1. Personal data controller
1.1. Personal data controller ALFA HEAT CZ, s.r.o., CRN 01517937, based in Kroupova 795/65, Brno 625 00, Czech Republic, registered in the Commercial Register kept by the Regional Court in Brno, file no. C 78453 (hereinafter the ‘controller‘), hereby declares that all the personal data processed by the controller are strictly confidential. The controller shall treat them in accordance with national and European Union law in the field of personal data protection.
1.2. The controller collects, stores and uses your personal data in accordance with Act no. 110/2019 Coll. on the processing of personal data (hereinafter referred to as the Personal Data Processing Act), or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter ‘GDPR’). The purposes for which the controller processes personal data are further defined.
1.3. The controller also collects this personal data through its websites at www.alfa-heat.cz, www.ignis-panem.eu and www.ignis-panem-eshop.cz (hereinafter referred to as ‘websites‘).
1.4. The controller is issuing this privacy policy in order to inform you of the type of personal data the controller processes, what purpose they are processed for, for how long, who will have access to your personal data and what your rights are. This privacy policy applies to all personal data collected by the controller, whether they are collected for the purpose of fulfilling a contractual relationship, a legal obligation, a legitimate interest or consent.
2. Processed data
2.1. The controller is entitled to process the following data for the purpose of:
2.1.1. Fulfilling a contractual relationship
- Explanation: The relationship between you and the controller arising from an order, registration, a concluded contract, an application, participation in a competition, etc.;
- Personal data categories: Address and identifying data;
- Entity: Clients, business partners;
- Recipient: Administrator;
2.1.2. For the purpose of sending commercial messages and offering products and services
- Explanation: For the purpose of sending business offers via email, short text messages or telephone calls;
- Personal data categories: Address and identifying data;
- Entity: Clients, business partners, website visitors;
- Recipient: Controller
2.1.3. Accounting and tax purposes
- Explanation: Accounting records in the sense of accounting and tax legislation;
- Personal data categories: Address and identifying data;
- Entity: Clients, business partners;
- Recipient: Controller, accountant;
2.1.4. Statistical purposes
- Explanation: Anonymous website traffic monitoring, monitoring of the amount of times the website was viewed, time spent on the website and the type of device the website is visited on. We collect data so that we can improve the quality of services we provide and to offer clients relevant content;
- Personal data categories: Information about the IP address, proxy server, operating system, web browser and plug-ins, identifier and functions of the device and/or ISP or mobile service provider;
- Entity: Website visitors;
- Recipient: Controller, Google analytics;
2.1.5. Ad serving
- Explanation: Ad serving on the website based on statistically determined customer preferences;
- Personal data categories: Information about the IP address, proxy server, operating system, web browser and plug-ins, identifier and functions of the device and/or ISP or mobile service provider;
- Entity: Website visitors;
- Recipient: Controller
2.1.6. Legitimate interest
- Explanation: Effective defence in the event of a dispute; in this case, the personal data is processed for 4 years from the expiration of the warranty period for the goods, and it is extended by the period during which the dispute is ongoing. We want to constantly improve our services, making them new and better; we want to prevent the obstruction of this activity; activities that contribute to the fulfilment of this goal are therefore our legitimate interest. Data processing for the prevention of fraud is also our legitimate interest (e.g. contract risk assessment), direct marketing (e.g. offering relevant services to existing customers), transfer of personal data within a group of companies for internal administrative purposes, reporting crimes and transfer of personal data to the relevant authority, ensuring network and information security. This list is only an example;
- Personal data categories: Address and identifying data;
- Entity: Clients, business partners, website visitors;
- Recipient: Controller, relevant authorities;
2.1.7. Fulfilment of other legal obligations
- Explanation: Provision of information for law enforcement authorities; provision of information for other public authorities, etc.
- Personal data categories: Address and identifying data;
- Entity: Clients, business partners, website visitors;
- Recipient: Controller, relevant authorities;
2.2. We process your personal data for the time necessary to ensure all rights and obligations arising from a mutual legal transaction, at least for the period necessary to process an order, make a transaction, arrange a service, etc., as well as for the time during which the controller is obliged to store personal data according to generally binding legal regulations, or for the period for which you have given your consent to the controller. Otherwise, the processing time depends on the purpose for which the personal data are processed, or it is stipulated by legal regulations.
2.3. Personal data are processed manually and automatically by the controller. The controller is entitled to process some information automatically, e.g. to create statistical information about website traffic.
3. Personal data processed based on consent
3.1. If you granted your consent to the processing of your personal data, this was for one of the following purposes:
3.1.1. Fulfilling a contractual relationship.
3.1.2. For the purpose of sending commercial messages and offering products and services.
3.1.3. Accounting and tax purposes.
3.1.4. Statistical purposes.
3.1.5. Ad serving.
3.1.6. Legitimate interest.
3.1.7. Fulfilment of other legal obligations.
4. Rights of data subjects
4.1. As a data subject, you have the rights arising under law and you can exercise them at any time. These include the following:
4.1.1. The right of access to your personal data, according to which you have the right to know whether the controller is processing your personal data. The controller is obliged to provide this information without undue delay. The content of this information is determined by the provisions of Article 15 of the GDPR. The controller has the right to demand reasonable payment for the provision of this information not exceeding the costs necessary to provide the information;
4.1.2. The right to rectification or erasure of personal data, or to restrict processing, under which you have the right to have personal data that are inaccurate or incorrect rectified. If your personal data are no longer needed for the purposes for which they were collected, or if they are processed illegally, you have the right to request their erasure. If you do not want to request the erasure of your personal data but only to temporarily restrict their processing, you can request a processing restriction;
4.1.3. The right to an explanation if you suspect that the processing of personal data by the controller is in breach of the law;
4.1.4. The right to turn to the Office for Personal Data Protection if you have doubts about compliance with the obligations associated with the processing of personal data;
4.1.5. The right to data portability, i.e. the right to receive personal data concerning you that you have given the controller in a structured, commonly used and machine-readable format (Article 20 of the GDPR);
4.1.6. The right to object to the processing of personal data that are processed for the purpose of performing a task carried out in the public interest or in the exercise of official authority, or for the purpose of protecting the legitimate interests of the controller. The controller shall terminate the processing without undue delay unless it proves that there is a legitimate interest/reason for the processing that outweighs your interest, rights or freedoms;
4.1.7. The right to withdraw consent to the processing of personal data at any time, if you have given the controller consent to the processing of your personal data.
5. Cookies
5.1 Our Cookie storage policy is in a separate document.
6. Third country data transfer
6.1. Your personal data will not be transferred to third countries.
For more information, write to us at cermak@alfa-heat.cz.
In Brno on 22 April 2021