Menu
Přehled závodů

Information Memorandum on Processing of Personal data (general) of the Company Tereos TTD, a.s.

Validity of memorandum: 1.7.2022
Issue: Issue 5
  1. Introductory provisions
    1. 1. Basic information on processing of personal data
    2. 2. Contact details of Company
    3. 3. Technical terms
  2. Compliance with legal regulations and basic principles of processing
    1. 4. Compliance with legal regulations
    2. 5. Basic principles of processing of personal data
  3. Scope of processing of personal data
    1. 6. Personal data (categories of personal data)
  4. Processing of personal data
    1. 7. Sources of processed personal data
    2. 8. Legal grounds and purposes of processing of personal data
      1. Processing of personal data for the reason of the performance of an agreement between the Company and your person
      2. Processing of personal data for the reason of the fulfilment of a legal obligation
      3. Processing of personal data for the reason of legitimate interests
      4. Processing of personal data on the basis of your consent
    3. 9. Recipients (categories of recipients) of personal data
    4. 10. Transfer of personal data to third countries
    5. 11. Storage period (processing) of personal data
    6. 12. Links to other websites
    7. 13. Use of plug-in modules for social media
  5. Your rights
    1. 14. General information
    2. 15. Right to withdraw consent to processing of personal data
    3. 16. Right of access to personal data
    4. 17. Right to rectification and completion of personal data
    5. 18. Right to erasure (“right to be forgotten”)
    6. 19. Right to restriction of processing
    7. 20. Right to data portability
    8. 21. Right to object
    9. 22. Right to compensation for damage caused
    10. 23. Right to lodge complaint with supervisory authority
    11. 24. Right to judicial remedy
  6. Manner of exercising rights of data subjects and handling requests of data subjects
    1. 25. Manner of exercising rights of data subjects
    1. 26. Handling of requests of data subjects
  7. Schedule 1
  8. Schedule 2

(A) Introductory provisions

  1. Basic information on processing of personal data
    1. 1.1The company Tereos TTD, a.s., ID No.: 16193741, having its registered office at Dobrovice, Palackého náměstí 1, Postal Code 29441 (the “Company” or “we”), as the controller of your personal data, hereby issues the information memorandum on the processing of personal data of persons concerned (the “Memorandum”).
    2. 1.2The purpose of this Memorandum is to inform You as data subjects (the “You”) about the processing of your personal data carried out by the Company and your rights in relation to this processing.
    3. 1.3This Memorandum applies only to the processing of your personal data that is carried out by us (the Company itself), as the data controller, or for us (the Company), as the data controller, by another person (the data processor).
    4. 1.4This Memorandum may be amended and supplemented by the Company. The current version of this Memorandum can be found on the website www.tereos-ttd.cz/zpracovani-osobnich-udaju-obecne. We recommend that You learn the current version of the Memorandum regularly.
  2. Contact details of Company
    1. 2.1If You have any questions about matters of the processing and protection of your personal data, please contact us through any of the following communication channels:
  3. Technical terms
    1. 3.1Unless the context of this Memorandum indicates otherwise, technical terms used in this Memorandum have the following meanings:
      • „sensitive data“
      • (also referred to as “special categories of personal data”) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning the health or sex life or sexual orientation of a natural person, and data concerning criminal offences or other intimate data;
      • „cookies“
      • means text (data) files containing small amounts of information (data) that are stored on a user’s computer, mobile phone, or other device when they visit a website. Subsequently, on each subsequent visit to the website, cookies are sent back to the website (or other website) that recognises the cookies, thus enabling the website to recognise the user’s computer, mobile phone, or other device;
      • „personal data”“
      • means information about your person which enables You to be directly or indirectly identified and which is further defined in section (C) Scope of Processing of Personal Data, Article 6.1 of this Memorandum;
      • „příjemce“
      • znamená fyzickou nebo právnickou osobu (jinou společnost), orgán veřejné moci, agenturu nebo jiný subjekt, kterému jsou Vaše osobní údaje poskytnuty (např. dopravní společnosti či policejní orgán);
      • „controller“ or „controller of personal data
      • means a person who determines the purposes and means of the processing of personal data. In the case of the processing of your personal data within the scope of this Memorandum, the controller of your personal data is the Company;
      • „data subject“
      • means the natural person about whom we process personal data - i.e. You, especially if You are our
        • customers, suppliers, or other business partners (or their employees),
        • job applicants,
        • visitors to our website,
        • tenants in apartments owned by the Company,
        • visitors to Company-owned accommodation,
        • visitors to the Company’s manufacturing and other facilities, and
        • shareholder of the Company.
      • „third country“
      • means a country other than a Member State of the European Union, Iceland, Norway, and Liechtenstein;
      • „processing“ or „processing of personal data“
      • means any treatment of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure, or destruction;
      • „precessor“ či „processor of personal data“
      • means a natural person or a legal entity, agency, or other entity that processes personal data for the Company, usually in connection with the provision of services to the Company (e.g. accounting firms or law firms).

(B) Compliance with legal regulations and basic principles of processing

  1. Compliance with legal regulations
    1. 4.1Protecting your personal data is our priority, and we comply with all obligations and requirements set out in the relevant data protection legal regulations when processing your personal data.
  2. Basic principles of processing of personal data
    1. 5.1When processing personal data, we observe the following basic principles of the processing of personal data.
      Legality, fairness, and transparency principle
    2. 5.2We process your personal data fairly and in a lawful and transparent manner.
      Purpose limitation principle
    3. 5.3We collect (and process) your personal data only for specified, express, and legitimate purposes and at the same time we do not further process it in a way that is incompatible with those purposes.
      Data minimisation principle
    4. 5.4We only process your personal data to the extent that is reasonable, relevant, and necessary for purposes of the processing of your personal data.
      Accuracy principle
    5. 5.5We only process accurate personal data and will update your personal data where necessary.
      Storage limitation principle
    6. 5.6We only process (store) your personal data for as long as is necessary in relation to the purposes of the processing of your personal data, or for as long as is required by applicable legal regulations.
      Integrity and confidentiality principle
    7. 5.7We only process your personal data in a manner that ensures appropriate security of your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
      Liability principle
    8. 5.8We are liable for ensuring that we comply with the above-stated processing principles and that we process your personal data in accordance with legal regulations.

(C) Scope of processing of personal data

  1. Personal data (categories of personal data)
    1. 6.1Depending on your position in relation to the Company (i.e. whether You are our customer, business partner, website visitor, etc.), we may process the following personal data about You (categories of personal data):
      • (a)
      • Identification data
        data used to identify You, in particular your academic degree, name, surname, date of birth, details of identity documents, details of your job title or function, driving licence number, etc;
      • (b)
      • Contact data including electronic
        data used to contact and communicate with You, in particular a telephone number, email address, identifier in communication platforms (e.g. Skype, WhatsApp, Teams, Jitsi), permanent or temporary residence address, other contact address;
      • (c)
      • Verification (authentication) data
        data used to securely authenticate (verify) your identity, in particular your first name, surname or login name, passwords, PIN, card chip, and other electronic authentication elements, as well as car registration plates, etc;
      • (d)
      • Evaluation data
        data related to the evaluation of your person - this evaluation relates in particular to the evaluation of the performance of contractual obligations, the evaluation during the selection process of the Company;
      • (e)
      • Payment data
        data used to make payments, in particular a bank account number;
      • (f)
      • Data on children
        data on children collected in connection with a visit/tour to the Company, including name and surname, school name;
      • (g)
      • Data on legal claims
        data on your claims against the Company and claims of the Company against your person arising out of the contractual or non-contractual relationship between You and the Company, such as details of your claim for damages against the Company or details of the Company’s claim against You, for example, for a contractual penalty or unpaid price of goods;
      • (h)
      • Localization data
        data about the location of a motor vehicle in which You are located, in the case of drivers of beet carriers, this data is obtained by means of a GPS locator monitoring the progress of beet transport;
      • (i)
      • Audio-visual data
        data captured in the form of audio-visual recordings, in particular photographs, video recordings, audio (voice) recordings taken at events (co-)organised by the Company;
      • (j)
      • Data on the property situation
        data about your financial situation, economic credibility, and your payment record, including your property situation, and information about your potential indebtedness, if they are relevant to the contractual relationship You have with the Company;
      • (k)
      • Contractual data
        data on products and/or services supplied to You by the Company, related requests, complaints, claims, service requests, including details of your communication with the Company and other related data;
      • (l)
      • Professional profile data
        data about your educational and professional qualifications, in particular the data contained in your CVs;
      • (m)
      • Data on criminal activities
        data related to criminal convictions if we require You to send a criminal record extract in order to participate in the selection process of the Company;
      • (n)
      • IP address and another network identifier
        data on your device from which You visit the website;
      • (o)
      • Data on shareholders
        data related to shareholders of the Company, in particular the data contained in the central securities depository statement and data used for the payment of dividends (for example, account number);
      • (p)
      • Data on visitors of the website
        data obtained about visitors to the website of the Company, namely the country of the website visitor, the device from which the website visitor accessed the website, whether the visitor is a repeat visitor to the website;
      • (q)
      • Other data
        it is possible that we may process other personal data about You not expressly stated herein, but in any event, they will be personal data necessary for the fulfilment of purposes set out in this Memorandum.

(D) Processing of personal data

  1. Sources of processed personal data
    1. 7.1We obtain your personal data from several sources. The primary source of your personal data is You personally (e.g., when we enter into an agreement with You, and You provide us with your identification data or payment details for this purpose). We also obtain your personal data from publicly available sources such as public lists, registers, and indices (e.g., commercial register or trade-licence register) or social networks (e.g. Facebook, Linkedin, Instagram, Twiter, etc.).
    2. 7.2Another source of your personal data may also be cookies collected by the Company in connection with your activity on the website of the Company - please see our
      Cookie Notice
      for more information.
    3. 7.3If You are interested in the specific source of the processing of your personal data, You can contact us with such an enquiry.
  2. Legal grounds and purposes of processing of personal data
    1. 8.1We process your personal data on the basis of the following legal grounds: (i) for the reason of the performance of an agreement You have entered into with our Company, (ii) for the reason of the performance of a legal obligation imposed on the Company by legal regulations, (iii) for the reason of the legitimate interests of the Company, (iv) if You have given us your consent to process your personal data, then also on the basis of your consent, and (v) in exceptional situations, we may also process personal data to protect your vital interests or the vital interests of another natural person.
    2. 8.2We only process your personal data for the purposes stated in this Memorandum. If we process your personal data in the future for purposes other than those set out below, we will notify You immediately by updating this Memorandum or by other appropriate means.
    3. 8.3If You are interested in a specific legal title relating to the processing of your personal data, You may contact us with such an enquiry.
    4. A.Processing of personal data for the reason of the performance of an agreement between the Company and your person
    5. 8.4If You have entered into an agreement with us, the processing of your personal data is primarily based on this agreement (e.g. purchase agreement, lease agreement, agreement on the provision of services, internship agreement, etc.). Without the processing of your personal data, it would not be possible to enter into and subsequently perform the agreement.
    6. 8.5
      We process your personal data on the basis of this legal ground for the following purpose(s):
      • (a)
      • Contractual matters
        The purpose of contractual matters includes the processing of personal data for the purposes of entering into contractual relations with the Company, their amendment and termination (including pre-contractual negotiations), the fulfilment of rights and obligations under the agreement entered into, including keeping records of these contractual relations and related communication between You and the Company, etc.
    7. B.Processing of personal data for the reason of the fulfilment of a legal obligation
    8. 8.6We also process your personal data because we are required to do so by the relevant legal regulations, for example within the context of tax and accounting matters or archiving.
    9. 8.7
      We process your personal data on the basis of this legal ground for the following purposes:
      • (a)
      • Tax matters
        In this case, we are processing personal data for the purposes of tax matters, i.e. for the purposes of preparing, processing, and submitting tax returns, tax reports and other tax statements, communicating with the relevant state administration authorities, and fulfilling other obligations set out in tax regulations.
      • (b)
      • Accounting matters
        This case involves the processing of personal data for the purposes of maintaining accounting records and conducting accounting audits, fulfilling registration and record-keeping obligations, fulfilling reporting obligations, communicating with the relevant state authorities, and fulfilling other obligations set out in accounting regulations.
      • (c)
      • Complaint matters
        This case involves the processing of personal data for the purpose of handling complaints about the Company’s products and services and/or products and services supplied to the Company by third parties, related communication, and for the purpose of keeping records of complaints.
      • (d)
      • Archiving
        This case involves the processing of personal data for the purposes of fulfilling archiving obligations set out in the relevant legal regulations, in particular the Archives and Records Management Act, tax regulations, or accounting regulations.
      • (e)
      • Audits
        The processing of personal data to enable the Company to carry out statutory audits, e.g. accounting, tax, etc.
      • (f)
      • Cooperation with public authorities
        The processing of personal data for the purpose of providing mandatory information to public authorities, e.g. law enforcement authorities, financial administration, etc., if it forms part of the information we are required to provide to such authorities.
      • (g)
      • Activities of epidemiological significance
        In this case, it is the processing of personal data to ensure protection against threat or damage to the health of natural persons by infectious or other diseases (pursuant to Act No. 258/2000 Coll., on the Protection of Public Health and on the Change to Certain Related Acts, as amended) in the performance of activities of epidemiological significance (food production). For this purpose, it is necessary to monitor the entry of persons into the Company’s premises and identify these persons (name and surname, identity card).

        Further, it is the processing of your personal data for the purpose of creating a safe and health-safe working environment in the workplace and taking measures to prevent risks and create safe working conditions for You, as our employees, in connection with the spread of COVID-19 or other infectious or other diseases on the basis of the relevant legal regulations, in particular the Labour Code (cf. Section 101 et seq. of Act No. 262/2006 Coll., Labour Code, as amended, emergency measures of the Ministry of Health of the Czech Republic, resolutions of the Government of the Czech Republic, etc.). For this purpose, it is necessary, in particular, to carry out regular testing of employees and to comply with other obligations laid down by the relevant legal regulations in connection with the epidemic of COVID-19 or other diseases.
      • (h)
      • Prevention of major accidents
        In this case, the processing of personal data is for the purpose of complying with a legal obligation, i.e. compliance with the regime measures pursuant to Act No. 224/2015 Coll., on the Prevention of Major Accidents Caused by Selected Hazardous Chemical Substances or Chemical Mixtures and on the Change to Act No. 634/2004 Coll., on Administrative Fees, as amended (the Prevention of Major Accidents Act), and Decree No. 225/2015 Coll., on the Determination of the Scope of Security Measures for the Physical Protection of Facility Classified as Group A or Group B, to prepare a plan for the physical protection of a facility or installation, including the regime measures. For this purpose, the entry of persons into the Company’s premises has to be monitored, and these persons have to be clearly identified (name and surname, identity card, number plate number, and the reason for entry).
      • (i)
      • Exercise of shareholder rights
        In this case, the processing of personal data is for the purpose of complying with the Company’s legal obligations arising from Act No. 90/2012 Coll., on Business Corporations, as amended, in relation to the Company’s shareholders or their representatives (in particular, the maintenance of the list of shareholders, attendance at the General Meeting, exercise of rights and obligations at the General Meeting, payment of dividends, etc.).
    10. If You are a shareholder of the Company, for further information on the processing of personal data provided by shareholders of the Company, we would like to refer You to a separate document entitled “Information on Processing of Personal Data for Shareholders of Tereos TT, a.s.”, which is published on the website of the Company www.tereos-ttd.cz/en, under the tab “Information for shareholders”.
    11. C.Processing of personal data for the reason of legitimate interests
    12. 8.8We also process your personal data on the basis of legitimate interests of the Company; however, only on condition that your interests or fundamental rights and freedoms, requiring the protection of personal data, do not take precedence over these legitimate interests.
    13. 8.9
      We process your personal data on the basis of this legal ground for the following purposes:
      • (a)
      • Effective management and administration of the Company
        In this case, the processing of personal data is for the purposes of ensuring the effective management and administration of the Company and the business group to which the Company belongs, i.e. in particular for the purposes of organising and managing the Company, setting and implementing the Company’s objectives, ensuring administrative processes within the Company and fulfilling compliance obligations (i.e. ensuring that the Company’s activities and processes comply with requirements of legal regulations).

        On the basis of this legal ground, in order to effectively manage and evaluate the course of the individual sugar campaigns, we keep records of the movements and entrances/exits of drivers transporting beet to/from the Company’s premises using the GPS monitoring and the subsequent analysis of transport performance for the entire relevant sugar campaign.

        The legitimate interest of the Company in this case is the efficient operation of the Company.
      • (b)
      • Marketing and promotion
        This is the processing of personal data for the purposes of promotion of the Company, in particular the sending of PF and other greetings. This includes the processing of personal data for the purpose of storing audio and video recordings of your visits to the Company or events co-/organised by the Company and their subsequent use in the presentation of the Company on the Internet or within the Company; this includes events such as the Company’s GM, Field Days, Winter Schools, cultural and social events such as anniversary celebrations, tours to the Company’s production facilities, etc.

        The legitimate interest of the Company in this case is the Company’s interest in promoting the Company and increasing its reputation among the public.
      • (c)
      • Development of products and services, optimization of production technology
        In this case, it is the processing of personal data for the purposes of developing and improving the Company’s products and services, i.e. for the purposes of the preparation of expert opinions, studies, projects, analyses, etc.

        The legitimate interest of the Company is the Company’s interest in providing products and services at a level corresponding to the latest developments and technologies.
      • (d)
      • Communication and relations with business partners of the Company
        This concerns the processing of personal data for the purpose of communication with the Company’s business partners that does not directly relate to the performance of contractual obligations.

        This legitimate interest of the Company is the Company’s interest in good relations with its business partners.
      • (e)
      • GPS monitoring
        This means the processing of personal data on the basis of geographic monitoring, i.e. tracking the geographical position and movement (location) of your person for the purpose of monitoring the transport of beet in order to ensure the smooth supply of raw material input to the production premises (preventing traffic complications in the form of traffic jams, optimising the deployment of means of transport, optimising movement within the Company’s premises, etc.).

        The legitimate interest of the Company is the Company’s interest in ensuring the smooth running of the production facilities.
      • (f)
      • Protection of legal interests of the Company
        This matter concerns the processing of personal data in connection with the protection of the Company’s legal claims and legally protected interests, whether in cases where the Company asserts claims against You or third parties (e.g. an insurance company), or where the Company defends itself against claims asserted by You or third parties (e.g. an insurance company or an aggrieved person), whether out of court, in court, or by way of execution.

        The legitimate interest of the Company here is the Company’s interest in protecting its rights and interests, i.e. to enforce the Company’s claims and to ensure the Company’s defence against claims made against it.
      • (g)
      • Safety and security
        This is the processing of personal data for the purposes of ensuring security at the Company, including the health and safety of persons on the Company’s premises, IT and network security and the protection of the Company’s property and the property of others. For this purpose, the Company is equipped with security systems in the form of access registration to the Company’s premises and a security camera system.

        The Company also keeps records of access by persons (employees and visitors) to the Company’s premises for the purpose of:
        • ensuring the safety and security of the Company’s property and that of third parties;
        • ensuring the safety of the movement of both individuals as pedestrians and individuals as drivers within the Company’s premises, which are premises with increased traffic in combination with the existence and operation of a railway siding located within some of the Company’s premises;
        • ensuring the safety of life and health of persons with regard to the nature of the Company’s operations, which are operations with increased safety risks due to the fact that they are manufacturing plants with large technological units and storage facilities on the Company’s premises;
        • ensuring the protection of the life and health of both employees and other persons moving within the Company’s premises and persons entering the Company’s premises, as part of preventive health and safety measures against the spread of infectious diseases such as COVID-19, including ensuring that access is recorded in a non-contact manner so as to minimise contact when individuals enter and move about the Company’s premises.
      • The Company also operates a camera system that focuses on monitoring both outdoor and indoor areas. Within the indoor areas, the entrances to the buildings (gatehouses), warehouses, production and operational areas are monitored (not the areas where the rights of natural persons in the area could be interfered with). The legitimate interest of the Company in the operation of the CCTV system is to protect the property of the Company, or third parties who have their property there, and to ensure the safety of life and health of persons on the Company’s premises, as well as the interest of the Company in the proper investigation of possible violations. From a security point of view, it is necessary to be able to check that the stay on the Company’s premises is in accordance with the rules of safety and fire protection. The monitoring of outdoor areas is then focused on the monitoring of technological parts, as well as the areas on borders of the premises are monitored in order to monitor unauthorised access to the premises (fencing).

        The Company reiterates that certain safety and security obligations are also performed by the Company on the basis of legal regulations - in this context, we refer to article 8.7 letter (g) and (h) of this Memorandum.
      • (h)
      • Claims and insurance matters
        This means the processing of personal data for the purpose of providing (voluntary) insurance protection against insurance risks within the Company’s operations. In the case of claims (damage) management, this includes the processing of personal data for the purposes of and in connection with claims prevention, claims registration, and claims handling.

        The legitimate interest of the Company in this case is the interest in the proper handling of claims and insurance claims in which the Company is involved by virtue of its position as the responsible party, the person in whose favour the insurance claim is intended. The legitimate interest is to provide insurance protection against insurance risks in the operation and functioning of the Company.
      • (i)
      • Recruitment of new employees
        We process your personal data for the purposes of recruiting new employees of the Company (within selection procedures), i.e. receiving, processing, and recording CVs, selecting (screening) job applicants, conducting job interviews, evaluating job applicants, making offers of employment with the Company, and communicating with applicants throughout the recruitment process.

        The legitimate interest of the Company in this case is the recruitment of new employees for the Company; therefore, the efficient operation of the Company.
      • (j)
      • Database of jobseekers
        We also process your personal data for the purpose of maintaining the database (register) of jobseekers for the Company in which we record personal data on unsuccessful jobseekers for the Company who are likely to be offered a new job or participate in another selection procedure in the Company (e.g. because the Company establishes a new position identical or similar to the position for which the jobseeker originally applied, or because the position for which the jobseeker originally applied has subsequently become vacant).

        The legitimate interest of the Company in this case is the filling of current or future vacancies in the Company; therefore, the efficient operation of the Company.
    14. D.Processing of personal data on the basis of your consent
    15. 8.10We also process (may process) your personal data on the basis of your consent to the processing of your personal data if You provide us with your consent to the processing of your personal data. In such a case, we will then process the personal data concerned only for the purposes of processing the personal data for which You have given us your consent.
    16. 8.11We also process (may process) your personal data on the basis of your consent in the case of certain cookies. For more information on cookies, please see the
      Cookie Notice
      .
    17. 8.12The provision of your consent to the processing of your personal data is entirely voluntary, and You have the right to withdraw your consent to the processing of your personal data at any time.
  3. Recipients (categories of recipients) of personal data
    1. 9.1Your personal data will not be transferred to third parties, unless the transfer of such data is necessary in connection with the performance of the subject of an agreement entered into with You, on the basis of the performance of statutory obligations, or for the purpose of processing personal data, where such recipients are in the capacity of personal data processors, as set out in Schedule 1 to this Memorandum. In connection with the above-stated purposes, your personal data are only transferred to third parties, who are designated as recipients of personal data, only in the cases specified in this Memorandum. These are companies (or natural persons) with whom the Company cooperates either as its business partners or when using the services of these companies (or natural persons), or in the performance of its statutory obligations.
    2. 9.2These recipients of personal data can be divided into:
      • (a)
      • Recipients who are processors of personal data
        The processors of your personal data are third parties who are used by the Company for its own purposes and who thus process your personal data exclusively for the Company (e.g. legal advisors, software and IT system suppliers, recruitment agencies) and on the basis of an agreement on the processing of personal data.

        We select only those processors who provide sufficient guarantees to implement appropriate technical and organisational measures necessary for the purposes of ensuring the protection of your personal data.

        A written agreement on the processing of personal data is always entered into with processors the subject of which is the regulation of conditions of the processor’s involvement in the processing of your personal data, the regulation of the related obligations of the processors all with the aim of ensuring the appropriate protection of your personal data.
      • (b)
      • Recipients who are (independent) controllers of personal data
        These recipients have the status of independent controllers and process your personal data for their own purposes. These include, in particular, government authorities and, for example, the Company’s business partners (customers and suppliers).

        No separate agreement on the processing of your personal data is entered into with these recipients of your personal data, as they have the same obligations as the Company with regard to the processing of your personal data; therefore, they are liable for the processing of your personal data themselves.
    3. 9.3The overview of recipients (categories of recipients) to whom your personal data is provided by the Company can be found in Schedule 1 of this Memorandum.
  4. Transfer of personal data to third countries
    1. 10.1Your personal data is not transferred to third countries by default. As such, the transfer of your personal data to third countries only occurs (may occur) in exceptional cases where such transfer is strictly necessary in connection with the performance of an agreement we have entered into with You.
    2. 10.2We only transfer your personal data to third countries if one of the following conditions is met:
      • (a)
      • undern the condition that your personal data is transferred to a third country in respect of which an adequacy decision has been issued by the European Commission, i.e. a third country that the European Commission has assessed as safe for the protection of your personal data (the “Adequacy Decision”); or
      • (b)
      • if a third country concerned has not been subject to the Adequacy Decision by the European Commission, then:
        • under the condition that appropriate safeguards are provided by the recipient of your personal data (i.e. the person to whom your personal data is transferred) to protect your personal data, most commonly through “standard contractual clauses” approved by the European Commission which are entered into with the recipient concerned (the “Transfer Based on Appropriate Safeguards”); or (in the absence of such appropriate safeguards)
        • under the condition that (1) the transfer of your personal data to a third country is necessary for the performance of an agreement between the Company and You (in particular, an employment or other similar agreement), or (2) You have provided your express consent to the transfer.
  5. Storage period (processing) of personal data
    1. 11.1We process (store) your personal data only for the period of time that is necessary for the purposes of the processing of your personal data.
    2. 11.2In the case of the processing of your personal data on the basis of statutory obligations, we process your personal data for the period of time specified by legal regulations, in particular tax and accounting regulations.
    3. 11.3In the case of the performance of an agreement, we process your personal data for the duration of a contractual relationship between You and the Company and for the following 10 years after the termination of that contractual relationship, in particular with regard to any future claims against You or from You against the Company.
    4. 11.4In the case of our legitimate interest, we will process your personal data for a period of time determined according to the individual legitimate interests, taking into account the specific needs of the Company. Further information on the storage period of the personal data processed according to the specific purpose can be found in Schedule 2 of this Memorandum.
    5. 11.5If You have provided your consent to the processing of personal data, we will process your personal data for the period of time specified in that consent.
  6. Links to other websites
    1. 12.1In the event that links to websites operated by third parties are stated on the Company’s website, the third-party websites are completely independent and are completely outside of any control of the Company. As such, the Company is in no way liable for the content of any third party websites that You may access through links contained on the Company’s website; therefore, the Company is not liable for their content in any manner whatsoever, the compliance with the principles of the protection of personal data Privacy Policy, or their use.
  7. Use of plug-in modules for social media
    1. 13.1The Company’s website uses plug-in modules from various social media. A social media plug-in module is a button designed to share posts from the Company’s website with other users of that social media.
    2. 13.2We use the plug-in modules of the following social networks on our website.
      • (a)
      • Youtube
        (a) This plug-in module is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The plug-in module is marked with the YouTube logo. Information about the protection of personal data of the YouTube company can be found at www.youtube.com.
    3. 13.3The appearance and content of the browser plug-in modules is defined by the social media. The plug-in modules are automatically integrated into the website.
    4. 13.4If You visit one of the Company’s websites through one of these plug-in modules, your web browser (e.g. Internet Explorer) will automatically create a link to the server of that social media, regardless of whether You have used the plug-in module. Information that You have visited the Company’s website is then shared through this link.
    5. 13.5If You are logged into a social media site while visiting the Company’s website, the data transmitted will be associated with your user account on the social media. This also applies if You are using the plug-in module.

(E) Your rights

  1. General information
    1. 14.1This part of the Memorandum contains information on your rights in relation to the processing of personal data by or for the Company.
  2. Right to withdraw consent to processing of personal data
    1. 15.1If we process your personal data on the basis of your consent, You have the right to withdraw your consent to the processing of your personal data at any time in any manner stated in part (F) below.
    2. 15.2You may withdraw your consent in whole or in part in relation to only some of your personal data or only some of the purposes of processing.
  3. Right of access to personal data
    1. 16.1You have the right to obtain confirmation from the Company as to whether or not we are processing your personal data.
    2. 16.2If we do process your personal data, You have the right to access your personal data and the right to be provided with the information stated in this Memorandum.
    3. 16.3We will provide You with access to the personal data we process by providing You with a copy of the personal data we process. The provision of the first copy is free of charge. We may charge a reasonable fee (taking into account the administrative costs incurred) for providing further copies at your request.
    4. 16.4The above-stated confirmations, information, and copies will be provided to You by the Company in writing or electronically. However, if You make a request in electronic form, the confirmations, information, and copies will be provided to You in electronic form unless You request another manner.
  4. Right to rectification and completion of personal data
    1. 17.1You have the right to have inaccurate personal data concerning You rectified without undue delay. Considering the purposes of the processing, You also have the right to have incomplete personal data completed, including by providing an additional statement.
  5. Right to erasure (“right to be forgotten”)
    1. 18.1You have the right to have us erase your personal data without undue delay if:
      • (a)
      • your personal data is no longer necessary for the purposes for which it was collected or otherwise processed by the Company;
      • (b)
      • You withdraw your consent to processing if we are processing your personal data on the basis of your consent and at the same time if there is no other legal basis for the processing of your personal data;
      • (c)
      • You object to the processing of your personal data (for which see more in article 21 below) and at the same time there are no overriding legitimate grounds for processing;
      • (d)
      • the personal data has been unlawfully processed by us; or
      • (e)
      • your personal data must be erased in order to comply with a legal obligation imposed by applicable legal regulations to which we are bound.
    2. 18.2If You exercise the right to erasure, and the conditions for such erasure are met, we will erase your personal data without undue delay, unless we need your personal data to comply with a legal obligation, to establish, exercise or defend legal claims, or for archiving purposes.
    3. 18.3If your personal data has been disclosed, we will take reasonable steps, taking into account the technology available and the cost of implementation, including technical measures, to inform other data controllers who process personal data that You have requested that your personal data be erased.
  6. Right to restriction of processing
    1. 19.1You have the right to have us restrict the processing of your personal data in the following cases:
      • (a)
      • You dispute the accuracy of your personal data for the period necessary for us to verify the accuracy of the personal data;
      • (b)
      • the processing of your personal data is unlawful, and You refuse to erase your personal data and instead request that we restrict their use;
      • (c)
      • we no longer need your personal data for the purposes of the processing, but You require it for the establishment, exercise, or defence of your legal claims; or
      • (d)
      • You object to the processing (see article 21 below for more on this) for a period of time until it is verified that our legitimate grounds outweigh your legitimate grounds.
    2. 19.2In the event that the processing of your personal data is restricted on your request, your personal data, except for storage, may only be processed by the Company with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.
    3. 19.3In the event that the processing of your personal data is restricted at your request, we will inform You of the possible cancelation of the restriction of processing.
  7. Right to data portability
    1. 20.1You have the right to require us to transfer your personal data (which You have provided to us) to another controller (i.e. a company or individual that You designate), but only in the following cases:
      • (a)
      • the processing of your personal data is based on your consent or the performance of an agreement between the Company and You; and (at the same time)
      • (b)
      • the processing is carried out by the Company by automated means (i.e. not manually).
  8. Right to object
    1. 21.1You have the right to object to the processing of your personal data based on your legitimate interest at any time for reasons relating to your particular situation.
    2. 21.2If You object, we will not further process your personal data unless (a) we can demonstrate compelling legitimate grounds for such processing which override your interests or rights and freedoms, or (b) it is necessary for the establishment, exercise, or defence of legal claims.
    3. 21.3You also have the right to object to the processing of your personal data at any time; if You object, we will not continue to process your personal data in any case.
  9. Right to compensation for damage caused
    1. 22.1You have the right to compensation from the Company for any (material or non-material) damage caused to You by a breach of the Company’s obligations in the area of processing and protection of personal data, and the Company is obliged to compensate You for the damage suffered. The Company is also liable for any damage caused to You by processors to whom the Company has transferred your personal data.
  10. Right to lodge complaint with supervisory authority
    1. 23.1If You are in doubt about the lawful processing of your personal data, or if the Company does not comply with your request regarding your personal data, You have the right to contact the Office for Personal Data Protection as a supervisory authority in the field of personal data protection.
    2. 23.2You may contact the Office for Personal Data Protection with your complaint even without a prior request to the Company.
    3. 23.3If the Office for Personal Data Protection fails to respond to your complaint, or fails to address it at all, or fails to inform You within three (3) months of the progress of your complaint, You have the right to seek judicial protection against such action by the Office for Personal Data Protection.
  11. Right to judicial remedy
    1. 24.1If You are in doubt about the lawfulness of the processing of your personal data or if You discover a violation of your rights in connection with the processing of your personal data, You have the right to effective judicial remedy.

(F) Manner of exercising rights of data subjects and handling requests of data subjects

  1. Manner of exercising rights of data subjects
    1. 25.1You may make a request to the Company in respect of any of your rights in relation to the processing of personal data by the Company (the “Request(s)”) at:
  2. Handling of requests of data subjects
    1. 26.1
      Handling of Request free of charge

      Except as otherwise expressly stated in this Memorandum, the processing of your Requests and the taking of any subsequent measures will be free of charge.
    2. 26.2
      Particulars of Request

      It has to be clear from your Request that You are making the Request and what You are asking the Company to do. The Company may require You to be more specific about the Request or the reasons for it.
    3. 26.3
      Acceptance of Request of data subject

      If your Request is made (by email or a web form), its receipt will be acknowledged by the Company without undue delay, depending on the method of making the Request by email or other appropriate means.
    4. 26.4
      Manifestly unfounded or unreasonable Requests

      Manifestly unfounded or unreasonable Requests (in particular repetitive Requests) may be charged a reasonable fee (considering administrative costs) or rejected.
    5. 26.5
      Handling of Request of data subject

      Requests will be handled promptly and in any case within one (1) month of receipt of the Request.
    6. 26.6In exceptional cases (in particular with regard to the complexity or the number of all Requests being handled), this time limit may be extended for a maximum of two (2) additional months. We will inform You of any such exceptional extension of the time limit for processing the Request within one (1) month of the date of receipt of your Request, together with the reasons for such a delay.
    7. 26.7In the event of a rejection of your Request, we will inform You of this rejection and also inform You of the possibility to file a complaint with the Office for Personal Data Protection as a supervisory authority and seek judicial remedy (see also articles 23 and 24 of this Memorandum in this regard).

SHCEDULE 1
OVERVIEW OF RECIPIENTS (CATEGORIES OF RECIPIENTS)

RECIPIENTS (CATEGORIES OF RECIPIENTS)
Advisory services (e.g. law firms or consultants in the area of accounting and tax matters), namely KŠD LEGAL advokátní kancelář s.r.o., ID No.: 25711229, Deloitte Advisory s.r.o., ID No.: 27582167, PricewaterhouseCoopers Audit s.r.o., ID No.: 61063029
Suppliers of services in the area of HR matters, namely RB recruitment s.r.o., ID No.: 27784037, LMC s.r.o., ID No.: 26441381, Teamconsult s.r.o, ID No.: 48584321
Suppliers of services in the area of health protection:
MUDr. Radmila Hrušková, ID No.: 48683485
MUDr. Martin Borský s.r.o. - MUDr. Martin Borský, ID No.:24150037
MUDr. Jana Petrovičová - ID No.:2283841
MUDr. Vilém Vilém - praktický lékař s.r.o., MUDr. Vilém Vilém, ID No.: 3687317
Oblastní nemocnice Náchod a.s. - ordinace praktického lékaře, Mudr. Radovan Matoušek, ID No.: 26000202
Š - praktik s.r.o., POD VINICÍ 381 VYSOKÁ NAD LABEM, MUDr. Milan Ševčík / MUDr. Lenka Schillerová, ID No.: 27520838
MUDr. Milada Lenderová, ID No.: 48665754
Suppliers of services in the area of the protection of property and individuals (namely security agencies):
Kojetín: DIOL družstvo, ID No.: 00031551
Dobrovice and Mělník: D.I.SEVEN SERVICE s.r.o., ID No.: 27195571
České Meziříčí: BOS-PCO s.r.o., ID No.: 27476634
Chrudim: "Komplexní služby věřitelům" s.r.o., ID No.: 60466766
Suppliers of services in the area of information technology (hardware, software, connection to the Internet):
Asseco Solutions a.s., ID No.: 64949541, COMINFO, a.s., ID No.: 63482576, AUTOCONT a. s., ID No.: 04308697, CNW computer network s.r.o., ID No.: 25604082
Graphic and web design studios:
WebDoména s.r.o., ID No.: 27407225, Pep-in s.r.o., ID No.: 27551741, GARAMON, s.r.o., ID No.: 252 78 053, CITY-MB, s.r.o., ID No.: 264 40 148, Giant interactive s.r.o, ID No.: 27612821
Public authorities, e.g. tax authorities, courts, executors (bailiffs)
Banks and insurance companies, namely: Československá obchodní banka a.s. ID No.: 00001350, UniCredit Bank Czech Republic and Slovakia, a.s., ID No.: 64948242, COMMERZBANK Aktiengesellschaft, Prague branch, ID No.: 47610921, Citibank Europe plc, organizační složka, ID No.: 28198131, Komerční banka, a.s., ID No.: 45317054, Kooperativa pojišťovna, a.s., Vienna Insurance Group, ID No.: 47116617, Generali Česká pojišťovna a.s., ID No.: 45272956, UNIQA pojišťovna, a.s., ID No.: 49240480, and other.
Entities from the Tereos Group, namely Tereos France SA, Tereos Participations, Tereos Deutschland

SHCEDULE 2
STORAGE (PROCESSING) PERIOD OF PERSONAL DATA

LEGITIMATE INTEREST STORAGE (PROCESSING) PERIOD OF PERSONAL DATA
Effective management and administration of the Company for a period of 1 year after the collection of personal data;
Marketing and promotion for the duration of a contractual relationship and for 1 year after its termination; in other cases, for 1 year after the collection of personal data;
Development of products and services for the duration of a contractual relationship and for 1 year after its termination; in other cases, for 1 year after the collection of personal data;
Communication and relations with business partners of the Company for the duration of a contractual relationship and for 1 year after its termination; in other cases, for 1 year after the collection of personal data;
GPS monitoring for the duration of the relevant sugar campaign and for one month after the end of the campaign
Protection of legal interests of the Company for the duration of a contractual relationship and 10 years after the termination of a contractual relationship
Safety and security for a period of 1 week (CCTV) and a maximum of 12 weeks (other purposes of processing of personal data), or for the period of exercising the protection of the Company’s legal interests
Protection of health Personal data processed for health protection purposes are processed for a period of one month unless a different processing period is stipulated by the relevant legal regulations.
Claims and insurance matters for a period of 1 week, or for the duration of the exercise of the protection of the Company’s legal interests
Recruitment of new employees for the duration of a selection procedure
Database with jobseekers 6 months after the end of a selection procedure