Privacy Policy
-
Introductory Provisions
- The Privacy Policy describes how the Controller processes the personal data of the User and the purposes of personal data processing, including the rights of the Data Subjects. The Controller's identification details are listed at the foot of the website.
- This Privacy Policy applies to the processing of personal data of Users who have entered into a relationship with the Controller, to employees of a third-party business partner, and to users of the website (hereinafter collectively as the “Data Subjects”).
- The personal data of the Data Subjects are processed in accordance with the applicable and effective legal regulations, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”).
- The Privacy Policy complements and is an integral part of the Terms and Conditions (“Terms”) applicable to the services provided through the Website or the terms of other services to which this Policy explicitly refers, and applies to personal data collected and processed by the Controller. Capitalized definitions/terms provided in the Terms have the same meaning in this Privacy Policy.
-
Purposes of Personal Data Processing
The individual purposes of processing depend on the Services offered by the website:
Data Subject Data Category Purpose Legal basis User Personal data and information provided in the relevant form The processing is necessary in connection with the creation of your registration/account (if possible, you can log in using social networks details)
Providing data is necessary in order to enter into the contractual relationship with the Controller.
Article 6(1)(b) of the GDPR
(Agreement)User Name Address E-mail Payment details* + other data related to the Services The processing is necessary to carry out the necessary steps related to the provision of Services
Providing data is necessary in order to enter into the contractual relationship with the Controller
Article 6(1)(b) of the GDPR (Agreement) User Name Address Payment details + other data related to the Services Compliance with legal obligations (tax and accounting)
Data processing is a legal obligation
Article 6(1)(c) of the GDPR (Legal obligation) User Contact data (e-mail) Sending of general commercial communications (newsletter) and informing User of other offers of similar products and/or Services on the basis of legitimate interest
If the User has not opted out
Article 6(1)(f) of the GDPR (Legitimate interest) User Nickname Posting comments on the website
If the User has decided to post comments
Article 6(1)(a) of the GDPR (Consent) Business partner Details in the contract with the provider Compliance with contractual and legal obligations
The provision of data is necessary for mutual cooperation
Article 6(1)(b) and (c) of the GDPR (Agreement & Legal obligation) Business partner's employees Contact details provided in the contract with the or given during negotiations by e-mail, telephone Communication between the parties
The provision of data is necessary for mutual cooperation
Article 6(1)(f) of the GDPR (Legitimate interest) Data Subjects Name Address Contact details Complaint handling
In order for the Controller to handle the complaint (duly and in a timely manner), it is necessary to process personal data
Article 6(1)(f) of the GDPR (Legitimate interest) Data Subjects Operational data (cookies) Improving the operation and performing analyses of the website. A description of the cookies or similar analytical tools used is described in more detail in the Cookies Policy.
If the legal basis is consent, the consent is voluntary.
Article 6(1)(f) or (a) of the GDPR (Legitimate interest or consent) Data Subjects Anonymous data Statistical data
Data cannot be attributed to the data subjects, and the processing is subject to appropriate safeguards regarding the rights and freedoms of the Data Subjects
Articles 5(1)(e) of the GDPR (Legitimate interest) -
Retention Period
- The Controller retains the personal data of the Data Subjects for the period necessary to ensure all rights and obligations arising from the relevant legal relationship and for a further period for which the Controller is obligated to retain personal data under generally binding legal regulations. In other cases, the processing period is based on the purpose of the processing to which it must be proportionate, or it is determined by legal regulations on the protection of personal data or other regulations.
-
The overview table below shows the retention period for the personal data of Data Subjects:
Data Subject Data Category
PurposeRetention period User Identification data
Creating an accountFor the period of using the Services. The data will be deleted upon cancellation of the account. User Identification and Contact data
(Name, address, e-mail, payment details and e-mail) + other data related to the Services
To conclude a contractual relationship and performance of a contractual relationshipFor a period of 3 years as of the termination of the contractual relationship – provision of Services. User Contact data
(E-mail)
Sending of commercial communicationsFor a period of 1 year as of the termination of the contractual relationship or until the opt-out. User Identification data
(Name, address and invoice data)
Compliance with legal obligations (tax and accounting)For a period of 10 years as of the termination of the contractual relationship – provision of Services. User Nickname
Posting commentsFor a period of 1 year as of the termination of the contractual relationship or until the opt-out. Business partner Details in the contract
Compliance with contractual and legal obligationsFor a period of 10 years as of the termination of the contractual relationship. Business partner's employees Contact details
CommunicationFor a period of 10 years from the termination of the contractual relationship or until a request for deletion or objection is made. Data Subjects Operational data
(cookies)According to the cookie duration specified in the Cookie Policy. Data Subjects Identification data
(Name, address, contact details) Compliant handlingFor a period of 6 months to 3 years from the conclusion of the case, depending on the application. - The data subject acknowledges that the termination of the contract/agreement means the completion/conclusion of the request – provision of Services.
- The Controller is entitled to send commercial communications (newsletter) regarding similar Services to an e-mail address or by other means of electronic communication, unless the Data Subject has opted out of receiving such messages, while the Data Subject may do so by sending a message to Controller's e-mail or at any later time via a link in each of the marketing e-mails sent.
-
Recipients of Personal Data
- The personal data of Data Subjects are made available only to the authorised employees of the Controller or the individual processors of personal data contracted by the Controller or to other recipients as separate data controllers such as business partners involved in the Services, state authorities, municipal authorities etc.
- The Controller is entitled, or obliged, to transfer certain personal data to law enforcement authorities or other public authorities in cases provided for by law.
- An up-to-date list of the recipients is available on request via the email address at the foot of the website.
- The personal data are not stored outside the EU/EEA.
-
Security and Confidentiality of Personal Data
- Personal data will be secured in such a manner and using such technical and organisational means so as to fully secure personal data protection in accordance with the GDPR and regulations governing personal data protection.
- With regard to the state of technology, especially that commonly used in telecommunication networks, the Controller cannot guarantee the confidentiality and authenticity of emails sent by or received from the Controller.
-
Personal data are processed electronically in an automated manner or in a printed form in a non-automated manner by authorised Controller's employees and employees of authorised processors.
Personal data are stored on secured servers in the relevant IT systems. The Controller has adopted appropriate technical and organisational measures to prevent loss or destruction of personal data, unauthorised access of persons to data, their modification or distribution. Access to your Profile/Account is only possible after entering your personal password. It is essential that you do not disclose your login information to third parties. The Controller does not assume the responsibility for any misuse of passwords.
- Occasionally, at the Controller's discretion, third-party products or services may be included or offered on the Website. These third-party sites have separate and independent privacy policies. The Controller has no responsibility or liability for the content and activities of these linked sites. Nonetheless, the Controller seeks to protect the integrity of the Website and welcomes feedback about these sites.
-
Rights of Data Subjects
-
The Data Subject may exercise the following rights with respect to the Controller:
- The right to withdraw consent to the processing of personal data: if personal data are processed based on the consent of the Data Subject, the Data Subject may withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right of access to personal data: the Data Subject has the right to be informed of whether his/her personal data are being processed and, if so, to gain access to his/her personal data.
- The right to rectification of inaccurate or incomplete personal data: if the data subject believes that the personal data processed by the Controller are inaccurate, false, outdated, or incomplete, he/she has the right (and in certain cases, the obligation) to request their rectification or completion. The Controller will rectify/complete the data without undue delay, taking into account the technical limitations.
- Right to erasure: in the case the Data Subject requests the erasure of data, the Controller shall erase his/her personal data if (i) the data are no longer necessary for the purposes for which they were collected, (ii) the processing is unlawful, (iii) the Data Subject objects to the processing and no overriding legitimate grounds for their processing exist, or (iv) the processing is not required by statutory obligation.
- Right to restriction of processing of personal data: if the Data Subject does not wish to erase the data but only temporarily restrict the processing of his/her personal data, the Data Subject may request the Controller to restrict the processing of his/her personal data.
- Right to data portability: if the Data Subject wishes for the Controller to transfer his/her personal data processed by the controller on the basis of the Data Subject’s consent or an agreement to a third party, the Data Subject may exercise his/her right to data portability. In the event the exercise of this right could adversely affect the rights and freedoms of third parties, the controller will not be able to comply with such a request.
-
Right to object: The Data Subject has the right to raise an objection to the processing of personal data that are processed for the purposes of protecting the legitimate interests of the Controller or third parties. If the controller does not prove that there are compelling legitimate grounds for the processing which take precedence over the interest or rights and freedoms of the Data Subject, the controller will terminate the processing based on the objection without undue delay.
If the main substance of the Data Subject's objection is directed against the sending of commercial communications and targeting of advertising by the Controller, the link at the end of the last commercial communication (newsletter) received from the Controller can be used as a primary means of unsubscribing from such commercial communications and the processing of personal data for this purpose.
- The right to contact the Data Protection Authority (https://edpb.europa.eu).
- There is no automated decision-making, including profiling, in connection with the Services provided.
- The Data Subjects’ rights can be exercised in writing by e-mail to the e-mail address of the Controller disclosed at the foot of the website. The Controller reserves the right to reasonably verify the identity of the person requesting to exercise the rights in question.
- In the event of repeated or manifestly unfounded requests to exercise the rights above, the Controller is entitled, in accordance with Article 12(5)(a) of the GDPR, to charge a reasonable fee for the exercise of the right in question, or to refuse to comply with such a right. The Controller shall inform you of such steps in advance.
- This Privacy Policy is valid and effective as of 30. 10. 2023.
-