance with Article 12 of the GDPR.

 

2. Scope of the processing of personal data

Personal data is processed to the extent that it has been provided to the controller by the data subject in connection with the establishment of a contractual or other legal relationship with the controller, or otherwise collected and processed by the controller in accordance with applicable law or to fulfil the controller’s legal obligations.

 

3. Sources of personal data

Directly from the data subjects.

Publicly available registers, lists and records.

 

4. Categories of personal data processed

Address and identification data that allow the data subject to be clearly and unambiguously identified (e.g. name, surname, title, possibly birth number, date of birth, permanent address, ID number, VAT number) and data that allow the data subject to be contacted (e.g. contact address, telephone number, e-mail).

Descriptive data (e.g. bank details).

Other data necessary for the performance of the contract.

Data that exceeds the scope of the legislation in force and that is processed within the scope of the consent given by the data subject (processing of photographs, use of personal data for personnel management purposes, etc.).

 

5. Categories of data subjects

Customer Administrator

Employees of the Administrator

Carrier

Service provider

Job Seeker

 

6. Categories of recipients of personal data

Financial institutions

Public bodies

Government and other public authorities in the performance of their legal obligations under the relevant legislation.

 

7. Purposes of processing personal data

Negotiation of the contractual relationship.

Performance of the contract.

Protection of the rights of the controller, the beneficiary or other interested parties (e.g. recovery of the controller’s claims).

Archiving records as required by law.

Selection procedures for vacant positions.

Fulfilment of legal obligations by the controller.

Protection of the data subject’s vital interests.

 

8. Method of processing and protection of personal data

The processing of personal data is carried out by the controller. The processing is carried out at the premises of the controller, at the headquarters of the controller and by authorised employees of the controller. The processing is carried out with the aid of computer technology or manually, in the case of personal data in paper form, in compliance with all the security principles for the management and processing of personal data. To this end, the Controller has implemented technical and organisational measures to ensure the protection of personal data, in particular to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised disclosure, unauthorised processing or other misuse of personal data. All entities to which personal data may be disclosed shall respect the data subject’s right to privacy and comply with applicable data protection laws.

 

9. Duration of processing of personal data

In accordance with the time limits specified in the relevant contracts or applicable legislation, this is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legislation.

 

10. Consent

The controller processes data with the consent of the data subject, except where the law provides that the consent of the data subject is not required for the processing of personal data.

In accordance with Article 6(1) of the GDPR, the controller may process the following data without the consent of the data subject:

  • The data subject has given consent for one or more specific purposes.
  • The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of steps taken at the request of the data subject prior to the conclusion of the contract.

The processing is necessary for compliance with a legal obligation to which the controller is subject.

The processing is necessary to protect the vital interests of the data subject or of a natural person.

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The processing is necessary for the purposes of the legitimate interests of the controller or a third party concerned, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

 

11. Rights of the data subject

(1) In accordance with Article 12 of the GDPR, the controller shall, upon request of the data subject, inform the data subject of his or her right of access to personal data and provide the following information

  • The purposes of the processing.
  • The categories of personal data concerned.

The recipients or categories of recipients to whom the personal data have been or will be disclosed.

The intended length of time for which the data will be kept.

Any available information about the source of the personal data, unless it has been obtained from the data subject.

 

(2) Any data subject who becomes aware or believes that the controller or processor is carrying out a processing of his or her personal data which is contrary to the protection of the private and personal life of the data subject or contrary to law, in particular where the personal data are inaccurate in relation to the purpose for which they are processed, may

  • Request an explanation from the Data Manager.
  • Ask the Data Manager to eliminate the phenomenon thus created. This may include, in particular, the blocking, rectification, integration or erasure of personal data.

If the data subject’s request under paragraph 1 is found to be justified, the controller shall rectify the inaccuracy without delay.

If the controller does not comply with the data subject’s request pursuant to paragraph 1, the data subject shall have the right to apply directly to the supervisory authority, i.e. the Office for the Protection of Personal Data.

The procedure referred to in paragraph 1 shall not prevent the data subject from lodging a complaint directly with the supervisory authority.

The controller shall have the right to claim reasonable compensation for the information provided, not exceeding the costs necessary to provide the information.