Join our team
CS EN

PRIVACY POLICY

1. PERSONAL DATA PROTECTION

1.1 By submitting a query using the online contact form, the user confirms that he/she is familiar with the Privacy Policy, agrees with its wording and accepts it in its entirety.

1.2 The Provider is the controller of the user's personal data pursuant to Art. 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"). The Provider undertakes to process personal data in accordance with the law, in particular the GDPR.

1.3 Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.4 When submitting a query using the online contact form, the personal data required for successful order completion is requested (name and address, contact details). The purpose of processing personal data is to process the user's order and to fulfill the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is also to send business communications and carry out other marketing activities. The legal basis for processing personal data is the performance of a contract under Art. 6(1)(b) GDPR, the fulfillment of a legal obligation of the controller under Art. 6(1)(c) GDPR and the legitimate interest of the Provider under Art. 6(1)(f) GDPR. The Provider's legitimate interest is the processing of personal data for direct marketing purposes.

1.5 The Provider uses the services of subcontractors to fulfill its contractual obligations, in particular mailing service providers (personal data is stored in third countries) and web hosting providers. Subcontractors are vetted for the secure processing of personal data. The Provider and the web hosting provider have entered into a personal data processing agreement under which the subcontractor is responsible for properly securing the physical, hardware and software perimeter and thus bears direct responsibility to the user for any leakage or breach of personal data.

1.6 The Provider stores the user's personal data for the period necessary to perform the rights and obligations arising from the contractual relationship between the Provider and the User and to assert claims from these contractual relationships (for 15 years after the termination of the contractual relationship). After this period, the data will be erased.

1.7 The User has the right to request from the Provider access to his/her personal data pursuant to Art. 15 GDPR, rectification of personal data pursuant to Art. 16 GDPR or restriction of processing pursuant to Art. 18 GDPR. The User has the right to erasure of personal data pursuant to Art. 17(1)(a), (c) to (f) GDPR. Furthermore, the User has the right to object to processing pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR.

1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if he/she believes that his/her right to protection of personal data has been violated.

1.9 The User is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract and without the provision of personal data it is not possible to conclude the contract or fulfill it by the Provider.

1.10 The Provider does not engage in automated individual decision-making within the meaning of Art. 22 GDPR.

1.11 A person interested in using the Provider's services by filling in the contact form:
1. agrees to the use of his/her personal data for the purpose of sending electronic business communications, advertising materials, direct sales, market research and direct offers of products by the Provider and third parties, but not more often than once a week, and at the same time
2. declares that he/she does not consider the sending of information under point 1.11.1 to be unsolicited advertising within the meaning of Act No. 40/1995 Sb., as amended, as the user expressly agrees to the sending of information under point 1.11.1 in conjunction with § 7 of Act No. 480/2004 Sb.
3. The User may withdraw this consent in writing at any time to info@industrix.cz.

2 RIGHTS AND OBLIGATIONS BETWEEN THE CONTROLLER AND THE PROCESSOR (PROCESSOR AGREEMENT)

2.1 The Provider shall act as a processor of the User's clients' personal data pursuant to Art. 28 GDPR. The User shall be the controller of such data.

2.2 These Terms and Conditions govern the mutual rights and obligations regarding the processing of personal data to which the Provider has gained access in the course of fulfilling the contract concluded with the User.

2.3 The Provider undertakes to process personal data for the User to the extent and for the purposes specified in Articles 2.4 - 2.7 of these Terms and Conditions. The processing means shall be automated. The Provider shall, within the framework of processing, collect personal data, store it on data carriers, keep it, block it and dispose of it. The Provider is not authorized to process personal data in a manner contrary to or in excess of that specified in these Terms and Conditions.

2.4 The Provider undertakes to process personal data for the User in the following scope:
a) common personal data, b) special categories of data pursuant to Art. 9 GDPR,

2.5 which the User has obtained in connection with its own business activities.

2.6 The Provider undertakes to process personal data for the User for the purpose of fulfilling the User's order and fulfilling the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is further to send business communications and carry out other marketing activities. The legal basis for processing personal data is the performance of a contract under Art. 6(1)(b) GDPR, the fulfillment of a legal obligation of the controller under Art. 6(1)(c) GDPR and the legitimate interest of the Provider under Art. 6(1)(f) GDPR. The Provider's legitimate interest is the processing of personal data for direct marketing purposes.

2.7 Personal data may be processed only at the premises of the Provider or its subcontractors pursuant to Art. 2.8 of these Terms and Conditions, i.e. within the territory of the European Union.

2.8 The Provider undertakes to process personal data of the User's clients for the User, all for the period necessary for the performance of the rights and obligations arising from the contractual relationship between the Provider and the User and for the assertion of claims from these contractual relationships (for 15 years after the termination of the contractual relationship).

2.9 The User grants permission for the involvement of a subcontractor as another processor pursuant to Art. 28(2) GDPR, which is the web hosting provider. The User further grants the Provider a general permission to involve another processor of personal data in the processing, however the Provider must inform the User in writing of all intended changes regarding the acceptance of further processors or their replacement and provide the User with the possibility of objecting to such changes. The Provider must impose on its subcontractors in the position of processors of personal data the same obligations for the protection of personal data as are set out in these Terms and Conditions.

2.10. The Provider undertakes that the processing of personal data will be secured in particular by the following means:
• Personal data shall be processed in accordance with the law and on the basis of the User's instructions, i.e. for the performance of all activities necessary for the provision of marketing services to INDUSTRIX.
• The Provider undertakes to implement technical and organizational measures to protect the processed personal data in such a way that unauthorized or accidental access to the data, its alteration, destruction or loss, unauthorized transfers, its other unauthorized processing, as well as other misuse, and to ensure that all obligations of the processor of personal data arising from the law are permanently secured in terms of personnel and organization during the processing of the data.
• The technical and organizational measures taken shall be proportionate to the risk. The Provider shall use them to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and to restore the availability and access to personal data in a timely manner in the event of physical or technical incidents.
• The Provider hereby declares that the protection of personal data is subject to the Provider's internal security regulations.
• Only authorized persons of the Provider and subcontractors under Art. 2.8 of these Terms and Conditions, who will have the conditions and scope of data processing specified by the Provider, shall have access to personal data, and each such person shall access personal data under its unique identifier.
• Authorized persons of the Provider who process personal data in accordance with these Terms and Conditions are obliged to keep confidential the personal data and security measures the disclosure of which would jeopardize their security. The Provider shall ensure that they are demonstrably bound by this obligation. The Provider shall ensure that this obligation shall continue to apply to both the Provider and authorized persons even after the termination of their employment or other relationship with the Provider.
• The Provider shall assist the User, by appropriate technical and organizational measures, insofar as this is possible, in fulfilling the User's obligation to respond to requests for the exercise of the data subject's rights under the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information that is available to the Provider. • After the termination of the provision of the service connected with the processing, in accordance with Art. 2.7 of these Terms and Conditions, the Provider shall be obliged to erase all personal data or return it to the User, unless it is obliged to store personal data on the basis of a special law.
• The Provider shall provide the User with all information necessary to demonstrate that the obligations under this contract and the GDPR have been fulfilled, and shall allow audits, including inspections, carried out by the User or another auditor authorized by the User.

2.11 The User undertakes to immediately report to the Provider all facts known to him/her which could adversely affect the proper and timely fulfillment of obligations arising from these Terms and Conditions and to provide the Provider with the necessary cooperation for the fulfillment of these Terms and Conditions.

3. FINAL PROVISIONS

3.1 These Terms and Conditions shall expire upon the expiry of the period specified in Articles 1.6 and 2.7 of these Terms and Conditions.

3.2 The User agrees to these Terms and Conditions by checking the consent box on the online form. By checking the consent box, the User expresses that he/she has read these Terms and Conditions, that he/she agrees with them and that he/she accepts them in their entirety.

3.3 The Provider is entitled to change these Terms and Conditions. The Provider is obliged to publish the new version of the Terms and Conditions on its website without undue delay or to send the new version to the User at his/her e-mail address.

3.4 Contact details of the Provider in matters relating to these Terms and Conditions: +420 739 299 018 info@industrix.cz

3.5 Relationships not expressly regulated by these Terms and Conditions shall be governed by the GDPR and the legal order of the Czech Republic, in particular Act No. 89/2012 Sb., the Civil Code, as amended.

3.6 These Terms and Conditions shall enter into force on June 20, 2024.