Privacy Policy

Through this Privacy Policy (hereinafter referred to as the Policy), we inform data subjects whose personal data we process about all processing activities and about the privacy policy of data subjects.

1. Responsible persons

Personal data controller:
Clearmont, spol. s r.o., ID: 25850717, with registered office at Bořivojova 20, Ostrava – Kunčičky 718 00
Contacts for exercising your rights: Telephone: +420 596 638 659, E-mail: info@clearmont.cz
(also referred to as we; us; our or us)

2. Basic terms

GDPR:
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC effective from 25 May 2018.

Personal data:
Personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as GDPR) means any information about an identified or identifiable natural person (i.e. data subject = you).

Special personal data:
Special personal data means data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person.

Data subject = You:
Data subject means an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller:
Within the meaning of Article 4(7) of the GDPR, a controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. We act as a controller in relation to your personal data.

Processor:
A processor within the meaning of Article 4(8) of the GDPR is a natural or legal person, public authority, agency or other body that processes personal data for the controller.

Supervisory authority:
Supervisory authority in the Czech Republic means the Office for the Protection of Personal Data (hereinafter referred to as the Office for Personal Data Protection).

Risk processing:
Risk processing means processing that is likely to pose a risk to the rights and freedoms of data subjects, processing that is not occasional, or involves the processing of special personal data or personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.

Automated individual decision-making, including profiling:
Automated individual decision-making, including profiling, generally means any form of decision based on automated processing of personal data, i.e. without human intervention, based, inter alia, on the evaluation of certain personal aspects relating to the data subject, in particular for the purpose of analysing or estimating or analysing or predicting aspects relating to his or her work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

3. Categories of subjects, personal data processed, purpose, legal basis and duration of processing

We process personal data for a clearly defined purpose:

Category data subjects	Purpose of processing Personal data	Legal basis and personal data processed	Time Processing
Our customers	Performance and execution of contracts concluded with customers	The legal basis is the performance of the contract. Identification data (first name, last name), contact data (delivery or residential address, e-mail, telephone), accounting data (credit card number, bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects).	For this purpose, personal data may be processed for the duration of the contractual relationship and the warranty period.
	Exercise of contractual claims after termination of the contract	The legal basis is our legitimate interest in the right to recover claims, damages and other claims that may have arisen during the course of our contractual relationship. Identification data (first name, last name), contact data (delivery or residential address, e-mail, telephone), accounting data (bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects) are necessary after termination of the contract for the processing of complaints, the recovery of claims and other contractual obligations under the contracts concluded between us and these data subjects.	For this purpose, personal data may be processed for a period of four years after the termination of the contractual relationship, and in the case of legal proceedings for the entire duration of the proceedings.
	Fulfilling our accounting and tax obligations	The legal basis is the fulfilment of a legal obligation imposed on us by legislation such as the Accounting Act or the Value Added Tax Act. Identification data (name, surname), contact data (delivery or residential address, e-mail, telephone), accounting data (bank account number and other information on tax documents).	For this purpose, personal data may be processed for up to 10 years from the end of the tax year in which the transaction was provided to the customer.
	Dissemination of commercial communications in the form of professional information and reports, marketing materials, offers of our goods or services	The legal basis is our legitimate interest in providing and offering you similar services or goods that meet your needs, based on our common business relationship. The processing of customer identification and contact personal data is carried out for the purpose of disseminating commercial communications.	For this purpose, personal data may be processed for the duration of the contractual relationship.
Visitors to the website	Statistics before data anonymization, display of ads for our services or goods	The legal basis is our legitimate interest in a) improving our services and focusing on what really interests you; b) offering you similar services or goods that match your needs, based on your access to our website. Identification data (first name, last name), contact data (address, e-mail, telephone), IP address and cookies.	For this purpose, personal data may be processed for a period of 6 months.
Visitors to the website	Sending a response to a website visitor’s query	The legal basis is the performance of a contract or your consent. Identification data (first name, last name), contact data (address, e-mail, telephone), IP address and cookies, the request made via the form.	For this purpose, the personal data may be processed until the query from the contact form has been processed, but no longer than 30 days or the duration of your consent to processing.
Newsletter Subscribers	Regularly send business communications by email	The legal basis for this is the consent you gave us when you registered for the newsletter. Identification data (name and surname), contact details (e-mail).	For this purpose, personal data may be processed until consent is withdrawn.

4. Period of processing of personal data

We only retain personal data for as long as is necessary for the purpose of processing – see table above. After this period, personal data may only be retained for the purposes of the National Statistical Service, for scientific purposes and for archiving purposes.

5. Recipients of personal data and transfer of personal data outside the European Union

In justified cases, we may also transfer your personal data to other entities (hereinafter referred to as recipients).

Personal data may be transferred to the following recipients:

Processors who process your personal data according to our instructions, in particular in the area of public relations, electronic data management and/or accounting;
public authorities and other bodies where required by applicable law;
other entities in the event of an unexpected event in which the disclosure is necessary to protect life, health, property or other public interest or where it is necessary to protect our rights, property or safety.

We may use the Google reCAPTCHA function (hereinafter referred to as reCAPTCHA) on our website. This application is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as Google). It is used to automatically check whether the data entry on our website has been made by a human or by an automated program by tracking the behaviour of the website visitor according to various characteristics. For example, the IP address, the time spent by the visitor on the website or the mouse movements made by the user. The processing of data is carried out on the basis of the provisions of Article 6(1)(f) of the GDPR, as we have a legitimate interest in protecting our website from abuse by automated robots and from spam. For the same reason, data is also transferred to Google.

Further information about Google reCAPTCHA and Google’s data protection policy can be found at zde and zde.

6. Cookies

After your first visit to our website, our server sends a small amount of data to your computer and stores it there. Your browser then sends this data back to the server each time you visit the site. This small file is called a cookie and is a short text file containing a specific string of characters with unique information about your browser. We use cookies to improve the quality of our service and to better understand how people use our site. To do this, we store user preferences in cookies and use them to track user trends and how people browse and behave on our site.

Most browsers are set up to accept cookies. However, you have the option to set your browser to block cookies or to notify you when cookies are sent. However, some services or features will not work properly without cookies.

Our website uses first-party cookies, i.e. cookies used only by our website (hereinafter referred to as first-party cookies) and third-party cookies (i.e. cookies originating from third-party websites).We use first-party cookies to store user preferences and data required during your visit to the website (e.g. the contents of your shopping cart).We use third-party cookies to track user trends and behavioural patterns, target advertising with the help of third-party web statistics providers. Third party cookies used to track trends and behaviour patterns are only used by our website and web statistics provider, they are not shared with any other third party.

7. Personal data processing principles

Legality
We process your personal data in accordance with applicable law, in particular the GDPR.

Consent of the data subject
We only process personal data in the manner and to the extent that you have given your consent, if consent is the title of the processing.

Minimisation and restriction of the processing of personal data
We only process personal data to the extent necessary to achieve the purpose of processing and for no longer than necessary to achieve the purpose of processing.

Accuracy of the personal data processed
We process personal data with an emphasis on accuracy, using available measures. And using reasonable means, we process up-to-date personal data.

Transparency
Through this Policy and the contact person, you have the opportunity to learn about the way we process your personal data, as well as its scope and content.

Purpose limitation
We only process personal data to the extent necessary to fulfil the stated purpose and in accordance with that purpose.

Security
We process personal data in a manner that ensures its appropriate security, including its protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.

8. Automated individual decision-making and profiling

The processing of personal data does not involve automated individual decision-making, even on the basis of profiling.

9. Your rights as a data subject

Right of access to personal data
You have the right to request access to personal data concerning you from us. In particular, you have the right to obtain confirmation from us as to whether or not the personal data concerning you are being processed by us, as well as to be provided with further information about the data processed and the manner of processing in accordance with the relevant provisions of the GDPR (purpose of processing, categories of personal data, recipients, intended storage period, existence of your right to request rectification, erasure, restriction of processing or right to object, source of personal data and right to lodge a complaint). If you request it, we will provide you with a copy of the personal data we process about you free of charge. In the event of a repeated request, we may charge a reasonable fee for providing a copy, corresponding to the administrative costs of processing.

To obtain access to your personal data, please use your user account or the contacts listed in this policy.

Right to withdraw consent to the processing of personal data where the processing is based on consent
You have the right to withdraw your consent to the processing of personal data processed by us on the basis of that consent at any time.

You can withdraw your consent by using your user account or the contacts listed in this policy.

Right to rectification, restriction or erasure
If you find that the personal data we hold about you is inaccurate, you can request that we correct the data without undue delay. You may also request that we complete the data we hold about you if this is reasonable in the particular circumstances of the case.

You may request the rectification, restriction of processing or erasure of data by using your user account or the contacts listed in this policy.

Right to erasure of personal data
You have the right to request that we delete the personal data we process about you without undue delay in the following cases:

If you withdraw your consent to the processing of your personal data and there is no other legitimate reason on our part for processing it that overrides your right to erasure;
if you object to the processing of personal data (see below);
Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it;
the personal data has been unlawfully processed by us;
the personal data was collected by us in connection with the offer of information society services to a person under the age of 18;
the personal data must be erased to comply with a legal obligation under European Union law or Czech law to which we are subject.

You can request deletion in these cases by using your user account or the contacts listed in this Policy.

The right to request erasure of personal data is not given in situations where processing is necessary

For the exercise of the right to freedom of expression and information;
to comply with our legal obligations;
for reasons of public interest in the field of public health;
for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, where the erasure of the data is likely to prevent or seriously jeopardise the achievement of the purposes of the processing;
for the establishment, exercise or defence of legal claims.

You can find out if there are reasons why you cannot exercise your right to erasure by contacting your user account or the contacts listed in this Policy.

Right to restriction of processing of personal data
You have the right to have us restrict the processing of your personal data where:

You deny the accuracy of the personal data. In this case, the restriction applies for the time necessary for us to verify the accuracy of the personal data.
The processing is unlawful and you refuse the erasure of the personal data and request instead a restriction on its use.
We no longer need your personal data for the purposes for which we processed it, but you require it for the establishment, exercise or defence of legal claims;
You object to the processing (see below). In this case, the restriction applies for a period of time until it is verified that the legitimate grounds on our side outweigh your legitimate grounds.

At the time of restriction of processing of personal data, we may only process your personal data (except for storage) with your consent or for the establishment, exercise or defence of our legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. As stated above, you can request a restriction of processing through your user account or the contacts listed in this Policy.

Right to object to processing
You have the right to object to the processing of your personal data in the following cases:

Where personal data is processed for a reason where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or for the purposes of our legitimate interests and you object to the processing, we may not further process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of our legal claims.
If personal data is processed for direct marketing purposes and you object to the processing, we will no longer process the personal data for these purposes.
If your personal data is processed for scientific or historical research purposes or for statistical purposes, we will no longer process it unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You may submit an objection through your user account or the contacts listed in this Policy.

Right to data portability
Where we process your personal data on the basis of your consent or because it is necessary for the performance of a contract between us, you have the right to obtain from us the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, if the personal data is so processed by us. You have the right to transfer this data to another data controller or to request that we provide this data directly to another data controller, if technically feasible. You can obtain your personal data through your user account or the contacts listed in this policy.

The right not to be subject to any decision based solely on automated processing, including profiling
We do not use personal data to make automated decisions.

Right to obtain information about a breach of your personal data security
If a breach of our security is likely to result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay. If appropriate technical or organisational measures have been applied to the processing of your personal data, for example, to ensure that it is incomprehensible to an unauthorised person, or if we have taken additional measures to ensure that the high risk does not occur, we do not have to provide you with information about the breach.

Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data is in breach of the obligations set out in the GDPR, you have the right to lodge a complaint with the supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection.

This Privacy Policy is effective as of May 25, 2018.