1. CONTROLLER

‍The controller of personal data is Quanti s.r.o., Company ID No.: 247 49 001, with its registered office at Thákurova 531/4, Dejvice, 160 00 Prague 6, registered in the Commercial Register maintained by the Municipal Court in Prague, File No. C 171120 (the “Company”).
‍
‍2. PURPOSE OF DATA PROCESSING

‍We process employees’ personal data strictly for purposes related to employment with the Company. In most cases, we do not require your consent.

‍HR and payroll agenda

‍We maintain personnel files relating to all our employees for the purpose of ensuring HR and payroll administration. We process the following data:
· Identification and contact details, data from the onboarding form
· Documents proving qualifications: diplomas, certificates, etc.
· Contractual and legal documents: in particular employment contracts, salary assessments, other contracts and agreements, requests for unpaid leave, job descriptions, documentation of changes and termination of employment, documentation of occupational injuries, wage deductions
· Various confirmations and consents: e.g. occupational medical examinations, personal data processing, participation in training, consent to meal allowance lump sum, confirmation of entrusted property, etc.
· Salary payment information: such as bank account number, payslips, etc.
· Income tax declarations and supporting documents for filing tax returns and making statutory deductions
·  Documents related to business trips

‍Within payroll administration, we also process:
· Various records, e.g. working time, leave, sick leave and other records required under social security and health insurance laws
· Information about disabilities
‍· Communication with public authorities, especially employee-related notifications

We process personal data in order to perform the employment contract or other contract concluded with you (i.e. for contract performance purposes). In many cases, we process personal data because we are required to do so by law (for example, working time records).

We also process personal data contained in personnel files in order to demonstrate compliance with legal regulations and to manage the Company’s HR policy. In such cases, processing is based on the legitimate interest of the controller.

Payroll administration is processed for the purpose of calculating and paying wages in order to fulfil contractual obligations and legal obligations imposed by applicable laws. We are required to report certain information to authorities, make deductions and payments, prepare tax returns on your behalf, and maintain records for health insurance and social security purposes.

For these purposes, we must also process information about certain family members. For payroll purposes, we also process your personal identification number (birth number) as required by law.

‍Performance of work

‍In order to carry out daily work activities, maintain internal and external communication, and provide services to our customers, we process the following personal data:
· Work contact details: e.g. business email address, business telephone number, etc.
· Documents created in the course of employment: e.g. email correspondence, documents in electronic and paper form, records in IT systems, etc.We process personal data to ensure our business activities and other operations. The legal basis for processing is our legitimate interest.

‍Employee management

‍Based on this information, we make strategic decisions regarding HR policy. Within employee management, we process:
· Information relating to the course of employment: e.g. employee evaluations, performance of work tasks, absences, mutual communication, complaints
· Information about salary, job position and qualifications
‍· Other information relating to work performance and compliance with legal regulationsWe process personal data in order to manage the Company’s HR policy, for example to offer you another position, decide on remuneration changes or workforce planning, or to address complaints.Based on personal data, we may also prepare statistics and reports. Processing in these cases is based on the legitimate interest of the controller.

Security and management of property and IT

‍At the entrance to the building, a camera is installed which takes photographs of incoming persons. These data are processed for the purpose of protecting the Company’s property.For the purpose of ensuring security and IT system management:
· Access to IT systems is protected by login credentials and passwords assigned and withdrawn by the Company according to employees’ roles and needs, and records of such access are maintained.
· The Company records employees’ access to IT systems and their activities within these systems (logs).

For the protection of IT systems and Company property, access to certain areas is controlled by chip card or mobile phone with the relevant 2N reader application. At the Hradec Králové branch, a mobile application is used to arm and disarm the alarm system.
Company cars are equipped with GPS units. GPS is used solely to determine the current location in case of loss or theft of the vehicle, or to locate parked, unused company vehicles.
Processing for the purposes of security, property protection and IT management is based on the Company’s legitimate interest.

‍Photographs and video

‍If you have given your consent, we may use your photographs or videos on the intranet and for promotional purposes on the internet or social media. Details are specified in the consent.We may take recordings at company events for internal purposes, particularly to share experiences with colleagues. This processing is based on legitimate interest.
If representing the Company is part of your job duties, photographs and videos will be processed for the purpose of fulfilling the employment contract.

‍Emergency contact

‍If you have given your consent, in the event of a crisis situation concerning you, we will contact the designated emergency contact person. A crisis situation may include in particular: injury, serious illness, hospitalisation, or another serious event at the workplace or during work performance where your health or safety is at risk and we reasonably assume that you are unable to contact your close persons yourself.

Providing an emergency contact is entirely voluntary. You may change or cancel the emergency contact at any time by contacting HR.

Emergency contact data are processed only for the duration of employment.

‍3. WHO HAS ACCESS TO PERSONAL DATA

‍Within the Company, your personal data are accessible to HR staff, accounting staff, and in some cases your supervisors and Company management. We use an external accounting firm for payroll administration.

‍4. WITH WHOM WE SHARE PERSONAL DATA

‍We are legally obliged to report certain information to public authorities such as the Social Security Administration, health insurance companies or tax authorities. Within mandatory audits, personal data may be disclosed to auditors. If an insured event personally concerns an employee, we may share relevant information with insurance companies. If contact with the public is part of an employee’s job duties, work contact details may be shared with third parties, in particular our business partners, for the purpose of providing services and ensuring the Company’s operations.
Personal data may also be shared with contractors, service providers related to employee care or business travel, auditors, and legal advisors.
We may also share personal data with trusted data processors.

‍5. RETENTION PERIOD

‍We retain employees’ personal data for a limited period and delete them once they are no longer necessary for the given purpose. This generally means that personal data are retained for the duration of employment or other employment relationship.
After termination, certain personal data will be archived for statutory limitation periods for the purpose of exercising rights and defending against potential claims or for possible inspections by public authorities. In many cases, legal regulations require longer retention periods, which may be up to 45 years after termination of employment.The retention period for electronic and paper records created in the course of work performance is governed by the retention period applicable to the respective documents (e.g. commercial contracts or related communication).
Data processed for security and property and IT management purposes generally have shorter retention periods; for example, CCTV photographs are retained for 72 hours.

‍6. RIGHTS RELATED TO PERSONAL DATA PROCESSING

‍Under applicable laws, you have the right to request information or certain actions regarding your personal data.

‍Right of access: You have the right to obtain a copy of the personal data we hold about you and certain information about how we use them.

‍Right to rectification: If you believe that the information we hold about you is inaccurate, you may request its update or correction. During employment, you are legally obliged to notify us of changes to your personal data.

‍Right to object: You have the right to object to processing carried out on the basis of legitimate interest, provided there are no overriding legitimate grounds for processing. You cannot object to processing required by law.

‍Right to withdraw consent: If we process personal data based on your consent, you may withdraw your consent at any time.

‍Right to erasure: In certain circumstances, you have the right to request deletion of your personal data, for example if the data are no longer necessary for the original purpose or if you withdraw your consent. However, this must be balanced against other factors, such as our legal obligations.

‍Right to data portability: In certain circumstances, you have the right to request that we provide your personal data in a machine-readable format or transfer them to a third party.

‍Right to restriction of processing: In certain circumstances, you have the right to request that we stop using your personal data, for example if you believe the data are inaccurate or no longer necessary. Our obligation to comply with your request may depend on the purpose for which we process your data. Some rights apply only to certain processing purposes or are subject to exceptions.

‍