Processing of personal data

1. Basic provisions

1.1 What do these policies govern?

This policy contains information on the scope and conditions of processing of your personal data that we carry out in the course of our business activities or in connection with it, in particular when providing our product (s), operating our website, user interface, communicating with you, etc.

1.2 Who is the controller of my personal data?

Your personal data is managed by us, the trading company PINYA Ltd. registered office at Tuřanka 1222/115, Slatina, 627 00 Brno, ID: 293 12 922, registered in the Commercial Register kept at the Regional Court in Brno under file number C 73455. We are also the operator of the website www.pinya.hr. Our contact details can be found on our website in the About Us, Contacts section.

1.3 Why do you process my personal data?

We process your personal data so that we can

  • negotiate with you on the conclusion of contracts, in particular to send you price calculations for the product (services) according to the parameters specified by you, to create and process your orders and requests for the product (services), to submit to you the quotations for the product (services) you request;
  • conclude contracts with you;
  • to provide you with products (services) that you order from us;
  • issue you invoices and other documents for the delivered products (services provided);
  • recognize your payment of the price of the product (service), shipping costs, or other reimbursements;
  • to deal with any complaints you may have;
  • to operate and improve our website
  • operate your user accounts if you use the registration options on the site;
  • to deal with your questions or comments about the products (services) offered by us;
  • to deal with any complaints you may have about our company;
  • enforce our rights from the purchase or other contracts we enter into with you if you fail to fulfill your obligations to us under these contracts, e.g. you fail to pay the price of the purchased product (service);
  • resolve any disputes, whether judicial or extrajudicial, that may arise between you and us as a result of concluded contracts or for other reasons;
  • to contact you for marketing purposes, in particular to send you our commercial communications (newsletters), in particular about the products (services) offered by us, news in our product range, discounts, interesting events and other interesting events related to the activities of our company (e.g. trade fairs, exhibitions);
  • create statistics about our business activities, traffic to our site, or use of our other services;
  • promote our company and its activities;
  • to properly conduct our business administration and accounting and to comply with our tax obligations;
  • archive our documentation.

1.4 What personal data do you process?

For the above purposes, we process

a) Your identification data, in particular your name, surname, academic titles, birth number, date of birth, age, ID number, VAT number, address of residence, address of registered office (if you are a self-employed natural person), position within the legal entity you represent, gender;

b) Your contact details, in particular the delivery or other contact address you provide to us, telephone number (landline, mobile), e-mail address, fax;

c) Your payment details, in particular your bank account number, credit card number, variable symbol, or specific symbol, sender or recipient note, or any other information you provide in the payment;

d) information about your orders, in particular about the product (s) ordered by you;

e) network data that we collect when you access and use our website, in particular your IP address, the MAC address of the device through which you use the site, data about your access to the site, activity on the site, the duration of your visit to the site, cookies, the location data of the device through which you use the site; to obtain this information we use, in particular, the tools of Google Analytics, Google Search Console, CustomerScore.io (ID: 195 80 045), Smartlook.com, s.r.o. (ID: 195 08 830);

f) Your user account access data.

1.5 Do you process all my personal data for all the purposes listed by you?

No. We process personal data in accordance with the principle of data minimization and purpose limitation. This means that we process your personal data only for the purposes for which it is necessary and only to the extent necessary to fulfill that purpose.

1.6 What authorizes you to process my personal data?

yours We process personal data on the basis of the reasons stipulated by the legislation, in particular the General Regulation on the Protection of Personal Data, the so-called General Data Protection Regulation. GDPR (full title Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), as amended.

We always process your personal data in accordance with the GDPR on the basis of one of the legal grounds set out in Article 6 GDPR. In particular, these reasons are:

a) Your consent to the processing of your personal data;

b) the need to process your personal data for the performance of a contract you have concluded with us or to carry out measures taken before the conclusion of the contract;

c) the existence of our legitimate interest in processing your personal data;

d) the necessity of processing your personal data in order to fulfill our obligations.

1.7 What are your legitimate interests in processing my personal data?

Our legitimate interests in the processing of your personal data are

a) the operation and development of our business;

b) improving the quality of the products and services provided by us;

c) operating our website, user interface, ensuring and improving its functionality;

d) promotion of our business activities, especially products (services) offered by us, events organized by us, etc. ;

(e) enforcement of our legal claims;

f) ensuring the security of our website, its users and their user accounts;

g) the protection of our property, the protection of the life, health and property of our employees, business partners, clients, as well as all persons who move on the premises of our company.

1.8 How long do you process my personal data?

This depends on what purpose and for what reason we process the personal data. As a rule, this period cannot be determined precisely, taking into account the extent of the data processed and the variety of purposes. Therefore, the processing time of your personal data is defined by the criteria below.

If we process your personal data on the basis of your consent to their processing, then we process your personal data for the duration of this consent.

In other cases, we process your personal data for the period necessary to achieve the purpose for which we process it, including the subsequent administration associated with the termination of processing and the erasure of personal data.

If only one of the reasons on the basis of which we process your personal data for a particular purpose fails, this does not automatically mean that we are obliged to stop processing it. As long as we have another reason for processing them (e.g. our legitimate interest in the processing ceases, but the processing of your personal data will still be necessary in order for us to perform the contract concluded between us or our legal obligations), we may continue to process your personal data until all legal grounds for processing them cease to exist. However, in the event of withdrawal of consent to the processing of personal data, we will no longer continue with the processing of your personal data for the purpose for which the revoked consent was originally granted.

1.9 How do you obtain my personal data and to whom do you transfer it?

We process primarily the personal data that you provide to us, and we process it primarily for our own purposes. For the collection and further processing of certain personal data, we also use, for example, cookies. Details on the use of cookies can be found here [www.pinya.hr]].

However, in certain cases, we may receive your personal data from third parties or transfer it to third parties. Such persons may in particular be:

  • our accountants and tax advisors,
  • Our lawyers,
  • our business partners, e.g. Digital Solutions s.r.o. (ID: 259 98 706) (DigiSign application for digital signing), ECOMAIL.CZ, s.r.o. (ID: 027 62 943)
  • our IT administrators,
  • data storage providers,
  • our group companies,
  • persons who provide us with marketing and PR services (customer evaluation, etc. ),
  • persons involved in the processing of the order, payment of the price, i.e. our suppliers of payment services (payment gateways),
  • public authorities (in particular courts, offices),
  • law enforcement agencies (in particular, the police and the prosecutor's office).

We may also obtain your personal data from publicly accessible sources such as public registers (in particular the business register), the trade register, the insolvency register or the Land Registry.

1:10 Do I need to provide you with my personal data?

In some cases, the provision of personal data is necessary in order to comply with our contractual or other obligations, to fulfill our legitimate interests, etc. For example, in order to enter into a contract with you and provide you with products (services), we need to know in particular your identification and contact details. If possible, we try to inform you in advance about which data is required (e.g. by commenting “optional” in the forms on the website).

2. Rights related to the processing of personal data

2.1 How do I obtain information about the processing of my personal data?

Upon your written request, we will provide you with information on the scope and conditions of processing of your personal data. In addition to this request, you can also request that you provide us with a copy of your personal data that we process.

We will respond to requests in the same way as you submit them (i.e. either electronically or in paper form), unless you ask us to respond in another way in the request.

If you request multiple copies of your personal data in paper form, we will charge you an administrative fee of CZK 30, - for each copy in excess of one.

2.2 What can I do if I discover an error in my personal data that you process?

In this case, you will send us a request to correct your personal data, in which you will specify what the error is and what the correct information is. If the error is in the data held in your user account, then you can correct this error yourself after logging in to your account, unless it is a data that cannot be changed directly after logging in to the user account (more on this in Art. IV).

2.3 What can I do if I find out that my personal data that you process is incomplete?

In this case, send us a request to supplement your personal data, in which you specify how your personal data that we process should be supplemented and for what purpose. However, we would like to inform you that if the data with which you wish to supplement the personal data already processed is not necessary for the processing for your desired purpose, we are not obliged to complete the data.

2.4 What can I do if I find out that you are processing my personal data to a greater extent than necessary?

As we have already mentioned above, we process your personal data only for the purposes for which it is necessary and only to the extent necessary to fulfill that purpose. If you nevertheless find that we process more of your personal data than is necessary for any of the purposes, you can send us a written request to restrict processing. In your request, please inform us of the reasons why you believe that we process more of your personal data than is necessary for the purpose. We will evaluate your request carefully and, if we find it to be justified, we will take measures to limit the scope of processing.

2.5 What can I do if I don't want you to keep my personal data any longer?

In this case, send us a written request to delete your personal data. We will examine the request carefully and, if we find it to be justified, we will delete your personal data. The reasons for which you can request the erasure of your personal data can be found in Article 17 GDPR. However, in certain cases, we may not comply with your otherwise reasonable request. You can also find out what cases are involved in Article 17 of the GDPR (e.g. if the processing will be necessary for the exercise of the right to freedom of expression and information).

2.6 Can I transfer my personal data that you process to another controller?

Upon your written request, we will provide you with your personal data in a machine-readable format or, if you request us to do so, we will provide it directly to another controller whom you specify in the request for this purpose. Please note, however, that this right applies only to your personal data that we process for the purpose of fulfilling a contract concluded between you and our company, and only if we process it in an automated form.

2.7 What can I do if I don't like how you process my personal data?

If we process your personal data because of our legitimate interest, you can object to such processing in writing. In response to your objection, we will assess whether our legitimate interest in such processing persists and whether it is not outweighed by the interest in protecting the rights and freedoms of individuals. If we find your objection to be justified, we will stop processing your personal data to which you have objected.

It is also possible to lodge a complaint against the processing of personal data with the supervisory authority in the field of personal data processing, which in the Czech Republic is the Office for Personal Data Protection.

3. Consent to the processing of personal data

3.1 When do you need my consent to the processing of my personal data?

We only require consent to the processing of your personal data in cases where we cannot process your personal data for that purpose on the basis of any other legal reason. Therefore, we only ask for your consent in exceptional cases, e.g. for marketing purposes or the processing of personal data through cookies, except for those without which our website would not be able to function properly.

3.2 Do I have to give you consent?

The granting of consent is completely voluntary and you can revoke your consent at any time. In particular, the granting of consent is not a condition for the provision of other services.

3.3 How can I withdraw my consent?

If you wish to withdraw your consent to the processing of your personal data, please send an e-mail or a letter to the contact details mentioned above. Consent granted for the purpose of sending newsletters (commercial communications) can also be withdrawn by clicking on the link to unsubscribe from commercial communications. This link is included in every business communication email. You can withdraw your consent to the use of cookies at any time by setting cookies directly on our website (www.pinya.hr).

3.4 Can commercial communications be sent to me without my consent?

If you have provided us with your e-mail address in connection with the sale of products offered by us or the provision of our services, we may, in accordance with the Act on Certain Information Society Services (Act No. 480/2004 Coll.), send you commercial communications to this e-mail address even without your consent to do so. In this case, we process your email address on the basis of our legitimate interest. This is our interest in promoting our business activity, especially the products (services) offered by us, discount promotions, other events related to our company.

However, you may object to this processing (see section 2.7 for more details on the right to object.) At the same time, in each email that contains business messages, you have the option to unsubscribe from commercial communications free of charge by clicking on the relevant link. If we receive your objection to sending them or unsubscribing from them, we will no longer send you commercial communications to the e-mail address in question.

4. Registration, user account

4.1 How do I create a user account?

You can get a user account by registering on our website. In order to register, you must complete and submit the registration form. The data marked with an asterisk must be completed in the registration form in order for the registration to be carried out and for the user account to serve its purpose.

4.2 How do I log in to my user account?

You will log in to the user account using the login and password you have chosen.

4.3 What precautions must be followed to secure the user account?

Your personal data is collected in the user account. It is therefore necessary that you be aware of the risks arising from the possible unauthorized access of third parties to your user account, in particular the risks associated with the possible misuse of your user account and the personal data collected therein.

As the operator of the www.pinya.hr website, we ensure, to the maximum extent possible, the security of your user accounts and your personal data collected therein. However, without you also taking the necessary measures to secure your user accounts and your personal data, any security efforts on our part are useless.

First of all, it is necessary that you do not share your user account login details, especially your password, to anyone.

When choosing a password, it is essential to remember that weak (simple) passwords can be easily cracked by third parties (hackers), either with the help of specialized tools to reveal the password, or simply by an ordinary guess or tip. Therefore, it is crucial that you choose a strong (complex) password that cannot be easily breached by third parties. Your password must meet the requirements specified in the registration form. The system will not allow setting a password that does not meet these requirements.

In addition, you must always log out of your user account immediately after you stop working with the user account. Otherwise, you allow a third party who has access to the computer on which you worked with the user account to easily misuse your user account and your personal data.

We therefore ask you to follow all necessary measures to secure your user accounts and the personal data collected therein. The above examples may be a guide, but this is not an exhaustive list of precautions you should follow.

Please remember that you bear the responsibility for any misuse of your user accounts or the data collected in them, which occurs through your fault.

4.4 How can I cancel my user account?

Upon your written request, we will cancel your user account without undue delay upon receipt of the request. Send your request electronically (by e-mail) to the e-mail address [obchod@pinya.cz] or by letter to PINYA s.r.o., Tuřanka 1222/115, Slatina, 627 00 Brno.

4.5 Can you cancel my user account without a request?

Yes, we can cancel your user account ourselves, without your request, but only if:

a) you do not log in to the user account for more than 24 months;

b) you violate your obligations under the contract with our company, including the General Terms and Conditions and this Privacy Policy, in particular if you violate your obligations in relation to the security of the user account and the protection of personal data held therein.

5. Final provisions

5.1 Can these principles be changed? And where can I find their current version?

This Privacy Policy may be subject to change by us. In the current version, you can always find them on our website.

5.2 If written form is required, does that mean email?

Yes, if this Privacy Policy requires that an action be made in writing, it can also be done by email.

5.3 Since when does this Privacy Policy apply?

The principles of personal data processing in this version shall apply from 1 June 2024.

PINYA Ltd.

Other versions

Privacy policy valid from 14. 3. 2023
Privacy policy valid from 1 November 2022
Privacy policy valid from 1 July 2021