Konfiguruj

Konfiguruj

Sign InSign Up

Privacy policy

This privacy policy informs data subjects (visitors and users of Konfiguruj) about the processing of personal data in line with Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and Section 19 of Act No. 110/2019 Coll., on the processing of personal data, as amended (Czech law). “Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation or set of operations performed on personal data (collection, recording, organisation, structuring, storage, disclosure, use, restriction, erasure, etc.).

Controller

The controller of personal data is the operator of the Konfiguruj online service, whose identity and contact details are given on this site’s contact page (the “controller”). For matters relating to data protection, please use in particular the contact e-mail shown on that page.

Categories of personal data

Depending on how you use the service, we process in particular: • identification and contact details (e.g. first name, surname, e-mail address, phone number) that you provide when registering a user account or when submitting a quote or product configuration request, including any message text; • information related to the content of the request (e.g. selected product configuration, price summary, preview image) where it forms part of your submission; • operational and technical data necessary to run the website and secure the service (e.g. session-related data, cookies within the scope described in our separate cookie information). We do not routinely ask for special categories of personal data within the meaning of Article 9 GDPR; if you voluntarily include such data in a free-text field, we will process it only to handle your request.

Purposes and legal bases

We process personal data for the following main purposes and on the following legal bases: 1) Providing the Konfiguruj service, creating and managing your user account, performing a contract or taking steps at your request before a contract — legal basis: performance of a contract under Article 6(1)(b) GDPR. 2) Handling quote or offer requests sent through the service — legal basis: performance of a contract or pre-contractual measures under Article 6(1)(b) GDPR, or where applicable the controller’s legitimate interest in handling business communication under Article 6(1)(f) GDPR. 3) Complying with legal obligations to which the controller is subject (accounting, tax law, cooperation with public authorities) — legal basis: legal obligation under Article 6(1)(c) GDPR. 4) Ensuring secure operation, fraud prevention, and records needed to protect the controller’s rights — legal basis: legitimate interests under Article 6(1)(f) GDPR, balancing your rights and freedoms. 5) Processing based on your consent where we explicitly ask for it (e.g. marketing beyond what is necessary for the contract) — legal basis: consent under Article 6(1)(a) GDPR; you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. We do not carry out solely automated decision-making with legal or similarly significant effects within the meaning of Article 22 GDPR in the ordinary operation described here.

Retention

We keep personal data only for as long as necessary for the purposes for which they are processed, or for as long as required by applicable law (e.g. archiving, accounting and tax rules, limitation periods). Account data are usually kept for the duration of the contractual relationship and thereafter for the period necessary to exercise rights and obligations arising from the contract and from law. Request data are kept for as long as needed to process the request and then for periods corresponding to limitation periods and any disputes, unless a shorter period applies. After that period we delete or anonymise the data so that they are no longer personal data.

Recipients and processors

We disclose personal data only to the extent necessary to persons or entities that process personal data on our behalf as processors under Article 28 GDPR (typically hosting providers, server infrastructure, e-mail services), and only on our instructions. On request, we will provide further information about categories of recipients or processors through the controller’s contact details. We do not sell personal data. Transfers to countries outside the European Economic Area (EEA) take place only where an adequate level of protection is ensured under Chapter V GDPR (e.g. adequacy decision, standard contractual clauses); in such cases we will inform you of the transfer and safeguards.

Data subject rights

In connection with processing you have in particular the following rights: • the right of access to your personal data and to obtain a copy (Article 15 GDPR); • the right to rectification of inaccurate data and to have incomplete data completed (Article 16 GDPR); • the right to erasure (“right to be forgotten”) where the conditions in Article 17 GDPR are met; • the right to restriction of processing under Article 18 GDPR; • the right to data portability for data processed by automated means on the basis of contract or consent, where technically feasible (Article 20 GDPR); • the right to object to processing based on legitimate interests (Article 21 GDPR); • the right not to be subject to solely automated decision-making, including profiling, with legal or similarly significant effects where Article 22 GDPR applies; • the right to lodge a complaint with a supervisory authority, in particular the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz, if you believe processing infringes your rights. Where processing is based on consent, you may withdraw consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.

Exercising your rights and enquiries

To exercise the rights above, or for questions about this policy or our processing, please contact the controller using the e-mail address on this site’s contact page. We will respond without undue delay and in any event within one month of receipt of the request; in justified cases this period may be extended under Article 12(3) GDPR. We may update this policy from time to time; the current version is always published on this page. We may notify you of material changes where circumstances require it.

This text is provided for general information; you should have it reviewed by a lawyer for your specific situation.