PRINCIPLES OF PERSONAL DATA PROTECTION
We are aware that our customers, visitors, users and others who visit our website (hereinafter collectively referred to as “Users”) appreciate their privacy. This document, therefore, contains important information regarding the rules that we follow when processing personal data.
All processing of personal data performed on our part is fully compliant with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“).
BASIC INFORMATION
Identification and contact details of the Provider:
| Name: | Zaitra s.r.o. |
| Company Registration Number: | 08908508 |
| Address: | Plynárenská 499/1, 602 00 Brno, Česká republika |
| Contact Email: | info@zaitra.io |
| Contact Phone: | +420 603 360 655 |
(hereinafter also referred to as the “Provider“)
Data Protection Officer
The Provider has not appointed a Data Protection Officer as it is not a mandatory requirement under Article 37 of the GDPR.
Transfer of Personal Data to a Third Countries or an International Organisations
The Provider does not transfer personal data to third countries or to international organizations within the meaning of Article 44 and subsequent articles of the GDPR.
Automated Individual Decision-Making and Profiling
The Provider does not engage in profiling or automated individual decision-making.
Supervisory Authority
The Supervisory Authority at the Provider’s registered office is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), with its address at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic; e-mail: posta@uoou.cz, phone: 234 665 125.
Position of the Provider
The Provider acts as both a Data Controller and a Data Processor for personal data.
PROVIDER AS DATA CONTROLLER
The Provider acts as a Data Controller in relation to the personal data of the following individuals: customers, clients, website visitors, partners and suppliers.
Types of Personal Data Processed, Purpose, and Legal Basis
Website visit. The Provider processes the data obtained from individuals who visit their website. When visiting the website, the Provider collects and processes the following types of personal data, which are stored: IP address. Additionally, the Provider processes the following data: browser type and language, server requests (including timestamps), and referring URLs. These data are necessary for the proper display of the website and may also be used, as needed, to maintain the website’s secure operation and for other purposes described in this Privacy Policy. The processing of this personal data is based on the Provider’s legitimate interest or the user’s consent. Information about cookies is provided below.
The Provider processes the following personal data for the purpose of fulfilling contracts (including contract conclusion, communication with customers), taking pre-contractual measures (pre-contractual negotiations), or fulfilling legal obligations (including accounting, invoicing, and tax document management): Name and surname, phone number, email, and CV.
The Provider obtains these Personal Data directly from the User when concluding a contract and informs them of the personal data required for contract fulfillment.
The principle of data minimisation is respected by requesting only information that the Provider necessarily needs to enter a contract or fulfil contractual obligations or for which the Provider has a legal obligation. Providing additional Personal Data is voluntary.
Should the Provider intend to process personal data other than specified in this article, or for different purposes, the Provider can only do so with valid consent given for the processing of Personal Data. Consent for the processing of Personal Data must be given on a separate document.
Information on the processing of Personal Data of the Provider’s employees is provided in a separate internal regulation.
Sensitive Personal Data
The Provider, as the Personal Data Controller, does not process Personal Data belonging to special categories of personal data according to Article 9 of the GDPR.
Data Retention Period
Personal data is processed only for as long as there is a legal basis for their retention, after which the data is promptly deleted.
Personal data processed for obligations arising from special legal are processed for the duration specified by the relevant legal regulations. This includes, for example, statutory data retention or documentation requirements. These obligations may relate to the retention of data based on civil law, commercial law, or tax regulations. Once the obligation to retain the data expires, the personal data will be promptly deleted.
Other personal data is processed for the period necessary to exercise rights and obligations arising from contractual relationships and enforce claims related to these contractual relationships (up to 1 year after the termination of the contractual relationship).
PROVIDER AS DATA PROCESSOR
The Provider acts as a data processor for personal data on behalf of other data controllers.
The Data Controllers are required to comply with all data protection rules set out by the GDPR and other legal regulations governing this matter. The Provider does not bear any responsibility for the data controllers’ violations of data protection rules.
Types of Personal Data Processed and Purpose
The Provider processes the following personal data: Name, surname, date of birth, address, phone number, email, and IP address.
The purpose of processing is: To process data for the data controller’s specified purposes.
If the Provider becomes a data processor of Personal Data belonging to special categories of data, the User is responsible for the legality of obtaining such data and handling them in accordance with the GDPR and national legislation. The Provider reserves the right to remove such Personal Data from its servers in case of non-compliance with the conditions for processing of special categories of Personal Data. Before deleting Personal Data, the Provider will contact the User to request remediation.
Data Retention Period
The Provider processes personal data for the duration of the contractual relationship with the User. After the termination of the contractual relationship, all data will be deleted within 1 year. Users are entitled to request the deletion of data at any time during the contractual relationship. If the Provider receives a request from the User for data deletion, the Provider will delete all data without unnecessary delay.
RECIPIENTS OF PERSONAL DATA
The Provider does not disclose Personal Data to any other Data Controllers.
The Provider does not disclose Personal Data to any other Data Processors.
METHODS OF DATA SECURITY
To ensure the User’s data is protected against unauthorized or accidental access, the Provider implements appropriate technical and organizational measures.
If servers are hosted in a data centre operated by a third party, the Provider ensures that similar technical and organisational measures are implemented by that third party.
All data is stored only on servers located within the European Union or in countries that provide a level of data protection equivalent to the protection provided by the laws of the Czech Republic.
The Provider employs the following procedures for data security:
- Technical measures: The application of technologies that prevent unauthorized access by third parties to the User’s data, including the use of firewalls and encryption to maximize protection.
- A ccess control: Access to areas with a high concentration of personal data processing is protected by electronic security systems.
- Organizational measures: The establishment of a set of rules governing employee behavior, which are incorporated into the Provider’s internal regulations deemed confidential for security reasons. These procedures are based on minimizing the number of individuals who have access to personal data and the ability to handle such data.
RIGHTS OF USERS
Every User has the following rights:
- Right to Access Personal Data: The User has the right to obtain confirmation from the Provider whether personal data concerning them is being processed and, if so, the right to access such personal data and the following information: a) purpose of processing; b) categories of personal data involved; c) recipients to whom personal data have been or will be disclosed; d) planned retention period for the personal data;e) the right to request Controller to correct or delete personal data or restriction of processing; f) the right to submit a complaint at the Supervisory authority; g) all available information on the source of personal data if not obtained from the User; h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to receive a copy of the processed personal data.
- Right to Rectification of Personal Data: The User has the right to request the Provider to correct inaccurate personal data related to the User, without undue delay, or to supplement incomplete personal data.
- Right to Erasure of Personal Data: The User has the right to have the Provider erase personal data concerning them without undue delay if: a) the personal data is no longer necessary for the purposes for which they were collected or otherwise processed; b) the User withdraws consent, and there is no other legal basis for the processing; c) the User objects to the processing, and there are no overriding legitimate grounds for the processing; d) the personal data has been unlawfully processed; e) the personal data must be erased to comply with a legal obligation under EU or Member State law; f) the personal data has been collected in relation to the offer of information society services. However, the right to erasure does not apply if the processing is necessary for compliance with legal obligations, the establishment, exercise, or defense of legal claims, and other cases provided by the GDPR.
- Right to Restriction of Processing: The User has the right to obtain from the Provider restriction of processing in any of the following cases: a) the accuracy of the personal data is contested by the User, for a period enabling the Provider to verify the accuracy of the personal data; b) the processing is unlawful, and the User opposes the erasure of personal data and requests the restriction of their use instead; c) the Provider no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise, or defense of legal claims; d) the User has objected to processing pending the verification whether the legitimate grounds of the Provider override those of the User.
- Right to Object to Processing: The User has the right to object to the processing of personal data concerning them at any time on grounds relating to their particular situation if the processing is based on legitimate interests. In such cases, the Provider will no longer process the personal data unless the Provider demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the User, or for the establishment, exercise, or defense of legal claims.
- Right to Data Transferability: The User has the right to receive personal data concerning them, which they have provided to the Provider, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller where: a) the processing is based on consent, and b) the processing is carried out automatically. When exercising their right to data transferability, the User has the right to have personal data transmitted directly from one data controller to another if technically feasible.
- Right to Lodge a Complaint with the Supervisory Authority: If the User believes that the Provider is processing their personal data unlawfully, they have the right to lodge a complaint with the supervisory authority. The contact details of the supervisory authority are provided above.
- Right to Information about Rectification, Erasure, or Restriction of Processing: The Provider is obligated to inform individual recipients to whom personal data has been disclosed about any rectification, erasure, or restriction of processing, except where this proves impossible or involves disproportionate effort. If requested by the User, the Provider will inform them about these recipients.
- Right to Be Informed about Data Breach: If a data breach is likely to result in a high risk to the rights and freedoms of individuals, the Provider is obligated to notify the User of the breach without undue delay.
- Right to Withdraw Consent: If processing of some personal data is not based on the User’s consent, the User has the right to withdraw their consent at any time by sending a written withdrawal of consent to the email address: info@zaitra.io.
COOKIES
The Provider uses cookies, which are small text files that identify users of the Provider’s website and record their activities.
The text in cookies is often composed of a series of numbers and letters that uniquely identify a user’s computer, but do not provide any specific personal data about the user. A cookie typically contains the domain name from which it was sent, information about its age, and an alphanumeric identifier.
The Provider’s website automatically identifies the user’s IP address. All this information is recorded in the server’s activity file, allowing subsequent data processing. The Provider also records browser requests, request times, status, and the amount of data transferred during each request. It also collects information about the user’s browser and computer operating system, including their versions. Additionally, the Provider logs the websites from which the user accessed the Provider’s website. The user’s IP address is stored only for the duration of their website use and subsequently for a necessary period. After this period, the IP address is deleted or anonymized by shortening it.
TYPES OF COOKIES AND SIMILAR TECHNOLOGIES
Technical cookies and similar technologies: For the purpose of its legitimate interest, the Provider uses technically necessary cookies, which are essential for the operation and functionality of the website. These may be either persistent or session cookies. Persistent cookies remain on the hard drive even after the browser is closed. The browser can use persistent cookies during subsequent visits to the Provider’s website. Users can delete persistent cookies. Session cookies, are temporary and are deleted once the browser is closed. The Provider uses this data to operate the website, including identifying and resolving errors, determining website usage, and making adjustments or improvements. These purposes fall under the Provider’s legitimate interest in data processing according to Article 6(1)(f) of the GDPR.
Users can configure their browsers to block these cookies. However, the Provider advises that blocking these cookies may result in some parts of the website not functioning properly.
Similarly, and for the same reasons, the Provider utilizes WebStorage, as listed in the table below.
WITH USER CONSENT, THE PROVIDER USES ADDITIONAL COOKIES:
Analytical cookies and similar technologies: These cookies help the Provider analyze how users use the website. They may be used, for example, to measure and improve the website’s performance. Analytical cookies allow the Provider to determine how users accessed the website, whether directly, through a search engine, or via a social media link. Furthermore, the Provider can ascertain the duration of user visits and which links they clicked on.
These cookies are set on the user’s device only if they give consent during their initial visit to the website (pursuant to Article 6 (1) (a) of the GDPR). Analytical cookies can be rejected at any time by making changes in the Detailed Cookie Settings
Similarly, and for the same reasons, the Provider utilizes WebStorage, as listed in the table below.
Advertising cookies and similar technologies: Advertising cookies enable the display of advertisements based on user preferences. They may be used, for example, to create a user interest profile and display relevant ads to the user.
These cookies are set on the user’s device only if they give consent during their initial visit to the website (pursuant to Article 6 (1) (a) of the GDPR). Advertising cookies can be rejected at any time by making changes in the Detailed Cookie Settings. If the user does not give consent, they will not receive content and advertisements tailored to their interests.
Similarly, and for the same reasons, the Provider utilizes WebStorage, as listed in the table below., příp. and any other cookies or similar technologies listed in the table.
To obtain and manage user consent, the Provider uses the CookiesLišta.cz platform provided by Soft Evolution s.r.o., ID: 46982230, Martinice 100, 594 01 Velké Meziříčí. The platform collects information about the device, browser information, anonymized IP address, date and time of visit, requested URL addresses, website path, and geographic location. This enables informing the user about the Provider’s web environment and obtaining, managing, and documenting their consent. The legal basis for data processing is Article 6(1)(c) of the GDPR, as the Provider is legally required to provide evidence of consent in accordance with Article 7(1) of the GDPR. The data will be deleted once they are no longer needed for logging purposes and there are no legal requirements for retention. Further information on the protection of personal data by the platform provider can be found at: https://www.cookieslista.cz.
The Provider’s website may also contain third-party cookies. The Provider uses the following cookies:
| Processor | Cookies identification | Personal Data | Purpose | Legal Basis | Processing Duration |
| Technical Cookies / Similar Technologies | |||||
| Zaitra s.r.o. | dcb_dsv | no | Version of the consent for processing cookies | legitimate interest | local repository / 365 days |
| Zaitra s.r.o. | dcb_config | no | Cookie consent configuration | legitimate interest | local repository / 365 days |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | cookiePreferences | no | Registers user’s cookies preferences. | user’s consent | 2 years |
| Analytical Cookies / Similar Technologies | |||||
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga | no | ID used to identify users | user’s consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga_ | no | ID used to identify users | user’s consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gid | no | ID used to identify users for 24 hours after the last activity | user’s consent | 24 hours |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat | no | Used to monitor the number of Google Analytics server requirements when using Google Brand Administrator | user’s consent | 1 minute |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _dc_gtm_ | no | Used to monitor the number of requirements of Google Analytics server | user’s consent | 1 minute |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | AMP_TOKEN | no | Contains token code that is used to upload the client’s ID from the AMP Client ID service. | user’s consent | 30 seconds to 1 year |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat_gtag_ | no | Used to set and retrieve tracking data | user’s consent | 1 hour |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gac_ | no | Contains information related to user’s marketing campaigns, shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked | user’s consent | 90 days |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utma | no | ID used to identify users and sessions | user’s consent | 2 years after the last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmt | no | Used to track the number of server requests in Google Analytics | user’s consent | 10 minutes |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmb | no | Used to distinguish new sessions and visits. This cookie is set when a library of javascript GA.js is uploaded and there is no existing cookie __utmb. The cookie is updated every time data is sent to Google Analytics server. | user’s consent | 30 minutes after the last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmc | no | Only used with old Urchin Google Analytics versions, not GA.js. It serves to distinguish between new sessions and visits at the end of the session. | user’s consent | Session end (browser) |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmz | no | Contains information about the traffic source or campaign that directed the user to the website. Set when the GA.js javascript is loaded and updated when data is sent to the Google Analytics server. | user’s consent | 6 months after the last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmv | no | Custom information for web developers is received through the _setCustomVar method in Google Analytics. The cookie contains new updates and messages on the Google Analytics server. | user’s consent | 2 years after the last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmx | no | Used to determine if the user is included in an A/B or multivariate test. | user’s consent | 18 months |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmxx | no | Used to determine when an A/B or multivariate test the user participates in ends. | user’s consent | 18 months |
COOKIE SETTINGS IN BROWSERS
Most web browsers accept cookies automatically. However, it is possible to use controls that allow blocking or removing them.
Instructions on how to block or remove cookies in browsers can usually be found in the privacy policies or documentation of each browser’s help section.
SOCIAL NETWORKS
The Provider is present on social networks to communicate with customers, interested parties, and users who are logged in there, and to inform them about its offerings.
The Provider warns that users use these platforms and their features at their own risk. This particularly applies to the use of interactive features (e.g., commenting, sharing, rating). The Provider assumes no responsibility for the handling of this personal data and warns that personal data may be processed outside the European Union territory.
FINAL PROVISIONS
The Provider will update these Privacy policies whenever there is any change. The current version of the Privacy Policy will always be available on the Provider’s website. If there is a significant change in the handling of personal data in this Privacy Policy, the Provider will inform Users by visibly publishing the relevant notification before implementing such changes.
Last update: 28th July 2023.
Contact
