Our arsenal

Our arsenal

About us

About us

Partnership

Partnership

How we work

How we work

Our projects

Our projects

Contact

Contact

GDPR

Who processes your personal data?

The controller of personal data under Article 4, Point 7 of the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is Flatbee s.r.o., with registered office at Pobřežní 249/46, Karlín, 186 00 Prague (hereinafter: "Controller") and as the controller, it will process your personal data under the conditions below. The Controller has not appointed a Data Protection Officer.


What personal data do we process?

Personal data refers to all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. We only process the personal data you provide us in connection with the use of our services within the subscription order of one of our titles.

This usually includes data you provide when filling out a contact form:

  • first and last name,

  • email,

  • phone number,

  • other data you voluntarily fill in.

And furthermore, data obtained from your use of our services:

  • IP address,

  • cookies (for online services) – more on cookies you can find here,

  • possibly another online identifier.

We use JavaScript on our websites as part of the source code for functionality.


Why do we process personal data and on what basis?

The legal grounds for processing personal data are:

  • fulfillment of the contract between you and the controller according to Article 6, Paragraph 1, Letter b) of the GDPR,

  • processing your personal data based on legal obligations arising for us (such as archiving accounting records) even without your consent,

  • the legitimate interest of the controller to provide direct marketing (especially for sending business communications and newsletters) according to Article 6, Paragraph 1, Letter f) of the GDPR

The purpose of processing personal data is:

  • processing your inquiry,

  • conducting analyses and measurements to display content that meets your individual needs,

  • sending business communications and conducting other marketing activities.

The controller does not undertake any automatic individual decision-making in the sense of Article 22 of the GDPR.


Who will have access to your data and for how long?

The controller declares that it has taken all appropriate technical and organizational measures to secure your personal data. Access to personal data is granted only to authorized persons. Partners to whom we entrust your data are also capable of providing such technical and organizational security to prevent unauthorized or accidental access to your data or their other misuse.

The third parties who may access your personal data to the necessary extent include:

  • persons involved in delivering goods/services and processing payments,

  • persons to whom we provide data for the purpose of analyzing website traffic,

  • persons ensuring security and integrity of our services, technical operation of certain services, operators of technologies and other services we use in connection with e-shop and web services,

  • operators of advertising systems in connection with targeted advertising,

  • in case of setting up a recurrent payment, customer's payment data will also be stored by the respective payment gateway or bank,

  • under certain precisely defined conditions, we are obligated to pass some of your personal data to public authorities.

The controller does not intend to transfer personal data to a third country. All data are stored within the EU or countries deemed safe by the EU.

The controller retains personal data for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and claims from these contractual relationships, and subsequently for ten years from the termination of the contractual relationship. You can exercise any of your rights described below at any time. After the retention period has expired, the controller deletes personal data.


Is my personal data safe?

We approach data protection with the utmost care. All personal data are secured with standard technologies and procedures, which we regularly check and update. For better security of your personal data, access to them is password-protected, and sensitive data are encrypted during transmission between your browser and our websites.

It's essential to realize that even maximum security isn't a guarantee of 100% protection of personal data against access, copying, disclosure, modification, or destruction by a third party. Without your assistance and responsible behavior, we cannot ensure complete security for your data. Therefore, keep your passwords to our services confidential and choose a password that’s not easy to deduce. Follow basic security principles.


Can we process your personal data without your consent?

We can process your personal data without your consent. The legality of such processing follows directly from applicable legal regulations. This occurs when your personal data are necessary:

  • to fulfill all obligations arising from the contract between us, providing a service or product,

  • to comply with any generally binding legal regulations, we must process certain personal data without regard to your consent for the period set by, or in accordance with, relevant legal regulations, even after withdrawing your consent,

  • processing necessary for our legitimate interests (e.g., to ensure the security of our websites).


What rights do you have concerning personal data protection?

Note that you are not obliged to provide us with any data, and their provision is voluntary. However, without data marked as mandatory, we cannot provide you with our service.

Under the Regulation of the European Parliament and Council (EU) No. 2016/679 of April 27, 2016, on the protection of natural persons about the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC, you have the right at our company as the controller of your personal data to:

  • request access to personal data we process about you and exercise the right to access such personal data and other information specified in Article 15 of the Regulation,

  • request rectification of personal data we process about you if they are inaccurate, request the erasure of personal data (right to be "forgotten") in certain cases,

  • request restriction of data processing,

  • receive personal data concerning you in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller,

  • you have the right to object or complain about the processing in certain cases,

  • the right to be informed of personal data breaches in certain cases,

  • other rights set forth in the Personal Data Protection Act and the General Data Protection Regulation No. 2016/679 upon its effectiveness.

You can exercise any of these rights using the contact details below. If we receive your request, we will inform you of measures taken without undue delay, and in any case, within one month of receiving the request. This period can be extended by another two months if necessary, and with regard to the complexity and number of requests. Each user using our services can obtain an overview of all the personal data we have about them.

If we do not act on your request, we are obliged to inform you promptly and at the latest one month after receipt of the reasons for not taking action. In certain cases where your request is unfounded or unreasonable (especially in cases of repetitive requests), we are not obliged to comply with your request in whole or in part under the Regulation. In such cases, we may impose a reasonable fee considering the administrative costs of providing the requested information or communication or taking the requested actions. As a data subject, you always have the right to contact directly the supervisory authority, which is the Office for Personal Data Protection.

If we receive your request but have reasonable doubts about your identity, we may ask you to provide additional information necessary to confirm your identity.

If you believe that our company processes your personal data improperly or otherwise violates your rights, you have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection or you have the right to seek judicial protection.


How can you contact us?

If you have any questions or wish to exercise your legal rights, or object to further sending of our business communications, you can contact us via email at info@flatbee.cz. The request can also be handled by correspondence at the address Pobřežní 249/46, Karlín, 186 00 Prague.

To verify your identity, we may ask you to prove your identity in a suitable manner. This is a precautionary security measure to prevent unauthorized access to your personal data.