Nadpis

Textový obsah

Zavřít

Překlad textu

Zdroj: - Otevřít list v adminu
Fortemix

Privacy Policy (GDPR)

FORTEMIX s.r.o., with its registered office at Kirilovova 812, 739 21 Paskov, Czech Republic, Company Registration Number: 268 68 211, a company registered in the Commercial Register maintained by the Regional Court in Ostrava under file no.
C 28754 as the data controller (hereinafter referred to as the “Controller”) informs customers and users of the website: https://www.fortelock.cz as data subjects (hereinafter referred to as “Data Subjects”) about the collection of personal data and privacy policy described below.

1. INTRODUCTION

1.1 This policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) and in accordance with Act No. 110/2019 Coll., on the processing of personal data.

1.2 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3 Other terms such as ‘special categories of personal data’, ‘data subject’, ‘processing of personal data’, ‘controller’, ‘processor’, “high-risk processing”, “automated individual decision-making, including profiling” and “appropriate technical and organisational measures” have specific meanings and must be interpreted in accordance with and in the context of the GDPR.



2. WHAT PERSONAL DATA DOES THE CONTROLLER PROCESS

2.1 The Controller processes the following data concerning the Data Subject:

  • address and identification details: first name and surname, address, email, telephone number
  • billing and payment details: optionally company registration number, VAT number, registered office address
  • data on purchased products, data on product usage, data on communication with the Controller

2.2 In order to improve the quality of services, personalise offers, collect anonymous data and for analytical purposes, the Controller uses so-called cookies on its website. The cookie policy is set out in a separate document, available at this link: Cookie Policy

2.3 Personal data may be stored for a longer period than that specified in the table below if such data is processed solely for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes.

2.4 If you have opted in to receive the newsletter, you grant the Controller consent to use your email address for the purpose of sending commercial and marketing communications related to the products or services offered. Your email address will be processed in accordance with data protection regulations and in compliance with these principles. You may withdraw your consent to the processing of your email address for marketing purposes at any time by sending an email to marketing@fortemix.cz, or by submitting a written request to the Controller’s registered office.

3. WHAT PERSONAL DATA DOES THE CONTROLLER PROCESS

Personal data processed Purpose of processing Legal basis for processing Duration of processing
Address and identification details Processing of orders and communication regarding the conclusion and performance of the contract implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations), performance of the contract for the period strictly necessary for pre-contractual negotiations and subsequently for the performance of the contract
Payment and billing details Processing orders and performing the contract, bookkeeping performance of the contract, fulfilment of legal obligations for a period of 10 years from the date of the last payment
Data on purchased products, their use, and communication performance of the contract, customer care performance of the contract, legitimate interest for the duration of the contract and for a period of 1 year following its termination
Your name and email address provided outside the scope of the contractual relationship, solely for newsletter subscribers Regular sending of commercial communications containing offers, information and news in accordance with Act No. 480/2004 Coll. consent given upon registration for the newsletter until consent is withdrawn; or until the recipient unsubscribes
Address and identification details Processing of messages sent via the web form implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations), performance of the contract for the period strictly necessary to handle the communication

4. PRINCIPLES OF PERSONAL DATA PROCESSING

4.1 The Controller processes personal data fairly, lawfully and transparently. These Principles inform the Data Subject of the scope, content and manner in which the Controller processes personal data.

4.2 The personal data processed by the Controller is, in relation to the contractual relationship, adequate, relevant and limited to what is necessary to fulfil the specified purpose.

4.3 The Controller requires the Data Subject’s personal data to be accurate and up to date. If any of the data provided is out of date, the Data Subject is obliged to amend it in their user account after registration.

4.4 The Controller processes personal data in a manner that ensures its proper security, including its protection by means of appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.

5. RECIPIENTS OF PERSONAL DATA AND INTENTION TO TRANSFER INFORMATION

5.1 The Controller may also transfer the Data Subject’s personal data to a third party as a recipient. However, the Controller shall only do so in justified cases. The Controller may transfer personal data to the following recipients:

a) processors who process the Data Subject’s personal data in accordance with the Controller’s instructions and whose relationships are governed by the provisions of Article 28 of the GDPR; in particular, providers of software used by the Controller to enhance the security and operation of its services; providers of transport, accounting and tax advisory services; these will only have access to the extent necessary and for the purpose of administration and technical support of the software used;

b) public authorities and other entities, where required by applicable legislation;

c) other entities in the event of an unforeseen incident where the provision of data is necessary to protect life, health, property or another public interest, or where it is necessary to protect our rights, property or security.

5.2 The controller does not intend to transfer personal data to a third country or an international organisation.

6. RECIPIENTS OF PERSONAL DATA AND INTENTION TO TRANSFER INFORMATION

6.1 The rights of the Data Subject are a key element of personal data protection. If the Data Subject exercises any of their rights set out below, the Controller shall provide them with information on the measures taken without undue delay and in any event within one month of receiving the Data Subject’s request. In exceptional cases, the Controller may extend this period by up to two months. The Controller shall inform the Data Subject of the extension and the reason for it.

6.2 Personal data is processed automatically in electronic form.

6.3 The Data Subject has the right:

a) to be informed about the processing of personal data

We provide information on the processing of personal data to the Data Controller primarily through this Privacy Policy.

b) to access personal data

If the Data Subject requests it, they will receive information (confirmation) from the Controller as to whether or not their personal data is being processed. If it is being processed, the Data Subject has the right to obtain the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to request from the Controller the rectification or erasure of personal data; the right to object; the right to lodge a complaint with a supervisory authority; any available information on the source of the personal data, if not obtained from the Data Subject; the fact that automated decision-making, including profiling, takes place. Most of this information can be found in this privacy policy, but if the Data Subject is interested, they may also enquire about the above.

c) to rectification or completion

If the Data Subject knows or believes that the Controller is processing inaccurate personal data concerning them, the Data Subject may bring this to the Controller’s attention and the Controller is obliged to rectify the data. If the Data Subject wishes to supplement any incomplete personal data, taking into account the purpose of the processing, they may bring this to the Controller’s attention and the Controller is obliged to supplement the data.

d) to erasure

This right of the Data Subject imposes an obligation on the Controller to erase personal data in accordance with Article 17(1) of the GDPR if at least one of the following conditions is met:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the Data Subject withdraws consent and there is no other legal basis for processing;
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data has been processed unlawfully;
  • the personal data must be erased to comply with a legal obligation;
  • the personal data has been collected in connection with the offer of information society services pursuant to Article 8(1) of the GDPR;

and, at the same time, none of the exceptions set out in Article 17(3) of the GDPR apply.

e) to restriction of processing

Under this right, the Data Subject may request the Controller to restrict the processing of personal data. If the conditions set out in Article 18(1) of the GDPR are met, the Controller must do so.

f) to data portability

The Data Subject has the right to receive, and in particular to download, their personal data from the Controller in a structured, commonly used and machine-readable format, and furthermore has the right to have their personal data transmitted directly to another controller.

g) to object

In certain cases, the Data Subject has the option to object to processing. This applies in particular to situations where the Data Subject has had no opportunity to influence the fact that their data is being processed, and where this is not for the fulfilment of a legal obligation or a vital interest, in which case such inability to influence is justifiable. The Data Subject thus has the option to raise three types of objection to processing. These are objections to:

  • processing based on the legal basis of legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
  • processing for direct marketing purposes based on the legal basis of legitimate interest;
  • processing for the purposes of scientific or historical research or for statistical purposes.

If an objection is raised, the Controller shall no longer process the data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims. Where an objection is raised against the processing of personal data for the purposes of direct marketing or profiling, the Controller must cease processing the personal data. 

h) not to be subject to automated individual decision-making, including profiling

When processing personal data, the Data Subject is never subject to automated individual decision-making, including profiling.

i) withdraw consent to the processing of personal data where processing is based on consent

The Data Subject may withdraw their consent to the processing of their personal data, which I process on the basis of this consent, at any time.

j) to be informed of a personal data breach

If there is a likelihood of a high risk to the rights and freedoms of the Data Subject as a result of a security breach by the Controller, the Controller shall notify the Data Subject without undue delay.

k) lodge a complaint with the supervisory authority

If the Data Subject believes that the Controller is breaching its obligations in the processing of their personal data, the Data Subject has the right to lodge a complaint with the Office for Personal Data Protection, registered office at Pplk. Sochora 27, 170 00 Prague 7; email: posta@uoou.cz; www: https://www.uoou.cz; tel.: +420 234 665 111.

7. CHANGES TO THE POLICY

7.1 The Privacy Policy may change over time. The Data Controller will publish all changes to the Privacy Policy on the website fortelock.cz. In the event of significant changes, the Data Controller may inform the Data Subject of these by email.

8. OUR CONTACT DETAILS

8.1 If the Data Subject wishes to contact the Controller regarding the processing of their personal data, they may use the following contact details:

a) in writing to the registered office address: FORTEMIX s.r.o., registered office at Kirilovova 812, 739 21 Paskov, Czech Republic

b) by email to the email address: marketing@fortemix.cz

 

THIS PRIVACY POLICY COMES INTO FORCE AND TAKES EFFECT ON: 1 January 2022