Personal data protection

in accordance with Act No 101/2000 on the protection of personal data, in conjunction with Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

(General Data Protection Regulation)hereinafter referred to as the “Regulation” or the “GDPR” drawn up by the personal data controller:

M I L P E X s.r.o., registered office in Hradci Králové, Piletice 55,represented by its Company Secretary, Mr. Miloš Půlpán, company registration number: 48172600, VAT registration number: CZ48172600 registered in the Companies Register held at the Regional Court in Hradec Kralove, Section C, Insert 3852.,hereinafter referred to as the “Controller”

Article 1

In the processing of personal data, we always act in such a way that does not prejudice the data subject’s rights, in particular the right to the preservation of human dignity and the right to protection from unauthorised interference with private and personal life.We do not engage in information society service activities directly for children. If you are under 16 years of age, please email us at: info@milpex.cz.This statement is intended for customers over the age of 16.

Article 2

As the Controller of your personal data, we hereby inform you that we only accept your data for the purposes of contractual performance, statutory business and accounting records, the safeguarding of our and your rights deriving from the transaction we have entered into together, and for commercial and marketing purposes.We process your personal data only for ourselves. We will not disclose it to anyone for further use or pass it on to other recipients, except where we are required to do so by law. We do not transmit this data beyond the Czech Republic or to international organisations. For our internal requirements, the data may be accessed by data processors, i.e. accountants, tax advisers in the course of accounting checks, carriers, and IT service processors. We have personal data protection agreements with these entities.If you enter into business relations with us, the disclosure of solicited data is required, otherwise it would be impossible to carry out the transaction and register it for tax purposes. If you provide us with your personal data for non-business purposes, e.g. in order to become a subscriber so that you receive information, the disclosure of personal data is voluntary.We do not collect or process any sensitive personal data or special categories of personal data within the meaning of GDPR.

Article 3

We process your data electronically in our company information system.We strive to work only with the precise personal data we have obtained. Please keep your personal data updated. If the personal data processed is not accurate, appropriate action will be taken.We undertake to collect personal data consistent only with the stated intended purpose and insofar as is strictly necessary. We do not collect or process personal data for other purposes.We collect personal data only for our own needs, for the aforementioned purposes and in an open manner. We undertake not to collect data for other purposes and not to pool personal data obtained for different purposes.We will process your personal data only with your consent, in the absence of which we may process such data in keeping with the terms and conditions of the GDPR.

Article 4

Consent to the processing of personal data is granted indefinitely.We use personal data to offer business or services to the data subject. If you express your objection to the processing of this data, we will cease such processing. Your objection to data processing must be expressed in writing.In the processing of your personal data, we will not take decisions resulting in interference with your legal and legally protected interests.

Article 5

Obligations in the safeguarding of personal dataWe take measures to prevent unauthorised or accidental access to your personal data, and any other misuse of personal data. We continually assess risks and try to prevent them in the action we take. No unauthorised person has access to our systems. Action is taken to prevent the unauthorised reading, creation, copying, transmission, alteration or deletion of records containing personal data. We control how your data is handled.

Article 6

Anyone who finds or believes that we are processing their personal data in a way that runs counter to the protection thereof may ask for an explanation and request corrective action. This may entail the blocking, correction, supplementation or disposal of personal data. If your request is considered justified, we will honour it.

Article 7

In addition to the above, please note the following information:

• personal data used for business purposes is stored indefinitely;

• you have the right to request access to and the rectification or erasure of personal data concerning you, or a restriction in the processing thereof, and to object to processing; you also have the right to data portability;

• you have right to withdraw consent to processing at any time, without prejudice to the lawfulness of processing based on consent before its withdrawal;

• you have the right to lodge a complaint with a supervisory authority;

• the disclosure of data is a contractual requirement; records and processing are also subject to legal requirements;

• we do not engage in automated decision-making or profiling;

• we do not process data for any purpose other than that for which it is collected;

• we process information provided by the data subject and obtained in the course of our business activity.

Article 8

Controller’s contact details:

contact details for the protection of personal data: info@milpex.cz

and our personal data protection representative is Jiří Bartáček.