Who is controller?
We are the company BrnoLogic, spol. s r. o., ID 119 00 865, with its registered office at Božetěchova 1/2 612 00 Brno, registered in the Commercial Register kept by the Regional Court in Brno file number C 125277 (hereinafter referred to as “Provider“). We operate the following websites:
We process your personal data as a Controller, i.e. we determine how personal data ar processed, for what purpose and how long, and we also select processors who assist us with the processing.
We have not appointed a data protection officer as we are not an obliged person according to GDPR.
The supervisory authority in the place of our company’s registered office is Úřad pro ochranu osobních údajů, located at Pplk. Sochora 27, 170 00 Prague 7, e-mail: firstname.lastname@example.org, tel.: +420 234 665 125.
We declare that, as the controller of your personal data, we comply with all legal obligations required by applicable legislation, in particular the Act on the Processing of Personal Data and the GDPR, and therefore that:
- we will process your personal data only on the basis of a valid legal title, in particular a legitimate interest, performance of a contract, legal obligation (statutory) or consent granted,
- we fulfill the information obligation according to Article 13 of the GDPR even before the processing of personal data begins,
- we enable and support you to exercise your rights under the Act on the Processing of Personal Data and the GDPR.
Purpose, scope and legal title of personal data processing
We act as a data controller in relation to personal data of:
- our customers (if they are natural persons) or their representatives,
- our suppliers (if they are natural persons) or their representatives,
- users of our websites.
We process personal data you entrust to us by yourself for the following reasons (to fulfill these purposes):
Purpose of processing and categories of personal data:
For the purpose of performance of the contract (in particular, conclusion of the contract, communication with the customer), or for the implementation of measures taken before the conclusion of the contract (pre-contractual negotiations), we process in particular: name, surname, residence/business address, billing address, ID number/tax identification number, name and surname of the contact person, e-mail, telephone.
For the purpose of fulfilling legal obligations (in particular, accounting, issuing and recording of tax documents), we process in particular: name, surname, residence/business address, ID number/tax identification number.
We obtain personal data directly from customers when concluding a contract, therefore we always inform which of the personal data must be provided to us for the purpose of contract performance.
The principle of data minimization is respected by the fact, that we only request information that we really need to conclude a contract, to fulfill our contractual obligations or that we are legally obliged to dispose of. The provision of other personal data is voluntary.
Newsletter: We may send commercial communications – newsletters – to e-mail addresses of our customers due to legitimate interest. We can send newsletters to other persons only on the basis of their consent. The sending of newsletters can be cancelled at any time.
Duration of processing of personal data: We process personal data for the duration of the contractual relationship with the customer and subsequently for a period of 10 years from the termination of the contractual relationship. We process personal data necessary for the performance of obligations arising from special legal regulations for the period specified in these legal regulations. If it is necessary to use personal data to protect our legitimate interests, we process personal data for the period necessary to exercise these rights. If personal data are processed on the basis of consent, we only process them for the period for which consent is given.
Purpose of processing and categories of personal data:
For the purpose of performance of the contract (in particular, conclusion of the contract, communication with the supplier), or for the implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations), we process in particular: name, surname, place of residence/business address, billing address, ID number/tax identification number, name and surname of the contact person, e-mail, telephone.
For the purpose of fulfilling legal obligations (in particular, accounting, issuing and recording tax documents), we process in particular: name, surname, residence/business address, ID number/tax identification number.
Period of processing of personal data: we process personal data for the duration of the contractual relationship with the supplier and subsequently for 10 years after the termination of the contractual relationship. We process personal data necessary for the performance of obligations arising from special legal regulations for the period of time specified in these legal regulations. If it is necessary to use personal data to protect our legitimate interests, we process personal data for the time necessary to exercise these rights. If personal data are processed on the basis of consent, we only process them for the period for which consent is given.
Purpose of processing and categories of personal data:
In the event that we intend to process other personal data, or process them for other purposes, we may only do so on the basis of your consent to process your personal data, which you give us in a separate document.
We do not process any personal data that can be classified as belonging to a special category (so-called sensitive data) within the meaning of Article 9 GDPR. We also do not process personal data relating to criminal convictions and criminal offences within the meaning of Article 10 GDPR.
Information on the processing of employees’ personal data is provided in a separate internal company regulation.
We retain your personal data for the duration of the statute of limitations, unless the law stipulates a longer period for their retention or we have not stated otherwise in specific cases.
Security and protection of personal data
We protect personal data to the maximum possible extent by using modern technologies that correspond to the level of technical development. We protect them as if they are our own. We have taken and we maintain all possible (currently known) technical and organizational measures to prevent the misuse, damage or destruction of your personal data.
Technical measures consist of the application of technologies that prevent unauthorised access to data by third parties, in particular the use of firewalls, anti-virus programs, etc. For maximum protection, we use data encryption. Access to areas with a high concentration of personal data processing is protected by electronic security systems.
The organisational measures constitute a set of rules of conduct for our employees that are incorporated in our internal regulations which we consider confidential. The procedures are based solely on the “need to know” principle, which limits the number of people who have access to and the ability to handle personal data. The access to, as well as handling of, personal data by all employees is monitored.
All data are located only on servers located in the European Union or in countries that ensure protection of personal data in a manner equivalent to the protection provided by the legislation of the Czech Republic.
Transfer of personal data to third parties
Access to your personal data have our employees and co-workers, who are bound by confidentiality and are trained in the security of personal data processing. We handle most processing operations ourselves and do not need third parties. In order to ensure some specific processing operations that we are unable to ensure on our own, we use the services and applications of processors who specialize in the given processing and comply with the GDPR:
- Google Analytics – website traffic statistics Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Meta Platforms –tools for marketingMeta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irsko
- MailChimp – tool for bulk email distribution
The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
It is possible that we will decide to use other applications or processors to facilitate and improve the quality of processing. However, we promise you that in such a case we will place at least the same requirements on the processors in terms of security and quality of processing as we place on ourselves.
The processing of personal data may only be carried out by processors on the basis of a agreement on the processing of personal data, i.e. with guarantees for the organisational and technical security of the data, specifying the purpose of the processing, and the processors may not use the data for other purposes.
Under certain conditions, personal data may be made available to public authorities (courts, police, notaries, tax authorities, etc., in the exercise of their legal powers) or may be provided to other entities to the extent provided for by a special law.
Transfer of data outside the European Union
When we transfer your personal data to countries outside the European Union, we always ensure compliance with Article 44 et seq. of the GDPR and we require data processors to comply with these provisions. We will only transfer data to countries outside the European Union that are able to ensure the level of protection that complies with the GDPR.
We do not transfer personal data to third countries or international organizations, except for the data processor The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, which operates the MailChimp – tool for sending bulk emails. This processor ensures an appropriate level of security of personal data that complies with the GDPR, see https://mailchimp.com/gdpr/. In addition, the processor is a certified company under the Data Privacy Framework.
Your rights regarding personal data protection
You have a number of rights regarding the protection of personal data. If you would like to exercise any of these rights, please contact us via email: email@example.com. The exercise of these rights is subject to certain exceptions and therefore may not be applicable in all situations.
As a data subject, you have:
- Right of access to personal data (Article 15 GDPR): You have the right to obtain confirmation from us as to whether or not your personal data is being processed. If your personal data is processed by us, you have the right to access these personal data and the information referred to in Article 15 GDPR. You also have the right to obtain a copy of the personal data processed. We may charge you a reasonable fee for further copies, taking into account the administrative costs.
- Right to rectification of personal data (Article 16 GDPR): You have the right to have us correct your inaccurate personal data or complete incomplete personal data without undue delay.
- Right to deletion of personal data (Article 17 GDPR): You have the right to have your personal data deleted without undue delay in the cases set out in Article 17 GDPR. The right to deletion does not apply if the processing is necessary for compliance with legal obligations, for the establishment, exercise or defence of legal claims and in other cases provided for in the GDPR.
- Right to restriction of processing (Article 18 GDPR): You have the right to have us restrict processing in any of the following cases: (a) you contest the accuracy of the personal data, for the time necessary for us to verify the accuracy of the personal data; (b) the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of their use; (c) we no longer need the personal data for the purposes of the processing but you require it for the establishment, exercise or defence of legal claims; (d) you object to the processing; until it is verified that our legitimate grounds outweigh your legitimate interests.
- Right to information regarding rectification or deletion of personal data or restriction of processing (Article 19 GDPR): We are obliged to notify individual recipients to whom personal data have been disclosed of any rectification or deletion of personal data or restriction of processing, except where this proves impossible or requires disproportionate effort. If you request it, we will inform you of these recipients.
- Right to data portability (Article 20 GDPR): If technically feasible, you have the right to obtain your personal data and transfer them to another controller.
- Right not to be subject to automated individual decision-making, including profiling (Article 22 GDPR): We do not carry out automated individual decision-making or profiling within the meaning of Article 22 GDPR when processing personal data.
- Right to be informed in the event of a personal data breach (Article 33 GDPR): If a particular personal data breach is likely to result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay.
- Right to lodge a complaint with the supervisory authority: If you believe that we are not processing your personal data in a lawful manner, you have the right to lodge a complaint with the supervisory authority whose contact details are listed above. We would be glad if you contact us first. We will do everything in our power to rectify the defective situation and process your personal data in a lawful manner.
- Right to object to processing (Article 21 par.1 GDPR): You have the right to object at any time to the processing of your personal data that we process on the grounds of legitimate interest. In this case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.
- Right to withdraw consent to the processing of personal data: If we process any of your personal data on the basis of consent, you have the right to withdraw your consent to the processing of your personal data at any time in writing by sending a letter of disagreement to the contact email address. Withdrawal of consent does not affect the processing of personal data in cases where consent is not required.
Sending newsletters and commercial communications
When sending commercial communications, we comply with Act No. 480/2004 Coll., on certain information society services, as amended. You can cancel the sending of commercial communications by using the unsubscribe link in each e-mail sent.
- Right to object to processing of personal data for direct marketing purposes (Article 21 par.2 GDPR): If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. In this case, we will no longer process your personal data.
We would like to assure you that our employees and associates who will process your personal data are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would compromise the security of your personal data. At the same time, this confidentiality persists even after the end of our contractual relations with us. Your personal data will not be disclosed to any other third party without your consent, unless otherwise stated above.