GDPR

1. INTRODUCTORY PROVISIONS
   1. The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”) is:
      
      Company name: Šimon & Šípek s.r.o.
      Registered office: Podnikatelská II 620, 190 11 Praha 9 Běchovice
      Company ID (IČO): 28908601
      Represented by: Ing. Jan Šípek a Ing. Jan Šimon
      Contact: e-mail: , tel.: 800 122 122
      (hereinafter referred to as the „controller„)
   2. The controller processes personal data in accordance with the GDPR, Act No. 101/2000 Coll., on the Protection of Personal Data, Act No. 89/2012 Coll., the Civil Code, and other related legal regulations.
   3. Below is a list of personal data, the method of their processing, the duration for which your personal data is processed, the purpose of processing, as well as information provided to you as data subjects by the controller.
       
2. CATEGORIES OF PERSONAL DATA
   1. The controller processes only essential basic data, namely:
      · Identification data (your name and surname, business name, residential or registered address, possibly also your mailing address, company ID, VAT ID, date of birth)
      · Contact details (your email and phone number, or IP address).
   2. The controller processes personal data that you have provided or that the controller has obtained based on the fulfillment of your order.
       
3. REASON AND PURPOSE OF PERSONAL DATA PROCESSING
   1. The legal basis for processing personal data is:
      · performance of a contract to which you as the data subject are a party,
      · fulfillment of the controller's legal obligations.
      The controller processes personal data for the purpose of handling your order, fulfilling legal obligations (e.g., tax), and marketing activities.
   2. You may withdraw your consent to receive marketing communications at any time (see section 7.6 of the Principles).
       
4. DATA RETENTION PERIOD
   1. The controller retains your personal data for the period necessary to exercise rights and obligations arising from the contractual relationship, or for the period necessary to fulfill archiving obligations under other legal regulations (Accounting Act, Archiving and Records Act, VAT Act), but no longer than 10 years after the end of the contractual relationship. If you do not withdraw your consent to personal data processing for direct marketing purposes, the data is processed for a maximum of 3 years.
   2. After the retention period expires, your personal data will be deleted.
       
5. DATA SECURITY
   1. Taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller has implemented appropriate technical and organizational measures to ensure compliance with the GDPR and protect the rights of data subjects.
       
6. RECIPIENTS OF PERSONAL DATA
   1. The controller provides personal data to the following recipients:
      
      - External accounting firm Help účto v.o.s. and partner service Pet-Medic / Pet-Pieta (Ivana Bidlová Janků)
   2. Your personal data is not transferred to countries outside the European Union. Personal data is processed both manually and automatically.
       
7. YOUR RIGHTS
   1. RIGHT TO ACCESS PERSONAL DATA (Art. 15 GDPR)
      You have the right to request access to personal data concerning you and the following information:
      1. the purpose of processing;
      2. the categories of personal data concerned;
      3. the recipients or categories of recipients to whom the data has been or will be disclosed;
      4. the envisaged period for which the data will be stored;
      5. the source of the data, if not obtained from you;
      6. whether automated decision-making, including profiling, is involved.
   2. RIGHT TO RECTIFICATION (Art. 16 GDPR)
      You can request correction if the data we hold about you is inaccurate, incomplete, or outdated. You also have the right to provide a supplementary statement if needed.
   3. RIGHT TO ERASURE (Art. 17 GDPR)
      You can request the erasure of your personal data if:
      1. the data is no longer necessary for the purpose for which it was collected;
      2. you withdraw your consent;
      3. the data has been processed unlawfully;
      4. erasure is required by EU or member state law;
      5. you object to processing under Article 21(1) GDPR and there are no overriding legitimate grounds, or under Article 21(2) GDPR.
   4. RIGHT TO RESTRICT PROCESSING (Art. 18 GDPR)
      You have the right to restrict processing if:
      1. you contest the accuracy of the data (for the time needed to verify accuracy);
      2. processing is unlawful and you oppose erasure but request restriction instead;
      3. we no longer need the data but you need it for legal claims;
      4. you objected under Article 21(1) GDPR and verification of overriding grounds is pending.
      
      You will be informed before the restriction is lifted.
   5. RIGHT TO DATA PORTABILITY (Art. 20 GDPR)
      You may request your personal data in a structured, commonly used, machine-readable format or request that it be transferred directly to another controller, where:
      1. the processing is based on your consent or a contract; and
      2. the processing is carried out by automated means.
   6. RIGHT TO WITHDRAW CONSENT
      You may withdraw your consent to personal data processing at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
   7. RIGHT TO OBJECT (Art. 21 GDPR)
      You have the right to object, on grounds relating to your particular situation, to processing based on Article 6(1)(e) or (f), including profiling. We will no longer process your data unless we demonstrate compelling legitimate grounds overriding your interests, rights, and freedoms or for legal claims.
      If your data is processed for direct marketing, you can object at any time, including against profiling related to such marketing.
   8. RIGHT TO LODGE A COMPLAINT
      If you believe your personal data is being processed unlawfully, you may file a complaint with the supervisory authority:
      Office for Personal Data Protection,
      Address: Pplk. Sochora 27, 170 00 Praha 7
      Data Box ID: qkbaa2n,
      e-mail: posta@uoou.cz, Phone: +420 234 665 111, fax: +420 234 665 444.
       
8. PERSONAL DATA BREACH NOTIFICATION
   1. If a breach of personal data security is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. The notice will describe the nature of the breach and include at least the information and measures outlined in Article 33(3)(b), (c), and (d) GDPR. Notification is not required if any of the following are met:
      1. we implemented appropriate technical and organizational protection measures (e.g., encryption) that rendered the data unintelligible to unauthorized persons;
      2. we have taken subsequent measures to ensure that the high risk is no longer likely to materialize;
      3. notification would involve disproportionate effort.
          
9. DATA PROTECTION OFFICER
   1. The controller does not have a designated Data Protection Officer. For matters related to personal data processing, you may contact us directly.
      Correspondence address: Podnikatelská II 620, 190 11 Praha 9 Běchovice
      E-mail: info@KrematoriumZviratPraha.cz
      All contact information can also be found on the controller’s website: www.KrematoriumZviratPraha.cz.

These Principles are effective as of April 27, 2025