STATEMENT ON THE PROCESSING OF PERSONAL DATA

Declaration on the processing of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the information of data subjects (hereinafter referred to as the "GDPR").

1. Personal Data Controller
The personal data controller is Mendeor Institute s.r.o., Company ID: 23141018, with its registered office at Revoluční 764/17, 11000 Prague, registered with the Municipal Court in Prague under file number C 422075/MSPH (hereinafter referred to as the “Controller”), which hereby, in accordance with Article 12 of the GDPR, informs about the principles of personal data processing and the rights of data subjects.

The Controller respects applicable rules and data protection standards in processing personal data and adheres in particular to the following principles:

  • The Controller processes personal data for a clearly and comprehensibly defined purpose, by specified means and in a manner strictly for the necessary period;

  • Personal data is collected only to the extent necessary and is not disclosed to third parties, except for those directly involved in processing the data;

  • All persons coming into contact with personal data (e.g., employees, contractors, subcontractors, etc.) are contractually bound to fully comply with the Controller’s data processing principles.

2. Scope of Personal Data Processing
Personal data is processed to the extent provided by the data subject to the Controller, particularly in connection with entering into a contractual or other legal relationship with the Controller, due to the Controller’s legitimate interest, or data otherwise collected by the Controller and processed in accordance with applicable legal regulations or to fulfil legal obligations of the Controller.

3. Sources of Personal Data
The Controller processes personal data obtained primarily from data subjects themselves, from clients and contractual partners, and from publicly available sources (e.g., public registers, directories, etc.).

4. Categories of Personal Data Subject to Processing

  • Identification data enabling unique identification of the data subject (e.g., name, surname, title, birth number, date of birth, permanent address, company ID, VAT number, bank account number, etc.) and contact information (e.g., temporary or delivery address, phone number, email, etc.);

  • IP addresses, phone numbers, login credentials, and other operational or location data collected and stored during service provision due to legal obligations of the Controller;

  • Data necessary for fulfilling contractual obligations;

  • Data provided beyond legal requirements processed with the explicit consent of the data subject (e.g., processing of photos, use of data for HR purposes, etc.).

5. Purpose of Personal Data Processing

  • Purposes based on the data subject's consent;

  • Contract negotiation;

  • Fulfilling contractual obligations;

  • Protection of rights of the Controller, recipients, or other affected persons (e.g., enforcement of claims);

  • Fulfilment of legal obligations;

  • Recruitment processes for job or similar positions.

6. Method of Processing and Data Protection
The Controller processes personal data primarily at its headquarters, establishments, and branches through authorized employees or designated processors. Processing is carried out using computer systems and similar technologies or manually for data in paper form, always in compliance with data protection security standards. The Controller has implemented appropriate measures to prevent unauthorized or accidental access, alteration, destruction, loss, unauthorized transfer or misuse of personal data.

All entities that may have access to the Controller’s collected personal data are obligated to protect the data subjects' rights to privacy and must comply with applicable data protection laws.

7. Data Retention Period
Personal data is processed for the duration necessary to ensure compliance with legal obligations or contractual relationships. After termination, data is retained only for the period necessary for legitimate reasons of the Controller or legal obligations, but no longer than 10 years.

8. Disclosure of Personal Data to Other Parties
The Controller discloses personal data to third parties only to the necessary extent and only to processors or recipients (typically external service providers), in compliance with applicable legal standards, especially GDPR. Additionally, data may be disclosed to legal, tax, and financial advisors or to administrative or law enforcement authorities if required.

9. Transfer of Personal Data Abroad
Collected personal data will primarily be processed within the EU. If data is transferred outside the EU, all obligations arising under the GDPR will be respected.

10. Legal Basis for Personal Data Processing
The Controller processes personal data based on the data subject’s consent, except where applicable laws allow processing without such consent.

11. Rights of Data Subjects
Under the GDPR, data subjects have the following rights in particular:

  • To obtain confirmation from the Controller as to whether personal data concerning them is being processed, and if so, access to that data and the information listed in Article 15 GDPR;

  • To be informed about appropriate safeguards under Article 46 GDPR if data is transferred to third countries or international organizations;

  • To have inaccurate personal data corrected or completed without undue delay (Article 16 GDPR);

  • To have personal data erased without undue delay where one of the grounds under Article 17 GDPR applies;

  • To restrict processing in cases under Article 18 GDPR;

  • To receive their personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance (Article 20 GDPR);

  • To object to processing under Article 21 GDPR;

  • To lodge a complaint with a supervisory authority.

12. Right to Object
If the legal basis for processing is the Controller's legitimate interest, the data subject has the right to object at any time. In such cases, the data will no longer be processed unless there are compelling legitimate grounds that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

13. Contact Information
Controller’s contact details:
Mendeor Institute s.r.o.
Company ID: 23141018
Address: Revoluční 764/17, 11000 Prague
Represented by: Simona Zábržová, Managing Director
Email: simona@soulmio.com
Phone: +420 777 285 544

Created by SUITU websites SE, powered by SUITU CMS, © 2025
Non-binding request

Fields marked with * are required.