This information is intended for all persons who enter into a contractual relationship with BOMEX - CZ s.r.o. (hereinafter referred to as “Controller”), e.g., suppliers or customers; or persons who are authorized to communicate with the Controller on behalf of their contractual partners who are a legal entity. This information also applies to data protection principles of potential, current or former employees of the Controller.

The Controller processes personal data which the subjects whose data is being processed provide themselves after entering into a contract or within its performance, or during a particular communication. The data is processed within a scope which is necessary for the performance of the contract; or so that the purpose of the communication is fulfilled. This statement regarding data protection principles explains what personal data the Controller collects and how he uses this data. All principles are in accordance with Regulation of European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (also as “GDPR” in the text).

Identification of the Controller

The Controller of your personal data is BOMEX - CZ s.r.o., Okružní 410, 755 01 Vsetín, Company registration number: 25839845.

Principles of Processing

When processing your personal data we honor and respect the highest standards of personal data protection and mainly comply with the following principles:
  • We always process data for a clearly and comprehensibly determined purpose, using established means and in an established manner and only for no longer than is necessary for the purpose for which the personal data are processed.
  • We only process correct personal data and it is ensured that the data processing is compatible with the purposes and that it is necessary in relation to the purposes for which they are processed.
  • The personal data are processed in a manner that ensures the highest possible security of the data, including protection against unauthorized or accidental access to the personal data, their alteration, destruction or loss, or against their unauthorized transfer; or any other unauthorized method of processing or abuse.
  • We always provide comprehensive information about personal data processing and about your right for accurate and complete information regarding data processing circumstances as well as your other related rights.
  • We comply with appropriate technical and organizational measures so that the level of security against all possible risks is ensured; all persons who are in contact with your personal data are obliged to maintain confidentiality regarding information obtained in connection with data processing.

    Information about Data Processing

    Purpose of Processing and Legal Basis for Processing
    Personal data are processed for the following purposes:
    a) if you are our business partners or suppliers or if you represent them:
    • entering into contracts and their performance (purpose No.1)
    • project management (purpose No. 2)
    • marketing activities (purpose No. 3)

    b) if you are job applicants or employees:
    • keeping personal agenda (purpose No.4)
    • keeping salary and accounting agenda (purpose No.5)
    • management of employment or similar relations (purpose No.6)

    Legal Basis for Processing

    The legal basis for personal data processing is Article 6 (1) GDPR as follows:
    • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (purpose No.3);
    • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (purpose No.1);
    • Processing is necessary for compliance with a legal obligation to which the controller is subject (purpose No.4,5,6);
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (purpose No. 2).

    Processing your Personal Data without your Consent

    We would like to inform you that your personal data may be processed in accordance with the above mentioned regulation even without your consent, but only for the following purposes:
    • Fulfillment of the contract concluded between you and us, while the contract may also be an actual use of a certain service without having to sign anything.
    • Fulfillment of legal obligations which arise for us from general binding rules of law when processing which is necessary for the purposes of our legal rights.
    The possibility and lawfulness of such processing arises directly from valid legal regulations and your consent is not necessary for processing.

    Processing Personal Data with your Consent

    Some personal data processing requires your consent. They are usually situations when you give your voluntary consent to process personal data provided by you or obtained in another way. If you do not give your consent, it may be the reason for us not to be able to provide certain products or services to you, or we may be forced to adapt the availability, scope or conditions of the provided products or services in a legitimate way.
    Based on your consent, we process personal data for the following purposes:
    a) if you are our potential business partners or suppliers or if you represent them:
    marketing activities
    b) if you are job applicants
    evaluation of the selection process

    Scope of Personal Data Processing

    Our organization processes personal data in the scope necessary for the performance of the above mentioned purposes. We process only such personal data which you provide to us mainly:
    • in relation to business cooperation, business activities or projects between our company and you or a natural person or a legal entity for whom you work or whom you represent or with whom you cooperate,
    • in relation to your employment or as a job applicant or a person interested in cooperation with our company.
    Therefore, they are mostly (but not exclusively) data which you provide to us or which we are required to process by law or for the purposes of our legitimate interest. The categories of the personal data are as follows:
    • first name and surname,
    • telephone number or a number of a legal representative,
    • e-mail address,
    • permanent address,
    • contact and/or delivery address
    • date of birth (age), or birth identification number
    • nationality and citizenship
    • company identification number (IČ), or tax registration number (DIČ) of suppliers and business partners,
    • information about health insurance company (of employees),
    • information about previous jobs (of job applicants and employees),
    • information connected with employment (working hours record keeping, bonuses, overtime)
    • certificates about training attended and education (of employees)
    • data necessary for filing tax return or confirmation for the purposes of tax return

    Manner of Personal Data Processing

    The manner in which our organization processes personal data does not include automated processing including algorithmic processing in information systems.

    Period of Personal Data Processing 

    Personal data are kept for no longer than is necessary for the purposes for which they are processed.   We constantly assess whether it is still necessary to keep certain personal data for a certain purpose. If we find out that it is not necessary for any of the purposes for which it was processed, we liquidate the data. However, we have already internally determined a certain usual time of use of personal data in relation to certain purposes after which lapse we assess very carefully the necessity to keep the particular personal data for the specific purpose. In this connection the following applies:
    • if determined by law or other generally binding legal regulation, or a decision of an  administrative body, the personal data must be stored for the specified purpose for no less than the determined period of time;
    • if determined by a Discarding Code, for the period of time determined by the Code;
    • if the data may possibly be used in legal or other disputes or administrative or other proceedings, the data will be stored no less than for the period of 2 years after a particular legal dispute or proceeding is effectively terminated and unless a dispute or proceedings are initiated, no less than 2 years after the lapse of statutory limitation period or period of extinction in a matter related to which they might be possibly used;
    • in other cases minimally one year after they were acquired and no longer than 5 years after   their last use. Personal data which are necessary for the provision of proper service, or for the fulfilment of all our obligations, whether such obligations arise from a contract or from a generally binding legal regulations, have to be processed regardless of your given consent for the period of time stipulated by particular legal regulations and in accordance with them even after a possible revocation of your consent.

    Sources of Personal Data

    We obtain personal data mainly in the following way:
    a) from business partners or suppliers
    b) from employees or job applicants, and that is directly, e.g. when entering into a contract, based on a selection process
    c) from publicly accessible sources (public registers, records or lists),
    d) from third parties who are authorized to handle personal data of the client,
    e) from our own activities, by processing and evaluating other personal data.

    Recipients of Personal Data

    Your personal data are made accessible namely to our employees in connection with performing their job when it is necessary to handle personal data, however, in no larger scope than is necessary in such a case and in compliance with all safety regulations.
    Also, your personal data are provided to third persons who take part in their processing, or the personal data may be made accessible to them due to another reason in accordance with law. The Controller has the right to authorize a processor who entered into a Contract on Processing to process the personal data and who provides sufficient assurance of your personal data protection. Therefore, before we provide a third person with your personal data we always enter into a written contract with this third person in which we provide for personal data processing in such a way that it includes the same assurances for personal data processing which we ourselves comply with in accordance with our legal obligations.

    Handing over Personal Data

    In accordance with relevant legal regulations we have the right to hand over your personal data directly without your consent to the following persons:
    a) competent bodies of the state administration, courts and police, judiciary and prosecuting authorities for purposes of performing their obligations and for the purposes of executing a decision;
    b) banks and other providers of payment services;
    c) other persons within the scope stipulated by legal regulations, e.g. to third persons for the purpose of collecting our claims.

    Your Rights

    Our organization complies with laws regarding personal data protection which are effective in the European Economic Area, which in case of their validity include the following rights:
    a) If the personal data processing is based on your consent, you have the right to revoke your consent for future processing any time (see hereinafter).
    b) You have the right to request from us, being the Controller of the data in accordance with legal regulations, the access to your personal data and their correction.
    c) You also have the right for the erasure of personal data, the right for limited processing, the right to raise an objection against direct marketing, the right to portability of personal data.
    d) You have the right not to give your consent with personal data processing.
    e) You have the right to file a complaint with an office authorized for data protection.

    The Right to Revoke your Consent

    We have tried to explain in this document why we need your personal data and that we can process them for certain purposes only with your consent. You are not obliged to give your consent with processing your personal data to our company and at the same time, you are entitled to revoke your consent. We would also like to remind you that there are certain personal data which we are entitled to process for certain purposes also without your consent. If you revoke your consent, we will terminate processing of the particular personal data which require your consent. Should you wish to revoke your consent with personal data processing, you can do so in the way described in the section Contact Us.

    Changes in Statement on Personal Data Protection Principles

    We will update this statement on personal data protection principles as necessary, based on our customers’ opinions. When we publish changes of this statement, we will always adjust the date of the last update which is given at the end of this statement including the change description. If there are significant changes in this statement or the manner our organization uses your personal data, we will inform you before the implementation of such changes by publishing a visible notification or by sending you a personal notification. We recommend that you regularly check this statement so that you are informed about the manner of your personal data protection.


    A cookie is a small data file placed in your browser in the device (computer, smart phone or tablet) on which you look at the website. Cookies have various purposes and some may contain your personal data. We use the following types of cookies on our website.

    Technical cookies

    These cookies (e.g. PHPSessionID) are necessary for assuring the website operation (e.g. due to responsive design). For such a type of cookies it is not necessary, according to the opinion of the expert group WP29 EU)  to obtain your consent. It is possible to block them = ban, but then a part of the website may not be  displayed correctly, or some parts may not work at all. You can turn off cookies for the most frequently used browsers here:
    • Google Chrome
    • Firefox
    • Internet Explorer and Edge
    • Safari
    • Opera

    Cookies for Marketing Purposes

    We use these cookies (e.g.  __utma, __utmc, leady_session_id,_ga) for monitoring the number of visits and they are not necessary for the correct operation of the website. For this type of cookie it is necessary to obtain your consent, which can be given, according to the expert group WP29,  by setting your browser, that is by turning off cookies of third parties. To turn on/off this function, look for help in the particular browser. Instructions for the most common browsers can be found here.

Do you have a question for BOMEX?

Write us, and we will get back to you by the next working day.

Contact us via form or write us.