The controller of personal data is the company GS Caltex Czech, s.r.o., with its registered office at Bohumínská 455/20, 733 01 Karviná, IČO 24124818, registered in the commercial register kept at the Regional Court in Ostrava, section C, file 37868 (hereinafter referred to as the “Company”).
If you have any questions about how your information is being used you can contact our Data Protection Officer: Bc. Otto Kukula, e-mail: kukula@gscaltex.cz, phone: +420 601 571 151.
The company processes the categories of personal data listed below for the following purposes based on the legal bases listed here. If necessary, when collecting data, we will notify you whether the provision of personal data is a legal or contractual requirement and whether you are obliged to provide personal data and what are the possible consequences of not providing this data.
Administration of the Company’s authorized business partners and visitors. The categories of personal data that the Company processes about you for this purpose are the following: name, e-mail, mobile phone number, company phone number, company name (information similar to the content of a business card), visitor’s vehicle number, camera image. The company processes the above personal data for the purpose of business cooperation, communication between business partners, exchange of business information and records, management of limited access to premises and monitoring for security or management purposes, physical security. The company uses various legal reasons as a basis for data processing, namely: the right to protect personal data, legitimate interests, performance of a contract or implementation of pre-contractual measures.
A company often needs to process personal data in order to carry out business-related tasks. The processing of personal data in this context is not necessarily justified by a legal obligation or carried out for the purpose of fulfilling the terms of a contract with an individual. In such cases, the processing of personal data may be justified by a legitimate interest. The company has a legitimate interest if the processing takes place within the framework of the relationship with the client, for the purpose of preventing fraud or ensuring the security of the network and information of IT systems.
Personal data may be shared with GS Caltex headquarters or with third parties.
The Company’s global network will need to share your personal data with “GS Caltex HQ” depending on the purposes of lawful processing, including IT, accounting, legal/compliance, security and business-related staff. Business related employees, office managers of “GS Caltex HQ” have access to information about you in business email.
The company may also share personal data in the following cases: system maintenance personnel who are hired to operate and manage the IT system “Exasoft”, “Albatros”, registration and restricted area access management personnel who are hired to “Central Group”. In all such cases, the Company will establish appropriate agreements with these parties to ensure that they process personal data only in accordance with our instructions and for the purpose of providing these services and protecting the integrity and confidentiality of personal data. The Company may also disclose the Personal Data of the Data Subject to its auditors, lawyers, consultants, law enforcement authorities and other public authorities (e.g. tax administration and social security authorities), police, prosecutors, courts and tribunals. All these recipients are themselves responsible for determining the purposes and means of processing and for the legality of processing.
Due to the global nature of our operations, some named recipients may be located in countries outside the European Union (EU)/European Economic Area (EEA) that do not provide an adequate level of data protection. International transmissions will take place to countries where “GS Caltex HQ” is located in Korea. The transfer of your personal data outside the EU/EEA takes place on the basis of standard clauses on data protection adopted by the European Commission and in accordance with applicable legal regulations. You can ask the DPO for a copy of the above document.
Some of the third parties with whom we share personal data are also located outside the EU/EEA. Transfers to third parties located in other third countries outside the EU/EEA take place using an acceptable data transfer mechanism such as EU Standard Contractual Clauses or in exceptional circumstances based on permissible statutory exceptions. If you wish to obtain further information or a copy of the relevant data transfer mechanism, if available, please contact the DPO.
The company stores your personal data for the period necessary to fulfill the purposes stated in this notice or according to the requirements of the applicable legal regulations of individual countries, and after the fulfillment of these purposes, the personal data will be deleted or anonymized.
You have the right to receive confirmation from us as to whether personal data is being processed, the purpose of processing, the category of data, the legal basis of processing, information about the recipients of the data and the non-EU countries in which they are located, the safeguards in place for the transfer of data to non-EU countries, the period of data retention or criteria for its determination, further information about your rights, our processing activities, sources of information and significant and anticipated consequences of processing.
You have the right to object to the processing of your personal data for serious and legitimate reasons relating to your specific situation, except in cases where legal regulations expressly provide for such processing.
Please note that if we ask you for consent to processing, you can refuse consent and you can withdraw it at any time without any negative consequences. The lawfulness of any processing of your personal data, which took place on the basis of our legitimate interest and before the withdrawal of your consent, will not be affected. It only applies where consent is obtained.
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where you live, work or where the problem that is the subject of the complaint occurred. – Office for the Protection of Personal Data (ÚOOÚ): +420 234 665 111.
The Company may be required to share personal information with statutory or regulatory authorities and organizations in order to comply with legal obligations.
The company does not process your personal data through automated decision-making, including profiling.
25th May 2018