Protection of personal data
1. Introduction
This Privacy Policy informs you about how we collect, use, store, and protect our users’ personal data, and sets out the privacy principles relating to the recording of business contacts in accordance with the General Data Protection Regulation (GDPR) and other relevant legal provisions. We comply with applicable data protection laws and are committed to protecting your privacy.
Data Controller
The Data Controller is:
UNiBON Holding s.r.o.
Registered office: Pražská 1957, 274 01 Slaný
Company ID: 09707115
Registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 340849
Contact email: holding@unibon.cz
2. Data We Collect
We may collect the following types of personal data:
Identification data (e.g. name, address, email, phone number)
Data on the use of our services (e.g. IP address, device type, date and time of visit)
Cookies and similar technologies
3. Purpose of Data Processing
We collect personal data for the following purposes:
Providing and improving our services
Communication with users (e.g. responding to inquiries, sending updates)
Analysis and research to better understand our users’ needs
Compliance with legal obligations
Establishing and maintaining business relationships
Communication with existing and potential business partners
Fulfilling contractual obligations
Sending commercial offers and product/service information
4. Legal Basis for Processing
We process personal data based on:
The consent of the data subject
Performance of a contract to which the data subject is a party
Compliance with legal obligations
The legitimate interest of the data controller
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal provisions.
6. Data Sharing
Personal data will not be shared with third parties without your explicit consent, except:
Service providers processing data on our behalf under agreed terms
Where required by law or to protect our rights
Employees of the data controller responsible for business communication
IT service providers managing databases
Other entities where necessary to fulfil contractual or legal obligations
7. User Rights
Users have the following rights concerning their personal data:
Right of access (Art. 15 GDPR)
Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
Right to erasure (right to be forgotten) (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification regarding rectification, erasure, or restriction (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent (electronically or in writing) (Art. 22 GDPR)
Right to lodge a complaint with the Data Protection Authority
[The detailed GDPR rights explanation follows in the same structure as the original, translated faithfully…]
8. Information for the Data Subject About Their Rights
Right of Access to Personal Data (Art. 15 GDPR)
The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, the right to access such personal data and information relating to their personal data.
Where personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.
The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Right to Rectification of Inaccurate or Incomplete Data (Art. 16 GDPR)
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure of Personal Data (Right to Be Forgotten) (Art. 17 GDPR)
The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject;
f) the personal data have been collected in connection with the offer of information society services referred to in Article 8(1).
Where the controller has made the personal data public and is obliged to erase the personal data as set out above, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data.
Right to Restriction of Processing (Art. 18 GDPR)
The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted as above, such personal data shall, with the exception of storage, be processed only with the data subject’s consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
Controller’s Obligation to Notify Regarding Rectification, Erasure or Restriction (Art. 19 GDPR)
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1), and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to Data Portability (Art. 20 GDPR)
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a), or on a contract pursuant to Article 6(1)(b);
b) the processing is carried out by automated means.
In exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The exercise of the right referred to in Article 20 shall not prejudice Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The rights and freedoms of others shall not be adversely affected.
Right to Object to Processing (Art. 21 GDPR)
The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on Article 6(1)(e) or (f), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
The data subject shall be explicitly informed of the right referred to in paragraphs 1 and 2 and this right shall be presented clearly and separately from any other information, at the latest at the time of the first communication with the data subject.
In the context of the use of information society services, and without prejudice to Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to their particular situation, shall have the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR)
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Right to Lodge a Complaint
If you believe that your rights to the protection of personal data have been infringed, you have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection.
Website: www.uoou.cz
Email: posta@uoou.cz
9. Data Security
We commit to protecting your personal data with appropriate personnel, technical, and organisational measures to ensure security and prevent unauthorised access. The controller has implemented technical measures to secure data storage. Only authorised persons have access to personal data. We do not conduct automated decision-making or profiling.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on our website. We recommend checking this policy regularly.
11. Contact
If you have any questions or concerns about this Privacy Policy, please contact us at: holding@unibon.cz or tel. +420 739 259 466.
Effective from 20.3.2025.
