Terms of personal data protection

pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR")

CONTROLLER

1) The contoller of your personal data Luboš Rysula IČ: 25928058, (hereinafter referred to as the "Company").

2) The Company did not appoint a data protection officer.

3) The processing of your personal data is performed by the Company. Processing is carried out in its facilities, branches and headquarters by individual authorized employees, its partners or the statutory body, or processors. The processing takes place through computer technology, or also manually for personal data in paper form in compliance with all security principles for the management and processing of personal data. The Company makes every effort to protect your privacy when using its services. The Company has taken technical and organizational measures to protect your data from loss, manipulation and unauthorized access. The Company is constantly adapting its security measures in line with technological progress and development.

PROCESSED PERSONAL DATA

1) You are not obliged to provide personal data to the Company. However, the providing of your personal data is a requirement for the Company to enter into a contract with you, resp. provide another service. The Company requests your personal data only for the needs of the Company (for the reason, for the purpose and for the period as detailed below). In no case will the personal data you provide be sold to other entities or used in any other commercial way.

2) The Company processes your following personal data:
a) in the event that a contract is concluded with you:
- Name and surname
- Address
- E-mail address
- Phone
- Bank connection
- ID and VAD (for business FO)
- Other data necessary for the performance of the contract
- Data provided in addition to the applicable laws processed within the scope of your consent

b) in the case of sending business messages in a situation where you are not a customer of the Company, ie you have not entered into any contract with the Company, or in the case where you have only registered with the Company:
- Name and surname
- E-mail address

c) in case you are only asking a question, comment, review:
- Name and surname
- E-mail address

d) In case you´re interested in job:

3) The processed personal data will be obtained by the Company either directly from you (by providing them, for example, as part of registration for the service, or from individual correspondence with you), or from publicly accessible registers, lists and records (eg commercial register, trade register, public telephone directory, etc.).

LEGAL REASON AND PURPOSE OF PROCESSING PERSONAL REASONS

1) Personal data must be processed:
a) in the event that a contract is concluded with you - for the purpose of creating an offer, concluding a contract and its fulfillment, or maintaining the status of your customer account and for the purpose of fulfilling related contractual or legal obligations such as, in particular, archiving tax documents and handling any complaints.

The legal reason for processing is therefore:
(i) performance of the contract (pursuant to Article 6 (1) (b) of the GDPR),
(ii) fulfillment of a legal obligation (pursuant to Article 6 (1) (c) of the GDPR),
(iii) legitimate interest (according to the provisions of Article 6, paragraph 1, letter f) of the GDPR), ie in particular direct marketing, where your personal data is processedby
the Company for the purpose of disseminating commercial communications concerning its own similar services, satisfaction questionnaire, sending birthday or PF wishes
and to perform simple analysts (eg measuring website traffic, etc.),
(iv) granting consent (pursuant to Article 6 (1) (a) of the GDPR), eg in the case of sending commercial communications which do not fall under direct marketing, ie in
particular sending commercial communications relating to the offer of goods or services of third parties

b) in the case of sending commercial communications in a situation where you are not a customer of the Company, ie you have not entered into any contract with he Company, or in the case where you have only registered with the Company, the legal reason for processing is granting your consent (according to Art. paragraph 1 (a) of the GDPR). In the case of granting consent, processing takes place for the purpose of offering services, sending business messages and informing about the Company's events, etc.

c) in the case where you only raise a question, comment, review, the legal reason for processing the fulfillment of the (pre) contractual obligation (according to the provisions of Article 6 (1) (b) of the GDPR).

PERIOD OF STORAGE OF PERSONAL DATA

1) Your personal data will only be processed for the necessary time:
a) in the case of concluding a contract, your personal data will be processed for the period determined by the performance of the contract and the subsequent retention
of tax documents for the ordered and delivered service or goods; however, you have the right at any time to object to the processing of your personal data for direct marketing purposes,


b) in the event of consent, your personal data will be processed for a period of 3 years, but no longer than until the revocation of your consent to the processing of personal data,

c) if you have only filled in the contact form, if no contract has been subsequently concluded, for a period of 3 years, if your personal data are processed for this reason, you have the right to object to further processing.

2) You may send your disagreement (objection) with the processing of your personal data to the Company in writing to the Company's address or by e-mail to address info@horskezatisi.cz.

OTHER RECIPIENTS OF PERSONAL DATA

1) The processing of your personal data is performed by the Company, ie the administrator of personal data, but personal data may also be processed by other persons for the Company, which may be:
- suppliers of external services for the Company (typically programming or other supporting technical services, server services, etc.),
- operators of backup servers or operators of technologies used by the Company, which process them in order to ensure the functionality of the relevant services of the Company.

2) In the event that you have entered into an agreement with the Company, your personal data may also be processed by:
- to the extent necessary, tax advisers, auditors, lawyers of the Company who process personal data for the purpose of providing advisory services,
- personal data concerning debtors with overdue debts may also be made available to companies providing receivables insurance or collection agencies for the purpose of recovery or collection of the Company's receivables,
- payment gateway providers,
- carriers
- upon request or in case of suspicion of an infringement, personal data may also be passed on to public authorities, - possibly other providers of similar services, which, however, are not currently used by the Company.

3) The Company does not intend to transfer your personal data to a third country (non-EU country) or to an international organization

YOUR RIGHTS

As part of the processing of personal data by the Company, you have the right to:
- request information on which of your personal data Company processes,
- request clarification from the Company regarding the processing of your personal data,
- request access to your personal data from the Company and have it updated or corrected,
- request the Company to delete your personal data, or restrictions on their processing,
- transfer your personal information to another contoller
- revoke the consent given to the processing of your personal data,
- in the case of processing for the legitimate interest of the Company (Article III, paragraph 2), raise an objection
- in case of doubts about compliance with the obligations related to the processing of your personal data, contact the Company or the Office for Personal Data Protection.