General Data Protection Regulation

Declaration on the processing of personal data

Dekorační obrázek

Declaration on the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the instruction of data subjects (hereinafter "GDPR").

Personal data controller

MRB, s.r.o .., (hereinafter referred to as the "Administrator") hereby informs you in accordance with Article 12 of the GDPR about the processing of your personal data and about your rights.

Scope of personal data processing

Personal data are processed to the extent that the competent data subject has provided them to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or otherwise collected by the controller and processed in accordance with applicable law or to fulfil the controller's legal obligations.

Sources of personal data

Categories of personal data that are subject to processing

Categories of data subjects

Categories of recipients of personal data

Purpose of personal data processing

Method of processing and protection of personal data

The processing of personal data is performed by the administrator. Processing is performed in its premises, branches and registered office of the administrator by individual authorized employees of the administrator, or processor. The processing takes place through computer technology, or also manually for personal data in paper form in compliance with all security principles for the management and processing of personal data. To this end, the controller has taken technical and organizational measures to ensure the protection of personal data, in particular measures to prevent unauthorized or accidental access to, alteration, destruction or loss of personal data, unauthorized transfers, unauthorized processing and other misuse of personal data. All subjects to whom personal data may be disclosed respect the right of data subjects to privacy and are obliged to comply with applicable legal regulations concerning the protection of personal data.

Time of processing personal data

In accordance with the deadlines specified in the relevant contracts, in the administrator's file and shredding rules or in the relevant legal regulations, this is the time strictly necessary to secure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.


The controller processes the data with the consent of the data subject, except in cases stipulated by law where the processing of personal data does not require the consent of the data subject.

In accordance with Article 6 (1) of the GDPR, the controller may process the following data without the consent of the data subject:

Rights of data subjects

In accordance with Article 12 of the GDPR, the controller shall, at the request of the data subject, inform the data subject of the right of access to personal data and to the following information:

Any data subject who discovers or suspects that the controller or processor is carrying out the processing of his personal data which is contrary to the protection of the data subject's private and personal life or contrary to the law, in particular if the personal data are inaccurate with regard to their purpose processing, can: