Terms and Conditions and GDPR
FORTEMIX s.r.o., with its registered office at Kirilovova 812, 739 21 Paskov, Czech Republic, Company ID: 268 68 211, a limited liability company registered in the Commercial Register of the Regional Court in Ostrava under file no.
C 28754 as a personal data controller (hereinafter referred to as the “Controller”) hereby informs customers and users of the website: https://www.fortelock.com as a personal data subject (hereinafter referred to as the “Data Subject”) about the collection of personal data and the privacy policy described below.
1. INTRODUCTION
1.1 This policy has been devised in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) with and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
1.2 This policy has been devised in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) with and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
1.3 Other terms such as “special categories of personal data”, “data subject”, “processing of personal data”, “controller”, “processor”, “risky processing”, “automatic individual decision-making including “profiling” and “appropriate technical and organizational measures” have meaning and must be interpreted in accordance with and in the context of the GDPR.
2. WHAT PERSONAL DATA THE CONTROLLER PROCESSES
2.1 The Controller processes the following data about the Data Subject:
- address and identification data: name and surname, address, email, telephone
- billing and payment information: optionally ID, VAT number, registered office address
- data on purchased products, data on the use of products, data on communication with the Controller
2.2 In order to improve the quality of services, personalize the offer, and collect anonymous data for analytical purposes, the Controller uses cookies on its website. The Cookie Policy is regulated in a separate document, available at this link: Zásady cookies
2.3 Personal data may be stored for a longer period than specified in the table below if it is processed solely for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes.
2.4 If you have used the option to subscribe to the newsletter, you grant the Controller your consent to the use of your email address for the purpose of sending commercial and marketing communications related to the products or services on offer. Your email address will be processed in accordance with the data protection regulations and in compliance with this policy. You can withdraw your consent to the processing of your email address for marketing purposes at any time by an email sent to the address marketing@fortemix.cz, or by sending it to the address of the Controller’s registered office.
3. PURPOSE AND LEGAL BASIS OF PROCESSING – PROCESSING TIME
| Processed personal data | Purpose of the processing | Legal ground for processing | Processing time |
| Address and identification data | processing of orders and communication regarding the conclusion and performance of the contract | implementation of measures taken prior to the conclusion of the contract (negotiations prior to the conclusion of the contract), performance of the contract | for the period necessary to negotiate before the conclusion of the contract and subsequently for the performance of the contract |
| Payment and billing information | processing of orders and performance of the contract, bookkeeping | performance of the contract, fulfillment of legal obligations | for a period of 10 years from the last payment |
| Data on purchased products, their use, communication data | contract performance, customer care | performance of the contract, legitimate interest | for the duration of the contract and for a period of one year after it ends |
| Your name and email granted outside the performance of the contractual relationship only for newsletter subscribers | regular sending of commercial communications contain offers, information and news in accordance with Act No. 480/2004 Coll. | consent granted when registering for newsletters | until the consent is withdrawn; or until the recipient unsubscribes |
| Address and identification data | handling messages sent via a web form | implementation of measures taken prior to the conclusion of the contract (negotiations prior to the conclusion of the contract), performance of the contract | for the time necessary to handle the communication |
4. PRINCIPLES OF PERSONAL DATA PROCESSING
4.1 The Controller processes personal data in a fair, lawful and transparent manner. These Principles acquaint the Data Subject with the scope, content and manner in which the Controller processes personal data.
4.2 The personal data processed by the Controller is reasonable, relevant and restricted to the extent necessary to fulfil the specified purpose in relation to the contractual relationship.
4.3 The Controller needs the personal data of the Data Subject to be accurate and up-to-date. If any of the data provided is out of date, the Data Subject is obliged to modify it in the user account after registration.
4.4 The Controller processes personal data in a manner that properly safeguards it, including protecting it using the appropriate technical or organizational measures against unauthorized or unlawful processing and against any accidental loss, destruction or damage.
5. RECIPIENTS OF PERSONAL DATA AND INTENTION TO TRANSMIT INFORMATION
5.1 The Controller may also transfer the personal data of the Data Subject to a third party as the recipient. However, the Controller always proceeds in this manner only in justified cases. The Controller may transfer personal data to the following recipients:
a) to processors who process the personal data of the Data Subject according to the instructions of the Controller and the relationships with which they are treated according to the requirements of Article 28 of the GDPR; in particular, to providers of programs used by the Controller for the better security and operation of its services; to providers of transport, accounting and tax advisory services; they will have access only to the extent necessary and for the purpose of the administration and technical support of the programs used;
b) to public authorities and other bodies where required by applicable law;
c) to other entities in the event of an unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or safety.
5.2 The Controller does not intend to transfer personal data to a third country or to an international organization.
6. RIGHTS OF THE DATA SUBJECT
6.1 The rights of the Data Subject are an important component of protecting personal data. If the Data Subject claims any of his or her rights listed below, the Controller shall provide him or her with information on the measures taken without undue delay and in any case within one month of receiving the Data Subject’s request. In exceptional cases, the Controller may extend this period by up to two months. The Controller shall inform the Data Subject about the extension of the deadline and the reason for the extension.
6.2 Personal data is processed automatically in electronic form.
6.3 The Data Subject has the right:
a) to be informed about the processing of personal data
Informace o zpracování osobních údajů sdělujeme Správce zejména prostřednictvím těchto We communicate information about the processing of personal data to the Controller in particular through this Privacy Policy.
b) to access personal data
If the Data Subject requests it, he or she will obtain information (confirmation) from the Controller as to whether or not his or her personal data is being processed. If it is processed, the Data Subject has the right to obtain the following information: the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed; the planned period for which the personal data will be stored; the existence of the right to request the rectification or erasure of personal data by the Controller; the right to object; the right to lodge a complaint with a supervisory authority; all available information on the source of personal data, if not obtained from the Data Subject; the fact that automated decision-making, including profiling, is taking place. You can find most of this information in this Privacy Policy, but if the Data Subject is interested, he or she can also inquire about the above.
c) to rectification or completion
If the Data Subject knows or believes that the Controller is processing his or her personal data inaccurately, the Data Subject may draw attention to this and the Controller is obliged to rectify the data. If the Data Subject wants to complete any incomplete personal data, taking into account the purpose of processing, he or she may notify the Controller and the Controller is obliged to complete the data.
d) to erasure
This right of the Data Subject imposes on the Controller the obligation to delete his or her personal data in accordance with Article 17(1) of the GDPR if at least one of the following conditions is met:
- the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- the Data Subject withdraws his or her consent and there is no other legal ground for processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for processing;
- the personal data has been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation;
- the personal data was collected in connection with the offer of the services of an information company pursuant to Article 8(1) of the GDPR;
and at the same time none of the exceptions provided for in Article 17(3) of the GDPR may be applied.
e) to restrict processing
Within the framework of this right, the Data Subject has the possibility to request the Controller to restrict the processing of his or her personal data. If the conditions under Article 18(1) of the GDPR are met, the Controller must do so.
f) to data portability
The Data Subject has the right to obtain, in particular to download, his or her personal data from the Controller in a structured, commonly used and machine-readable format, and also has the right to the direct provision of his or her personal data to another controller.
g) to object
In some cases, the Data Subject has the possibility to raise an objection to processing. These are in particular situations where the Data Subject has not had the opportunity to influence the fact that his or her data has been processed, and at the same time it is not a matter of fulfilling a legal obligation or vital interest, where the lack of this option is defensible. The Data Subject thus has the possibility to raise three types of objections to the processing. These are objections to:
- processing on the basis of the legal title of a legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
- processing for direct marketing purposes on the basis of the legal title of a legitimate interest;
- processing for scientific or historical research purposes or for statistical purposes.
If an objection is raised, the Controller shall no longer process the data unless the Controller demonstrates compelling legitimate grounds for the processing that override the interests of the Data Subject or the rights and freedoms, or for the establishment, exercise or defense of legal claims. If an objection is raised against the processing of personal data for direct marketing or profiling purposes, the Controller must stop processing the personal data.
h) not to be subject to automated individual decision-making, including profiling
When processing personal data, the Data Subject is never a part of automated individual decision-making, even on the basis of profiling.
i) to withdraw consent to the processing of personal data if the processing takes place on the basis of consent
The Data Subject may at any time withdraw his or her consent to the processing of his or her personal data processed by me on the basis of this consent.
j) to obtain information about a breach of security of your personal data
If there is a likelihood that there is a high risk to the rights and freedoms of the Data Subject as a result of a breach of security of the Controller, the Controller shall notify the Data Subject without undue delay.
k) to lodge a complaint with a supervisory authority
Should the Data Subject get the impression that the Controller is violating its obligations in the processing of his or her personal data, the Data Subject has the right to file a complaint with the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Praha 7; email: posta@uoou.cz; www: https://www.uoou.cz; phone: +420 234 665 111.
7. CHANGES TO THE POLICY
7.1 The Privacy Policy may change over time. All changes to the Privacy Policy shall be made public to the Data Subject on the fortelock.cz website. If these changes are significant, the Controller may inform the Data Subject about them by email.
8. OUR CONTACT DETAILS
8.1 If the Data Subject wants to contact the Controller in connection with the processing of his or her personal data, he or she may contact the following:
a) in writing to the address of the registered office: FORTEMIX s.r.o., with its registered office at Kirilovova 812, 739 21 Paskov, Czech Republic
b) by email to the email address: marketing@fortemix.cz
THIS PRIVACY POLICY COMES INTO FORCE AND EFFECT ON: 1. 1. 2022