Privacy Policy

I. Personal Data Protection

1.1 By entering personal data, the user confirms that they understand the terms of personal data protection, that they express their consent thereto, and that they accept them in full.

1.2 The Provider is the controller of users’ personal data pursuant to Article 4, point 7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, in particular the GDPR.

1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.4 When placing an order, personal data that are necessary for the successful processing of the order (name and address, contact) are required. The purpose of processing personal data is to process the user’s order and to exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is also sending commercial communications and carrying out other marketing activities. The legal basis for the processing of personal data is the performance of a contract pursuant to Article 6(1)(b) of the GDPR, compliance with a legal obligation of the controller pursuant to Article 6(1)(c) of the GDPR, and the legitimate interest of the Provider pursuant to Article 6(1)(f) of the GDPR. The legitimate interest of the Provider is the processing of personal data for the purposes of direct marketing.

1.5 The Provider uses the services of subcontractors for the performance of the license agreement, in particular the provider of mailing services (personal data are stored in third countries) and the web hosting provider. Subcontractors are vetted in terms of secure processing of personal data. The Provider and the web hosting subcontractor have concluded a personal data processing agreement, pursuant to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter, and thus bears direct liability to the user for any leakage or breach of personal data.

1.6 The Provider stores the user’s personal data for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between the Provider and the User and for asserting claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After its expiry, the data will be deleted.

1.7 The User has the right to request from the Provider access to their personal data pursuant to Article 15 of the GDPR, rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR. The User has the right to erasure of personal data pursuant to Article 17(1)(a) and (c) to (f) of the GDPR. Furthermore, the User has the right to object to processing pursuant to Article 21 of the GDPR and the right to data portability pursuant to Article 20 of the GDPR.

1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if they believe that their right to personal data protection has been violated.

1.9 The User is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data, it is not possible to conclude the contract or for the Provider to perform it.

1.10 The Provider does not carry out automated individual decision-making within the meaning of Article 22 of the GDPR.

1.11 An applicant for the use of the Provider’s services, by completing the contact form:

1. consents to the use of their personal data for the purposes of electronic sending of commercial communications, advertising materials, direct sales, market surveys and direct offers of products from the Provider and third parties, but no more frequently than once a week, and at the same time
2. declares that they do not consider the sending of information according to point 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, because the user explicitly consents to the sending of information according to point 1.11.1 in conjunction with Section 7 of Act No. 480/2004 Coll.
3. Consent pursuant to this paragraph may be revoked by the user at any time in writing at info@rabasleseni.cz

1.12 The Provider uses so-called cookies in its presentation as part of improving the quality of services, personalising offers, collecting anonymous data and for analytical purposes. By using the website, the User agrees to the use of the aforementioned technology.

II. Rights and obligations between the controller and the processor (processing agreement)

2.1 The Provider is the processor in relation to the personal data of clients of users pursuant to Article 28 of the GDPR. The User is the controller of such data.

2.2 These terms and conditions govern the mutual rights and obligations in the processing of personal data, to which the Provider gained access in the performance of the license agreement concluded by means of approving the general terms and conditions at https://rabasleseni.cz/ (hereinafter referred to as the “license agreement”) concluded with the User on the date of establishing the user account.

2.3 The Provider undertakes to process personal data for the User to the extent and for the purpose specified in Articles 2.4 – 2.7 of these terms and conditions. The means of processing shall be automated. In the context of processing, the Provider shall collect personal data, store them on information carriers, retain, block and destroy them. The Provider is not authorised to process personal data contrary to or beyond the scope set out in these terms and conditions.

2.4 The Provider undertakes to process personal data for the user to the following extent:

ordinary personal data,
special categories of data pursuant to Article 9 of the GDPR,

which the User has obtained in connection with their own business activities.

2.5 The Provider undertakes to process personal data for the user for the purpose of processing inquiries and requests from clients obtained from the contact form.

2.6 Personal data may only be processed at the premises of the Provider or its subcontractors pursuant to Article 2.8 of these terms and conditions, and within the territory of the European Union.

2.7 The Provider undertakes to process for the User the personal data of the User’s clients, for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between the Provider and the User and from asserting claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).

2.8 The User grants permission to involve a subcontractor as another processor pursuant to Article 28(2) of the GDPR, which is the provider of application hosting. The User further grants the Provider general permission to involve another processor of personal data in the processing; however, the Provider must inform the User in writing of all intended changes concerning the acceptance of additional processors or their replacement and give the User the opportunity to object to such changes. The Provider must impose on its subcontractors in the position of personal data processors the same obligations for the protection of personal data as are set out in these terms and conditions.

2.9 The Provider undertakes that the processing of personal data will be secured, in particular, in the following manner:

  1. Personal data are processed in accordance with legal regulations and on the basis of the User’s instructions, i.e. for the performance of all activities necessary for the provision of the web platform.
  2. The Provider undertakes to technically and organisationally secure the protection of the processed personal data so that unauthorised or accidental access to the data, their alteration, destruction or loss, unauthorised transfers, other unauthorised processing, as well as other misuse cannot occur, and to ensure that all obligations of the personal data processor arising from legal regulations are continuously secured in terms of personnel and organisation for the duration of the data processing.
  3. The adopted technical and organisational measures correspond to the level of risk. Through them, the Provider ensures continuous confidentiality, integrity, availability and resilience of processing systems and services, and promptly restores the availability of personal data and access to them in the event of physical or technical incidents.
  4. The Provider hereby declares that personal data protection is subject to the Provider’s internal security regulations.
  5. Only authorised persons of the Provider and subcontractors pursuant to Article 2.8 of these terms and conditions will have access to personal data; such persons will have the conditions and scope of data processing determined by the Provider, and each such person will access personal data under their unique identifier.
  6. Authorised persons of the Provider who process personal data under these terms and conditions are obliged to maintain confidentiality regarding personal data and security measures, the disclosure of which would jeopardise their security. The Provider shall ensure their provable commitment to this obligation. The Provider shall ensure that this obligation for the Provider and authorised persons continues even after the termination of the employment or other relationship with the Provider.
  7. The Provider shall assist the User, through appropriate technical and organisational measures, where possible, in fulfilling the User’s obligation to respond to requests for the exercise of data subject rights under the GDPR; likewise, in ensuring compliance with obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
  8. After the termination of the provision of performance connected with the processing pursuant to Article 2.7 of these terms and conditions, the Provider is obliged to delete all personal data or return them to the User, unless they are obliged to store personal data on the basis of a special law.
  9. The Provider shall provide the User with all information necessary to demonstrate that the obligations under this agreement and the GDPR have been met, and shall allow audits, including inspections, conducted by the User or another auditor authorised by the User.

2.10 The User undertakes to promptly report all known facts that could adversely affect the proper and timely performance of obligations arising from these terms and conditions and to provide the Provider with the necessary cooperation for the performance of these terms and conditions.

III. Final Provisions

3.1 These terms and conditions cease to be valid upon the expiry of the period set out in Articles 1.6 and 2.7 of these terms and conditions.

3.2 The User agrees to these terms and conditions by ticking the consent box via the online form. By ticking the consent box, the user expresses that they have read these terms and conditions, that they express their consent thereto, and that they accept them in full.

3.3 The Provider is authorised to change these terms and conditions. The Provider is obliged to publish the new version of the terms and conditions on its website without undue delay, or send the new version to the User at their email address.

3.4 Contact details of the Provider in matters relating to these terms and conditions: +420 777 892 219, info@rabasleseni.cz

3.5 Relationships not expressly regulated by these terms and conditions shall be governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.

These terms and conditions become effective on 23 February 2024.