NISAFORM Ltd., U Šamotky 1172, 463 11 LIBEREC 30

Tel: +420 483 310 420 

Information on the processing of personal data under Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the training of data subjects.

(hereinafter referred as "GDPR")

I. Personal Data Administrator NISAFORM ltd., company identification number: 62742612, VAT No .: CZ62742612, registered office at U Šamotky 1172, 463 11 Liberec 30, is registered in the Commercial Register maintained by the Regional Court in Ústí nad Labem, Section C, File 8883, "Administrator" hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and your rights.

II. Scope of processing of personal data Personal data is processed to the extent that the relevant data subject has provided the controller with regard to the conclusion of a contractual or other legal relationship with the controller or which the controller has collected otherwise and processes them in accordance with applicable legal regulations.

III. Sources of personal data - directly from data subjects (e-mails, phone, websites, contact forms on the web, social networks, business cards), - distributor, - publicly accessible registers, lists and records.

IV. Personal data category Address and identification data used to uniquely identify the data subject: - name, - surname, - title, - surname, - birth number, - address of permanent residence, - correspondence address.

V. Categories of data subjects - Customer, contractor manager, - Administrator employee, - Other person who is in a contractual relationship with the trustee, - Jobseeker. - ID, TIN, - contact address, - telephone number, fax number, - email address, - bank details, - other details for performance of the contract.

VI. Categories of recipients of personal data - Wholesalers, - Financial Institutions, - Public Institutions, - Processors, - State and other bodies in the fulfillment of legal obligations established by the relevant legal regulations.

VII. Purpose of the processing of personal data - Purposes contained within the data subject's consent - Contract negotiation - Performance of the contract - Protection of the rights of the controller, the recipient or other persons concerned - Law-based archiving - Vacancies for vacant posts - the fulfillment of statutory obligations by the trustee, - the protection of the vital interests of the data subject.

VIII. Method of processing and protection of personal data Processing of personal data is carried out by the administrator, eventually the processors with whom the Personal Data Processing Agreement is concluded. The processing is carried out at the headquarters of the manager or at the headquarters of the processor. The processing takes place through computer technology, even manually, in the form of personal data, in compliance with all the security principles for the management and processing of personal data. To that end, the controller has adopted a technical and organizational measure to ensure the protection of personal data, in particular measures to prevent unauthorized or incidental access to personal data, alteration, destruction or loss, unauthorized transmission, unauthorized processing, and other misuse of personal data. All entities to which personal data may be made available respect the privacy rights of data subjects and are required to comply with applicable privacy laws.

IX. Time of processing of personal data In accordance with the deadlines specified in the relevant contracts or in the relevant legislation, this is the time necessary to ensure the rights and obligations of the controller.

X. Lessons The Administrator processes the data with the consent of the data subject, except in cases where the processing of personal data does not require the consent of the data subject. In accordance with Article 6 (1) of the GDPR, the controller may, without the consent of the data subject, process the following data: - the data subject has given consent for one or more specific purposes, - the processing is necessary to meet the contract to which the data subject is or measures taken prior to conclusion of the contract at the request of that data subject - processing is necessary to fulfill a legal obligation to the controller - processing is necessary to protect the vital interests of the data subject or other natural person - processing is necessary to fulfill the task performed - processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, except where the interests or fundamental rights and freedoms of the data subject which require the protection of a personal data.

XI. Rights of data subjects In accordance with Article 12 of the GDPR, the controller shall, at the request of the data subject, inform the data subject's right of access to personal data and the following information: - the purpose of the processing, - the category of personal data concerned, - the recipient or categories of recipients whose personal data - the time at which the personal data will be stored, - any available information about the personal data source, - the fact that automated decision making, including profiling, is obtained from the data subject. Any data subject who discovers or considers that the controller or processor performs the processing of his or her personal data that is contrary to the privacy or privacy of the data subject, or in violation of law, in particular if the personal data are inaccurate with regard to their purpose the processing may: - ask the controller for explanation, - require the controller to remedy the situation thus created, in particular, it may be blocking, correcting, supplementing or deleting personal data, - if the data subject's request under paragraph 1 of Article X is found to be justified, - if the data controller does not comply with the request of the data subject pursuant to paragraph 1 of Article X, the data subject has the right to contact directly the Supervisory Authority, ie the Personal Data Protection Authority, - the procedure provided for in paragraph 1 of Article X does not exclude the the data subject has directly contacted the Supervisory Authority, - the trustee has the right in providing the information requesting an adequate reimbursement not exceeding the costs necessary to provide the information. This information on the processing of personal data is publicly accessible on the website of the administrator.

Processed: Ing. Michal Mikeš