GDPR

Privacy and Personal Data Protection Policy

of Pealock holding, s.r.o.

(For customers)

Pealock holding, s.r.o. , with its registered office at Nové sady 988/2, Staré Brno, 602 00 Brno, Czech Republic, identification number 078 37 208, registered in the Commercial Register maintained by the Regional Court in Brno under file number C 110396 (the Company or we), which in its activities as a controller processes personal data of its customers (and potential customers) and website visitors (you), in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council (GDPR), hereby, in accordance with Article 13 of the GDPR and Act No. 127/2005 Coll., on electronic communications (Electronic Communications Act) provides the following information about this processing (Policy):

1.1     What is the purpose of this Policy?

If you cooperate with us, whether you are our customer or use our services and products, or if we are considering any form of cooperation with you, or if you have visited our website, we process some of your personal data that you have provided to us or that we have obtained in another lawful manner.

In this document, you will find summary information about what personal data we process, to what extent, in what way, for what purpose, for how long, and what your individual rights are in relation to this processing of personal data.

1.2     How can you contact us?

If you are unclear about how we handle your personal data, please contact us at the following e-mail address: [email protected] or at the correspondence address of our Company: Pealock holding, s.r.o., Mostecká 130, Vsetín, 755 01, Czech Republic.

1.1     From what sources do we obtain personal data?

We obtain your personal data either by you providing it to us, e.g. when discussing possible future cooperation through our website or other communication channels or during the cooperation itself (e.g. identification data; contact data; billing or transaction data), or we collect it automatically through our IT systems whenever you access our website or use our products (e.g. web browsing data and marketing cookies; device location data).  

1.2     What personal data do we process and for what purpose?

We only process data about you that we need to fulfil our contractual obligations, or to carry out the measures taken on the basis of your order or instruction, to comply with our legal obligations (for example, to keep proper accounts), to pursue our legitimate interests (for example, to offer you our products or to assess the suitability of possible mutual cooperation), or data that you have given us your consent to process.

We only process your personal data to the extent necessary and proportionate to the stated purpose of the processing. To give you an easy overview of which of your data we process, for which purpose and what legal basis we have for doing so, we have prepared the following table:

Categories of personal dataWhat kind of data is it?Why do we process data?And what legal title do we have to do that?
Identification dataname, surname, permanent address, titleTo identify you when you place an order, make a claim or withdraw from a contract, keep records and send you our product and service offerings (including Additional Services). If you enter into any contract with us, we need your identification data in order to personalize the contract or your order (i.e. to identify you on the contract or order) and to perform the contract → the title for this processing is therefore the performance of the contract with you (Article 6(1)(b) GDPR).We also need your identification data to issue an invoice or to fulfil the obligations imposed on us by law, in particular the obligation to keep accounting records → the title for this processing is therefore the fulfilment of a legal obligation (Article 6(1)(c) GDPR).If we have worked together in the past or if you have expressed interest in our products, we also use your identification data to contact you with a marketing offer of our products or a request for cooperation → this processing is based on our legitimate interest in direct marketing (Article 6(1)(f) GDPR).
Contact detailsemail, phone, address of the Company’s product delivery locationTo communicate and execute your order, claim or withdrawal from the contract, to keep accounting records and to send you our product and service offers (including Additional Services).We also need your contact data in order to carry out the measures necessary prior to the establishment of a contractual relationship, as well as in order to perform the contract you enter into with us → the title for this processing is therefore the performance of the contract with you (Article 6(1)(b) GDPR).If we have already cooperated or if you have expressed an interest in our products, we also process your contact data in order to contact you with a marketing offer of our products or a request for cooperation → the title for this processing is our legitimate interest (Article 6(1)(f) GDPR) or your consent to send you offers of our products and services (Article 6(1)(b) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services).
Billing and transaction details the information appearing on invoices, the information appearing on credit notes, details of billing terms and details of payments made, billing addressFor proper bookkeeping and the performance of our obligations under our contract with you and for the performance of our legal obligationsWe process the data on credit notes in order to be able to pay them → the title for this processing is therefore the performance of the contract with you (Article 6(1)(b) GDPR).We also need this data to keep proper accounting records and to be prepared for possible tax audits → the reason for this processing is to fulfil our legal obligations (Article 6(1)(c) GDPR).
Data from the Pealock AppThe data contained in the Pealock App, in particular identification, contact, billing and transaction data, but also data on the location of the deviceTo ensure the provision and management of our services and productsWe process your personal data in the Pealock App in order to provide you with the services and functions you have requested → the title for this processing is therefore the performance of a contract with you (Article 6(1)(b) GDPR).
Device location dataGPS position of the deviceTo locate Pealock 2We process the location data for the purpose of providing the device location function and the alarm function (only after pairing the device with the Pealock App and enabling these functions) → the purpose of this processing is therefore the performance of a contract with you (Article 6(1)(b) GDPR).
Data from peer-to-peer communicationnotes from telephone and personal conversations, written, email and other communicationsTo ensure customer care and strengthen our reputation We may process the interaction data to a reasonable extent to ensure customer care and enhance our reputation → the title for this processing is our legitimate interest in ensuring customer care and enhancing our reputation (Article 6(1)(f) GDPR)
Web browsing dataIP address, technical and necessary cookies cookiesTo analyse your behaviour on our website, monitor its load and ensure its functionality, including the e-shopWe process web browsing data for the purposes of analysing visitor behaviour on our website and analysing server load to ensure its smooth display and optimum functioning → the legitimate interest in ensuring and improving the functioning of our services (Article 6(1)(f) GDPR) or the performance of a contract and the performance of pre-contractual measures (Article 6(1)(b) GDPR) is the basis for this processing.
Marketing and analytics cookiesmarketing cookies; analytical cookiesTo personalise the content of our website and to display advertising on social media and third-party websitesWe need marketing and analytics cookies to tailor the content of our website to your preferences, to ensure and improve its functioning, to inform you about our services on social networks and to display our advertising on third-party websites → the title for this processing is your consent to the use of marketing and analytics cookies (Article 6(1)(a) GDPR).

We are entitled to process all of the above categories of personal data to the extent necessary for the establishment, exercise or defence of our legal claims based on our legitimate interest in protecting our rights (Article 6(1)(a) GDPR).

We are entitled to anonymise device location data for the purposes of further risk analysis of the sites and the operation of our products and services, based on our legitimate interest in improving the provision of our services (Article 6(1)(a) GDPR).

1.3     What data do we process about you on our website?

(a)      In order to provide you with a service that meets your needs and wishes, we use cookies and similar means on our website. Cookies are short text data files that are uploaded to your web browser when you visit our website. With the help of cookies, we are able to offer you content on our website, social networks and third-party websites according to your preferences and previously made settings. By using technical and necessary cookies, we are then able to ensure the functionality of our website, including the ability to order our products and services.

(b)     Under the Electronic Communications Act, we are entitled to use cookies in most cases without your consent. However, if we use cookies to display relevant advertising on social networks or third-party websites (marketing cookies) and in some cases to improve and ensure the functioning of our website (analytical cookies), we need your consent.

(c)      You consent to the use of cookies by making the appropriate choice on our website. You are notified of this when you enter our website. You can revoke your consent to the uploading of cookies at any time by visiting our website or by changing your web browser settings.

1.4     What happens if you refuse to provide us with personal data?

As long as you have not entered into a contract with us, you may choose not to provide us with any of the above categories of personal data and not to enter into a contract with us.

However, if we have already established a business relationship with you or you are interested in establishing one, we will need at least your identification, contact, billing and transaction data (and in the case of subcontractors, some profile data such as education and work experience) in order to fulfil our obligations, otherwise we cannot establish cooperation with you or provide you with our services.

For personal data that we process on the basis of your consent, you have the right to withdraw your consent at any time. If you do so, you will not call into question the lawfulness of the processing of your personal data at the time prior to your withdrawal, but we will no longer be able to process this data in the future.

1.5     How long will we keep your personal data?

We only keep your personal data for as long as necessary to fulfil the purpose for which we process it, after which we will irreversibly delete it. The length of retention for each category of data thus varies according to the purpose of processing:

(i)         we keep the data processed for the performance of the contract, i.e. identification, contact, billing and transaction data, for the entire duration of the contractual relationship and until the end of the longest limitation period relating to the obligations and rights governed by this contract (i.e. generally 10 years during the limitation period and 1 year after its end for claims made at the end of the limitation period, unless a longer limitation period has been agreed or extended);

(ii)        data processed for the fulfilment of the legal obligation to keep proper accounting records, i.e. invoicing and transaction data, are stored for a maximum of 10 years from the end of the tax period in which the last document for your order was issued or the last transaction was carried out;

(iii)      we process the data processed in the Pealock App for the performance of the contract with you for the entire duration of your personal profile in the Pealock App;

(iv)       data processed on the basis of our legitimate interest to offer our products and services, i.e. identification and contact data, are stored for 3 years following the termination of the contractual relationship or since our last contact (if no business relationship has been established);

(v)        data processed on the basis of your consent to receive our product and service offers, i.e. identification and contact data, are then processed only for the period of time to which you have consented, i.e. no longer than 3 years, unless you withdraw your consent earlier;

(vi)       data processed on the basis of our legitimate interest in providing client care and enhancing our reputation, i.e. data from mutual communication, are retained for the duration of the mutual communication and until the end of the calendar year following our last contact;

(vii)     we only process the device location data processed to execute your request to locate the device and to trigger an alarm for the time necessary to execute your request, or repeatedly every 3 seconds when an alarm is triggered, without prejudice to the processing of this data within the Pealock Application;

(viii)    we retain web browsing data processed on the basis of our legitimate interest in ensuring the smooth operation of our website for as long as it is valid, but no longer than 24 months, unless you remove technical and analytical cookies from your device earlier; and

(ix)       marketing and analytical cookies processed on the basis of your consent, we process only for the period of validity to which you have consented, i.e. no longer than 24 months, unless you withdraw your consent earlier.

1.6     To whom do we transfer personal data for processing? With whom do we share personal data?

As we use external suppliers to provide certain services to our business, we transfer your personal data to them to the extent necessary to enable them to provide these services to us. These suppliers are:

(x)        software services and marketing services (e.g. Tawk.to, Google, Facebook, Instagram);

(xi)       tax and legal services;

(xii)     payment services (Stripe); and

(xiii)    logistics services (Skladon).

When transferring personal data to these suppliers, we make sure that they, as processors, use the personal data transferred only for the purposes set out by us and stated above.

As we also use the services of processors based in the USA (Google, Stripe), we also transfer personal data outside the EU. Such transfers are based on standard contractual clauses.

We may also transfer your personal data to other recipients (controllers), namely providers of additional services in which you have expressed interest.

We do not transfer personal data to international organisations.

1.7     Do we use automated decision-making, including profiling, in processing?

The processing of your personal data does not involve automated decision-making or profiling, i.e. a situation where personal data is processed automatically, without human intervention, and the result of this automated processing would have legal effects on the data subject or would otherwise significantly affect him or her. A human being is always present during any processing of your data by us. Should we wish to use automated decision-making in the future, we will inform you of such intention.

1.8     What rights do you have in relation to personal data and how can you exercise them with us?

It is our duty and priority to ensure that the processing of all personal data by our Company is carried out properly and securely. As such, only authorised persons have access to personal data via secure access and we will delete the data when it is no longer required.

We also guarantee you the rights listed below, which you can exercise with us in writing, by telephone or by email to the contacts listed above. We will do our best to respond promptly and, if possible, to comply with your request. We provide all information and statements regarding the rights you have exercised free of charge. Only if we find your request manifestly unfounded or unreasonable may we charge a reasonable fee to reflect the administrative costs involved in providing the information requested. Also, should your requests for copies of the personal data processed be repeated, we reserve the right to charge a reasonable fee to cover the administrative costs for this reason.

If you ask us for a statement or information about the measures we have taken, we will provide it as soon as possible and within one month at the latest. We can only extend this period if the complexity and number of requests make it necessary. However, we would always inform you of such an extension, stating the reason and the length of the extension, which will not exceed 2 months.

(a)         Right to information about the processing of your personal data and access to personal data

You have the right to be informed about whether we process your personal data, what data is involved, for what purpose we process it, to whom we transfer your data (or to which categories of recipients of personal data), what rights you have in connection with our processing, that you can contact the Office for Personal Data Protection, what are the sources of the personal data processed and whether automated decision-making and profiling take place. This policy is also designed to ensure that you are informed.

If we intend to further process your data for a purpose other than that for which it was collected, we will provide you with information about this other purpose and other relevant information before such processing. The information covered by this right can also be found in this document, but this does not prevent you from requesting it again.

At your request, we will also provide you with a copy of the personal data processed, provided that the rights and freedoms of others are not adversely affected.

(b)        Right to repair

If any of your personal data that we process has changed, for example if you have changed your address or telephone number, you have the right to request us to correct this data. In addition, you have the right to have incomplete personal data completed, including by providing an additional declaration.

(c)         Right to erasure (right to be forgotten)

You have the right to request that we delete your personal data. Your request is then subject to individual assessment; despite your right to erasure, we may have an obligation or legitimate interest to retain your personal data, for example, if it relates to invoices that we need to keep for tax reasons. However, in any case you will be informed in detail about the processing of your request. We delete data that is no longer necessary for the purposes for which it was processed automatically, but you can contact us at any time to request deletion.

(d)        Right to restriction of processing

You have the right to require us to restrict the processing of your personal data (i.e. to prevent its use, but at the same time to prevent its complete destruction) in the following cases:

(i)        you have contested the accuracy of the personal data (processing will then be limited to the time necessary to verify accuracy);

(ii)       the processing is unlawful and you are not interested in having it deleted;

(iii)     We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defence of your legal claims;

(iv)     you have objected to processing and we are verifying whether our legitimate grounds for processing outweigh yours.

Even if the processing is restricted, we will still be able to process your personal data in cases where this is necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons.

(e)         Right to data portability

If you ask us to provide your personal data to another controller or company, we will transfer your personal data in the appropriate format to the entity you specify, unless we are prevented from doing so by law or other significant obstacles.

(f)         Right to object and automated individual decision-making

If you believe that we are processing personal data in violation of the protection of your private and personal life or in violation of the law, you can contact us and ask us to explain or remedy the defect.

Should automated decision-making or profiling be carried out on our part, you can further object to such processing.

(g)        Right to lodge a complaint with the Office for Personal Data Protection

If you feel that we are treating your personal data in breach of our obligations, please contact our contact person listed at the head of this document. We trust that we will be able to clarify any discrepancies. If you are not satisfied with our response, you always have the right to address your complaint or complaint regarding the processing of personal data to the supervisory authority, namely the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, website https://www.uoou.cz/.