The Company, Synergy Reinsurance Services, a.s., Identification Number: 28262573, Identification Number: 48391301, with its registered office at Ovocný trh 573/12, 110 00, Prague 1, registered in the Commercial Register administered by the Municipal Court in Prague reference no.14356 (hereinafter referred to as “the Company”) in connection with the activities it performs, collects personal data about certain natural persons. These persons can be both its employees and its customers, suppliers and business partners of suppliers, and other persons with whom the Company is in a particular relationship or with whom it communicates. These General Data Protection Terms (hereinafter referred to as “Terms”) describe how the processing of personal data is processed within the Company. These Terms ensure that the processing of such personal data is in accordance with generally binding legal regulations, in particular the Regulation of the European Parliament and of the European Council No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repealing of Directive 95/46/ES (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), so that the rights of data subjects are adequately protected.
These Terms affect all personal data processed by the Company, regardless the purpose or legal title (legal reason) in how the data is processed.
Questions regarding the processing of personal data may be addressed to the Company address: Ovocný trh 573/12, 110 00 Praha 1.
What principles do we apply to the processing of personal data?
The Company processes accurate and up-to-date personal data on the basis of provisions set by the Regulation in a correct and transparent manner only for specific, explicit and legitimate purposes to the minimum necessary extent, stores them in a form ensuring the identification of the data subjects only for the necessary period relating to their purpose, and ensures integrity and confidentiality through appropriate technical or organisational measures and appropriate security against unauthorised or illegal processing and against accidental loss, destruction or damage.
The Company ensures that inaccurate data is deleted or corrected without delay considering the purpose for which it is processed.
All activities relating to personal data and protection thereof are duly documented by the Company, in particular by maintaining records of such processing activities and other documents related to the processing of personal data in order to meet the liability principle under the Regulation. The Company cooperates with the Supervisory Authority, in particular the General Data Protection Authority, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: email@example.com, tel.: +420 234 665 111.
For what purpose do we process personal data?
Prior to any processing of personal data, the Company determines the purpose for which it processes personal data. Such a purpose is typically the conclusion of a contract (including negotiation of a contract) or the performance of a customer contract, the management of the employee portfolio, contacting potential customers for the purpose of products offers, etc.
The purpose for which a subject’s personal data is processed shall be advised individually to the data subject within the information communicated by the Company. The processing of personal data is performed exclusively for the entire period and in order to achieve a predetermined purpose.
Once the purpose for such processing is realised, the Company erases personal data in accordance with the principle of data minimisation (reasonable and relevant and limited to the extent necessary for the purpose of processing) and storage limitation if it is not necessary to store it for another purpose.
What personal data do we process?
The Company processes personal data only to the extent necessary to meet a specified purpose. Which specific personal data about a given data subject is processed for a given purpose shall be advised individually to the data subject within the information communicated by the Company.
On what grounds do we process personal data?
The Company processes personal data always on the basis of one of the provisions listed in the Article 6 of the Regulation (lawfulness of processing). The most frequently applied of those provisions by the Company are:
- the conclusion or the performance of a contract in which the contracting party is a data subject, or the implementation of measures taken before the conclusion of a contract at the request of a data subject
- the performance of a legal obligation to which the Company is subject to as an Administrator
- a legitimate interest of the Company or a third party that prevails over the interests and fundamental rights and freedoms of a data subject for the protection of personal data
- or the consent of a data subject to the processing of its personal data
The specific grounds on which the personal data of a data subject is processed shall be advised individually to the data subject within the information communicated by the Company
Legitimate interest of the Company
The Company’s legitimate interest is determined by the Company. Before processing personal data according to such legitimate interests, the Company will compare these interests with the legitimate interests and fundamental rights and freedoms of the data subjects whose personal data are processed by the so-called balance test.
If the Company finds, based on the results of a balance test, that the personal data of the data subject can be processed on the lawful grounds of legitimate interest, it always informs the data subject about this fact (i.e. it processes data based on legitimate interest) within the data subject’s information and informs the data subject of those specific legitimate interests.
If the lawful grounds for processing the personal data of a data subject is the legitimate interest of the Company, the data subject is entitled to object and request the erasure of such personal data (as more fully detailed within the information that the Company individually communicates with a data subject). The data subject is informed about these rights within the information that the Company individually communicates to the data subject no later than at the time of the first communication of the Company with the data subject.
The Company processes personal data based on a legitimate interest, such as fraud prevention, property protection, pursuing legal claims, disseminating information within the group for administrative purposes, direct marketing (if the Company processes personal data for the purposes of a contract to which the data subject is a contracting party, it is entitled to inform the subject about such goods or services and to send the commercial information to the e-mail address of the data subject).
Consent to the processing of personal data
The consent of a data subject to the processing of its personal data can be granted for one or more specific purposes – this is used by the Company only in those cases where it is not authorised to process personal data based other lawful grounds.
The consent of a data subject to the processing of its personal data is used by the Company in particular when handling a so-called special category of personal data (health status data), when disseminating personal data among companies within a group such as the RENOMIA GROUP, and alike.
The subject can withdraw consent at any time to the processing of personal data. If the data subject withdraws consent to such processing, this does not mean that the processing of personal data prior to such a withdrawal is unlawful - withdrawal of consent has no retrospective effect and the processing of personal data resulting from such consent prior to such withdrawal is unaffected. The data subject is informed about this fact before expressing consent to the processing of personal data.
How do we process personal data?
Personal data is processed most frequently in electronic form in a non-automated manner (in particular, the personal data of customers and suppliers) as well as in a printed form in a non-automated manner (especially labour law documentation). The Company accepts the technical and organisational measures for the protection of personal data as described in the Company's Terms and Internal Regulations and personal data is always sufficiently secured and protected against unauthorised disclosure - for details, see Article 10 of the Terms.
How long do we process personal data?
Personal data will be processed only for the time required to meet the purpose of personal data processing, which is determined individually and the length of which is also individually reported to the data subject. Except for such a period, the Company is authorised to process the personal data of the data subject for the period determined by special legislation or for the period required to enforce the Company's rights against the data subject. The specific time period during which the data subject's personal data will be processed shall be advised individually to the data subject within the information communicated by the Company.
Once the purpose of personal data processing is achieved and the Company no longer has any other purpose for which it is authorised to process the data, the Company shall delete the personal data. In the case of personal data processed on the basis of the data subject's consent, the Company shall also delete personal data if the data subject withdraws its consent to the processing of personal data. If personal data is processed based on a legitimate interest, and the data subject objects against such processing and there are no prevailing legitimate reasons for such processing, the Company will also delete that personal data after being duly informed by the data subject.
What rights does a data subject have?
Each data subject has the following rights:
- Right to information
- Right to personal data access
- Right to correction
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object
- Right not to be subject to a decision based solely on automated individual decision-making, including profiling
- Right to make a complaint to the General Data Protection Authority or another relevant supervisory authority in connection with personal data processing.
Where and how to make a claim of data subject?
The possibility of exercising the rights (where and how) referred to in (1) to (8) above, shall be advised individually to the data subject within the information communicated by the Company. The provisions of Articles (8) and (9) can the subject of a claim by the General Data Protection Authority via:
- by e-mail firstname.lastname@example.org
- via data box ID: qkbaa2n
- by phone +420 234 665 111
- in writing at Pplk. Sochora 27, 170 00 Praha 7
or other relevant supervisory authority for personal data processing.
Under which conditions do we pass on the personal data?
Personal data may be processed by the Company as an administrator, directly by its employees or through third parties (hereinafter referred to as the "Processor" or "Processors"). The Company has concluded with each Processor a contract for the processing of personal data and has also concluded a contract for the processing of personal data with parties to whom the Company acts as a Processor.
With whom and to what extent such information is passed on shall be advised individually to the data subject within the information communicated by the Company. The Processors have provided the Company with sufficient guarantees to implement appropriate technical and organisational measures so that processing complies with the requirements of the Regulation and ensures the protection of the rights of the data subjects.
The Company is not remunerated to disseminate personal data to third parties. Personal data may be transmitted to third-member countries outside the European Union and the European Economic Area. To whom and to what extent such information is transmitted to third-member countries outside the European Union and the European Economic Area transmitted shall be advised individually to the data subject within the information communicated by the Company.
How do we secure personal data?
Taking into account state of technology, implementation costs, the nature, scope, context and purposes of processing, as well as the possible and various serious risks to the rights and freedoms of natural persons, the Company has put in place appropriate technical and organisational measures to ensure the level of security of personal data corresponding to a particular risk, especially accidental or illegal destruction, loss, alteration, unauthorised access to transmitted, stored or otherwise processed personal data or unauthorised access thereto. The specific measures introduced by the Company shall be advised individually to the data subject within the information communicated by the Company.
Documents for downloadReporting a privacy violation
Data subject's request