PRINCIPLES OF PERSONAL DATA PROCESSING

This document provides you with information about your rights related to the processing of your personal data by Westercom s.r.o., which is primarily engaged in the supply of technology and engineering

We recommend that you read this information carefully. In case of any confusion, we will be happy to explain any passage to you.

1. Who is the controller of your personal data?

The controller of your personal data, i.e. the person who determines the purpose and means of, and makes decisions about, the processing of your personal data, is the company:

Westercom s.r.o.

Number: 03591689

HQ: Na okraji 335/42, Veleslavín, 162 00 Praha 6

telephone: +420 603 509 790

email: [info@westercom.eu]

(hereinafter referred to as "Administrator")

2. How is your personal data processed, for what reason and on what legal basis?

The processing of your personal data by the Controller takes place in the following cases:

(i) your interest in the services offered by us (the Controller) (for example, in connection with your requests to us via our contact form accessible on the website https://www.westercom.eu/kontakt/ or in the case of your interest in subscribing to our monthly newsletter, etc.). The legal basis for processing your personal data in this case is the legitimate interest of the Controller in dealing with your requests and your consent to processing is not required in this case.

(ii) your interest in a particular job offered by the Controller. The processing of personal data in this case is necessary for the selection among candidates (pre-contractual negotiations) and subsequently for the conclusion of the contract and your consent to the processing is not required in this case.

(iii) Ensuring the performance of all rights and obligations in connection with the contractual relationship entered into between the Controller and the legal entity you represent, the subject of which is the provision of services offered by the Controller to such legal entity. The legal title for the processing of personal data in this case is the legitimate interest of the Controller consisting in the conclusion and performance of a contract with the person you represent. Your consent to processing is not required in this case.

(iv) Sending marketing communications and offers via the contact details obtained in the performance of the contractual relationship (with the possibility to refuse further marketing communications at any time). In this case, the legal title of the processing is the legitimate interest of the Controller and your consent to the processing is not required.

(v) To comply with legal obligations imposed on us by applicable law (for example, tax, accounting, etc.). This is processing of personal data for which your consent is not required.

(vi) Exceptionally on the basis of your consent to the processing of personal data for the purposes and personal data specified in the consent (for example, for the purposes of continuing to register you as a job applicant with the Controller and offering you other suitable job opportunities, sending marketing communications to those data subjects who are not current or former customers of the Controller, etc.)

We obtain your personal data through the contact form on the Controller's website https://www.westercom.eu/ or through electronic or telephone contact, or through a face-to-face meeting.

The processing of your personal data is governed by the relevant legislation, in particular General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as "GDPR") and related legislation.

Your personal data is processed for the duration of our contractual relationship. After its termination, only those of your personal data are retained which are further necessary for the protection of the rights and performance of the Controller's obligations, or for which this is required by law or justified by the Controller's legitimate interest.

After termination of cooperation with the Controller, personal data is retained for the purpose of protecting rights and internal record keeping and control, for the duration of the limitation period and one year after its expiry with respect to claims made at the end of the limitation period.

In the case of handling your requests sent via the contact form, the Controller shall keep your personal data for a period of three months after the request has been handled.

As a jobseeker, the Controller retains your personal data for a period of 6 months from the receipt of your response to a specific job enquiry. If you have given consent to the Administrator for the purpose of offering another suitable job position, the Administrator will retain your personal data for the period for which consent is validly given, but for no longer than three years.

However, your personal data obtained on the basis of your consent shall always be processed for no longer than until your consent to processing is withdrawn.

Personal data is processed manually and automatically directly by the Controller, as well as by its employees and processors (see point 5 below). The protection of personal data is technically and organisationally secured in accordance with the applicable legislation.

3. Which of your personal data does the Controller process?

Your personal data is processed by the Controller to the following extent:

(i) on the basis of a request sent via the online contact form, this is the data necessary to process your request:

- first and last name,

- email address,

- client request specification;

(ii) data that are a necessary element of the contract concluded with the legal entity you represent, as well as those personal data without which it would not be possible to fulfil the Controller's obligations arising from the subject matter of the contract and in the processing of which the Controller therefore has a legitimate interest:

-address and contact data, in particular, name, surname and title, contact address, telephone number, email address, etc.

- other data arising from the specific contract;

(iii) personal data necessary to assess and decide on the suitability of your person to fill the offered position or to offer another position, in particular:

-title, first name, last name, date of birth, delivery or other contact address, telephone number, cv, email address;

(iv) for the purpose of sending marketing communications and offers, we process your:

- your name and email address;

(v) other personal data based on your consent, to the extent and for the purposes set out in the consent.

Only on the basis of your free and voluntary consent, the following processing of your personal data may be carried out by the Controller:

- for the purpose of sending newsletters and marketing communications to data subjects who are not current or former customers of the Controller, your email address and telephone number are processed;

-for the purpose of retaining you on the Controller's register of job applicants and offering you another suitable position, your title, name, surname, date of birth, delivery or other contact address, telephone number and email address are processed.

4. How does the Controller protect your personal data?

You can be absolutely sure that your personal data is handled with due care and in accordance with applicable law. Your personal data is protected to the maximum extent possible in a manner appropriate to the technical level of the means available and the nature of the processing of personal data by the Controller. In the case of transfer of your personal data outside the Controller, we have ensured an adequate level of security protection in accordance with the relevant legislation.

5. To whom else does the Controller transfer your personal data and why?

In principle, your personal data is not transferred outside the Controller except where:

-the transfer of personal data is required by law or the law authorizes the Controller to make such a transfer (for example, in the case of requests by law enforcement authorities);

- operational and related agenda for the Controller is provided by an external supplier (accounting, IT services, etc.).

Your personal data is not transferred outside the Czech Republic.

Before any transfer of your personal data to a third party, the Controller shall always ensure that the data transferred is not used for any purpose other than the provision of the relevant service and that the same safeguards for the processing of personal data are provided as the Controller complies with in accordance with its legal obligations.

A current list of the processors of your personal data will be provided to you by the Controller upon your request.

6. What rights do you have in relation to your personal data?

In relation to your personal data that is processed, you have the following rights that you can exercise against the Controller:

-the right to obtain confirmation of the (non-)processing of your personal data and to access the personal data relating to you that is being processed;

- the right to have your personal data rectified or completed if it is inaccurate or incomplete;

- the right to erasure or restriction of the processing of your personal data, provided that the conditions laid down by law are met;

- the right to object to the processing of personal data concerning you;

- the right to have your personal data transferred to another controller.

If any of your personal data is processed on the basis of your consent, you have the right to withdraw your consent to the processing of such personal data at any time.

You can exercise all your rights by submitting a written request to the Controller at the contact address: Westercom s.r.o., Na okraji 335/42, Veleslavín, 162 00 Prague 6, or by e-mail: info@westercom.eu

If you believe that the processing of your personal data is in violation of the law, you have the right to file a complaint with the supervisory authority, which is:

The Data Protection Authority

Number: 708 37 627

located at Pplk. Sochor 27, 170 00 Prague 7

www: https://www.uoou.cz

7. Where can you find out more?

For any questions regarding the processing of your personal data, please contact the Controller via his contact details above, or contact Jiří Brusch by e-mail brusch@westercom.eu or by phone +420 603 509 790

This information on the processing of personal data may be changed in the future based on legislative or operational needs. The current form of the information can be found at https://www.westercom.eu/wp-content/uploads/2019/01/gdpr.pdf.

This personal data processing policy is effective from 25 May 2018.

Westercom s.r.o.