Privacy Policy
Privacy Policy
Company name: EPOXYBOOK s.r.o., Vendolí 33, 569 14 Vendolí
Company ID (IČO): 21394113
Date drafted: 01/03/2025
Responsible person: Bc. Jan Maťha
This document contains essential information on how our company handles personal data. In particular, you will learn:
- what personal data we process,
- for what purpose and in what manner we process personal data,
- to whom personal data may be disclosed,
- how long we process personal data,
- what rights you, as a data subject, have regarding personal data protection.
If you need any part of the text explained, advice, or wish to discuss further processing of your personal data, you can contact us at any time at obchod@obchodprobydleni.cz.
1. INTRODUCTORY PROVISIONS
1.1 These Rules are prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the GDPR).
1.2 The aim of these Rules is to provide data subjects with basic information regarding the processing of personal data.
1.3 For the purposes of these Rules:
1.3.1 the controller means EPOXYBOOK s.r.o., Vendolí 33, 569 14 Vendolí, Company ID 21394113, file C 54211 kept by the Regional Court in Hradec Králové, represented by Bc. Jan Maťha, Managing Director; contact: objednavky@obchodprobydleni.cz (hereinafter the Controller),
1.3.2 the data subject means you, i.e., a natural person whose personal data are processed (hereinafter the Data Subject),
1.3.3 personal data means name and surname, address, e-mail, telephone number, identification number of a self-employed individual (hereinafter Personal Data).
1.4 The Controller hereby informs you about the method and scope of processing of Personal Data, including the scope of your rights related to the processing of Personal Data.
1.5 The Controller is EPOXYBOOK s.r.o., which, for this purpose, operates the online shop www.obchodprobydleni.cz. In this context, the Controller processes Personal Data:
1.5.1 to the extent in which they were provided in connection with ordering the Controller’s products and/or services, during negotiations on concluding a contract with the Controller, as well as in connection with a concluded contract; and
1.5.2 for the purposes set out in Article 3 of these Rules.
1.6 Personal Data are not processed by any other entity. Only the Controller will have access to the processed Personal Data.
2. PERSONAL DATA PROTECTION AND INFORMATION ABOUT PROCESSING
2.1 Data Subjects are subject to Act No. 101/2000 Coll., on the Protection of Personal Data, as amended, and other applicable legal regulations.
2.2 The Data Subject acknowledges that by submitting a completed registration or enquiry form, processing of Personal Data by the Controller will commence.
2.3 If the Data Subject does not provide their Personal Data, it is not possible to conclude a contract with the Controller and/or provide services arising from the contract/consent. In this context, Personal Data are necessary to provide a specific service or product of the Controller.
2.4 Providing Personal Data to the Controller is generally a contractual and statutory requirement. With regard to providing Personal Data for marketing purposes—which does not constitute fulfilment of the Controller’s contractual or legal obligation—the Data Subject’s consent is required. If you have not granted the Controller consent to process Personal Data for marketing purposes, this does not mean the Controller will refuse to provide services.
2.5 The Data Subject is obliged to provide the Controller only with truthful and accurate Personal Data.
2.6 The Controller will make every effort to prevent unauthorised processing of Personal Data.
2.7 Personal Data are and will be processed in electronic form in a non-automated manner.
2.8 The Data Subject acknowledges that their Personal Data are stored in data centres of EPOXYBOOK s.r.o. The Controller uses third-party services—especially web hosting and e-shop providers—whose operations comply with European personal data protection standards.
2.9 The Data Subject acknowledges that cookies by EPOXYBOOK s.r.o. may be stored on their device:
|
Cookie label/name |
cookie function/activity |
|
Order |
Ordering goods |
|
E-mail communication |
Communication |
|
Send us a message — SmartSupp |
Communication |
|
Enquiry forms |
Communication |
3. PURPOSE OF PROCESSING
3.1 The Controller processes Personal Data for the following purposes:
|
Purpose of processing Personal Data |
Legal basis for processing Personal Data |
|
Order |
Ordering goods |
|
E-mail communication |
Communication |
|
Send us a message — SmartSupp |
Communication |
|
Enquiry forms |
Communication |
3.2 You may object at any time to the processing of your Personal Data for the purpose of sending marketing and commercial communications, and this will not affect our other mutual relations. Simply send us a letter to our address / an e-mail with the relevant request to objednavky@obchodprobydleni.cz or to the address from which you received the commercial communication from us / or call +420 776 845 750.
4. PERSONAL DATA RETENTION PERIOD
4.1 Personal Data will be processed for the duration of negotiations on concluding a contract between the Controller and the Data Subject for the purpose of concluding the contract, as well as for the duration of the contractual relationship or for the period specified in the consent.
4.2 If a contract is concluded under the Controller’s Terms and Conditions, Personal Data will be processed and stored for the following 36 months in case of a dispute concerning the relationship between the Controller and the Data Subject, in order to protect the Controller’s legitimate interests.
4.3 For the purpose of fulfilling the statutory obligation to archive accounting documents under Act No. 563/1991 Coll., on Accounting, as amended, Personal Data (except for e-mail address and telephone number) will be further processed and stored for 5 years starting from the year following the year in which the contract between the Controller and the Data Subject was concluded.
4.4 After the expiry of the periods set out in this Article, the Controller will securely dispose of the Personal Data.
5. ACCESS TO PERSONAL DATA
5.1 Your Personal Data are processed by the Controller.
5.2 For the purposes specified above, your Personal Data may be transferred to processors in order to carry out processing. Processors include:
|
Processor of Personal Data |
Description of the processor and processing carried out for the Controller |
|
Shipping / logistics |
Delivery of goods |
5.3 Your Personal Data are disclosed to the following categories of recipients:
|
Category of Personal Data recipients |
Description of category |
|
Shipping / logistics |
Delivery of goods |
6. CROSS-BORDER PROCESSING OF PERSONAL DATA
6.1 Processing of Personal Data is carried out in the following third countries or international organisations:
Czech Republic
6.2 Any further transfer of Personal Data to third countries or international organisations will only take place if the Data Subject is informed and gives their consent.
7. RIGHTS OF THE DATA SUBJECT
7.1 The Controller always handles your Personal Data so that processing is correct and secure. The rights of the Data Subject are guaranteed and may be exercised with the Controller.
7.2 The Data Subject may exercise their rights electronically by completing and sending a request designated for the given right to: objednavky@obchodprobydleni.cz.
OR
The Data Subject may exercise their rights electronically by sending a message to objednavky@obchodprobydleni.cz or orally by calling +420 776 845 750. Another option is to send a written request to: EPOXYBOOK s.r.o., Brněnec 53, Moravská Chrastová 569 04.
7.3 A response and further information on measures taken will be provided to the Data Subject as soon as possible, and no later than one month from receipt of the request. This period may be extended by up to two months considering the complexity and number of requests. The Controller will inform the Data Subject of any extension and the reasons for it.
7.4 The Controller provides the exercise of rights free of charge.
7.5 A reasonable fee reflecting administrative costs of providing the requested information may be charged if the request is manifestly unfounded or excessive, especially due to its repetitive nature.
7.6 If the Data Subject believes that the Controller processes their Personal Data in a manner that infringes their privacy or is contrary to applicable law—especially where Personal Data are inaccurate in relation to the purposes of processing—they may:
7.6.1 request an explanation from the Controller by e-mail at objednavky@obchodprobydleni.cz,
7.6.2 object to the processing and request—by e-mail sent to EPOXYBOOK s.r.o., Brněnec 53, Moravská Chrastová 569 04—that the Controller remedy the situation (e.g., by blocking, rectifying, supplementing or erasing Personal Data). The Controller will decide on the objection without undue delay and inform the Data Subject. If the Controller does not uphold the objection, the Data Subject has the right to contact the Office for Personal Data Protection directly. This does not affect the Data Subject’s right to contact the supervisory authority directly.
7.7 Right of access:
7.7.1 The Data Subject has the right to obtain from the Controller confirmation as to whether or not Personal Data concerning them are being processed. Where that is the case, they have the right to access the data and the following information (which is part of this Privacy Policy and information notice):
7.7.1.1 the purposes of processing,
7.7.1.2 the categories of Personal Data concerned,
7.7.1.3 the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations,
7.7.1.4 the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period,
7.7.1.5 the existence of the right to request from the Controller rectification or erasure of Personal Data concerning the Data Subject or restriction of processing, and the right to object to such processing,
7.7.1.6 the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection,
7.7.1.7 any available information as to the source of the Personal Data, if not obtained from the Data Subject,
7.7.1.8 the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject.
7.7.2 Where Personal Data are transferred to a third country or an international organisation, the Data Subject has the right to be informed of the appropriate safeguards relating to the transfer.
7.7.3 The Data Subject has the right to obtain from the Controller a copy of the Personal Data undergoing processing. For any further copies requested, the Controller may charge a reasonable fee based on administrative costs. Where the request is made by electronic means, the information shall be provided in a commonly used electronic form, unless otherwise requested. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
7.8 Right to rectification:
7.8.1 The Data Subject has the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning them. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
7.9 Right to erasure:
7.9.1 The Data Subject has the right to obtain from the Controller the erasure of Personal Data concerning them without undue delay, and the Controller has the obligation to erase Personal Data without undue delay where one of the following grounds applies:
7.9.1.1 the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
7.9.1.2 the Data Subject withdraws consent and there is no other legal ground for the processing,
7.9.1.3 the Data Subject objects to processing based on public interest, exercise of official authority or the Controller’s legitimate interests, including profiling, and there are no overriding legitimate grounds for the processing,
7.9.1.4 the Data Subject objects to processing for direct marketing purposes,
7.9.1.5 the Personal Data have been unlawfully processed,
7.9.1.6 the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,
7.9.1.7 the Personal Data have been unlawfully collected in relation to the offer of information society services to a child.
7.9.2 After the processing period has expired, the Controller always and automatically erases Personal Data. The Data Subject may contact the Controller to request erasure at any time. Upon receipt of such a request, the Controller will assess the legitimacy of the Data Subject’s right (the Controller may have legal obligations or a legitimate interest to continue processing) and will inform the Data Subject of the outcome.
7.10 Right to restriction of processing:
7.10.1 The Data Subject has the right to obtain from the Controller restriction of processing where one of the following applies:
7.10.1.1 the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data,
7.10.1.2 the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of their use instead,
7.10.1.3 the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims,
7.10.1.4 the Data Subject has objected to processing based on public interest, exercise of official authority or the Controller’s legitimate interests, including profiling, pending verification whether the Controller’s legitimate grounds override those of the Data Subject.
7.10.2 Where processing has been restricted, such Personal Data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
7.10.3 Where the restriction of processing is to be lifted, the Data Subject will be informed in advance by the Controller.
7.11 Right to data portability:
7.11.1 The Data Subject has the right to receive the Personal Data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided, where:
7.11.1.1 the processing is based on consent or on a contract; and
7.11.1.2 the processing is carried out by automated means.
7.11.2 In exercising this right, the Data Subject has the right to have the Personal Data transmitted directly from one controller to another, where technically feasible.
7.11.3 This right shall not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
7.12 Right to object:
7.12.1 The Data Subject has the right to object at any time to processing of Personal Data concerning them which is based on public interest, exercise of official authority or the Controller’s legitimate interests, including profiling. The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
7.12.2 Where Personal Data are processed for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of Personal Data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
7.12.3 Where Personal Data are processed for scientific or historical research purposes or statistical purposes, the Data Subject, on grounds relating to their particular situation, shall have the right to object to processing of Personal Data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
7.12.4 In accordance with the GDPR, this right has been expressly mentioned and is presented clearly and separately from any other information.
7.13 Right not to be subject to automated decision-making, including profiling:
7.13.1 The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
7.13.2 This right shall not apply if the decision:
7.13.2.1 is necessary for entering into, or performance of, a contract,
7.13.2.2 is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights, freedoms and legitimate interests,
7.13.2.3 is based on the Data Subject’s explicit consent.
7.13.3 Where processing of Personal Data is based on a contract or explicit consent, the Controller shall implement suitable measures to safeguard the Data Subject’s rights, freedoms and legitimate interests—at least the right to obtain human intervention on the part of the Controller, to express their point of view, to obtain an explanation of the decision made, and to contest the decision.
7.14 Right to withdraw consent:
7.14.1 The Data Subject has the right to withdraw their consent (including explicit consent) to the processing of Personal Data at any time. Withdrawal may be made by:
7.14.1.1 sending a request to: obchod@obchodprobydleni.cz
7.15 Right to lodge a complaint with a supervisory authority:
7.15.1 The Data Subject has the right to lodge a complaint with a supervisory authority—especially in the Member State of their habitual residence, place of work or place of the alleged infringement—if they consider that the processing of Personal Data relating to them infringes the GDPR.
7.15.2 The supervisory authority in the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), contact: Pplk. Sochora 27, 170 00 Prague 7, phone +420 234 665 111 (switchboard), e-mail: posta@uoou.cz. More information: https://www.uoou.cz/.
8. AUTOMATED DECISION-MAKING
8.1 Processing of Personal Data does not include profiling.
8.2 Processing of Personal Data does not include automated decision-making.
8.3 Personal Data are automatically evaluated and may be used for profiling or automated decision-making in the Controller’s marketing activities. The Controller uses the following methods:
8.3.1 none used.
8.4 As a consequence of these activities, the Data Subject’s behaviour will be mapped and evaluated, which represents a certain interference with their privacy. However, such evaluation helps ensure that only those advertising and other offers that may be suitable and interesting for the Data Subject—based on the results—are sent.
9. FINAL PROVISIONS
9.1 All legal relations arising in connection with the processing of Personal Data are governed by the laws of the Czech Republic, regardless of the place from which they are accessed. Czech courts have jurisdiction to resolve any disputes relating to privacy protection between the Data Subject and the Controller.
9.2 Data Subjects who provide their Personal Data via the registration form for the purpose of concluding a contract with the Controller or who grant consent to the processing of Personal Data do so voluntarily and on their own behalf; the Controller does not direct their actions in any way.
9.3 The Controller may amend or supplement the wording of these Rules. The Controller will inform Data Subjects of any such changes by e-mail at least 30 days before the changes take effect.
These Rules are effective from 01/03/2025.