Privacy notice

Information to be Provided

1. Identity and contact details of the controller and, where applicable, of the controller’s representative

In the context of managing business partners of GS Caltex Czech, s.r.o. with its seat at name, e-mail, cell phone number, company’s phone number, company’s name, Vehicle number : Business partners’ and visitor’s Personal Data registered in the systems(mail server,  ERP, CCTV etc.) Register maintained by GS Caltex Czech, s.r.o. (the “Company”), the Company (serving in a capacity of the Data Controller) will Process Personal Data about you, in both paper and electronic format.This Notice may be complemented by additional notices and policies, namely the ‘Data Protection Policy’, which provides more detailed information about particular processing activities. 

2. Contact details of the data protection officer, where applicable

If you have any questions about how your information is being used you can contact GS Caltex Czech, s.r.o. Data Protection Officer at : – Name : Bc. OttoKukula – e-mail : – phone : +420-601-571-151 – address : Bohumínská 455/20, Staré Město, 733 01 Karviná Czech Republic 

3. The purposes and legal basis of the processing

The Company processes the below categories of Personal Data for the following Purposes, based on the Legal Bases listed here of Where applicable, we will point out, at the time of the data collection, if the provision of the Personal Data is a statutory or contractual requirement and whether you are obliged to provide the Personal Data and the possible consequences of failure to provide such data.
3.1 Managing the Company’s legitimate business partners and visitors The Categories of Personal Data that the Company processes about you, for this purpose, are the following:  – name, e-mail, cell phone number, company’s phone number, company’s name   (Information similar to the content of a business card) – visitor’s vehicle number – CCTV image The Company processes the above Personal Data to business cooperation, communication between business stakeholders, business Information exchange and register, manage restricted area access and monitoring for safety or management purposes, physical security.The Company uses different legal grounds as a basis for the data processing, namely:  – Legitimate Interests as set out above  – Performance of the contract or the implementation of pre-contractual measures 

4. The legitimate interests pursued by a third party

As a company/organisation, you often need to process personal data in order to carry out tasks related to your business activities. The processing of personal data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with an individual. In such cases, processing of personal data can be justified on grounds of legitimate interest. The company has a legitimate interest when the processing takes place within a client relationship, to prevent fraud or to ensure the network and information security of your IT systems. 

5. The recipients, or categories of recipients, of the data

Personal Data may be shared with GS Caltex HQ or with third parties. 5.1 Company’s Global Network  The Company will need to share Personal Data about you with ‘GS Caltex HQ’, depending on the purposes of the legal processing described in Article 3 of this Notice, including staff members from IT, Accounting, Legal/Compliance, security and Business related team. The business related employees, office managers of ‘GS Caltex HQ’ have access to information about you contained in the business e-mail.  5.2 Third Parties  The Company may also share Personal Data in the following :  – system maintenance staff that are engaged to ‘Exasoft’, ‘Albatross’ IT system operation and management – register and manage restricted area access staff that are engaged to ‘Central Group’ In all such cases, the Company will put in place appropriate contracts with these parties to ensure that they only process Personal Data in accordance with our instructions and in order to provide these services and protect the integrity and confidentiality of the Personal Data. For the purposes set out in Article 3 of this Notice, the Company may also disclose Data Subject’s Personal Data to its auditors, lawyers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are themselves responsible to determine the purposes and means of the processing and for the lawfulness of the processing. 

6. Give details of any planned transfers of personal data to a third country or international organisation

6.1 Intra-Group Due to the global nature of our operations, some of the recipients mentioned in Section 5 may be located in countries outside the European Union(EU)/European Economic Area (EEA), which do not provide an adequate level of data protection.  International transfers will be to countries where ‘GS Caltex HQ’ in Korea. The transfer of your Personal Data outside the EU/EEA takes place on the basis of standard data protection clauses adopted by the European Commission and in accordance with applicable law. You may ask DPO for a copy of the above document. 6.2 Third Parties Some of the third parties with whom we share Personal Data are also located outside the EU/EEA. Transfers to third parties located in other third countries outside the EU/EEA take place using an acceptable data transfer mechanism, such as the EU Standard Contractual Clauses or in exceptional circumstances on the basis of permissible statutory derogations.  Please contact DPO if you want to receive further information or, where available, a copy of the relevant data transfer mechanism. 

7. How long will the personal data be stored for (or the criteria used to determine that period)?

The Company retains your Personal Data for the period necessary to fulfil the purposes set out in this Notice or as required by applicable country specific applicable law, and, when the purposes are fulfilled, will delete or anonymize the Personal Data. 

8. Data subject’s rights

8.1 Access You have the right to obtain from us confirmation if personal data is being processed, the purpose of processing, the categories of data, the legal basis of the processing, information on recipients of the data and the non-EU countries in which they are located, the safeguards put in place for the transfer of data to non-EU countries, storage period of data or criteria to determine it, further information on your rights, our processing activities, sources of information and the significant and envisaged consequences of processing.  8.2 Rectification  You have the right the request the rectification of inaccurate personal data and to have incomplete data completed.  8.3 Erasure You may request to erase your personal data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal ground for the processing exists, you objected and no overriding legitimate grounds for the processing exist, pro processing Is unlawful, or erasure is required to comply with a legal obligation. 8.4 Portability You may receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transfer it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means. 8.5 Restriction You may request to restrict processing of your personal data if (i) you contest the accuracy of it – for a period we need to verify your request; (ii) the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to processing based on public or legitimate interest – for a period we need to verify your request.  8.6 Objection You have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. 

9. Describe the data subject’s rights to withdraw consent at any time

Please note that in case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred based on our legitimate interest and prior to the withdrawal of your consent will not be affected.* Applies only to cases where consent is obtained 

10. Detail the data subject’s right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a supervisory authority, in particular in EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred. – The Office for Personal Data Protection(UOOU) : +420-234-665-111 

11. Is the personal data a statutory or contractual requirement and are they obliged to provide it?

The Company may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations.* Applicable only if applicable based on statutory basis 

12. Will the personal data be subject to automated processing, including profiling? If so describe the logic and potential consequences involved

The Company does not process your Personal Data by automated decision-making, including profiling. 

13. Effective Data

This policy is effective as of 25th May 2018.