Personal Data Protection

I. Personal Data Protection

1.1 By providing personal data, the user confirms that they are familiar with the personal data protection conditions, agree to their wording, and fully accept them.

1.2 The Provider is the controller of users’ personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).
The Provider undertakes to process personal data in accordance with applicable legal regulations, in particular GDPR.

1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, network identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.4 When placing an order, personal data necessary for successful order processing are required (name, address, contact details).
The purpose of processing personal data is to process the user’s order and to perform the rights and obligations arising from the contractual relationship between the Provider and the User.
Another purpose of processing personal data is the sending of commercial communications and the performance of other marketing activities.
The legal basis for processing personal data is the performance of a contract pursuant to Article 6(1)(b) GDPR, compliance with a legal obligation pursuant to Article 6(1)(c) GDPR, and the legitimate interest of the Provider pursuant to Article 6(1)(f) GDPR.
The legitimate interest of the Provider is the processing of personal data for direct marketing purposes.

1.5 For the performance of the licence agreement, the Provider uses the services of subcontractors, in particular providers of mailing services (personal data are stored in third countries) and a web hosting provider.
Subcontractors have been verified with regard to secure personal data processing.
The Provider and the web hosting subcontractor have concluded a personal data processing agreement under which the subcontractor is responsible for proper physical, hardware, and software security and thus bears direct responsibility towards the user for any personal data breach or security incident.

1.6 The Provider stores the user’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and for asserting claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After this period, the data will be deleted.

1.7 The User has the right to request access to their personal data pursuant to Article 15 GDPR, correction of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR.
The User has the right to erasure of personal data pursuant to Article 17(1)(a), and (c)–(f) GDPR, the right to object to processing pursuant to Article 21 GDPR, and the right to data portability pursuant to Article 20 GDPR.

1.8 The User has the right to lodge a complaint with the Data Protection Authority if they believe that their right to personal data protection has been violated.

1.9 The User is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without providing personal data, it is not possible to conclude or perform the contract on the part of the Provider.

1.10 The Provider does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

1.11 A person interested in using the Provider’s services, by filling in the contact form:

  • agrees to the use of their personal data for the purposes of electronic sending of commercial communications, advertising materials, direct sales, market research, and direct product offers from the Provider and third parties, but not more frequently than once per week; and at the same time
  • declares that they do not consider the sending of information pursuant to clause 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, since the user expressly agrees to the sending of information pursuant to clause 1.11.1 in connection with Section 7 of Act No. 480/2004 Coll.

The consent under this clause may be withdrawn by the user at any time in writing at: husakart@gmail.com

1.12 The Provider uses cookies on its website for the purpose of improving service quality, personalising the offer, collecting anonymous data, and for analytical purposes.
By using the website, the User agrees to the use of this technology.

II. Rights and Obligations Between the Controller and the Processor (Processing Agreement)

2.1 The Provider is the processor of the personal data of the User’s clients pursuant to Article 28 GDPR. The User is the controller of such data.

2.2 These terms govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access in the course of performing the licence agreement concluded by accepting the general terms and conditions on the website (hereinafter the “licence agreement”) between the Provider and the User on the date of creation of the user account.

2.3 The Provider undertakes to process personal data for the User to the extent and for the purposes set out in clauses 2.4–2.7 of these terms.
Processing will be carried out by automated means.
The Provider will collect, store, retain, block, and dispose of personal data.
The Provider is not entitled to process personal data contrary to or beyond the scope defined by these terms.

2.4 The Provider undertakes to process the following personal data for the User:

  • ordinary personal data;
  • special categories of data pursuant to Article 9 GDPR obtained by the User in connection with their business activities.

2.5 The Provider undertakes to process personal data for the purpose of handling enquiries and requests from clients obtained via the contact form.

2.6 Personal data may be processed only at the Provider’s workplaces or those of its subcontractors pursuant to clause 2.8 of these terms and only within the territory of the European Union.

2.7 The Provider undertakes to process the personal data of the User’s clients for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).

2.8 The User grants consent to the involvement of a subcontractor as an additional processor pursuant to Article 28(2) GDPR, namely the application hosting provider.
The User further grants the Provider general authorisation to engage additional personal data processors; however, the Provider must inform the User in writing of any intended changes concerning the addition or replacement of processors and allow the User to object to such changes.
The Provider must impose on its subcontractors acting as personal data processors the same data protection obligations as set out in these terms.

2.9 The Provider undertakes to ensure that personal data processing is secured in particular as follows:

  • personal data are processed in accordance with legal regulations and the User’s instructions;
  • the Provider ensures technical and organisational measures to prevent unauthorised or accidental access to data, their alteration, destruction, loss, unauthorised transfer, or other unlawful processing;
  • adopted technical and organisational measures correspond to the level of risk and ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and timely restoration of data availability and access in the event of physical or technical incidents;
  • personal data are subject to the Provider’s internal security regulations;
  • access to personal data is granted only to authorised persons of the Provider and subcontractors pursuant to clause 2.8, each accessing the data under their unique identifier;
  • authorised persons are bound by confidentiality obligations regarding personal data and security measures;
  • the Provider assists the User, through appropriate technical and organisational measures where possible, in fulfilling obligations under GDPR Articles 32–36;
  • upon termination of processing, personal data are deleted or returned to the User unless retention is required by law;
  • the Provider provides the User with all information necessary to demonstrate compliance with these terms and GDPR and allows audits, including inspections.

2.10 The User undertakes to promptly notify the Provider of all circumstances known to them that could adversely affect the proper and timely fulfilment of obligations under these terms and to provide the Provider with necessary cooperation.

III. Final Provisions

3.1 These terms expire upon the lapse of the periods specified in clauses 1.6 and 2.7.

3.2 The User agrees to these terms by ticking the consent checkbox via the online form and confirms that they have read, agree with, and fully accept these terms.

3.3 The Provider is entitled to amend these terms and is obliged to publish the new version on its website without undue delay or send it to the User’s email address.

3.4 The Provider’s contact details regarding these terms: husakart@gmail.com

3.5 Legal relationships not expressly governed by these terms shall be governed by GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.

These terms enter into force on 13 July 2021.