Introduction

By means of this Privacy Policy, Metrostav DIZ s.r.o. (hereinafter the “Company”) informs data subjects, i.e. natural persons whose personal data it processes, about the principles of protecting their privacy and about the processing activities carried out (in accordance with the European Union’s Data Protection Regulation known as the “GDPR”).

 

Fundamental Information about Personal Data Processing:

The Privacy Policy applies to all clients, suppliers and customers of the Company, and to anyone else who contacts the Company or otherwise provides or discloses any personal data to the Company (unless otherwise stated below). This means all people who use the Company’s services, or provide services, subcontract or have any other relationship with the Company.

The processing of personal data is carried out both manually and automatically in the Company’s information systems. Where personal data of data subjects are processed using information systems, no automated decision-making takes place.

 

Data Controller

The personal data controller is Metrostav DIZ s.r.o., registered office: Koželužská 2450/4, Prague 8, post code: 180 00, business ID number: 25021915, entered in the Commercial Register maintained by the Municipal Court in Prague, section C, entry 93177.

 

What Data Does the Company Collect

The Company collects the following categories of data:

1. Data provided by data subjects themselves;

information provided on the following occasions:

• at the conclusion of a contractual relationship between a data subject and the Company, or for the purposes of establishing such contractual relationship;
• data provided for the execution of a contract;
• if a data subject contacts the Company and requests or offers to supply services or goods;
• when communicating with the Company, either by e-mail or by filling in any contact form on the metrostavdiz.cz website;
• if a data subject contacts the Company for another reason.

2. Information from Other Sources

Such sources include:

• publicly available sources, including public registers and the Internet;
• information received by the Company from third parties, such as a data subject’s employer, associates or business partners that is necessary for the performance of a contract or the fulfilment of legal duties.

 

How the Company Uses Personal Data

The Company uses the data collected for the following purposes:

1. Protection of assets, security and other rights of the Company and third parties
   

The Company has a legitimate interest in protecting its assets and rights, as well as those of third parties. For this purpose, construction sites, office buildings and premises of the Company may be secured by a CCTV system and a system recording visitors.
The Company uses the personal data exclusively for the stated purpose and keeps CCTV recordings in accordance with the opinion of the Office for Personal Data Protection, usually for three days. Records of visits containing only the necessary personal data (most often first name and surname, document number, if applicable a person’s employer’s details and vehicle registration number) are kept by the Company for a maximum of 90 days.

2. Reaching Out for Cooperation

The Company may use contact information to request services and products from its suppliers and potential suppliers. In doing so, it acts in the bilateral legitimate interest of business cooperation. In the event that a data subject is no longer interested in being contacted by the Company for business, he/she may use any of the Company’s contact details and communicate this fact to the Company.

3. Construction Activity

The data is used by the Company for the actual execution and records of orders, for communication with clients, customers and suppliers and for the fulfilment of all related contractual and legal duties.

4. Bookkeeping

The data is used by the Company to issue accounting documents and maintain accounts in accordance with statutory requirements.

5. Marketing in the Sense of Offering Our Company’s Services

The Company may use the personal data of its suppliers for the purpose of submitting bids for tenders and public contracts in which it participates.
Personal data for this purpose are processed based on the bilateral legitimate interest in the execution of business plans and the conclusion of the relevant contracts, or based on explicit consent to the processing of personal data in the CED internal information system.

6. Marketing in the Sense of Offering Our Company’s Services

Data subjects’ personal data may be used by the Company for the following purposes:

• their publication in promotional printed materials or on the Company’s website, including its social media profile, based on consent granted;
• sending information and news, e.g. by sending printed materials, either based on consent or based on a bilateral legitimate interest in the event of a contractual or similar relationship between the Company and a data subject. In the event that a data subject is no longer interested in being contacted in such manner, he/she may use any of the Company’s contact details and communicate this fact to the Company.

If the Company organises a promotional, educational or other social event, it may make a photographic or audiovisual record of the event and publish such recordings on its website, on social media or in other marketing materials to inform about the event and its proceedings. The recordings are not made with the intention of processing any personal data and therefore no processing of personal data takes place.

7. Recruitment of New Employees

If the Company obtains someone’s personal data for recruitment purposes, it only uses them to fill a new position. If the data include professional psychodiagnostics, it processes personal data resulting from them only with the data subject’s explicit consent. The Company processes personal data for this purpose for the entire duration of the selection procedure, unless a data subject gives consent for the Company to store his/her personal data for a longer period of time and use it in the event of a new suitable job opening in the future.

The Company may process the personal data of students at secondary vocational schools, secondary vocational colleges and universities for the purpose of educational support and professional development, support and use of skills, if this results from a contract between the Company and the student, if the student has given his/her consent to this or if there is a bilateral legitimate interest in work experience in the Company and future cooperation. In case a student is not interested in work experience at the Company, he/she can use any of the Company’s contact details and communicate this fact to the Company.

8. Legal Proceedings and Defence of Legal Claims
   

The data collected may be used by the Company to enforce claims, resolve disputes or protect its rights and legitimate interests under applicable legal regulations.

9. Prevention and Ethics Hotline

If a data subject contacts the Ethics Hotline with a specific complaint, he/she consents to the processing of his/her personal data for the purpose of investigating the complaint for a period of time appropriate for investigating the complaint and taking corrective action.

In the event that a data subject’s personal data is disclosed to the Company by a third party on the Ethics Hotline, the Company will process the data only to the extent and for the period of time necessary to investigate the complaint and take corrective action, all as a part of the legitimate interest of the Company and third parties in complying with all legal duties.

Sharing and Transferring Data

The Company may share the data collected:

1. with other companies in the Metrostav Group

The Company may provide information or access to it to legal entities – companies forming the Metrostav Group. A list of all Metrostav Group members is available on the website https://www.skupinametrostav.cz. All companies in the Metrostav Group are bound by a duty of confidentiality and comply with applicable data protection legislation.

2. with business partners

The Company may disclose or provide access to information to its associates, clients, suppliers, consultants, software providers, insurance companies, audit firms and other service providers or business partners when they provide services to the Company that involve personal data processing. In no case does it provide personal data, whether or not in return for payment, to third parties without a statutory reason.

All the Company’s contractual partners are bound by a duty of confidentiality and comply with the applicable legal regulations on personal data protection.

3. for legal reasons or in case of disputes

The Company may share personal data when required to do so by legal regulations:

• with the Police of the Czech Republic and courts, government authorities or other third parties, if necessary to comply with the Company’s legal duties, to enforce its legal claims or to protect the rights or assets of the Company or third parties;
• with other parties in connection with any merger, sale of assets, consolidation or restructuring, financing or transfer of the Company or any part thereof to the ownership of another company.

4. with a data subject’s consent

The Company may also share personal data in other ways and with other entities if a data subject explicitly agrees to this.

The Company may transfer personal data outside EU countries when necessary, in particular when it carries out business or construction activities abroad. In such case, the Company will always comply with the applicable legal regulations regarding the transfer of personal data abroad.

 

What Rights Does a Data Subject Have in Relation to Personal Data Processing?

A data subject may exercise the rights set out below in relation to the processing of his/her personal data by the Company. He/she may use the Company’s contact details listed at the end of the information to make a request.

1. Retention and Deletion of Data

All personal data is always kept by the Company for the time necessary to comply with the purpose for which the personal data are processed, in particular for the time:

• stipulated by an act or other generally binding legal regulation;
• set out in the consent granted;
• of a contractual relationship with the Company and normally for ten (10) years after its termination, unless other statutory archiving periods are stipulated.

The Company will erase personal data as soon as a data subject requests it, unless there is a legitimate reason for further processing, for example:

• the statutory archiving periods have not expired;
• the Company is dealing with a data subject in relation to an issue, such as a pending dispute or legal claim;
• the data is held by the Company in aggregated or anonymous form;
• the Company needs such data for legitimate business purposes.

2. Access to Personal Data

The Company may also share personal data in other ways and with other entities if a data subject explicitly agrees to this.

 

3. Change to Personal Data or Error in Data
   

If, for example, during the course of a contractual relationship between a data subject and the Company, there is any change to the personal data, such as a change of name, residence, e-mail address or telephone number, or if a data subject finds that the Company is working with outdated or incorrect data, he/she has the right to notify the Company and request the rectification or modification of the personal data.

4. Restriction on Processing

If a data subject is of the opinion that:

• the Company is processing inaccurate data about him/her (and the Company verifies whether this is the case);
• the processing of personal data is unlawful on the Company’s part and the data subject does not wish to have all the data erased;
• his/her personal data is no longer needed by the Company for the above purposes, but a data subject would like to use it to defend his/her legal claims, for example in legal proceedings;
• the Company’s legitimate interest in particular processing of personal data is not present (and the Company is investigating whether this is the case), a data subject may ask the Company to restrict the processing of only some of his/her personal data or only for certain processing purposes.

5. Data Portability

A data subject may at any time ask the Company to transfer his/her personal data held by the Company to a third party as specified by the data subject.

6. Objection to Processing

If the Company processes personal data based on a legitimate interest of the controller, a data subject may object to such processing in accordance with the instructions set out in the text of this Policy.

7. Rescinding Consent to Personal Data Processing

If the processing of personal data is based on a data subject’s consent, such consent may be rescinded in writing (including by e-mail) at any time.

8. Right to Make a Request

If a data subject is of the opinion that the Company is handling his/her data in breach of the law, he/she may at any time contact the executive officer for the administration of the Company or, where appropriate, the Office for Personal Data Protection.

 

Controller’s contact details:

Metrostav DIZ s.r.o.
Koželužská 2450/4, 180 00 Prague 8
e-mail: osobniudaje@metrostavdiz.cz