Free Consultation
Contact

Privacy Policy and Information on Personal Data Processing

(hereinafter the “Policy”)

This Policy supplements the Business and Licence Terms for GDPR documents and templates.

I. Introductory Provisions

  1. For the purposes of this Policy:

a) The Controller / Provider is Actacom s.r.o., Company ID No.: 232 02 840, VAT ID No.: CZ 232 02 840, registered office: Štefánikova 248/32, 150 00 Praha 5, Czech Republic, e-mail: info@actacom.cz, website: www.actacom.cz (hereinafter the “Controller” or “Provider”).

  1. As the controller of personal data (hereinafter the “Personal Data”), the Provider hereby informs data subjects about the method and scope of processing of Personal Data, including the scope of the rights of users (as defined below) related to the processing of their Personal Data.

  2. The Provider offers its products and services mainly through the website www.actacom.cz (hereinafter the “Website”). In this context, the Provider processes Personal Data:

a) to the extent in which they were provided in connection with an order of the Provider’s products and/or services, or in the course of negotiations on concluding a contract with the Provider, as well as in connection with a concluded contract; and

b) for the purposes specified in paragraph 4 below.

  1. The Provider processes Personal Data for the following purposes:

a) performance of a contract and provision of services;
b) compliance with legal obligations (in particular accounting, tax and archiving obligations);
c) marketing and commercial offers of the Provider’s products and services;
d) protection of the Provider’s rights and legitimate interests.

  1. The Provider is the controller of Personal Data. Personal Data are not transferred to other controllers unless explicitly stated otherwise; they are processed only by persons authorised by the Provider, or by processors bound by a data processing agreement. Only the Provider and persons authorised by the Provider have access to the processed Personal Data.

II. Data Protection and Information on Processing

  1. The following legislation applies to natural persons who fill in and submit an order or contact form to the Provider via the Website (hereinafter the “User”):

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – “GDPR”),

  • Act No. 110/2019 Coll., on the Processing of Personal Data,
    and other applicable legislation.

  1. The User acknowledges that by submitting a completed form (order or contact form), the processing of his/her Personal Data by the Provider is initiated.

  2. If the User does not provide his/her Personal Data, it is not possible to conclude a contract with the Provider and/or provide the related services. Personal Data are necessary in this respect for the provision of a specific service or product of the Provider.

  3. Personal Data will be processed for the duration of negotiations on concluding a contract between the Provider and the User, for the purpose of concluding such contract, and for the entire duration of the contractual relationship.

  4. If a contract is concluded under the Provider’s business terms, Personal Data will be processed and stored for a further 36 months after termination of the contractual relationship in case of any dispute arising from the relationship between the Provider and the User, for the purpose of protecting the Provider’s legitimate interests. The Provider’s legitimate interest is the proper and timely performance of the agreed contractual obligations and compliance with legal obligations arising from the contractual relationship.

  5. For the purpose of fulfilling statutory obligations relating to the archiving of accounting documents under Act No. 563/1991 Coll., on Accounting, as amended, Personal Data (except for e-mail address and telephone number) will be further processed and stored for a period of 5 years starting from the year following the year in which the contract between the Provider and the User was concluded, unless a longer period is required by law.

  6. Personal Data – telephone number and e-mail address – will be processed for the purpose of sending marketing and commercial communications for the duration of the contractual relationship and for an additional period of 12 months after its termination, or until the User objects to such processing or withdraws his/her consent (where processing is based on consent).

  7. After the expiry of the periods referred to in Article II, paragraphs 4, 5, 6 and 7, the Provider will erase or anonymise the Personal Data, unless their further storage is required by law or justified by the Provider’s legitimate interest (e.g. ongoing proceedings before public authorities).

  8. The User is obliged to provide the Provider only with accurate and up-to-date Personal Data and, in the event of any change, to update them without undue delay.

  9. The Provider makes every effort to prevent unauthorised or unlawful processing of Personal Data, accidental loss, destruction or damage. For this purpose, the Provider has implemented appropriate technical and organisational measures.

  10. Personal Data of Users will not be transferred to third countries outside the European Union or to international organisations, unless explicitly stated otherwise in a specific case and provided that an adequate level of protection is ensured in accordance with the GDPR.

  11. Personal Data are processed in electronic form, both by automated and non-automated means, and/or in paper form.

  12. The User acknowledges that his/her Personal Data may be stored in data centres of cloud and e-mail service providers, in particular companies of the Google group (Google Ireland Limited / Google LLC), where the Provider uses services such as Google Workspace or Google Cloud Platform. These services are operated in accordance with European data protection standards.

  13. The User acknowledges that, when using the Website, cookies (including third-party cookies, e.g. Google) may be stored on his/her device. Details on the use of cookies are provided in a separate document titled “Cookie Policy”.

III. User Rights Related to Processing

  1. Where processing is based on consent, the User has the right to withdraw his/her consent to the processing of Personal Data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal and is not possible in respect of processing necessary for the Provider’s compliance with legal obligations. Withdrawal of consent also does not affect the processing of Personal Data that the Provider processes on the basis of another legal ground than consent (i.e. where processing is necessary, in particular, for the performance of a contract, compliance with a legal obligation or for other reasons set out in applicable legislation).

  2. The User further has the right to:

a) request access to his/her Personal Data from the Provider;
b) rectification of inaccurate Personal Data;
c) erasure of Personal Data (“right to be forgotten”);
d) restriction of processing;
e) data portability, where the conditions laid down in the GDPR are met;
f) lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection (www.uoou.cz).

  1. If the User believes that the Provider is processing his/her Personal Data in a manner that is contrary to the protection of his/her private and personal life or contrary to applicable legislation, in particular if the Personal Data are inaccurate with regard to the purpose of their processing, the User may:

a) request an explanation from the Provider by e-mail sent to info@actacom.cz;
b) object to the processing and request by e-mail sent to info@actacom.cz that the Provider remedy such situation (e.g. by blocking, correcting, supplementing or deleting the Personal Data).

The Provider will decide on the objection without undue delay and inform the User. If the Provider does not uphold the objection, the User has the right to lodge a complaint directly with the Office for Personal Data Protection. This is without prejudice to the User’s right to contact the Office for Personal Data Protection at any time.

  1. If the User requests information on the scope or method of processing of his/her Personal Data, the Provider is obliged to provide such information without undue delay, but no later than within one month from receipt of the request at the above contact address.

  2. If the User exercises the right of access to Personal Data in electronic form, the Provider will provide the requested information in electronic form as well, unless the User requests another form of provision.

  3. In the event of repeated and manifestly unfounded requests for physical copies of processed Personal Data, the Provider is entitled to charge a reasonable fee corresponding to the administrative costs incurred in handling such requests.

IV. Final Provisions

  1. All legal relationships arising in connection with the processing of Personal Data are governed by the laws of the Czech Republic, regardless of from where the access to the Website was made. Any disputes concerning privacy protection between the User and the Provider shall be resolved by the competent courts of the Czech Republic.

  2. Users who provide their Personal Data via forms on the Website for the purpose of concluding a contract with the Provider or who give consent to the processing of Personal Data do so voluntarily, on their own behalf and at their own responsibility.

  3. The Provider may unilaterally amend or supplement the wording of this Policy. The Provider will inform Users of any such changes by e-mail or in another appropriate manner (e.g. by a notice on the Website) at least 30 days before the amendments become effective.

  4. This Policy enters into force and effect on 1 December 2025.