GDPR

Privacy Policy  (GDPR)

HONTER Company s.r.o., VAT: CZ247 19 609, with its registered seat at Praha – Vršovice, Kubánské náměstí 1391/11, Postcode 100 00, registered at the Municipal Court in Prague, Section C, Insert 168624 (hereinafter “Controller”) declares that all personal data is handled in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”) and in accordance with Act No. 101/2000 Coll., on the protection of personal data and on the amendment to certain acts, as amended.

The Controller provides the following information to the customer, as the data subject:

  1. Identity and contact data of Controller.

HONTER Company s.r.o.

VAT: CZ247 19 609

registered at Praha – Vršovice, Kubánské náměstí 1391/11, Postcode 100 00

e-mail: info@honter.eu

  1. Categories of processed personal data.

The Controller processes the following categories of personal data:

Contact data – name and surname, e-mail address, postal (delivery) address, invoicing address, telephone number, bank details, ID number and TIN (natural persons).

Demographic data – country and preferred language.

Data created on the basis of order/inquiry – history of orders/inquiries, purchased/ inquired goods, services and products, method of payment and payment information, customer segment, personal settings (preferences), including marketing settings

Information about social networks, including identity/login information and any information from your publicly published posts about our company or your communication with us.

The Controller also processes data from communication between the Controller and the customer and activity records on websites managed by the Controller, including device identification number and network access, cookies, IP addresses, link headers, data identifying your internet browser and its version, as well as web beacons and tags.

  1. Purpose and legal basis for personal data processing.

The legal basis for personal data processing is due performance of a contract and the fulfillment of other obligations imposed by generally binding legal regulations.

The processing of personal data of the customer is necessary for the fulfillment of legal obligations of the Controller according to generally binding legal regulations, in particular in accordance with Act No. 89/2012 Coll., the Civil Code.

The processing of the customer´s personal data is necessary for the purpose of concluding a contract for work or other contract or agreement in connection with the fulfillment of controller´s obligations, as well as in connection with the performance of such a contract or agreement and for the purpose of exercising claims therefrom.

The processing of the customer´s personal data is necessary for the performance of legitimate interests of the Controller. Legitimate interests include, in particular, customer support, communication, service improvement, system protection and security, fraud prevention and dispute resolution.

The Controller does not intend to further process personal data for any purpose other than for which it was collected.

  1. Duration of personal data processing

Data from communication between the Controller and the customer and records of activity on the website are processed for 5 years.

The customer´s personal data contained in accounting documents issued by the Controller are processed in accordance with Act No. 235/2004 Coll., on value added tax, for a period of 10 years from the end of the tax period in which the documents were issued.

In other cases, the Controller always processes the customer´s personal data for the time strictly necessary to secure all rights and fulfill all obligations arising from the given contract, or other claims arising from these contracts. The Controller further processes the customer´s personal data for the stipulated data retention period as per generally binding legal regulations.

  1. Categories of recipients of personal data

The customer´s personal data will be transferred to third parties – processors, only if it is necessary for the proper performance of contractual obligations under the subject contract, based on the legitimate interest of the Controller, or if the customer has given his/her prior consent.

Necessary requirements for the proper performance of contractual obligations mean, in particular, the transfer of personal data to the Controller´s subcontractors, payment service providers for payment processing and banks, also to carriers to deliver the subject of purchase and other service providers involved in data processing.

Personal data may be given in particular to administration, judicial and other public authorities based on the Controller´s legitimate interest.

The controller will transfer personal data only to third parties who have taken all technical, organizational and other measures to prevent unauthorized or accidental access to personal data, their change, destruction, loss or other unauthorized use. Based on a contractual relationship, personal data may be processed by third parties, namely accounting firms, tax advisors, lawyers, information system providers, auditors, selected subcontractors. These persons are bound by confidentiality.

The Controller does not intend to transmit personal data to third countries.

  1. Personal data security.

The Controller has implemented appropriate, regularly updated and revised technical, organizational and other measures the purpose of which is to prevent unauthorized or accidental access to personal data, their change, destruction, loss or other unauthorized disposal.

  1. Rights of data subjects.

The customer, as a data subject, has the following rights from the Controller:

Right to access to personal data

The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and other information under Article 15 of GDPR.

Right to rectification

In accordance with Article 16 of GDPR, the customer has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her and completion of incomplete personal data.

Right to erasure

The customer has the right to have his/her personal data erased by the Controller, under the conditions of Article 17 of GDPR, in particular when such data is no longer necessary for the purposes for which it was collected. This right also includes the so-called right to be forgotten. 

Right to restriction of processing

The customer has the right to obtain from the controller restriction of processing of his/her personal data, in any of the cases listed in Article 18 of GDPR.

Right to withdraw consent to personal data processing

When the Controller processes personal data under Article 6 (1) a) or Article 9 (2) a) of GDPR, the customer has the right to withdraw his/her consent to personal data processing, and the withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

Right to data portability

The customer has the right to receive personal data concerning him or her in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Controller, in accordance with and under the conditions of Article 20 of GDPR.

Right to object

Within the meaning and under the conditions listed in Article 21 of GDPR, the customer has the right to object to personal data processing on the grounds of processing based on legitimate interests of the Controller or which is necessary for fulfilling a task performed in public interest or within exercise of public authority.

Right to lodge a complaint

In accordance with Article 77 of GDPR, the customer may lodge a complaint concerning the processing of his/her personal data with a supervisory authority. The Office for Personal Data Protection, with the registered office at Pplk. Sochora 27, 170 00 Prague, supervises the compliance with obligations arising from personal data protection. More information on rights of data subjects is available on the website of the Office for Personal Data Protection (https://www.uoou.cz/6-prava-subjektu-udaj/d-27276).

  1. Automated decision-making, including profiling.

The Controller does not use fully automated decision-making, including profiling, which would have legal effects for the customer or which would similarly affect the customer.

  1. Website

Website www.honter.eu operated by the Controller use so-called cookies. Cookies are short text files that a website stores in the browser of the customer´s electronic device. The purpose of these files is to record information about the customer´s visit to a website and subsequently optimize its operation for the particular customer. The customer is hereby informed that cookies are capable of collecting information about the visit to the website and then use this data to display customized ads. However, this information is not capable of identifying the visitor.

The customer can configure cookies depending on the web browser used. The default settings of web browsers may differ, and so it is up to the customer to configure cookies within the setting of his/her browser.

  1. Provision of personal data for marketing purposes

Commercial messages may be sent to an email address, or communicated over the phone, in accordance with Section 7 (3) of Act No. 480/2004 Coll., on information society services, unless the customer refuses. Email address will be processed for this purpose by the Controller for 5 years following the last visit to www.honter.eu

If the customer grants consent, such consent is provided voluntarily and the customer is entitled to withdraw it at any time, by a written notice sent to the registered office of the Controller, or by e-mail to the above e-mail address. In this case, the customer will no longer receive marketing services of the Controller.

This privacy policy is valid from 25 May 2018.