About company

About company

PRINCIPLES OF PERSONAL DATA PROCESSING

All of us in our company LESS & TIMBER, a.s., with registered office at: Chrudimská 1882, Čáslav-Nové Město, 286 01 Čáslav, ID: 29232007, greatly appreciate your trust by entrusting us with important information about yourself - such as your name, contact information, residence, etc. For that reason we care a lot about how your privacy is handled and how your personal data are protected. To this end, we have adopted the following principles which we undertake to follow when contacting you.

All processing of personal data, as well as these principles, comply with the applicable data protection legislation, in particular Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data (“GDPR”).

Our company processes your personal data correctly and transparently and only for certain, explicit and legitimate purposes. We process your data to the extent necessary in relation to the purpose for which they are processed, we try to process them accurately and as updated as possible, however, always for a period not longer than necessary. We protect your data against unauthorized or illegal processing or misuse and against accidental loss, destruction or damage.

Our goal is that you always know what data we collect about you, what we do with them and how they are secured, how long we store them and to whom we may transmit them. We also want you to be informed who you can contact if you have any doubts about this processing.  We will be happy to advise you on where you can express your disagreement with our procedures and complain about them. If a term is not clear to you, you can look in our Glossary (see below), which we have prepared for you.

RIGHTS OF DATA SUBJECTS

The applicable legislation grants each data subject certain rights in relation to the processing of personal data which they may exercise at any time. These include the right of access to personal data, to rectify and complete personal data, to erasure personal data, to restrict the processing of personal data, to data portability, the right to object to processing and the right to contact the supervisory authority (Office for Personal Data Protection).

  • Right of access to personal data: You have the right to obtain information on whether our company processes your personal data, and if so, you also have the right to access your personal data. However, in case that unfounded, inadequate or repeated requests for such data are made, our company may charge a reasonable fee for the provision of such information and personal data, or may reject the request. This applies similarly to the exercise of another rights of the data subject.
  • Right to to have inaccurate personal data rectified, or completed if it is incomplete: If you believe that we process inaccurate personal data about you, you have the right to request their rectification and completion. We will then, with regard to the technical possibilities, make this change of data without undue delay.
  • Right to erasure: If you request to erase some of your personal data, we will be happy to satisfy you, provided that they are no longer needed for the purposes for which they were processed, or if you object to the processing of your data and there are no predominant legitimate reasons for such processing. It goes without saying that we ensure the erasure if our company is required to do so by law or if the processing proves to be illegal.
  • Right to restrict the processing of personal data: If you request to restrict the processing of personal data, for example in the form of inaccessibility, temporary deletion or retention of data, our company will perform actions that will be necessary for the proper exercise of your right.
  • Right to data portability: If you would like to transmit your personal data to a third party, you can exercise your right to data portability and our company can transmit them at your request. However, please note that we will not be able to grant your request if the exercise of this right would adversely affect the rights and freedoms of other persons.
  • Right to object to processing: The right to object can be exercised against such processing of personal data whose the legal reason is necessary for the performance of a task performed in the public interest or in the exercise of public power or where the processing is necessary for the purposes of protecting the legitimate interests of our company. If our company fails to prove that there is a serious legitimate reason for this processing, we will terminate this processing without undue delay on the basis of the objection.

CONTACT

When exercising your rights, please contact us at the e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it. or in writing at the administrator’s address (correspondence address): LESS & TIMBER, a.s., Chrudimská 1882, 286 01 Čáslav. We reserve the right to verify the identity of the applicant for the rights in question in a reasonable manner.

CONTACT DETAILS OF THE SUPERVISORY AUTHORITY

Address:

Úřad pro ochranu osobních údajů (Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7

Tel.: +420 234 665 111 (central office)
e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
data box: qkbaa2n

BUSINESS PARTNER

Purposes of personal data processing

In the contractual relationship with our business partners, we process the personal data of our business partners in an appropriate manner and in accordance with the principles described above (in those cases where our business partner is a legal entity, the personal data of natural persons representing that person may be processed). Our company processes the following data mainly for the purposes of:

  • contractual relationships (provision of services);
  • fulfilment of legal obligations;
  • protection of own claims, recovery of debts and defence in case of a dispute;
  • marketing communication with customers;
  • sending offers of other products and services;
  • handling of complaints;
  • customer support;
  • communication with a legal entity through authorized persons, etc.

Personal data being processed

We process personal data not only manually, but also automatically, in accordance with the purpose for which our company obtained them from the personal data subject; the following categories of personal data are processed:

  • personal identification data (especially name and surname);
  • contact details (e.g. e-mail address, telephone contact, addresses);
  • bank details.

Recipients of personal data

Your personal data that you provide to our company are still accessible only to authorized employees or individual processors of personal data who guarantee the implementation of appropriate technical and organizational measures so that the processing of personal data meets the requirements of the relevant legislation on personal data protection under the Czech law and the EU law (especially according to GDPR). The processors of personal data process personal data only within the instructions of the provider and they are primarily IT system administrators, software providers and other processors with whom a processing contract has been concluded which regulates the rights and obligations in the processing of personal data. Personal data are not passed on to processors outside the EU.

If you are interested in finding out who can be the recipient of your personal data in our company, we will provide you with this list at your request. It goes without saying that that the data are processed in accordance with the principles set out above, so we make your data available to certain entities only to the extent necessary to fulfil the individual purposes of processing.

As also governed by the applicable law in certain cases, we may also provide your personal data to public authorities, provided that the legal conditions in question are met.

Personal data of third parties

All personal data of third parties (customers or employees of business partners and other natural persons involved in the cooperation with our company) will also be processed in accordance with the applicable law and this processing policy, always for the purpose for which these personal data were provided to us. This may be other information that we receive from business partners in connection with the conclusion or performance of the contract.

Please note that we will process personal data of third parties for the duration of the contractual relationship with business partners and also, if necessary, for the period specified by special legal regulations. In justified cases, it may be necessary to keep certain data for a longer period of time, but only exceptionally in connection with a specific case (typically to protect the rights of our company). Please note that each business partner is responsible for the proper instruction of their employees and customers in the processing of personal data by our company. This also applies to the data of other natural persons who cooperate with our company on the part of the business partner.

Retention period

For the proper fulfilment of the obligations that our company has towards you, we process and store your personal data for the duration of the legal relationships and for the time necessary for the purpose of processing or according to the applicable law in the field of personal data protection, according to which we, as the administrators, are obliged to store them.

Consent to processing

If you have placed your trust in us and given us your explicit consent to the processing of personal data (e.g. for our marketing and business purposes, storage of data on typical behaviour, preparation of analyses and a set of activities aimed at informing about products and services of the administrator, about organized events, fairs and exhibitions related to the field/activity of the administrator, the creation of targeted offers, as well as addressing on behalf of the administrator with a business offer of products and services, in writing, by phone or electronically through contacts provided by the data subject to the administrator etc.), you should be informed of other facts important for you. The consent to the processing of personal data is not conditional on the provision of any services or products, so you grant it voluntarily and, of course, free of charge. You can then revoke this consent at any time by a statement of intent sent to the administrator’s address or in another pre-agreed manner, and there is no risk of sanctions or other disadvantages with this revocation of consent, in the manner specified for exercising your rights (rights of the data subject).

If you revoke your consent it does not affect the lawfulness of processing based on the consent that was given before its revoke. The revoke of the consent also does not affect the obligation of the administrator to process personal data on a legal basis other than the consent (i.e. especially if the processing is necessary for the fulfilment of the contract, legal obligations or for other reasons specified in the relevant regulations).

Therefore, unless such consent is previously revoked, it is usually granted for a period of ten (10) years, unless otherwise specified in the application for consent. By granting consent to the processing of its personal data, the subject also agrees to the processing of these data by a third party other than the administrator (i.e. the processor of personal data), whom the administrator entrusts with the processing of personal data.

EMPLOYEE

It is very important for our company that you know how your personal data are handled by us and how we secure them. Our goal is that you always know what data we collect about you, what we do with them and how they are secured, how long we store them and to whom we may pass them on. We also want you to be informed who you can contact if you have any doubts about this processing or if you would like to influence the processing of your data in any way.  We will be happy to advise you on where you can express your disagreement with our procedures and complain about them. If a term is not clear to you, you can look in our Glossary (see below), which we have prepared for you.

To fulfil the employment relationships, we process personal data of our employees in accordance with all applicable regulations and principles in the field of personal data protection, and we ensure that they are informed of all their rights and that their data are properly protected.

More precise specifications of the scope of processed personal data of employees, the purposes of their processing, the period for which they are processed, including the relevant instructions, are an integral part of the internal regulation of the Principles of Processing and Protection of Personal Data, with which all our employees are acquainted with. 

JOB SEEKER

It is very important for our company that you know how your personal data are handled by us and how we secure them. Our goal is that you always know what data we collect about you, what we do with them and how they are secured, how long we store them and to whom we may pass them on. We also want you to be informed who you can contact if you have any doubts about this processing or if you would like to influence the processing of your data in any way.  We will be happy to advise you on where you can express your disagreement with our procedures and complain about them. If a term is not clear to you, you can look in our Glossary (see below), which we have prepared for you.

Purposes of personal data processing

If you are interested in a job position in our company, we process some of your personal data primarily for the purposes of the following:

  • recruitment process;
  • concluding an employment contract;
  • fulfilment of other legal obligations  (e.g. provision of information to law enforcement authorities active in criminal proceedings or other public authorities).

Personal data being processed

Our company processes personal data of job seekers to the extent of the employer’s form necessary for the selection of a suitable candidate for the open job position. We process personal data not only manually, but also automatically. And in accordance with the purpose for which our company obtained them from the personal data subject, the following categories of personal data are processed:

  • name and surname;
  • place of birth;
  • address and contact details;
  • date of birth (age);
  • nationality;
  • health problems and risks with regard to work performance;
  • data on education and other data stated in the applicant's CV.

Recipients of personal data

Your personal data, which you provide to our company, are made available only to our particular authorized employees, namely the personnel department, manager, or management in order to select a suitable candidate. Therefore, there is no transmission of personal data of job seekers to any other processors. It goes without saying that the data are processed in accordance with the principles set out above, so we make your data available only to the extent necessary to fulfil the individual purposes of processing.

As also governed by the applicable law in certain cases, we may also provide your personal data to public authorities, provided that the legal conditions in question are met.

Retention period

We process and store your personal data for the time necessary to ensure the purpose of the processing and for the period for which the job seekers have granted their consent to the processing of personal data. As we are not entitled to process personal data of unsuccessful candidates after the end of the selection procedure, we no longer process these personal data unless the candidate agrees to further processing. After the end of the selection procedure, all data are stored and secured in the personnel department without the access of unauthorized persons for the period specified in the consent; in case the unsuccessful candidate has not granted a consent they will be destroyed/erased or returned to the unsuccessful candidate. The data of the successful candidate are inserted in the personal file of the employee. 

Websites and cookies

In order to monitor traffic, the operation of our website https://www.lesstimber.cz/ may be monitored due to our legitimate interest. For this purpose, your cookies or IP address and other data related to browsing our website may be processed. 

If you wish to limit the processing of your cookies, all you have to do is use one of the internet browsers with the support of the anonymous browsing function to view our website, as this function prevents the storage of data about visited websites, or you can set your browser to store cookies so that you completely disable their storage. However, this may limit some features of our website. 

GLOSSARY

For the purposes of this document, in accordance with GDPR, the following definitions shall apply:

  • anonymous data mean data which do not relate to an identified or identifiable natural person, even if he or she has ceased to be identifiable by a subsequent anonymisation process; such data are therefore not personal data for the purposes of this document;
  • biometric data mean personal data resulting from a specific technical processing concerning physical or physiological features or behavioural features of a natural person which allow or confirm a unique identification, such as facial images or dactyloscopic data;
  • supervisory authority (including the supervisory body) is an independent public authority established for the purpose of control in the field of personal data protection; in the Czech Republic it is the Office for Personal Data Protection;
  • records (including databases) mean any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or divided by function or by geographical point of view;
  • restricting the processing means designations of stored personal data in order to limit their processing in the future;
  • personal data mean all information about an identified or identifiable natural person (see data subject); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • breach of security of personal data means breach of security which leads to accidental or unlawful destruction, loss, change or unauthorized provision or disclosure of transmitted, stored or otherwise processed personal data;
  • profiling means any form of automated processing of personal data consisting in their use to assess certain personal aspects relating to a natural person, in particular to analyse or estimate aspects such as their performance, economic situation, health condition, personal preferences, interests, reliability, behaviour, location, or movement;
  • recipient means a natural person or legal entity, public authority, agency or other body to whom personal data are disclosed, whether a third party or not (the recipients are not considered to be public authorities which may obtain personal data in the context of a specific investigation in accordance with the applicable law);
  • pseudonymization means processing of personal data so that they can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separate and subject to technical and organizational measures to ensure that it is not assigned to an identified or identifiable natural person;
  • consent of the data subject means any free, specific, informed and unambiguous expression of intent by which the data subject gives their consent to the processing of their personal data by a statement or other obvious confirmation;
  • administrator  means a natural person or legal entity, public authority, agency or other body which, alone or jointly with others, determine the purposes and means of the processing of personal data; our company LESS & TIMBER, a.s . is considered to be the administrator for the purposes of this document;
  • data subject means a natural person identified or identifiable by the data subject (not a legal entity - company or organization);
  • third party means a natural person or legal entity, public authority, agency or other body which is not a data subject, an administrator, a processor or a person directly subordinate to the administrator or a processor authorized to process personal data;
  • processor means a natural person or legal entity, public authority, agency or other body which processes personal data for the administrator;
  • processing of personal data means any operation or set of operations involving personal data or sets of personal data which are performed with or without automated procedures such as collecting, recording, arranging, structuring, storing, adapting or modifying, retrieving, viewing, using, making available, sharing or any other access, arrangement or combination, restriction, erasure or destruction;
  • special categories of personal data mean personal data which indicate racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the unique identification of a natural person and data on health condition or sexual life or sexual orientation of a natural person.