The Policy complements and is an integral part of the Terms of Website use (“Terms”), or the terms of other COMPANY services to which this Policy explicitly refers, and applies to personal data collected and processed by COMPANY. Capitalised definitions/terms provided in the Terms have the same meaning in this Policy.
The protection of privacy and personal data protection is a priority for COMPANY and the processing of personal data is considered strictly confidential. Personal data are handled in accordance with applicable legal regulations regarding the protection of personal data, in particular, with General Data Protection Regulation (EU) 2016/679 (“Regulation”) and Act No. 110/2019 Sb., on Personal Data Processing, as amended (“Act”).
COMPANY is entitled to change this Policy at any time with immediate effect. You will be informed about such changes. If this Policy is changed in a way which requires your consent, we will ask you for it.
The latest version of this Policy is available at the footer of our Website.
COMPANY is a controller of your personal data within the meaning of the Regulation and the Act, i.e. collects, retains and uses (and otherwise processes) your personal data in connection with its business activities (individual purposes of personal data processing are specified below).
Without your consent, we at COMPANY are entitled to process only such personal data that are necessary for the performance of the contract and other contracts concluded with you, or for the fulfilment of the legal obligations of COMPANY, or for the purposes of legitimate interests. In other cases, COMPANY only process your personal data if you have provided us with your consent to the processing of your personal data.
Our processing of personal data is both manual and automated. Automated processing of personal data is used in order to perform the contract, in particular, to ensure internal processes within COMPANY and its contractual partners that are necessary for the provision of services. Automated processing of personal data is also used if consent to sending marketing communications is granted.
The Policy thus describes the purposes and methods of personal data processing, informs about individual categories of processed personal data, their potential recipients, retention periods and your rights in relation to personal data protection.
Purposes for processing personal information
COMPANY may process your personal data for the following purposes:
- Performance of the contract (in particular, the performance of the contract under which the user is entitled to use COMPANY’s services);
- Fulfilment of legal obligations (in particular, obligations under accounting and tax legislation, i.e. transfer of personal data to financial authorities or to other public authorities in accordance with applicable legal regulations);
- Protection of the controller’s legitimate interest (protection of COMPANY’s rights and interests protected by law, e.g. protection against misuse, detection of online frauds related to payment means, prevention and settlement of payment deficiencies);
- Sending commercial communication (COMPANY may send commercial communications by email, SMS/MMS or postal service providers);
- Handling users’ requests (e.g. using the possibility to contact COMPANY via the Website); and
- Sending personalised commercial communications (exclusively with your consent, we may send relevant commercial communications based on voluntarily provided data and your previous behaviour).
Personal Data Processing Related to Websites
In connection with your activities and depending on the scope of your activities, the Website may process the following personal data:
Data of Data Subjects Purposes of processing: E-mail and password performance of the contract, fulfilment of legal obligations, protection of the controller’s legitimate interest, handling users’ requests, sending commercial communications Age (only confirmation whether the person is over 18 years of age or the age of maturity in the respective jurisdiction) performance of the contract, protection of the controller’s legitimate interest Selected membership type and information on page access right performance of the contract, fulfilment of legal obligations, protection of the controller’s legitimate interest, handling users’ requests, sending commercial communications Name handling users’ requests Personal communication or correspondence performance of the contract, protection of the controller’s legitimate interest Site usage data (navigational, aggregate, click-stream, tracking, historical data etc., internet service provider, referral data, browser and platform type etc.) protection of the controller’s legitimate interest, sending commercial communications, sending personalised commercial communications
Methods of Personal Data Processing
During the registration, we collect personal data through the form in the «Registration» section of the Website. COMPANY thus has access to your email address, login and password. Without processing these personal data, the registration may not be completed.
The information that we collect and that is necessary for us to be able to respond to your requests are marked with an asterisk in the collection forms. If you do not fill in these mandatory fields, we will not be able to respond to your requests.
If you decide to contact our customer service through the means located or referred to on the Website or by other means that COMPANY makes available, information that you have already provided in or through the Website may be used.
We only send you commercial communications based on your consent granted by ticking the relevant field in the «Registration» section. If you have already used any of the COMPANY’s services, we have a legitimate interest in sending commercial communications if you originally did not refuse their sending. You may object to such sending at any time by unsubscribing from the relevant commercial communication using the link at the footer of the commercial communication.
In addition to the above personal data, we also process statistical information to learn how users or visitors use the Website, including the history of using COMPANY’s services.
Particularly for the purposes mentioned above, COMPANY transfers personal data obtained through the Website to the following partner companies, which act as processors or other controllers of personal data:
Name Registered Office UOL a.s. Roztylská 1860/1, Chodov, 148 00 Prague 4 Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ACI Worldwide, Inc. Watford, Herts, WD17 1FQ, UK Vendo Services GmbH Dorfstrasse 50, Engelberg, OBWALDEN, 6390, Switzerland E-Comprocessing, a division of emerchantpay lt 29 Howard Street, North Shields, Tyne And Wear, NE30 1AR, United Kingdom
When using services of personal data processors, COMPANY concludes relevant data processing agreements if they are processors of personal data. Personal data may be transferred to companies with their registered offices in countries which do not provide an adequate level of protection according to the Regulation. In these cases, COMPANY concludes standard contractual clauses for the transfers of personal data approved by the European Commission with the recipients in order to ensure an adequate level of personal data protection.
Duration of Personal Data Processing
COMPANY will process your personal data for as long as we provide you with services, or for the duration of the contract, or as long as necessary to fulfil archiving obligations according to applicable legal regulations of the Czech Republic, such as the Accounting Act, the Archiving Act or the Value Added Tax Act.
COMPANY may continue to process your personal data after the termination of the contract based on our legitimate interest, i.e. to protect our legal claims, for as long as necessary, but no longer than three (3) years, unless a special legal regulation stipulates a longer period.
COMPANY will process the personal data related to your registration profile, including the data contained therein, in order to manage your profile and send offers of our goods and services until you cancel it.
COMPANY will process the personal data based on your consent until you withdraw your consent. To withdraw your consent, send an email with the request to email@example.com or fill out the request form.
You may also refuse the processing of your personal data for the purposes of sending commercial communications without affecting our mutual relationships. You may unsubscribe from further commercial communications by clicking on the link at the footer of the commercial communication, or send an email with the request to firstname.lastname@example.org.
Security and Confidentiality of Personal Data
Personal data will be secured in such a manner and using such technical and organisational means so as to fully secure personal data protection in accordance with the Regulation, the Act and regulations governing personal data protection.
With regard to the state of technology, especially that commonly used in telecommunication networks, COMPANY cannot guarantee the confidentiality and authenticity of emails sent by or received from COMPANY.
Personal data are processed electronically in an automated manner or in a printed form in a non-automated manner by authorised COMPANY employees and employees of authorised processors.
Personal data are stored on secured servers in the relevant IT systems. COMPANY has adopted appropriate technical and organisational measures to prevent loss or destruction of personal data, unauthorised access of persons to data, their modification or distribution.
Access to your profile on the Website is only possible after entering your login and personal password. It is essential that you do not disclose your login information to third parties. COMPANY does not assume the responsibility for any misuse of passwords.
Rights of Data Subjects
In connection with personal data processing, you have the rights listed below that you may exercise at any time under the terms stipulated in Articles 15 through 21 of the Regulation.
These include the right (i) to access personal data; (ii) to rectify inaccurate data or complete incomplete data; (iii) to erase personal data if it is no longer needed for the purposes for which it has been collected or processed, or if it has been collected illegally; (iv) to restrict data processing; (v) to data portability, (vi) to object to the data processing which will therefore be terminated, unless there are serious legitimate grounds for the processing which outweigh your interests, rights, and freedoms, especially if the reason is an enforcement of legal claims, and (vii) to contact the supervisory authority, which is the Office for Personal Data Protection (www.uoou.cz) in Czech Republic, to lodge a complaint. If you have granted consent to personal data processing, you may withdraw it at any time.
Right to access personal data: if you want to know whether COMPANY processes your personal data, you have the right to obtain information on whether your personal data are processed and, if so, you have the right to access your personal data;
Right to rectify inaccurate data or complete incomplete data: if you believe that COMPANY processes inaccurate or incomplete personal data about you, you have the right to request rectification and completion of the data. COMPANY will rectify or complete the data without undue delay, but always taking into account technical possibilities;
Right to erasure: if you ask for erasure, COMPANY will erase your personal data if: (i) they are no longer needed for the purposes for which they have been collected or otherwise processed; (ii) the processing is unlawful; (iii) you raise objections to the processing and there are no prevailing legitimate reasons for the processing of your personal data; or (iv) COMPANY is required to erase the data under legal regulations. COMPANY S will not comply with your request if any of the circumstances under Article 17 (3) of the Regulation prevents it from doing so;
Right to restriction of personal data processing: if you request restriction of processing, COMPANY will make your personal data inaccessible, temporarily erase or store them, or perform other processing activities needed for the proper exercise of the right;
Right to data portability: if you want COMPANY to transfer your personal data that COMPANY processes based on your consent or data that are necessary for the performance of the contract to a third entity, you may exercise your right to data portability. If the exercise would adversely affect rights and freedoms of other persons, COMPANY will not be able to comply with your request;
Right to object: you have the right to raise an objection to the processing of personal data that are processed for the purposes of performing a public service task or in the exercise of public authority or for the purposes of protecting COMPANY’s legitimate interests. If COMPANY does not prove that there is a serious legitimate reason for the processing which takes precedence over the interest or rights and freedoms of the customer, COMPANY will terminate the processing based on the objection without undue delay.
In the event of repeated or apparently unjustified requests for the exercise of the above rights, COMPANY is entitled to charge an appropriate fee for the exercise of the right, or to refuse the exercise. We would inform you about the procedure in advance.
You may exercise the above rights through the COMPANY Customer Service:
- By mail at: Sokolovska 428/130, 186 00, Praha 8 - Karlin, Czech Republic;
- By contact form at: https://czechharem.com/contact/;
- By e-mail at: email@example.com, or
- If it concerns the consent to receiving commercial communications, through the link at the footer of the commercial communication sent by COMPANY.
COMPANY reserves its right to verify the identity of the person requesting the exercise of rights in accordance with Article 12 (6) of the Regulation.
If you have any questions, please contact COMPANY Customer Service using the contact details above.
The Policy was last updated on 11. 2. 2021.