Here at Pulsar we care about the protection of your personal data. Therefore, we process all your personal data in accordance with all applicable data protection regulations, such as the Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation) (“GDPR”), as well as with applicable local laws, such as Act No. 101/2000 Coll. on personal data protection, as amended, for Czech Republic and Act No. 18/2018 Coll. on personal data protection, as amended, for Slovak Republic.
1. WHO WE ARE AND HOW CAN YOU CONTACT US
This is us:
- Pulsar Expo s.r.o., with its registered seat at Biskupský dvůr 2095/8, Nové Město, 110 00 Praha 1, Czech Republic, ID No.: 285 02 094, registered in the Commercial Register maintained by the Municipal Court in Prague, under the File No. C 146264 (“Pulsar CZ”); and
- Pulsar Expo s.r.o. operating in the Slovak Republic through its branch Pulsar Expo s.r.o. organizačná zložka with its registered seat at Zámocká 30, 811 01 Bratislava, Slovak Republic, ID No.: 51 286 688, registered in the Commercial Register maintained by the District Court Bratislava I, Section: Po, Insert No. 4498/B (“Pulsar SK”).
2. Which personal data we process
During provision of our services, we process different kinds of information, which can be generally divided into the following categories:
(a) Identification data
Identification data includes information such as name, surname, title, date of birth, address of permanent or temporary residence, ID and signature;
(b) Contact details
Contact details includes information such as phone number and e-mail address;
(c) Work-related data
Work-related data includes information such as position or function, department and identification details of employer / represented legal entity.
(d) Billing information
Billing information data includes information such as address, bank details (IBAN, BIC, SWIFT) and tax identification data (TIN, VAT)
(e) Information about the services provided
Information on the services provided includes information such as purchased goods or services, order and payment history and other data resulting from provision of goods and services to our customers;
(f) CCTV records
Our CCTV records include image and sound recordings of people, objects, events, and they allow us to monitor the security of our personnel and assets;
(g) Data included in communication
Data included in the communication includes primarily the personal data provided to us during our communication, but also its content, such as the content of an email, order or sent message.
(h) Data concerning job applications
Data concerning job applications includes mainly the information provided to us by a job applicant during the recruitment process, e.g. the data in CVs or cover letters.
3. How and why we process personal data
The personal data of our customers, potential customers and their employees, statutory representatives, authorized or contact persons and other persons, with whom we get in touch during the provision of our services (e.g. visitors or the public), is collected and used always for the stipulated purposes and in accordance with the applicable laws, especially for:
(a) Providing our services and customer service
In order to properly perform our services, we may, in particular, process identification data, contact details, work-related data, billing data, data about the services provided and data included in communication. We process this data based on the contract we have with the customer (or a legal entity he or she represents) and our legitimate interests to properly perform our services. We may also process this data for our “Know Your Customer” purposes based on our legitimate interests and related legal regulations. In this case, the provision of personal data may be a contractual requirement, and failure to do so would prevent us from properly performing the contract with the customer.
(b) Establishing, maintaining and strengthening our business relationships
In order to establish, maintain and strengthen our business relationships and contacts with our customers and potential customers, we may process identification and contact details of customers or potential customer as well as identification details, contact details and work-related details of their statutory representatives, authorized or contact persons (e.g. for sending newsletter, greetings, gifts, commercial and as well non-commercial offers). We process this information based on our pre-contractual relationships and our legitimate interests for direct marketing. The provision of personal data in this case is not a statutory nor a contractual obligation and the failure to provide it has no adverse consequences for the person concerned. In case you are interested to enter into contract with us, providing personal data may be a precontractual requirement.
(c) Contracts with suppliers
In order to conclude and fulfil various contracts with our suppliers, we may, in particular, process identification data, contact details, work-related data, billing data, data about the services provided and data included in communication. We process this data based on the contract we have with the supplier and our legitimate interests to properly perform the supplier contracts. In this case, the provision of personal data may be a contractual requirement, and failure to do so would prevent us from properly performing the contract with a supplier.
(d) Know-your-customer procedures
In order to provide our services in compliance with various anti-money laundering, anti-corruption and other national or international regulations as well as to verify and vet our potential and current distributors, dealers or agents we may process your identification and contact details. We process this data based on our legitimate interests for statutory compliance and reliability of our business partners. In this case, the provision of personal data is not a statutory nor a contractual obligation, but failure to do so may prevent us from concluding a contract with you, or result in termination of the existing contract.
(e) Visitation logs
We appreciate your interest in using our services or cooperating with us and we are always looking forward to each meeting in our premises. For the purpose of safe and trouble-free movement inside our premises, we may process our visitors’ identification and contact details in our visitation logs. We process this data based on our legitimate interests for safety of our personnel, assets and visitors. The provision of personal data in this case is not a statutory nor a contractual obligation, but failure to do so may result in denial of access to our premises.
(f) Monitoring of our premises
In order to prevent or detect crime, protect our property and to ensure your safety, we use CCTV systems in our premises that may record premises you are visiting at Pulsar SK. You are informed about site monitoring by the appropriate pictogram with reference / QR code referring to these rules. We process this data based on our legitimate interests for the purposes mentioned above. The provision of personal data in this case is not a statutory or contractual obligation, but failure to do so may result in a denial of access to our premises.
(g) Received and sent mail
We record our received and sent mail, while processing the identification data, contact details and data included in the communications of recipients and correspondents. We process this data based on our legitimate interests for Pulsar CZ or pursuant to the Act No 395/2002 Coll. on Archives and Registers, as amended for Pulsar SK. The provision of personal data may be a legal obligation in this case, and failure to do so would prevent us from fulfilling it.
(h) Court and administrative proceedings
In order to protect and enforce our rights and legal interests in court or in administrative proceedings we may process all of the abovementioned types of personal data. We may process this data in course of court or administrative proceedings based on our legal obligation under legal regulations concerning these proceedings. The provision of personal data in this case is a statutory obligation and failure to do so would prevent us from fulfilling it.
(i) Internal administrative purposes
In order to effectively perform our services and manage our resources, we may, process all of the above-mentioned types of personal data and share them within the other companies of the Pulsar Group (as defined below). We process this data based on our legitimate interests for effective internal administration. The provision of personal data in this case is not a statutory or contractual obligation but the failure to do so would prevent us from effectively performing our services and managing our resources.
(j) Enquiries on the www.torsus.eu
You are able to contact us through a contact form or leave a dealer/distributor enquiry on our website www.torsus.eu. In order to respond to your enquiry sent to us through our website, we process the identification data, contact details and data included in the communication. We process this data based on our legitimate interests. The provision of personal data in this case is not a statutory or contractual obligation and but the failure to do so would prevent us from contacting you or meeting your request.
(k) Employee recruitment
You are able to apply for open job positions promoted on our website www.torsus.eu. In order to evaluate your suitability for the position and contact you about the recruitment process, we process the identification data, contact details and data concerning job applications. We process this data based on pre-contractual relationships and our legitimate interests for employee suitability. The provision of personal data in this case may be a precontractual requirement and failure to do so would prevent us from evaluating you as a potential candidate.
We also ensure that personal data will be used solely for the intended purpose or for a legitimate and compatible purpose, and these rules will apply to each of these purposes.
We also assure you that when processing personal data we do not use automated decision-making or profiling.
4. How we share personal data
The personal data we process are only provided to other persons within the limits of the law and based on appropriate agreements ensuring adequate protection.
4.1 Appointed processors or sub-processors
We work with various business partners who help us provide and improve our services and products, and to make our direct communication with our customers and potential customers more effective. Any personal data we share with such partners is processed only in accordance with our express instructions and subject to a strict confidentiality obligation.
Our partners mainly help us with providing our services, providing data storage services, recovery of receivables, legal services, marketing communication, software engineering and programming, design, sales and support, customer experience consulting and analysis, audit services, brokerage, logistics, certification, business consultancy, etc.
4.2 Transfer of personal data to third countries
In order to effectively perform our services and manage our resources, we may, process all of the abovementioned types of personal data and share them within the companies of the Pulsar group, which includes Pulsar CZ, Pulsar SK and Pulsar Expo Ukraine LLC, with its registered seat at 13, Mykoly Pymonenka Str., block 1A, 04050 Kyiv, Ukraine, ID No.: 39992231 (“Pulsar UA”).
Some of our companies therefore may access the processed personal data in third countries outside the EU, in particular in the Ukraine and Turkey. When this is the case we always make sure appropriate safeguards envisaged by the GDPR are in place. For such safeguards we conclude standard data protection clauses adopted by the Commission with all controllers or processors, who may process the data outside the EU. These clauses may be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Futhermore, our data may be backed up by companies located in the USA. Such companies are subject to the US Privacy Shield. More information on Privacy Shield may be found at: https://www.privacyshield.gov/welcome
4.3 Other recipients
In general, we don´t share your personal data with anyone beside the entities mentioned above. We may share personal data with other legal entities, natural persons and state and public authorities, only in the case we in good faith believe that access to such information, its use, storage or disclosure is reasonably necessary for:
- Compliance with relevant legal regulations, legal process or official request of a state or public authority;
- Exercise and enforcement of relevant contractual terms;
- Fraud prevention, investigation of fraudulent, technical or security incidents;
- Protection of rights or interest of our company, our customers or the public, as required or permitted by law.
While sharing the personal data, we always ensure not to provide more details as are necessary for the given purpose.
5. How to access and control your personal data
Pursuant to applicable legal regulations, you may have rights relating to personal data protection, which are mentioned below. To exercise them, you may use our contact details specified above. When acting as data controller we will try to respond to your request at our earliest convenience, however we will always make sure to respond within one month of receiving the request. Taking into account the complexity and number of the requests we receive, we may occasionally prolong the time period to respond to your by additional two months. In case of doubt, we may ask you for further verification of your identity.
Rights of the data subjects:
(a) Right to access
As a data subject, you have the right to require confirmation as to whether we process your personal data, and where that is the case, require a copy of these personal data, together with additional information stipulated in the Art. 15 of the GDPR.
(b) Right to rectification
To process accurate personal data we ask you to notify us of any changes to your personal data. In case, we process inaccurate or not actual data, we will amend it upon your request.
(c) Right to erasure
Should your situation meet the conditions of Art. 17 of the GDPR, you have the right to require erasure of your personal data. For example, you may request erasure of your personal data, if you withdrew your consent for data processing and there is no other legal ground for the processing, or in case we process your personal data unlawfully, or once the personal data are no longer necessary in relation to the purposes for which they were collected for or otherwise processed. We will however not erase your personal data if we need it for establishment, exercise or defense of our legal claims.
(d) Right to restrict processing
Should your situation meet the conditions of Art. 18 of the GDPR, you have the right to require restriction of processing of your personal data. For example, you may request restriction of processing, when you contest the accuracy of the personal data, or if the processing is unlawful and you oppose the erasure of the personal data and request restriction of their use instead. We will however not restrict the processing of your personal data entirely if we need it for establishment, exercise or defense of our legal claims.
(e) Right to data portability
Should the processing be based on consent or fulfillment of contract concluded with you, and the processing is carried out by automated means, you have the right to receive from us your personal data in a structured, commonly used and machine-readable format. Furthermore, if you wish and it is technically feasible, you have the right to request us to directly transmit such data to another controller.
(f) Right to object to the processing
You have the right to object, if we process your personal data for performance of a public service task or in the exercise of public authority entrusted to us, or if the processing is performed on the basis of our legitimate interests or legitimate interests of a third party. Based on your request, we shall restrict processing the personal data unless and until we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Should your interests, right and freedoms prevail, we will erase your personal data.
If you object to processing of your personal data for marketing purposes, we will always erase your personal data and cease to process it for this purpose upon your objection.
(g) Right to lodge a complaint
If you believe our processing of your personal data infringes the GDPR or the Act, as a data subject, you have a right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement.
For the territory of the Czech Republic, the role of the supervisory authority fulfills the Office for Personal Data Protection of the Czech Republic, with registered seat at Pplk. Sochora 27, 170 00 Prague, Czech Republic, webpage: www.uoou.cz, phone: +420 234 665 800.
For the territory of the Slovak Republic, the role of the supervisory authority fulfills the Office for Personal Data Protection of the Slovak Republic, with registered seat at Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, webpage: www.dataprotection.gov.sk, phone: +421 2 32 31 32 14.
(h) Right to withdraw consent
Should the processing of your personal data be based on consent, you have the right to withdraw it at any time. Withdrawing consent however will not affect the processing performed prior your withdrawal.
6. Source of the personal data
The personal data we process is collected primary from you or our customers / potential customers or the company you may represent.
7. How long and where we store personal data
Depending on the legal basis and purpose of processing we store your personal data for various periods of time. In general, we process and store personal data as follows:
|Purpose||Pulsar CZ||Pulsar SK|
|1.||Client services||10 years as of the termination of contract||10 years as of the termination of contract|
|2.||Contracts with suppliers||10 years as of the termination of contract||10 years as of the termination of contract|
|3.||Direct marketing||end of precontractual negotiations / 5 years as of the termination of contractual relationship or until an objection was logged by the data subject / recall of consent||end of precontractual negotiations / 5 years as of the termination of contractual relationship or until an objection was logged by the data subject / recall of consent|
|4.||Know-your-customer procedures||10 years as of the termination of contract||5 years as of the termination of contract|
|5.||Visitation logs||2 months||2 months|
|6.||CCTV recordings||15 days||15 days|
|7.||Employee recruitment||end of precontractual negotiations||end of precontractual negotiations|
|8.||Received and sent mail||10 years||10 years|
|9.||Enquiries on the www.torsus.eu||1 year||1 year|
|10.||Internal administration||according to the periods for the specific purposes stipulated in this table||according to the periods for the respective specific purposes stipulated in this table|
|11.||Court and administrative proceedings||during court / administrative proceedings and 10 years after final decision||during court / administrative proceedings and 10 years after final decision|
After such time, we will be able to process and store your personal data only for compatible purposes or special purposes provided by law, such as archiving or statistics.
The personal data is always stored only on our hard drives, servers or on the servers of our reliable business partners such as cloud services providers.
8. Changes to the Policy