Terms and Conditions

Privacy policy and information on the processing of personal data

(hereinafter referred to as the "Principles")

Regulation (EU) 2016/679 (GDPR) is an EU-wide legal framework for the protection of personal data, which protects the rights of its citizens against unauthorized treatment of their data and personal data. The GDPR takes over all existing data protection and processing principles on which the Union's data protection system is based and confirms that protection travels across borders at the same time as personal data.

Accordingly, the General Regulation further develops and strengthens the rights of the persons affected by the processing, in both its components: to have (obtain) information on what data is being processed and why, and to seek compliance with the rules, including redress. The GDPR systematically emphasizes the enforcement of people's rights and the obligations of controllers (responsible for processing).

1. Introductory provisions

For the purposes of this Policy:

1.1 Operator

The company Crystal BOHEMIA a.s., CIN: 28486722, with its registered office at Jiráskova 223, 290 01 Poděbrady, Czech Republic, entered in the Commercial Register kept by the Municipal Court in Prague, Section B, Insert 14823 (hereinafter referred to as the “Administrator”). Web application www.crystal-bohemia.com. These Principles take effect on 1st July 2021. The Operator operates the above-mentioned Web application. Within the Web Application, the Personal Data listed in point 3.2 are processed by the Operator for the purpose (s) listed in point 3.3 below.

1.2 Validity of the stated Data and activities

Valid and invalid statements are marked in the Policy. Expressions are structured into unnumbered lists.

1.3 Administrator

The administrator is a person who manages data, deletes, forgets, modifies, transfers, ensures the deletion of data from all backups

Name: Bohumil Synek, e-mail address: bohumil.synek@crystal-bohemia.com

The Operator, as the controller of Personal Data, hereby informs about the manner and scope of processing of Personal Data, including the scope of the Rights of the Subject (as defined below) related to the processing of his Personal Data.

2. Related documents

These Principles are the only public document of the Operator on the protection of personal data

3. Protection of personal data and information on processing

3.1 Subject

The Subject is the natural person to whom the personal data relate (hereinafter referred to as the “Subject”). The subject is not a legal subject. Data relating to a legal person are thus not personal data.

3.2 Personal data means

For the purposes of this policy, personal data means: name and surname, e-mail, telephone

3.3 Purpose of personal data processing

Personal data of subjects are used for the following purposes (services):

Business activities – communication about demand, order processing and contracts in the sense of closing a deal: business activity processing (orders). In this context, the data are necessary for the provision of a specific service or product of the Operator. In order to fulfill the legal obligation to archive accounting documents on the basis of Act No. 563/1991 Coll., On Accounting, as amended, Personal Data (except e-mail address and telephone number) will be further processed and stored for 5 years starting in the following year. after the year in which the contract was concluded between the Operator and the Subject.

HR activities – inclusion in the recruitment database. Personal data will be processed for the purposes of recruitment and marketing activities for a period of 5 years from the granting of consent.

Business message, newsletter – the sending of an offer for a good or service, and news that lead to a sale until the subject unsubscribes from the business message. The storage of the e-mail address and name is with the Mailchimp processor for the purpose of possible future sending of news related to the requested service and the requested business message for the period: until the Subject requests the deletion. Personal data will be processed for the purposes of marketing and commercial communications for a period of 5 years from the granting of consent.

Remarketing – inclusion in the remarketing audience, processed by Cookies is a third party, Google, Sklik, Facebook. Remarketing is used to display an advertising message to website visitors for a period of: 30 days.

Improving our services and web application content (eg for designing web application modifications) for a period of: 2 years

3.4 Processors

Who are the processors used by controllers to process personal data and third-party companies:

Internal registration of data in the tools: information system, accounting system and e-mail box of the Processor for the above-mentioned purposes.

Google LLC ("Google"), located at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States of America: Cookie for Remarketing, which allows you to re-address an Subject who has previously visited the Website. They may show your ads as they crawl other sites in the Google Content Network. Remarketing. The operator uses the services of G Suite and Google Cloud Platform, the operation of which complies with European standards of personal data protection.

Seznam.cz, CIN: 26168685, to what data: Sklik is a Czech PPC system of the company Seznam.cz, which enables the display of advertising in the search on Seznam.cz and on the most visited websites on the Internet. The visitor arriving through the Sklik advertisement is then recognized thanks to a record stored on his computer - a cookie valid for 30 days. Remarketing. The subject acknowledges that the company's cookies may be stored on its device.

Facebook Inc., Menlo Park, California, USA to what data: Stores Cookies to customize and measure ads and create a safer environment. More information: https://www.facebook.com/policies/cookies.

Third party e-mail system: Rocket Science Group, LLC in the USA, operating the MailChimp service (http://mailchimp.com/legal/terms/) for data and purposes: sending e-mails.

3.5 Acceptance / consent to the processing of personal data

Acceptance / consent to the processing of personal data is expressed by the Subjects in the following ways:

Active consent (by clicking): in the ordering process by checking "I agree with the Business Conditions and Personal Data Processing".

Consent is expressed by entering personal data and sending it (ie by clicking on the appropriate button). The site contains information on the processing of personal data. Consent follows from the context and the process. The Subject acknowledges that by sending the completed registration form, the processing of Personal Data by the Operator will begin.

If the Subject does not provide its Personal Data, it is not possible to provide the Operator with the services listed in Chapter 3.3. In this context, personal data are necessary for the provision of a specific service or product of the Operator.

3.6 Non-personal data

For clarity, we present non-personal data that we record, ie the consent of the Subject is not required. Cookies required to run the Web application Anonymous site visits (e.g. URL, browser, geolocation, visitor's operating system)

3.7 Rights and obligations

The Operator shall make every effort to prevent unauthorized processing of Personal Data.

The Subject is obliged to provide the Operator only with true and accurate Personal Data.

The Subject has the right to revoke its consent (in cases where the processing of Personal Data takes place on the basis of consent) with the processing of the provided Personal Data at any time at the email address of the Administrator. However, revocation of consent to the processing of Personal Data is not possible to the extent and for the purposes of fulfilling the legal obligation by the Operator. Withdrawal of consent shall not affect the lawfulness of processing based on the consent given before its withdrawal. Withdrawal of consent also does not affect the processing of Personal Data processed by the controller on a legal basis other than consent (ie especially if the processing is necessary for the fulfillment of the contract, legal obligation or for other reasons specified in applicable law).

The subject also has the right to:

access to Personal Data;

to correct the provided Personal Data;

to delete the provided Personal Data;

to limit the processing of Personal Data;

file a complaint with the Office for Personal Data Protection.

In the event that the Subject believes that the Operator is processing his Personal Data that is in conflict with the protection of his private and personal life or in violation of applicable law, especially if the Personal Data is inaccurate with respect to the purpose of their processing, may:

Ask the Operator for an explanation, by e-mail to the e-mail address of the Administrator

Raise an objection to the processing and request by e-mail sent to the e-mail address of the Administrator that the Operator ensure the removal of such a situation (eg by blocking, making repairs, supplementing or disposing of personal data). The Operator shall immediately decide on the objection and inform the Subject. If the Operator does not comply with the objection, the Subject has the right to contact the Office for Personal Data Protection directly. This provision does not affect the right of the Subject to contact the Office for Personal Data Protection directly with its complaint.

If the Subject requests information on the scope or method of processing its Personal Data, the Operator is obliged to provide this information immediately, but no later than within one month of receipt of the request by the Operator at the Administrator's address.

If the Subject exercises the right of access to Personal Data in electronic form, the Operator shall also provide the requested information in electronic form, unless the Subject requests another method of providing information.

The Operator is entitled to charge a reasonable fee for the administrative costs associated with a repeated and unreasonable request for the provision of a physical copy of the processed Personal Data.

4. Final provisions

All legal relationships arising in connection with the processing of Personal Data are governed by the laws of the Czech Republic, regardless of where the access to them was made. The Czech courts have jurisdiction to resolve any disputes arising in connection with the protection of privacy between the Subject and the Operator.

In relation to this Web Application, Personal Data may be transferred across international borders to sites where servers supporting the Website are located.

Subjects who provide their Personal Data via the registration form for the purpose of concluding a contract with the Operator or provide consent to the processing of Personal Data do so voluntarily, do not control their activities in any way on their behalf and the Operator.

The wording of the Principles may be amended or supplemented by the Operator. The Operator shall inform the Subjects by e-mail of any such change at least 30 days before the changes take effect.

This Policy shall take effect on the date specified in Chapter 1.