Code of Conduct for Handling Personal Data
The company OPTIMA Precise s.r.o. (further “OPTIMA”) is aware of the long-term European trend of increasing the protection of personal data of individual people and therefore strongly promotes and abides its security measures accepted for the protection of personal data and works hard for its continuous improvement. To improve security measures, OPTIMA has also adopted the following Code of Conduct for the Handling of Personal Data:
BASIC PRINCIPLES OF PERSONAL DATA PROTECTION
- We commit everyone – The Code applies to all employees, whether in technical, administrative, or labour working professions and management, as well as members of the board and all other people who cooperate with or perform a similar activity (further all collectively as “employees”).
- We protect all sensitive information – This Code applies to all personal data of natural persons that employees handle in the course of their activities, whether they are clients, customers, suppliers, employees, business partners, related parties, etc.
- We obey the laws – This code complements, develops, deepens, and where appropriate, specifies some legal requirements set by both the state and the European institutions. OPTIMA continues to require all employees to comply with all legal rules, ethical standards, and moral values presented within the company’s identity.
- We are transparent – We provide all-natural persons whose personal data we process with easy access to all information about this processing, especially who, why and to what extend processes the data.
- We obey the law – All data that we receive from natural persons are obtained with accordance with the law, based on legal titles, which are:
- Consent – we always make sure that it is given freely and that it is unambiguous,
- Fulfilment and conclusion of the contract,
- compliance with legal requirements,
- legitimate interest – in such cases we always pay close attention to the protection of fundamental rights and freedoms of natural persons,
- Protection of vital interests,
- Fulfilment of legal obligations in the field of labour law, social security and social protection law, occupational medicine, occupational health and safety,
- Determination, enforcement or defence of legal claims.
SPECIFICATION OF PERSONAL DATA PROTECTION
Concerning its activities, the company OPTIMA sets the basic rules of conduct in the handling of personal data for specific areas.
- Data only for purpose – All personal data OPTIMA and our workers collect are processed based on a legitimate and intended purpose. If the purpose of the processing of personal data ceases to exist, we will take all necessary steps to destroy them.
- The scope is important – When processing data, we always make sure that we collect only the necessary data. All information provided to us beyond the primary purpose is given after the explicit consent and may be revoked at any time.
- Security is our priority – The protection of personal data is very important to us. We always make sure that personal data is not provided to unauthorized personal to prevent their damage, loss or destruction.
- We pay attention to the rights of data subjects – we ensure that all legal rights of data subjects are exercised within all our possibilities and capabilities, without delay and to the satisfaction of all, but always at least by the requirements of applicable law.
- Communication with business partners – In our line of business activities, we make sure that each employee always obtains all personal data legally and legitimately, to comply with all the above-mentioned principles and legislation relating to the issue when handling personal data of business partners – customers, suppliers as well as potential clients. Our employees comply with legal obligations and contractual confidentiality in all specific activities related to finding and maintaining business partners, such as:
- sending business messages,
- promotion of the company and it’s public events,
- disclosure of third-party information.
THINGS WE DON’T SUPPORT
- Transfer of personal data abroad – concerning our company’s strategy to expand abroad, it is often necessary for personal data to be transferred outside the territory of the Czech Republic following all regulations. In such a case, we always take the utmost care to ensure that the personal data of our employees is always provided only based on applicable legislation and that all guarantees of personal data protection by the recipients are sufficiently ensured. We always make sure that the personal data of all entities is protected and secured.
Concerning our company’s policy, we do not tolerate any violation of legal regulations or actions of employees that would be unethical, immoral, illegal, or otherwise violating, and we always take a proactive approach to prevent these situations. In connection with our approach to personal data protection, we do not tolerate any breach of personal data protection or any denial of the rights of data subjects. In particular, we completely distance ourselves from the following violations:
- Automatically collected data – we always ensure that all operations that we carry out in the course of our business are completely transparent and that data subjects are always informed of the facts related to their personal data. Therefore, we strongly oppose the collection of personal data in any unauthorized or automated form, when the data subject is not informed which data is collected about him, or when this data is obtained illegally – such as hacking attacks, stalking, activity monitoring, etc.
- Spyware or other cyberattacks – our company does not tolerate the use of any prohibited or malicious programs, which have the task of:
- Taking control of the equipment which could result in the acquisition of sensitive personal data illegally,
- Deactivating or interfering with the device responsible for the protection of personal data, which could result in their loss or even theft.
- Uninstall or control the rights and access to programs, which could damage your computer or obtain unauthorized access to the software governing personal data.
- Unauthorized data collection – We take great care not to collect or store personal data for which there is no legal basis or for which there is no clear and specified purpose. Also, we do not process the data for longer than is necessary and we always protect the data and do not provide it to anyone other than the person about whom the data subject was informed.