Advice on Personal Data Protection (Information)
The information stated below was provided to you, as a personal data subject, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - also referred to as abbreviation GDPR (General Data Protection Regulation).
The key interest and philosophy of ALEF Group companies is the satisfaction of our customers and those with whom we build mutual business relationship. For that purpose we use provided personal data, which we carefully protect and process in accordance with applicable legislation.
Below is a detailed summary of how ALEF Group incl.
- ALEF Distribution CZ, s. r. o., Pernerova 691/42, Praha 8, email: firstname.lastname@example.org;
- ALEF NULA, a. s., Pernerova 691/42, Praha 8, email: email@example.com;
- ALEF Distribution SK, s. r. o., Galvaniho Business Centrum IV, Galvaniho 17/C, Bratislava 2, email: firstname.lastname@example.org;
- ALEF Distribution HU Kft., Váci út 30. 3. emelet, 1132 Budapest, email: email@example.com;
- ALEF distribucija SI, d.o.o., Brnčičeva 15B, Ljubljana, email: firstname.lastname@example.org;
- ALEF Distribucija d.o.o., Ul. Grada Vukovara 284, Zagreb, email: email@example.com;
- ALEF Distribucija Adria, d.o.o., Bulevar Mihajla Pupina 10L, Novi Beograd, email: firstname.lastname@example.org;
- ALEF Distribution RO, Str. Oltetului Nr. 15, Bucuresti, email: email@example.com,
receive, process and store the personal data provided and what are the data subjects' rights under current legislation.
What personal data do we use and to whom do we access it?
ALEF Group companies (Controller) process the data only for purposes related to providing our services. The data includes name, surname, telephone number, email, job position, employer's name. In case services are processed in connection with access management of external subjects to Alef's applications (Servicedesk, B2B, confidential part of Alef web sites - www.alef.com) the following data is processed: name, surname, email; and in case of processing in connection with security monitoring the data includes also IP address.
Recipient of such personal data is the Controller and any entity linked in any way to the Controller in terms of assets, whether directly or indirectly, and entities that are members of the ALEF Group, even in the case such entity is in a third country (i.e. outside the European Union), if the European Commission has decided that such third country ensures the appropriate level of personal data protection (for a list of countries see, for example, https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures a https://eur-lex.europa.eu/legal-content/CS/TXT/?uri=CELEX%3A32016D1250) and employees of the aforementioned entities. Business partners of the Controller, entities linked to the Controller in terms of assets, Processors of personal data or public power authorities can also be recipients of personal data.
What is the purpose of personal data processing?
Provided personal data is used only for purposes related to delivery of our services.
- evidence of service requirements (service contracts)
- online users communication – Cisco jabber
- business management of Alef Group in the corporate IS Navision (accounting, logistics, sales of goods, sales of services)
- access management of external subjects to Alef's applications (Servicedesk, B2B, confidential part of Alef web sites - www.alef.com)
- providing business information to selected business partners
- processing of personal data in connection with security monitoring
What is the legal basis for personal data processing?
We process the data based on the Controller's legitimate interest, because without it we could not properly fulfill the purposes for which the personal data is processed.
How long is the personal data stored?
Personal data is stored for each purpose of processing for below mentioned period of:
- duration of the business relationship and then for a period of 4 years after its end
- 30 days
- 10 years
- duration of the business contract
- duration of the business contract
- 2 years
As a personal data subject, what are your rights?
Request from the Controller access to the personal data, i.e. you have the right to obtain from the Controller a confirmation as to whether or not your personal data are being processed, and, where this is the case, you have the right to access them together with the following information:
• The purposes of processing;
• The categories of personal data concerned;
• The recipients or categories of recipient to whom the personal data have been or will be disclosed;
• The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• All available information about the sources of personal data;
• The existence of automated decision-making, including profiling, about the procedure used, as well as the significance and the envisaged consequences of such processing for me;
• The right to be informed about appropriate safeguards that relate to the transfer of personal data to third countries (i.e. outside the European Union), in the event the personal data are transferred over to such third country;
The Controller shall provide you with a copy of the personal data undergoing processing.
Request the rectification of personal data, i.e. to have the Controller, without undue delay, rectify inaccurate personal data concerning you, and taking into account the purpose of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
Request the erasure of personal data (“right to be forgotten”), i.e. to obtain from the Controller the erasure of personal data concerning you without undue delay, where one of the following grounds applies:
• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• You withdrew consent on which the processing is based and there is no other legal ground for the processing;
• The personal data have been processed unlawfully;
• The personal data have to be erased for compliance with a legal obligation;
• The personal data have been collected in relation to the offer of information society services;
The right to erasure does not apply if there is an exception, in particular because processing of personal data is necessary for:
• Exercising the right of freedom of expression and information;
• Compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject;
• For the establishment, exercise or defence of legal claims;
Request restriction of processing of personal data, i.e. the right for the Controller to restrict the processing of personal data in any of the following cases:
• You contest the accuracy of the personal data processed, processing will be restricted for a period enabling the Controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• The Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• You objected to processing of personal data in the event the personal data are processed for the purpose of legitimate interests of the Controller, including profiling, in such case the Controller will no longer process the personal data, unless legitimate reasons for processing are proved that dominate over the interests or rights and freedoms of the personal data subject, or the establishment, exercise or defence of legal claims;
Where processing has been restricted personal data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;
Personal data portability, i.e. the right to have the Controller transfer your personal data processed automatically based on your consent to another Controller in a structured, commonly used and machine-readable format; when exercising your right to data portability you have the right to have the personal data transmitted directly from one controller to another, where technically feasible;
The right to object; in the event your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, and in such case the personal data will no longer be used for such purposes.
File a complaint, for example by sending an e-mail or letter to the Controller’s contact details specified above; a complaint about the Controller’s actions can be made to the Office for Personal Data Protection, registered office: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
You can apply all of the above mentioned rights to the Administrator by sending an e-mail to the addresses given in the introductory part of this information or by letter.