We keep silent

Until you write to us for a listing, change or erase your personal information shall be guarded like the apple of the eye.

1. Initial provisions

This Privacy Policy Principles (hereinafter referred to as the “PPPs”) was issued by IDEAL-Trade Service, s.r.o., ID No. 489 08 126, based at Řípská 1549/11a, 627 00 Brno (hereinafter the “Company”).

These PPPs describe how the Company collects, processes and shares information from the users (hereinafter the “user”) of www.itsbrno.cz and the clients (hereinafter the “client”) using their services. These PPPs do not apply to information that the Company’s clients process using their services.

The company is both controller and processor of data of clients who provide them when ordering goods and services, entering the loyalty programme or subscribing to the newsletter, and of users of the website www.itsbrno.cz. For the processing of personal data, the Company may use other processors listed below.

We recommend that you read the entire PPPs and make sure that you fully understand the information provided. If you have any questions about these PPPs or collecting, processing and sharing personal data by the Company, please contact us at info@itsbrno.cz.

2. What data shall be processed

The company processes data obtained on the basis of the website use and via cookies. For better targeting advertising campaigns and improving its website, the Company uses information about the users of the browsed website, or about the links the users clicked, and other website activities, such as filling out order and contact forms. These data are being obtained automatically through the Company’s tools and the tools of the data processors listed below. If your device has cookies enabled, this information is also collected through these files. More information about all cookies used by the Company can be found here.

The company processes, or can process data from social networks. If the website implements social networking options for logging in, discussing, or ranking and sharing (Facebook, Google, LinkedIn, etc.), and the users will use these options, they will also enable the Company to access public information in their respective social networking profile or email address. A public profile in the social networks can include the user’s first and last name, profile picture, age category, gender, and other public information depending on the user settings.

The Company mainly processes the data you provide when creating and using a user account, creating an order or registration for a loyalty programme, and when subscribing to a newsletter. Certain personal data for the registration is necessary (name and e-mail address) and serves for basic identification of the user or login of a client to the account. The data that the Company processes when registering for a newsletter subscription or creating a user account may be the following:

  • Name and surname, or business name,
  • residence (street, house no., city, postal code, state) or headquarters,
    birthdate,
  • email address,
  • telephone number,
  • bank account number and bank code.

The Company does not knowingly collect information from children under the age of 15 and children under the age of 15 cannot use its services. If you find out that a child has provided us with personal information in contrary to these PPPs, you can notify us at info@itsbrno.cz.

3. For what purposes personal data will be used

The Company always processes personal data solely for the purposes for which it was collected, on the bases of a legitimate interest, legal obligation or consent. We process personal data for various purposes, but mainly for:

  • fulfilment and implementation of concluded contracts and orders,
  • fulfilment of legal obligations in the areas of accounting, taxation or as required by other applicable laws and regulations, or as required by any legal process or government agency.
  • communication with customers, including sending information on actual services and products, update of business terms and conditions and for marketing and promotional purposes,
  • sending responses to questions from the Internet users,
  • handling response to a specific job offer,
  • website traffic analysis to improve services and offers,
  • marketing address via electronic contact,
  • for processing of transactions and detection of frauds, targeting potential clients by on-line advertising. For better targeting of advertising and optimising websites, the Company uses information about user activity on the websites. This information also includes data obtained using cookies.

Push notifications. If you have this feature enabled, the Company can send the so-called push notifications directly in the website interface. These notifications are displayed on the basis of your consent given after displaying the appropriate notification in the website interface.

4. Processors who can access these data

Personal data are processed primarily by the Company and its employees, who are bound by confidentiality, and also by the Company’s suppliers, as long as the data are processed in connection with the fulfilment and implementation of concluded contracts and orders (e.g. transport companies).

For the personal data processing, the company can also use the so-called processors. These subjects may only process personal data for purposes and in a manner determined by the Company and may not distribute it without further consent. We provide the processors only with the data they need to provide their services. As the processors, the Company uses:

  • Google LLC (tools for web analytics and on-line marketing);Facebook Ireland Ltd. (tools for on-line marketing);
  • Colpirio, s.r.o. (tools for web analytics and on-line marketing);
  • Seznam.cz, a.s. (tools for on-line marketing);
    or others.

In justified cases, the Company may also transfer personal data to other subjects (processors).

Personal data may be transferred to the following processors:

  • processors who process personal data as directed by the Company in the area of public relations, electronic data management or bookkeeping
  • public authorities and other subjects where required by the applicable legislation;
    other subjects in the case of an unforeseen event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or when it is necessary to protect our rights, property or safety.

5. The period for which personal data will be stored

Personal data for the purposes referred to in point 3 will be processed to the extent necessary for the fulfilment of these purposes and for the period required to achieve these purposes or for a period directly stated by law. These personal data will be then erased or anonymised.

After this period, personal data may be stored only for the purposes of the State Statistical Service, scientific purposes and archival purposes.

The basic deadlines for the processing of personal data are available below.

The company processes personal data of registered customers until their registration is cancelled. Information about client’s contact persons is processed throughout the business relationship duration or until the client updates the information.
In the case of service customers, the Company has the right to process their basic personal, identification, contact, service and communication data with the Company for a period of 3 years after termination of the last contract.
For service customers, the Company is entitled to process their basic personal, identification, contact, and personal data of the customer, data about the goods and data from the communication between the customer and the Company for a period of 3 years after the expiration of the warranty period.
Invoices issued by the Company shall be archived for a period of 10 years after issuing in accordance with Section 35 of Act No. 235/2004 Coll., On Value Added Tax. Due to the need to prove a legal reason for issuing invoices, contracts are also archived for a period of 10 years after their termination.
The data obtained for marketing purposes are processed for the entire duration of the consent, that mean also during the period when a user allows storing in the website cookie settings or in his browser. Processing may continue after the withdrawal of the consent, at the latest until the expiration date of the relevant type of Cookies.
Business and marketing addressing via electronic contact are being sent until the withdrawal of consent or until cancelling their subscription.

6. Withdrawal of consent

Clients can cancel marketing and business messaging at any time:

by clicking the appropriate link at the bottom of each business message;
on a dedicated website;
by sending an application to info@itsbrno.cz.
Users can disable advertising targeting (cookies) by changing them directly in their browser. If you disable storing of selected cookies, some parts of the website may not work correctly. For more information, see Cookies usage page.

7. Methods of processing and storing personal data

Personal data will be processed and stored:

  • automatically via computing hardware and software,
  • in paper form.

8. Data subject rights

In the case that the data subject is an identifiable natural or legal person and proves his/her identity, the data subject has the following rights:

Right to access to personal data

According to Article 15 of the GDPR, the data subject has the right to access to personal data, which includes the right to obtain from the Company:

confirmation that it is processing personal data,
information on the purposes of the processing, the categories of personal data concerned, the recipients to whom personal data have been or will be disclosed, the planned time of processing, the existence of the right to request a correction of the data from the controller or deletion of personal data concerning the data subject or a restriction of or an objection against their processing, on the right to lodge a complaint with the supervisory authority, on all available information about the source of personal data, unless obtained from the data subject, on the fact that automated decision-making is being made, including profiling, on appropriate safeguards when transferring data outside the EU,
in the case, that the rights and freedoms of other persons are not adversely affected, also a copy of personal data.
The right to confirmation of the processing of personal data and information will be applicable in writing to the address of the registered office of the Company.

Right to correction of inaccurate data

According to Article 16 of the GDPR, the data subject has the right to correction of inaccurate personal data processed by the Company. The Company shall carry out the correction without undue delay, but always with regard to the existing technical possibilities.

Right to deletion

According to Article 17 of the GDPR, the data subject has the right to deletion of personal data concerning him/her unless the Company demonstrates justified reasons for processing such personal data. If the data subject believes that his/her personal data have not been deleted, he/she can contact the registered office of the Company in writing.

Right to restriction of processing

According to Article 18 of the GDPR, the data subject has the right to restrict processing until the resolution of a complaint, if the data subject denies the accuracy of the personal data, the reasons for processing, or objects to the data processing in writing to the registered office of the Company.

Right to be notified of a correction, deletion or restriction of processing

According to Article 19 of the GDPR, the data subject has the right to be notified by the Company in case of correction, deletion or restriction of the processing of personal data. If personal data is corrected or deleted, the Company shall inform individual recipients, unless this proves impossible or requires disproportionate effort.

Right to portability of personal data

According to Article 20 of the GDPR, the data subject has the right to transfer the data concerning him/her and which he/she provided to the controller, in a structured, commonly used and machine-readable format, and to request the Company to transfer such data to another controller.

Right to object to the processing of personal data

According to Article 21 of the GDPR, the data subject has the right to object to the processing of his personal data based on a legitimate interest of the Company.

If the Company fails to prove that a valid legitimate reason exists for the processing, which outweighs the interests or rights and freedoms of the data subject, the Company shall terminate the processing upon objection without undue delay. The objection can be sent in writing to the address of the registered office of the Company.

Right to withdraw consent to the processing of personal data

Consent to the processing of personal data for business purposes and for purposes of marketing addressing can be withdrawn at any time. The withdrawal must be made by an explicit, clear and definite expression of will, either by telephone, in writing or electronically using an appropriate form.

The processing of data contained in cookies can be prevented by settings in the web browser.

Automated individual decision making including profiling

The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which could have legal effects for the data subject or could have significant similar consequences. The Company states that it does not carry out automated decision-making with legal effects for the data subjects without human evaluation.

Right to approach the Office for Personal Data Protection

The data subject has the right to contact the Office for Personal Data Protection (www.uoou.cz).

9. Safety

The Company undertakes to protect personal data and other information about its clients and users of their services. For this purpose, it uses a number of security technologies and measures designed to protect information from unauthorised access, use or disclosure. The used measures are designed to provide a level of security corresponding to the risk of misuse of personal data. The security of personal data is regularly tested by the Company and the protection is being constantly improved. However, keep in mind that 100% security on the Internet cannot be guaranteed.

All personal data in electronic form are stored in databases and systems which are accessible only to persons who need to handle personal data directly for the purposes specified in these rules and only to the necessary extent.

10. Contact

If you have any questions about this Privacy Policy or you would like to exercise your rights, please contact us at info@itsbrno.cz.

The controller of your personal data is IDEAL-Trade Service, s. r.o., ID No. 489 08 126, based at Řípská 1549/11a, 627 00 00 Brno.

11. Effectiveness

These PPPs are effective as of 25 June 2018. 5. 2018.