en

Phone: +420 123 456 789

International business: , jirka@2-advance.cz

0 0.00 € Cart

Privacy policy

Personal Data Processing Policy (GDPR)

This document summarises how we handle the personal data of data subjects, and describes all processing operations and data security principles, all in accordance with EU Regulation 2016/679 (GDPR).

1. Who We Are and How to Contact Us

Entity responsible for data management:
Our company: Demo
Identification Number (IČ): 73866482
Registered office and address: B. Nikodema 4477/11, Ostrava  70800
(Hereinafter referred to as 'We' or 'Controller')

To exercise any of the rights to which you are entitled, please use the following contacts:
Phone: +420 123 456 789
E-mail: info@2-advance.cz

2. Basic Terms and Abbreviations

  • EU Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, effective from 25 May 2018.
  • Personal Data: Any information relating to an identifiable natural person (You), whether directly or indirectly.
  • Special (Sensitive) Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (for unique identification), and data concerning health or a person's sex life/sexual orientation.
  • Data Subject (You): An identifiable natural person. Identification is performed, for example, by name, identification number, online identifier, or specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Data Controller: The entity (We) which determines the purposes and means of processing Personal Data.
  • Processor: The entity that carries out operations with Personal Data on behalf of and under the instructions of the Controller.
  • Supervisory Authority: In the Czech Republic, the Office for Personal Data Protection (ÚOOÚ).

3. Purpose, Legal Basis, and Data Retention Period

We collect and use your data exclusively for precisely defined and transparent purposes. Below is an overview of data subject categories, reasons for processing, and associated rules:

A. Data Subject Category: Our Clients

1. Purpose: Fulfilment of Contract and Realisation of Business Relationship

  • Legal Basis: Performance of contractual obligations.
  • Data Processed: Identification data (name, surname), contact data (address, email, phone), financial data (account number, card number), transaction history, IP address, cookies, account registration data, information from complaint forms.
  • Retention Period: For the entire duration of the contractual relationship and the warranty period.

2. Purpose: Fulfilment of Legal Tax and Accounting Obligations

  • Legal Basis: Legal obligation (e.g., Accounting Act, VAT Act).
  • Data Processed: Identification, contact, accounting data (information on tax documents, bank account number).
  • Retention Period: Up to 10 years from the end of the tax period in which the performance was provided.

3. Purpose: Protection of Our Legitimate Interests (Debt Collection)

  • Legal Basis: Our legitimate interest (debt collection, compensation for damages, assertion of claims after the termination of the contract).
  • Data Processed: Identification, contact, financial data (account number), transaction history, IP address, cookies, data from complaint forms.
  • Retention Period: 4 years from the termination of the contractual relationship; for the duration of judicial or other proceedings.

4. Purpose: Direct Marketing (Sending Similar Offers and Communications)

  • Legal Basis: Our legitimate interest (offering goods/services corresponding to your needs based on an existing relationship).
  • Data Processed: Identification and contact details of clients.
  • Retention Period: For the duration of the contractual relationship.

B. Data Subject Category: Website Visitors

1. Purpose: Statistics and Targeted Advertising

  • Legal Basis: Our legitimate interest (improving services and targeting offers based on website access).
  • Data Processed: Identification and contact details, IP address and cookies.
  • Retention Period: 6 months.

2. Purpose: Processing Queries (Contact Forms)

  • Legal Basis: Performance of a contract or your consent.
  • Data Processed: Identification and contact details, IP address, cookies, the query itself.
  • Retention Period: Until the query is resolved (max. 30 days) or for the duration of your consent.

C. Data Subject Category: Newsletter Subscribers

Purpose: Sending Regular News and Commercial Communications by Email

  • Legal Basis: Your active consent to the subscription.
  • Data Processed: Identification data (name and surname), contact data (email).
  • Retention Period: Until the revocation of your consent.

The retention period is always limited to the strictly necessary extent (see above). After the expiry of the period, the data may be retained only for the purposes of state statistics, scientific research, or archiving activities.

4. Data Transfer and Use of External Services

Your personal data may be transferred to other entities (Recipients) in justified cases:

  • Entities that act as our Processors (e.g., IT administration, accounting), and which act on our instructions.
  • Public authorities or other entities if required by applicable legal regulations.
  • Other entities in the event of an unforeseen event where it is necessary to protect life, health, property, public interest, or our rights and security.

We use the Google reCAPTCHA tool on our website (provider: Google Inc., USA). The aim is to automatically verify whether data entry is performed by a human and thus protect our online offer from spam and abuse by automated bots. This is done by monitoring visitor behavior (e.g., IP address, mouse movements). Processing is carried out on the basis of our legitimate interest (Article 6(1)(f) of the GDPR). Detailed information about reCAPTCHA and Google's Data Protection Principles is available here.

5. Use of Cookies

When you visit our website, a small text file is sent from our server and stored on your device. This file is called a cookie. The browser sends the file back on subsequent visits. Cookies are used to increase the quality of our services and to better understand user interaction with our website. We store user preferences in them and track trends and behaviour when browsing pages.

Most browsers are set to automatically accept cookies. However, you have the option to change this and block cookies or set up a notification for their transmission. Please note that some website functions may not work properly without them.

We use both cookies from our domain (first-party) and third-party cookies ( from external web statistics providers). Third-party cookies are used for behaviour analysis and targeted advertising, but data obtained for tracking trends are not shared with any other third party.

Cookie settings

6. Key Principles of Data Processing

We are guided by the following principles when working with your data:

  • Lawfulness: We always act in accordance with applicable legal regulations, especially the GDPR.
  • Purpose Limitation: We use data only to fulfil the purpose for which it was collected, and to the extent necessary.
  • Transparency: These Policies and the contact person guarantee you the opportunity to become familiar with how your data is handled.
  • Accuracy: We ensure the accuracy and up-to-dateness of data using available and reasonable means.
  • Storage Limitation: We process data only for the strictly necessary period.
  • Integrity and Confidentiality: We adopt appropriate technical and organizational measures to protect data against unauthorized or unlawful processing, loss, or damage.

7. Automated Processes

We assure you that no automated individual decision-making or profiling takes place in the processing of your personal data.

8. Your Rights

As a data subject, you are entitled to a number of rights, which you can exercise through your user account or using the contacts listed in point 1. These rights include:

A. Right of Access and Information:
You have the right to obtain confirmation as to whether we are processing your data and to obtain information on the scope and manner of processing (purpose, recipients, retention period, etc.). Upon request, we will provide you with a free copy of the data. For repeated requests, we may charge a fee for administrative costs.

B. Right to Rectification and Completion:
If your data is inaccurate or incomplete, you have the right to request its immediate rectification or completion.

C. Right to Restriction of Processing:
You may request the restriction of the processing of your data in cases where you contest its accuracy, the processing is unlawful, the data is no longer needed by us but is required by you for legal claims, or you have objected (see below). During such time, we may only store the data, unless processing requires your consent, the protection of the rights of other persons, or public interest.

D. Right to Erasure ('Right to be Forgotten'):
You have the right to request that we erase your data without undue delay if:

  • You withdraw consent and there is no other legal ground.
  • You object to the processing.
  • The data is no longer necessary for the original purposes.
  • The data has been unlawfully processed.
  • The data was collected in relation to the offer of information society services to a child.
  • Erasure is necessary to comply with a legal obligation.

Erasure cannot be carried out if processing is necessary for the exercise of the right to freedom of expression, for compliance with legal obligations, for public health, archiving/scientific purposes, or for the defense of legal claims.

E. Right to Data Portability:
If the processing is based on consent or a contract, you have the right to receive the data you have provided to us in a structured, commonly readable format, and to transmit it to another controller (or to request direct transmission, where technically feasible).

F. Right to Object:
You have the right to object to processing based on legitimate interest or for direct marketing purposes. In the event of an objection to marketing, your data will no longer be processed for this purpose. In the case of legitimate interest, we will no longer process the data unless we demonstrate compelling, overriding grounds.

G. Right to Withdraw Consent:
You have the right to withdraw your consent to the processing of data at any time, if consent is the legal basis for processing.

H. Right to Notification of a Security Breach:
If a security breach of our systems is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay (unless measures have been taken to eliminate the high risk).

I. Right to Lodge a Complaint:
If you believe that the processing results in a violation of the GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection.

This Personal Data Processing Policy is valid and effective from 25. 5. 2018.