Privacy Policy

I. Protection of Personal Data

1.1 By submitting Personal data, the User confirms that they have been informed of the terms and conditions of personal data protection, that they consent to their contents, and that they accept them in its entirety.

1.2 The Provider is the controller of Users’ personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”). The Provider undertakes to process personal data in compliance with applicable legal regulations, in particular the GDPR.

1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.4 When placing an order, Users are required to provide personal data necessary for proper fulfilment of the order (name, address, contact details). The purpose of processing personal data is the performance of the User’s order and the exercise of rights and obligations arising from the contractual relationship between the Provider and the User. The further purpose of processing personal data is the dispatch of commercial communications and the carrying out of marketing activities. The lawful grounds for processing personal data are performance of a contract pursuant to Article 6(1)(b) GDPR, compliance with a legal obligation pursuant to Article 6(1)(c) GDPR, and the legitimate interests of the Provider pursuant to Article 6(1)(f) GDPR. The Provider’s legitimate interest consists in processing personal data for the purposes of direct marketing.

1.5 For the performance of the licence agreement, the Provider makes use of subcontractors, in particular mailing service providers (personal data may be stored in third countries) and webhosting providers. Subcontractors are vetted for secure processing of personal data. The Provider has concluded with the webhosting provider a data processing agreement under which the subcontractor bears responsibility for due protection of the physical, hardware, and software perimeter, and thus assumes direct liability towards the User for any breach or leakage of personal data.

1.6 The Provider shall retain Users’ personal data for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User, and for the enforcement of claims arising from such contractual relationships (for a period of 15 years following termination of the contractual relationship). Upon expiry of this period, the data shall be deleted.

1.7 The User has the right to request access to their personal data pursuant to Article 15 GDPR, rectification pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR. The User has the right to erasure pursuant to Article 17(1)(a) and (c)–(f) GDPR. Furthermore, the User has the right to object to processing pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR.

1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if they believe that their rights to personal data protection have been infringed.

1.9 The User is under no legal obligation to provide personal data. However, provision of personal data is a necessary requirement for entering into and performing the contract, and without such provision the contract cannot be concluded or performed by the Provider.

1.10 The Provider does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

1.11 Any person interested in using the Provider’s services, by completing the contact form:

consents to the use of their personal data for the purposes of electronic delivery of commercial communications, promotional materials, direct sales, market research, and direct product offers by the Provider and third parties, but not more frequently than once per week, and declares that the dispatch of information pursuant to Clause 1.11.1 shall not be deemed unsolicited advertising within the meaning of Act No. 40/1995 Coll., as amended, since the User expressly consents to such dispatch pursuant to Section 7 of Act No. 480/2004 Coll.
The consent referred to in this paragraph may be withdrawn by the User at any time in writing at email adress kancelar@akzrp.cz
1.12 For the purpose of improving service quality, personalising offers, collecting anonymous data, and for analytical purposes, the Provider employs so-called cookies within its online presentation. By using the website, the User consents to the use of this technology.

II. Rights and Obligations Between Controller and Processor (Data Processing Agreement)

2.1 In relation to personal data of clients of the Users, the Provider acts as processorpursuant to Article 28 GDPR. The User acts as controller of such data.

2.2 These terms govern the mutual rights and obligations in connection with the
processing of personal data to which the Provider gains access in the course of
performing the licence agreement concluded by acceptance of the general terms and
conditions at www.akzrp.cz (the “Licence Agreement”), concluded with the User at
the time of establishment of the User account.

2.3 The Provider undertakes to process personal data for the User to the extent and for the purposes set forth in Articles 2.4–2.7 hereof. Processing shall be carried out by automated means. In the course of processing, the Provider shall collect, record, store, block, and delete personal data. The Provider shall not process personal data in conflict with or beyond the scope defined by these terms.

2.4 The Provider undertakes to process for the User:

ordinary personal data,
special categories of data within the meaning of Article 9 GDPR, which the User has obtained in connection with its business activities.

2.5 The Provider undertakes to process personal data for the User for the purpose of handling client requests and inquiries obtained via the contact form.

2.6 Personal data may only be processed at the Provider’s or its subcontractors’ premises pursuant to Article 2.8 hereof, and solely within the territory of the European Union.

2.7 The Provider undertakes to process personal data of the User’s clients for the User for the period necessary for the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and the enforcement of claims arising therefrom (for a period of 15 years following termination of the contractual relationship).

2.8 The User grants authorisation for the engagement of a subcontractor as an additional processor pursuant to Article 28(2) GDPR, namely the provider of application hosting services. The User further grants the Provider a general authorisation to engage additional processors of personal data, provided that the Provider must inform the User in writing of any intended changes concerning the engagement or replacement of processors and provide the User with an opportunity to object. The Provider shall impose upon its subcontractors, acting as processors, the same personal data protection obligations as are set out in these terms.

2.9 The Provider undertakes to secure the processing of personal data in particular by means of the following:

Personal data shall be processed in accordance with legal regulations and on the basis of the User’s instructions, namely for the performance of all activities necessary for the provision of the web platform.

The Provider undertakes to ensure technical and organisational protection of processed personal data so as to prevent unauthorised or accidental access, alteration, destruction, loss, unauthorised transfers, or other unauthorised processing or misuse, and to ensure continuous fulfilment of all statutory obligations of a processor.

The technical and organisational measures adopted correspond to the level of risk, ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and enabling the timely restoration of personal data availability and access in the event of physical or technical incidents.

The Provider declares that personal data protection is subject to the Provider’s internal security regulations.

Access to personal data shall be granted only to authorised persons of the Provider and subcontractors pursuant to Article 2.8 hereof, who shall be designated by the Provider and whose processing scope shall be defined; each such person shall access personal data under a unique identifier.

Authorised persons of the Provider processing personal data under these terms are obliged to maintain confidentiality regarding personal data and security measures, disclosure of which could jeopardise their protection. The Provider shall ensure that such persons are demonstrably bound by this obligation, which shall survive termination of their employment or other relationship with the Provider.

The Provider shall assist the User by appropriate technical and organisational measures, insofar as possible, in fulfilling the User’s obligation to respond to requests for the exercise of data subjects’ rights under the GDPR, and likewise in ensuring compliance with obligations pursuant to Articles 32 to 36 GDPR, taking into account the nature of processing and the information available to the Provider.

Upon termination of the provision of services associated with processing pursuant to Article 2.7 hereof, the Provider shall delete all personal data or return them to the User, unless there is a statutory obligation to retain them.

The Provider shall provide the User with all information necessary to demonstrate compliance with the obligations under this agreement and the GDPR, and shall allow audits, including inspections, conducted by the User or an auditor appointed by the User.

2.10 The User undertakes to promptly notify the Provider of any circumstances known to the User which may adversely affect the proper and timely fulfilment of obligations under these terms, and to provide the Provider with the necessary cooperation for such fulfilment.

III. Final Provisions

3.1 These terms shall cease to be valid upon expiry of the periods specified in Article 1.6 and Article 2.7 hereof.

3.2 The User consents to these terms by checking the consent box through the online form. By doing so, the User confirms that they have read these terms, that they consent to them, and that they accept them in their entirety.

3.3 The Provider is entitled to amend these terms. The Provider is obliged to publish the new version of the terms on its website without undue delay, or to send it to the User’s e-mail address.

3.4 The Provider’s contact details for matters relating to these terms: +420 734 202 527, kancelar@akzrp.cz

3.5 Legal relations not expressly governed by these terms shall be subject to the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.

These terms shall take effect on 12 February 2024.