Privacy policy

declaration of the company LabMediaServis s.r.o.
  • Document Issuer and Data Controller: LabMediaServis s.r.o., Company ID (IČ) 275 12 380, registered office at Národní 84, Pražské Předměstí, 551 01 Jaroměř, represented by Ing. Jan Krejčí and MVDr. Tomáš Krejčí, Managing Directors
  • Date of Issue: May 25, 2018
  • Last Update: September 12, 2022
  • Availability: This document has been published on the LMS website www.labmediaservis.cz, or is provided by LMS upon request.
  • Purpose of the document: In this document, clients, business partners, and customers (data subjects) of LabMediaServis s.r.o., Company ID 275 12 380, registered office at Národní 84, Pražské Předměstí, 551 01 Jaroměř (hereinafter referred to as "LMS") will find information pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "Regulation" or "GDPR"), which provides an overview of the processing of their personal data by LMS.

This specifically concerns information regarding the definition of categories of personal data, the purposes and legal bases of their processing, the retention period, sources of personal data, main processing principles, and also information about the rights of data subjects in connection with the processing of personal data by LMS.

In this INFORMATION ON THE PROCESSING OF PERSONAL DATA you will find, in particular, answers to the following questions:

  1. Does this declaration apply to you if you are a legal entity?
  2. What personal data do we process about you or your representatives, for how long, and why?
  3. Main principles of personal data processing
  4. Where do we obtain your personal data from and to whom do we transfer it?
  5. What are your rights in connection with the processing of personal data?

1. Does this declaration apply to you if you are a legal entity?

In this context, LMS would first like to remind you that personal data within the meaning of the relevant legislation, primarily enshrined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"), is always only the personal data of natural persons, not excluding the personal data of natural persons in business, or also the personal data of members of the so-called "liberal professions" (collectively also as self-employed persons).

If you are therefore a commercial company (e.g., Ltd., JSC, etc.) or another legal entity (e.g., a territorial self-governing unit, a contributory organization, etc.), then the personal data protection enshrined in the GDPR does not affect data relating to the legal entity (e.g., name, Company ID, registered office address, etc.). Personal data protection only applies to the personal data of specific natural persons who negotiate, communicate, etc., with us on behalf of your legal entity, typically persons who act on behalf of your company as representatives in contractual or technical matters (hereinafter referred to as "your representatives") and for whom we have contact details (e.g., first name, last name, e-mail, telephone contact, etc.).

If you are a legal entity, you undertake to familiarize your representatives with this INFORMATION ON THE PROCESSING OF PERSONAL DATA – LMS Declaration. If you are a natural person (regardless of whether you act towards LMS as an entrepreneur or a consumer), the protection of personal data under the GDPR applies to you.

2. What personal data do we process about you or your representatives, for how long, and why?

We would also like to assure you that we store your personal data only in a lawful manner and always in accordance with the GDPR, i.e., only and exclusively to the extent of the legal grounds regulated in Article 6(1) of the GDPR. LMS processes the personal data listed below about you or your representatives, only for the purposes, for the period, and according to the relevant legal basis, as specified for the individual personal data defined in the overview table below. The table is divided so that it is clear (i) what personal data of the respective data subject is involved, (ii) the purpose of the processing of the personal data by LMS, (iii) the legal basis for the processing of the personal data (reference to the GDPR) and also (iv) the retention period for which LMS stores the respective personal data.

OVERVIEW TABLE OF PERSONAL DATA PROCESSING BY LMS

Data Purpose Legal Basis Retention Period
Identification data (especially name, surname, title, address (registered office), Company ID, VAT ID, telephone contact, e-mail, handwritten signature, bank account) Business or other cooperation with LMS, based on a contractual relationship Performance of a contract (e.g., purchase contract or supply contract, cooperation agreement, etc.) (pursuant to Article 6(1)(b) GDPR) For the duration of the contractual relationship
Identification and contact data (especially name, surname, title, address (registered office), Company ID and VAT ID) Identification and contact data (especially name, surname, title, address (registered office), Company ID, VAT ID, telephone contact, e-mail, handwritten signature, bank account) Compliance with legal obligations arising mainly from Act No. 563/1991 Coll., on Accounting, and Act No. 235/2004 Coll., on Value Added Tax, as amended. Securing documentary and other evidence to protect the legal claims of LMS for potential out-of-court, judicial, administrative, enforcement, or criminal proceedings. Compliance with legal obligations (pursuant to Article 6(1)(c) GDPR) Legitimate interest (preventing damage to the property and reputation of LMS) (pursuant to Article 6(1)(f) GDPR) 10 years from the end of the relevant accounting period to which the accounting and tax documents containing personal data relate, pursuant to Act No. 235/2004 Coll., on Value Added Tax, as amended1. For the duration of the 10-year objective limitation period according to the provisions of Sections 629, 636, and 638 of Act No. 89/2012 Coll., the Civil Code, as amended, extended by a further 1 year with regard to the possible delay between the initiation of a lawsuit and the delivery of the statement of claim.
Contact data (especially e-mail, telephone contact) Sending information in connection with the business activities of LMS or for any other necessary communication regarding necessary matters related to the business activities of LMS Necessary communications related to the business activities of LMS (pursuant to Article 6(1)(a) GDPR) For the duration of the business relationship between LMS and the data subject

3. Main principles of personal data processing

When processing personal data, we always follow generally binding legal regulations and, in particular, comply with the GDPR. In this context, we would also like to assure you that we adhere to the binding principles applicable to the processing of personal data. These are mainly the principles of:

  • a) lawfulness, fairness, and transparency - this principle states that LMS, as a controller, must process personal data on the basis of at least one legal ground and transparently towards the data subject. You can familiarize yourself with the legal basis for processing your personal data in the overview table above in Article 2 of this document;
  • b) purpose limitation - it applies that LMS collects personal data only for specified, explicit, and legitimate purposes. LMS does not process personal data in a manner that is incompatible with these purposes. You can familiarize yourself with the purpose of processing your personal data in the overview table above in Article 2 of this document;
  • c) data minimization - LMS always ensures that the personal data it processes is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • d) accuracy - LMS ensures that the personal data it processes is kept specific and accurate;
  • e) storage limitation - we also ensure that personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. You can familiarize yourself with the retention period of your personal data in the overview table above in Article 2 of this document;
  • f) integrity and confidentiality - LMS always ensures proper technical and organizational security of the personal data it processes. In particular, we take care to properly secure and protect your personal data against unauthorized or unlawful processing.

4. Where do we obtain your personal data from and to whom do we transfer it?

LMS obtains personal data primarily directly from you, i.e., our clients, customers, or business partners, specifically within either mutual contractual relationships or during negotiations and communication regarding these contractual relationships. Thus, we obtain personal data mainly at the inception of a contractual relationship and furthermore, for example, during the administration of individual fulfillments arising from these contracts (e.g., partial orders, provision of specific goods or services, or other fulfillments arising from the respective contracts).

If you are our client as a legal entity, we obtain personal data about your representatives primarily directly from you (e.g., name, surname, e-mail, and telephone contact for your representatives in contractual matters, etc.), or in connection with the administration of individual fulfillments arising from these contracts (e.g., partial orders, provision of specific goods or services, or other fulfillments arising from the respective contracts). We also obtain some personal data about you from publicly available sources. This includes, for example, checking your identification data according to public registers (e.g., public register, trade register, or register of economic entities, etc.) or it may be information obtained by checking published bank accounts and the status of an (un)reliable VAT payer according to the VAT register.

We do not transfer your personal data to any third parties with the exception of:

  • a) Situations where the law requires it. In such a case, we transfer your personal data to state administration authorities, courts, and law enforcement agencies if they request it in accordance with relevant legal regulations;
  • b) Situations where we need to deliver a document or shipment to you. In such a case, we transfer your contact data to the extent necessary for the delivery of the document to the postal or delivery service provider;
  • c) Situations where we need to protect our own legal claims. In such a case, we transfer your personal data to contracted legal service providers (attorneys) and possibly also to public authorities with which we enforce our legal claims (especially courts and bailiff offices);
  • d) Situations where our databases with personal data are made available to external IT specialists, or external accountants, for example, during necessary service interventions or for the purpose of ensuring the processing of accounting administration, etc. In such a case, however, your personal data is made available to these entities only for the purpose of providing their services, specifically in the form of information databases in which the personal data is located. All external entities are contractually bound not to process the made-available personal data in any way.

5. What are your rights in connection with the processing of personal data?

The rights stated below belong to so-called data subjects2, i.e., partly to our customers, business partners, and clients who are natural persons, and partly, if you are a legal entity, to your representatives (all these persons collectively further referred to as the "data subject"). If you are a data subject, you have the following rights:

  • a) Right of access - you have the right to know what data we process about you, for what purposes, for how long, where we obtain the data from, and to whom we transfer it, and what your rights are. LMS fulfills the right of access through this document entitled "Declaration on the Processing of Personal Data". This right can be exercised pursuant to the provisions of Article 15 of the GDPR.
  • b) Right to rectification - you have the right to have us correct or complete your personal data if it is inaccurate or incomplete. This right can be exercised pursuant to the provisions of Article 16 of the GDPR.
  • c) Right to erasure (or also the "Right to be forgotten") - you have the right to have us erase your personal data without undue delay if one of the reasons under the provisions of Article 17(1) of the GDPR is met (e.g., the data is no longer necessary for the purposes for which it was collected) and at the same time there is no reason under the provisions of Article 17(3) of the GDPR that would justify the continuation of processing by LMS.
  • d) Right to restriction of processing - you have the right in certain cases to request that certain personal data of yours be marked and that this data not be subject to any further processing operations. However, unlike the right to erasure, this is a temporary restriction of processing, and not their permanent erasure. Cases in which this right can be exercised are enshrined in the provisions of Article 18 of the GDPR.
  • e) Right to data portability - you have the right to request that we transfer your personal data, which you have provided to us based on consent (pursuant to Article 6(1)(a) of the GDPR) or based on the performance of a contract (pursuant to Article 6(1)(b) of the GDPR), to you or directly to another personal data controller whom you communicate to us, in a structured, commonly used, and machine-readable format. However, this right only applies to personal data that we process automatically. Therefore, based on this right, we cannot always and under all circumstances transfer all data (e.g., handwritten signature).
  • f) Right to object - you have the right to object to the processing of your personal data, which occurs on the legal basis of our legitimate interest (see above). More information about the rights of the Personal Data Subject is available on the website of the supervisory authority, which is the Office for Personal Data Protection (https://www.uoou.cz/en/6-prava-subjektu-udaj/d-27276). In the case of an objection to processing, we will examine your objection, and if we find that we do not have compelling legitimate grounds justifying such processing, we will no longer process such personal data for the given purpose.
  • g) Right to lodge a complaint - the exercise of any of the aforementioned rights does not in any way affect your right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).

You can exercise any of the aforementioned rights with us free of charge electronically at the e-mail krejcovska@labmediaservis.cz, or in writing via a postal service provider to our registered office address. Please always state (i) the right you are exercising (e.g., the right to rectification), (ii) the reasons you base your right on (e.g., that we hold an incorrect Company ID for you), and (iii) what you are requesting (e.g., correction and stating the correct Company ID for your person).

In Jaroměř, on September 12, 2022, Ing. Jan Krejčí - Managing Director of LMS

1 A tax document must, according to the provisions of Section 29 (1) of Act No. 235/2004 Coll., on Value Added Tax, as amended, contain, inter alia: (a) the designation of the person carrying out the fulfillment, (b) the tax identification number of the person carrying out the fulfillment, (c) the designation of the person for whom the fulfillment is provided, (d) the tax identification number of the person for whom the fulfillment is provided. According to the provisions of Section 29 (4) of Act No. 235/2004 Coll., on Value Added Tax, as amended, designation means (i) business name or name, (ii) addition to the name, and (iii) registered office.

2 A data subject according to the provisions of Article 4(1) of the GDPR means an identified or identifiable natural person.

By using this site you agree to the use of cookies. Find out more.