Principles for using data, personal details and their processing

Principles for using data, personal details and their processing

These principles summarize and describe the kind of information and data we process, the way in which they are processed and how long they are stored. Here, you can also read about your rights as enlisted in the General Data Protection Regulation (GDPR), and the way in which to enforce them. These principles apply to Trigema, a.s. including its subsidiaries organized in the holding structure.

Why we process data

We process information and personal data for three main reasons.
a) Legal – records required by law (e.g., contractual relationships).
b) Data analysis and advertising purposes - records of administrative activities.
c) On consent - this can be withdrawn.

What data we process and how

All the data you provide when browsing our web pages, whether by enquiring or using our services and products, is divided into:
1.    Anonymized
2.    Non-anonymized
Depending on which group the data belongs to, the following processes take place:
Anonymized data are data and information that cannot be used in any way, either by simply pairing or by combining them, to identify the person to whom they belong.
Anonymized data, such as cookies, device identifiers, web browsing records, IP addresses, dates and times of visits, and how our services and websites are used, server log information (for example, search queries on our site), geolocation data, or personal preferences, are processed in automated and secure applications on our own servers. We do not pair the data with specific users and customers so that it cannot be identified as their personal data.

Non-anonymized data can easily be paired with a particular user or customer, and can be combined to obtain an individual’s personal data. In particular, the name, surname, address, age, birth number, telephone contact, e-mail address, gender, date of birth, nationality, document numbers and more ...We process such data only in secure applications that meet the GDPR requirements, and in an internal company storage system with limited access - only trained and competent employees are allowed to work with this data. In printed form, such information is stored in locked archives, and only authorized and trained staff are allowed to access them.
We then store and process all data in accordance with the Internal Data Handling Directive (we can provide you the official section on request, see your rights below) and in accordance with the requirements of ISO 27 001 Information Security Management System.

How long we process the data

We process all information and personal data according to the nature of the purpose for which it is stored. We process the data used to perform analyses, improve our services and for advertising on the basis of  your consent for a maximum of 10 years if there is no renewal of your consent.
Data obtained through websites, such as cookies and records of the use of these services, are stored for a maximum of 4 years. However, you can restrict their storage period by using Google Analytics Opt-out Browser Add-on.
Information and data resulting from contractual relationships (invoices, contracts, receipts, etc.) are retained for a period determined by law.

Data stored and processed by third parties

In the case of third party applications, we ensure that data is stored and transmitted in encrypted form and that the application complies with the General Data Protection Regulation (GDPR).

What are your rights

Under the General Data Protection Regulation, you have the right to access, change, transfer, and delete your data unless this is prevented for legislative reasons. You also have the right to obtain information about how your data is handled.

How you can claim your rights

•    You can request information about data processing or storage by email at GDPR@trigema.cz or in writing to the address of the company's registered office. Depending on the nature of the data and before we release the information, we may ask you to provide proof of identity to obtain the data.
•    You can enforce the right to delete data in the same way.
•    The right to disagree with the processing of your data for direct marketing purposes that you can enforce using the "unsubscribe" link in the relevant marketing material.

This document replaces an earlier document on the principles of dealing with personal data, which you can find here.
All information on rights and obligations under the General Data Protection Regulation (GDPR) can be found on its official website or on the website of the Office for the Protection of Personal Data (UOOU).
In Prague on May 17, 2018