GDPR

Pealock holding, s.r.o., a company with its registered office at Nové sady 988/2, Staré Brno, 602 00 Brno, the Czech Republic, identification number 078 37 208, registered at Regional Court in Brno under file No. C 110396 (the Company or we), processes the personal data of its clients (incl. potential ones), and visitors of Company´s website (you). Therefore, following Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and section 89 sub. 2 of the Act No. 127/2005 Coll., on electronic communications (Act on electronic communications), we provide the following information about this data processing:

  1. What is the purpose of this privacy policy? 

If you somehow cooperate with us, we need to process your personal data to make sure we can contact you, negotiate or conclude a contract with you, fulfil our contractual and legal obligations or present our cooperation to you. 

The Policy should provide an overview of which personal data we process, to what extent, in what way, for which purpose and for how long they are being processed. Finally, you will find out what are your individual rights in connection with this processing and how to apply these rights. 

  1. How can you contact us?

If you have any queries related to how we process your personal data, you can contact us by sending an email to address: info@pealock.com by mail to address of our office at: Pealock holding, s.r.o., Mostecká 130, Vsetín, 755 01, Česká republika.

  1. Where do we get our personal data from?

Most often we receive your personal data directly from you. We may obtain your personal data also from other sources such as your company’s website, or your profiles on social network.   

  1. What kind of personal data do we process and for what purpose?

We process only your basic personal data, such as your name, address, contact details or invoicing details, primarily to perform a contract with you but also to comply with our legal obligations. In other cases, we have specific legitimate interest in processing your data or we will ask your permission. We do not process any sensitive data.

All the personal data is processed only to the extent necessary to fulfil the purpose of the processing. To give you a clear and comprehensive overview about all the data we may process, for which purpose, and which legal basis we have for this processing, we have prepared the following table:

Categories of personal dataType of the processed informationPurpose of the processingLegal basis for the processing
Identification dataName, surname, address of permanent residence, academic titleTo identify clients, or website visitors (in contracts, invoices or on our website). If we are about to enter any contract with you, we need identification details to identify you in the contract or in the offer and then to fulfil our contractual obligations → the legal basis for this processing is performance of a contract (art. 6 par. 1 subpar. b) GDPR).Furthermore, we need your identification details to fulfil our legal obligations such as to issue and keep invoices and to keep our accounts in general → the legal basis for this processing is for our compliance with the legal obligations (art. 6 par. 1 subpar. c) GDPR).Lastly, if we have already worked together, we may use your identification data while we inform you about our new products or services that are related to our previous cooperation (see below) → the legal basis is our legitimate interest in informing you about our products or services with respect to our previous business cooperation (art. 6 par. 1 subpar. f) GDPR).
Contact information E-mail, phone number, contact addressTo be able and communicate with you and fulfil the contract, and to stay in touchYour contact information is necessary to negotiate and fulfil the contract with you → the legal basis for this processing is performance of a contract (art. 6 par. 1 subpar. b) GDPR).If we have already worked together or you have expressed your interest in our product, we may use your contact information also for informing you about our new products or services that are related to our previous cooperation and might be interesting for your business → the legal basis is our legitimate interest in informing you about our products (art. 6 par. 1 subpar. f) GDPR) and/or your consent (art. 6 par. 1 subpar. a) GDPR).
Billing and transaction informationInformation appearing on invoices and agreed invoicing terms and conditions, information about received payments and billing addresses To keep proper accounting, to fulfil our legal and contractual obligations and to defend our legal claims in case that any conflicts arise in future regarding the paymentsThis information is necessary for us to issue and pay the invoices → the legal basis is performance of a contract (art. 6 par. 1 subpar. b) GDPR).We also need this information for proper bookkeeping and to be ready for a possible tax control → our legal basis for this processing is performing our legal obligations (art. 6 par. 1 subpar. c) GDPR).
Data from mutual communicationany notes from our mutual communicationsTo ensure customer care and enhance our reputationWe may process interaction data to a reasonable extent to provide customer care and to enhance our reputation → our legal basis is our legitimate interest in enhancing customer care and our reputation (Article 6(1)(f) GDPR).
Web browsing data IP address, Technical, statistical, and analytical cookiesTo ensure that our website is running smoothly, to improve the performance of our website and to learn basic information about its visitorsThe legal basis for this processing is our legitimate interest to ensure that our website is running smoothly and to be able to improve the content of our website by learning basic statistical information about its visitors (art. 6 par. 1 subpar. f) GDPR).
Marketing cookiesMarketing cookies; social sites plug-insTo personalize the content of our website and to display advertising on social networks and third-party websitesWe need marketing cookies to adapt the content of our website to your preferences and to inform you about our services on social networks and third-party websites → our legal basis is your consent to the use of marketing cookies (Article 6(1)(a) GDPR).

We are also entitled to process all of the above categories of personal data to defend our legal claims → our legal basis is our legitimate interest in protecting our rights (Article 6(1)(a) GDPR).

  1. What data do we process on our website?

To provide you with services that meet your needs and wishes, we use cookies and similar tools on our website. Cookies are short text data files that are uploaded to your web browser when you visit our website. With the help of cookies, we can offer you content on our website, social networks and third-party websites according to your preferences and previously made settings. With the help of technical and necessary cookies, we are also able to ensure the functionality of our website, including the ability to order our products and services. 

According to the Act on electronic communications, we are entitled to use cookies in most cases without your consent. However, if we use cookies to display relevant advertising on social networks or third-party websites, we need your consent. 

You can withdraw your consent to the uploading of cookies on our website or by changing your web browser settings.

  1. What about if you do not want to share your personal data with us?

If you have not established any business relationship with us, you may always decide not to provide us with any of your personal data and not to enter into contract with us.

However, when you have already entered a contract with us, or are interested in entering into one, we will need to process at least some of your personal data (such as your identification, contact, billing, and transaction information), otherwise we will not be able to fulfil our contractual and legal obligations.

Concerning personal data that we process based on your consent, you have the right to withdraw your consent at any time. If you do so, the legality of the processing of personal data before is not affected, but we will not process that data any longer.

  1. How long will we keep your personal data?

Your personal data is kept by us only for the period necessary to fulfil the purpose for which we process them. After that period is completed, they are irreversibly erased. The period of keeping the personal data varies among the individual categories of data based on the purpose of their processing:

  1. data necessary for the performance of a contract and for defense of our legal claims (identification, contact and billing information) is kept for the duration of the contractual relationship and further until the end of the longest limitation period related to obligations and rights governed by the contract (usually the 10 year limitation period and 1 year after its end in case of claims exercised at the very end of its period, unless a longer limitation period was agreed on or it was extended);
  2. data processed to comply with the legal obligation to keep proper accounting (billing and transaction information) is kept for a maximum of 10 years from the end of the tax period in which the last billing document for your order was created or the last transaction was carried out;
  3. data processed based on the legitimate interest in informing you about our products and services (identification and contact data) is kept for a period of 3 years following the termination of the contractual relationship or since our last contact (if no business relationship has been established);
  4. data processed on the basis of your consent is kept for the period of 3 years as specified in the consent, however you may always withdraw your consent earlier;
  5. data processed based on the legitimate interest in the proper functioning of our websites and learning statistical and analytical data about our website visitors (web browsing data) is kept for maximum of 13 months;
  6. data processed based on our legitimate interest in providing client care and enhancing our reputation (data from mutual communications) is kept for the duration of the communication and until the end of the calendar year following our last contact; and
  7. data processed based on your consent to display our advertisements on social media and third-party websites is kept for the period of its validity to which you have consented, i.e. no longer than 13 months, unless you withdraw your consent earlier.
  8. With whom do we share your personal information?

Since we also use services of external contractors and suppliers, we need to share with them some of your personal data to the extent necessary for ensuring these services. These suppliers provide us with:

  1. software and marketing services (e.g. Tawk.to, Google, Facebook, Instagram);
  2. tax and legal services;
  3. payment services (Stripe); and
  4. logistics services (Skladon).

While transferring personal data to these suppliers, we make sure they use the personal data only for the purposes set out by us. 

Since we also use processors based in the USA (Google, Stripe), we also transfer personal data outside the EU. 

We do not transfer personal data to international organizations.

  1. Do we use automatic decision making or profiling?

During any handling of your personal data by us, a human is always present. We do not automatically process your personal data as part of our activities, nor do we make use of automated individual decision-making. If we wanted to make use of automated decision making in future, we will inform you of our intentions. 

  1. What are your rights related to the personal data we process and how can you use them?  

It is our duty and a priority to ensure that all the data processing performed by us takes place properly and securely. Only authorized personnel have access to your personal data by a secured connection, and the moment your data will not be necessary, it will be erased.

Furthermore, GDPR gives you a number of rights and we guarantee that you can apply them with respect to the personal data processed by us. If you want to exercise your rights, you can contact us in writing, by phone or by email at the contact details stated above. We will attempt to respond promptly, and if it is possible, to satisfy you. 

All information and responses provided to exercise your rights listed below are offered for free. Only in the case where we would consider your request clearly baseless or disproportionate, we can bill you a proportionate fee which considers the administrative costs related to the providing of the requested information. Also, if your requests to be provided with a copy of the processed personal data were repeated, we retain the right to bill you a proportional fee to cover administrative costs.

If you ask us for a statement or information about the adopted measures, we will provide them as soon as possible, at the latest within a month. We can extend this period only if it is necessary given the complexity and number of requests. We would always inform you of such extension and state its reason and length, which will not surpass two months.

  1. Right to be informed about processing of your personal data and the right to access the data 

You have the right to be informed whether we process your personal data, what data is being processed and for what purpose, to whom we transfer your data (or to which categories of personal data recipients), what rights you have in connection with the given processing, that you can petition the Office for Personal Data Protection, what are the sources of personal data and if automated decision making and profiling is taking place. This privacy policy also serves to ensure that you are well informed. 

If we intended to further process your data for a different purpose, than the one for which they were obtained, we will provide you with information about this other purpose and other relevant information before such processing. Information related to this right can also be found in this document, that does not however preclude you from requesting it again.

On your request we will also provide you with a copy of the processed personal data, if it does not lead to adversely affecting the rights and freedoms of other persons. 

  1. Right to correct the data

If any pieces of your personal data that we process change (e.g. you change your place of residence or a telephone number), you have the right to ask for the correction of this data. You have also the right to correct incomplete personal data, even by means of providing a supplementary declaration. 

  1. Right to erasure (right to be forgotten)

You have the right to request that we erase your personal data. Your request will be submitted to individual assessment; despite your right to erasure, we may have the obligation to or a legitimate interest in keeping your personal data, for example if it was related to bills that we must keep for tax purposes. In any case you will be informed in detail about the decision related to your request. Data which are no longer necessary for their purpose are erased automatically, however you can always contact us with a request of erasure. 

  1. Right to restrict processing of personal data

You have the right to ask us to restrict the data processing of your personal data (that is, that they are not being used, while not completely erased at the same time). Even where processing has been restricted, such personal data may be processed by us controller for the establishment, exercise, or defense of legal claims or for the protection of the rights of other natural or legal persons.

  1. Right to data portability

You can also ask us to transfer your data to a different data controller or company; we will hand them over your personal data in a corresponding format to the entity of your choice unless we are prevented by statutory or other significant barriers.

  1. Right to object and automated individual decision-making 

If we were conducting automated decision making or profiling, you could also object to this kind of processing.

  1. Right to file a complaint with the Office for Personal Data Protection

If you get by any chance an impression, that we are handling your personal data in conflict with our obligations, please contact us. We believe that we can explain or resolve any irregularities. If you are not content with our reaction, you always have the right to contact with a statement or complaint related to personal data processing the oversight authority, which is the Office for Personal Data Protection (Úřad na ochranu osobních údajů), at Pplk. Sochora 27, 170 00 Praha 7, web site https://www.uoou.cz/en.