General data protection regulation

for the website www.duxio.com (hereinafter the “Website“) operated by the company Wish-Platform s.r.o., ID No.: 06243711, with its seat at Kostelec u Křížků 205, 251 68 Kostelec u Křížků, the Czech Republic, the company is registered with the Commercial Register maintained by the Municipal Court in Prague under file no. C 278776, e-mail address: jaromir@wish-platform.com (hereinafter the “Data Controller“). The company collects, processes and stores personal data as the Data Controller in accordance with Article 4 paragraph 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”).

1. INTRODUCTORY PROVISIONS

1.1. This Privacy Policy provides information about the scope and the manner of processing of personal data by the Data Controller, including the rights of data subjects whose personal data are processed.

1.2. The Data Controller only processes accurate personal data obtained in accordance with the GDPR, while the Data Controller collects and processes this personal data exclusively in accordance with the Privacy Policy. The Data Controller processes the personal data of data subjects in a lawful and transparent manner, subject to the condition of minimization of personal data to what is necessary in relation to the purpose for which they are processed.

2. SOURCES AND CATEGORIES OF PERSONAL DATA

2.1. The Data Controller processes exclusively personal data obtained from data subjects (users) via the Website when filling in the registration form for setting up a user account.

2.2. The Data Controller processes following personal data of the data subjects: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address, (v) history of requests and offers lodged through the Website, (vi) ID number of individuals and (vii) VAT number of individuals.

3. LEGAL GROUNDS AND PURPOSES OF PERSONAL DATA PROCESSING

3.1. The Data Controller processes personal data on the following legal grounds: (i) performance of the contract pursuant to Article 6, paragraph 1, letter b) of the GDPR, (ii) legitimate interest of the Data Controller pursuant to Article 6, paragraph 1, letter f) of the GDPR (direct marketing), and (iii) compliance with the legal requirements under Article 6, paragraph 1, letter c) of the GDPR.

3.2. The Data Controller processes personal data for the following purposes:

3.2.1. maintaining a user account and obtaining feedback – required data: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address, (v) ID number of an individual and (vi) VAT number of an individual;

3.2.2. handling of requests of third party services or products through the Website based on a concluded contract – required data: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address;

3.2.3. sending notifications about changes in requests lodged on the Website in accordance with the preferences communicated to the Data Controller – required data: (i) a name, (ii) a surname, and (iii) an e-mail address;

3.2.4. sending a newsletter (commercial communication) – required data: (i) a name, (ii) a surname, and (iii) an e-mail address in order to send the newsletter (commercial communication);

3.2.5. Data Controller’s administration purposes – required personal data as stated in Article 2.2 of the Privacy Policy.

3.2.6. Handling of request for registration of user account – required data: (i) name, (ii) surname, (iii) email address, (iv) phone number, (v) position, (vi) website, (vii) ID number, (viii) VAT number.

4. RETENTION PERIOD OF THE PERSONAL DATA

4.1. The Data Controller retains personal data processed for the purposes under Articles 3.2.1., 3.2.2., 3.2.3. and 3.2.5. of the Privacy Policy for a period of ten (10) years from the implementation (completion) of the last part of the contractual relationship, unless legal regulations require longer retention.

4.2. The Data Controller retains personal data processed for the purpose under Article 3.2.4. of the Privacy Policy until the data subject unsubscribes from the newsletter.

4.3. The Data Controller retains personal data processed for the purpose under Article 3.2.6. of the Privacy Policy for a period of 6 months, unless the user account is successfully registered.

4.4. The Data Controller will destroy the personal data at the end of the retention period.

5. RECIPIENTS

5.1 Personal data of the data subjects are not provided to any recipient (article 4 paragraph 9 of the GDPR) with the exception of fulfilment of obligations stated by the legal regulation of the Czech Republic.

5.2 Personal data will not be transferred to third countries outside of the European Union or to international organizations.

6. PERSONAL DATA SECURITY

6.1. The Data Controller declares that it has taken all necessary technical, organizational and security measures to adequately secure personal data with regard to their confidentiality, integrity and availability.

6.2. Only persons authorized by the Data Controller have access to personal data.

7. COMMERCIAL COMMUNICATION

7.1. The Data Controller is entitled to send to registered users newsletter and other commercial communication related to the Website and its services to the e-mail address of the data subjects registered on the Website. Commercial communication is governed by Section 7, paragraph 3 of the Act No. 480/2004 Coll., as amended. The data subject may reject receiving commercial communication at any time – for example, by clicking the unsubscribe link in the commercial communication.

8. YOUR RIGHTS

8.1. Remember that you have the following rights: (i) the right to access your personal data (Article 15 of the GDPR), (ii) the right to update your personal data (Article 16 of the GDPR), (iii) the right to delete your personal data (Article 17 of the GDPR), (iv) the right to restrict the processing of your personal data (Article 18 of the GDPR), (v) the right to data portability (Article 20 of the GDPR), and (vi) the right to raise an objection to the processing of your personal data (Article 21 of the GDPR).

8.2. In case of a request to delete personal data, it will be necessary to delete your user account and you data will be deleted only if our interest as the Data Controller will not prevail over your interest according to the GDPR.

8.3. You also have the right to withdraw your consent to the processing of your personal data (if consent is the legal ground for processing of personal data) at any time, either in writing or electronically to the address or e-mail address of the Data Controller.

8.4. If you have reasonable doubts about compliance with the obligations of the Data Controller to process your personal data properly, you can file a complaint with the Office for Personal Data Protection. Alternatively, you can also apply to the relevant court.

9. COOKIES

9.1. The Data Controller uses cookies to collect data on the behaviour of visitors to the Website in order to improve the services of the Data Controller. The Website can also be viewed in a mode when the behaviour of the given visitor will not be monitored. This mode can be activated by adjusting appropriately the settings of the web browser, or by sending an objection according to article 21 of the GDPR to the e-mail address of the Data Controller. If the necessary cookies for the proper operation of the Website are blocked, its functionality may be disrupted.

9.2. Cookies used for targeting marketing communication messages are processed on the basis of user’s consent, which given through the settings of its Internet browser. The user grants consent for the period specified below for individual cookies; the consent can be revoked at any time by changing the settings of the Internet browser.

9.3. In order to display relevant marketing communication and connect with social network services of the Data Controller, cookies are processed by the following processors:

9.3.1. Google Inc., with its seat at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of Google Analytics. All of the collected cookies are then processed by Google Inc. in accordance with the privacy policy available at: https://www.google.com/intl/en/policies/privacy/#nosharing

9.4. The Data Controller uses the following cookies:

9.4.1. Temporary cookies – temporary files that allow the Data Controller to monitor the activity of an individual on the Website. They are deleted after closing the internet browser window.

9.4.2. Permanent cookies – permanent files that allow the Data Controller to identify the user when browsing on the Website and thus improve the data subject’s experience. These files can be deleted at any time in the internet browser settings.

10. FINAL PROVISIONS

10.1. By submitting a request for registration of a user account, logging into the user account for the first time and also in the event of a change in the Privacy Policy, you confirm that you have properly read the privacy policy and that you have no objections to it.

10.2. The Privacy policy may be subject to unilateral changes by the Data Controller. The current version of the privacy policy will always be listed on the Website. You will be informed of any changes to the privacy policy via the Website interface after logging in to the user account.

The privacy policy comes into force on April 01, 2021.