Personal data protection

Ministry of Industry and Trade, with registered office at Na Františku 1039/32, 110 15 Prague, Old Town, ID No: 47609109 (hereinafter referred to as the "Controller"), as the personal data controller, hereby takes the liberty to inform the data subjects with whom it comes into contact about the manner and scope of processing of the personal data of the data subjects by the Controller, including the scope of data rights related to the processing of their personal data by the Controller.

The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as "GDPR"), as well as in accordance with the relevant national data protection legislation. As a data controller, the Data Controller, based on the obligation given by specific laws, respects the right to protection of the private and personal life of the data subject when processing personal data.

The competence of the Data Controller and the resulting areas of the purposes of processing personal data.

On the basis of specific legal regulations, the Controller processes personal data necessary to identify the data subject and to fulfil the legal obligations set out in the legal regulations within the scope of the Controller's competence.

Legal titles for the processing of personal data

The Controller primarily uses the legal titles to process personal data for the performance of a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority, and for the performance necessary for the performance of a contract. It also makes marginal use of other legal titles such as consent to the processing of personal data provided by the data subject, for the protection of the vital interests of the data subject and for the legitimate interests of the controller.

Categories of personal data:

  • Identification data - e.g. name, surname, title, date of birth, registration number, tax identification number, birth number
  • contact data - e.g. permanent address, delivery address, email address, telephone number, data box
  • payment details - e.g. bank account number
  • other data necessary for the performance of the contract
  • data provided in excess of the relevant laws and processed within the scope of the Data Subject's consent

The processing of personal data is carried out by the Controller. The processing takes place by means of computer technology or manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data.

The Administrator obtains personal data mainly from Data Subjects, from basic registers, from agency information systems, from public administration information systems. Furthermore, from freely accessible public registers.

The processing period of personal data is derived from the time limits specified in the relevant contracts, in the Records and Shredding Code or in the relevant legislation. It is the time necessary to ensure the rights and obligations arising from the contractual relationship and from the relevant legislation.

On the basis of the above, the personal data of the Data Subject may only be transferred or disclosed to persons, authorities or institutions to whom such a right arises from the aforementioned regulation, law or public interest. There is no automated decision-making in the processing of personal data.

The Data Controller shall process the data with the consent of the Data Subject, except in cases provided for by law where the processing of personal data does not require the consent of the Data Subject.

Exercise of the Data Subject's rights

The rights of the Data Subject are set out in particular in Chapter III of the GDPR Regulation - " Rights of the Data Subject" and Section 81 et seq. of Act No. 89/2012 Coll., Civil Code. These rights are:

  • Right of access to personal data
  • The right to rectification, completion or erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • The right not to be subject to automated individual decision-making with legal or similar effects, including profiling

The above rights can be exercised by the Data Subject through the form REQUEST FROM THE PERSONAL DATA SUBJECT [docx, 60 kB].

The completed form can be delivered in the following ways:

  • in person (with proof of identity) or in writing (with a certified signature) to the Personal Data Protection Officer, Ministry of Industry and Trade, Na Františku 32, 110 15 Prague 1
  • electronically signed with a valid qualified signature to poverenec@mpo.cz
  • via data box (FO data box) - to ID: bxtaaw4

Supervisory authority

The data subject has the right to address his/her complaint to the supervisory authority, which is:

The Office for Personal Data Protection

Residence: Pplk. Sochora 727/27, 170 00 Prague 7 - Holešovice

Tel. no.: +420 234 665 111

Data Protection Officer (DPO)

In the event of a personal data breach, it is possible to contact the Data Protection Officer of the Data Controller directly.

A request to exercise the rights of the Data Subject may be submitted in the manner set out above or you may contact the DPO directly:

Data Protection Officer (DPO):

Name. Mgr. Jarmila Marta Šmardová

E-mail: poverenec@mpo.cz

Tel.: 224 851 111

This Personal Data Processing Declaration is publicly available on the Controller's website and will be updated as necessary.