In this Privacy Policy, we want to clarify the most important concepts and processes we use to protect your data and provide you with information, particularly about what personal data we collect, how we handle it, the sources from which we obtain it, the purposes for which we use it, to whom we may provide it, where you can obtain information about your personal data that we process, and what your individual rights are in the area of personal data protection..
Data Controller
The company Trachea a.s., registered at Vinařská 580/17a, 603 00 Brno – Pisárky, Company ID No.: 63485079, registered with the Regional Court in Brno, section B, insert 6797, (hereinafter also referred to as the „company“, „we“, or the „controller“), informs data subjects, i.e., natural persons whose personal data it processes, in accordance with the Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the „GDPR Regulation“) and Act No. 480/2004 Coll. on certain information society services (hereinafter referred to as the Anti-Spam Act), about the principles and conditions of the processing of their personal data, which data subjects voluntarily provide to the controller.
Basic information on the processing of personal data
We process your personal data on the basis of:
- the performance of a contract you have entered into with us or will enter into;
- compliance with legal obligations arising from generally binding legal regulations;
- the protection of our legitimate interests.
The possibility and lawfulness of processing based on the above follows directly
from applicable legal regulations, and your consent for this processing is not
required.
We process your personal data beyond the legitimate interest mentioned above only based on your consent. We always strive to obtain this consent in written or electronic form. However, you always have the option, in a simple way, including by ticking a box in a received message (or by the method described below), to withdraw the consent you have given.
What data we collect:
The controller processes personal data you have provided or personal data the
controller has obtained based on fulfilling your order.
The controller processes your identification and contact details and data
necessary for the performance of the contract.
These personal data include:
Identification data:
• First and last name
• Contact details (email address, phone number)
• Billing information
• Delivery address
• Order note
• Login to the user account
• IP address
– Information provided by the data subject for the purpose of sending
commercial communications
• Email address
• First and last name
• Optionally, phone number
Communication data
Payment card details: first and last name, PAN (payment card number), expiration
date, CVV/CVC of the payment card, and payment transaction history based on
applications that allow the digitalization of your payment card in a mobile
device, enabling transactions and displaying transaction history (Apple Pay,
Google Pay, Garmin Pay).
Cookies: see the Cookies section.
We do not process Special Categories of Personal Data (special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person's sexual life or sexual orientation. Genetic and biometric data processed for the purpose of uniquely identifying a natural person are also considered special categories of data.)
How long we process data (so-called processing period):
The controller processes personal data for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years from the termination of the contractual relationship due to time limits resulting from generally binding legal regulations and due to limitation and preclusion periods). If you have purchased a product from us that is subject to a warranty period exceeding the mentioned 15 years, we process personal data for this longer period.
If you have given us consent for marketing purposes but do not become our client, meaning you do not order any products or services, we process your personal data for only 2 years from the time of consent. We may store the consent itself and changes or withdrawals of consent on the grounds of legitimate interest even after the termination or withdrawal of consent.
After the retention period has expired, the controller deletes or shreds personal data.
When handling your data, we adhere to the principle of data minimization. This means that we have procedures in place to ensure that we do not process data longer than we are authorized to.
For what purposes we process data and what is the legal reason for processing
The legal reason for processing personal data is the performance of a contract between you and the controller according to Article 6 (1) (b) of the GDPR, the legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6 (1) (f) of the GDPR, Your consent to processing for the purpose of direct marketing (especially for sending commercial communications and newsletters) according to Article 6 (1) (a) of the GDPR in connection with Section 7 (2) of Act No. 480/2004 Coll. on certain information society services, in cases where no goods or services were ordered.
The purpose of processing personal data is
- to process your order and exercise rights and obligations arising from the
contractual relationship between you and the controller (e.g., complaints,
returns, etc.); when ordering, personal data necessary for successful order
processing are required (name and address, contact), providing personal data is
a necessary requirement for concluding and fulfilling the contract, without
providing personal data, it is not possible to conclude the contract or for the
controller to fulfill it,
- to manage customer relationships,
- to send commercial communications and carry out other marketing
activities,
- accounting management: keeping records of accounting according to accounting
and tax legislation,
- defending our rights and legitimate interests.
Personal data processing does not involve decision-making based on automatic
processing or profiling. Your personal data is not transferred outside
the EU.
Registration for access to Trachea OS
Our computer program Trachea OS, including help programs, program libraries,
scripts, product data, as well as other relevant written materials, is primarily
intended for our business partners and customers. Trachea OS serves customers of
our products to create and submit orders online. After registration and
approval, you can enjoy the benefits of the Trachea OS ordering system together
with us.
To whom we transfer data
Your personal data is transferred or made available only to those entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that the processing meets legal requirements, particularly GDPR requirements, and to ensure the protection of your rights at all times.
Data processors:
• our personal data, to the extent of first and last name, contact details
(email address, phone number), billing details, delivery address, order note,
may be transferred to your chosen distribution partner (authorized reseller)
from the list of authorized resellers available at https://www.trachea.cz/…ani-prodejci,
for the purpose of processing and fulfilling your order
– sending commercial communications
• Your personal data, to the extent of your email address, will be processed
by the controller in the email address list at the processor Ecomail.cz, s.r.o.,
Company ID No.: 02762943, Na Mlejnku 18, Praha 4, 147 00, www.ecomail.cz.
When your data is transferred to third parties involved in personal data processing, so-called data processors, a processing agreement is concluded with them, which contains the same guarantees for personal data processing as we adhere to ourselves under our legal obligations.
Other personal data processors include: accountants and tax advisors, IT system administrators, providers of hosting and cloud services, marketing and advertising companies, email distribution platforms, online campaign management services, providers of analytical tools and research and analytical agencies, staffing agencies and payroll processors, payment system providers, logistics and courier entities, cybersecurity and protection providers, and others.
Recipients of personal data:
In accordance with applicable legal regulations, we are authorized to transfer
your personal data directly, without your consent, to:
a) relevant state authorities, courts, and law enforcement agencies for the
purpose of fulfilling their obligations and for the purposes of enforcing
decisions;
b) banks and other payment service providers;
c) other persons to the extent specified by legal regulations, such as third
parties for the purpose of debt collection.
What are your rights
Applicable legal regulations and the GDPR grant you the following
rights:
Right of access
You have the right to request confirmation from us whether your personal data is
being processed, and if so, to obtain a copy of this data and the information
arising from Article 15 of the Regulation. In the case of a large amount of
data, we may request that you specify the request for specific data we process
about you.
Right to rectification
To ensure that we only process your current personal data, we need you to inform
us of any changes as soon as possible. If we process inaccurate or incomplete
data about you, you have the right to request its correction or completion.
Right to erasure
If the conditions of Article 17 of the Regulation are met, you can request the
deletion of your personal data. You can request erasure, for example, if you
have withdrawn your consent to processing, successfully objected to our
legitimate interest, and no other legal basis for processing exists, or if we
process your personal data unlawfully or the purpose for which we processed your
personal data no longer exists, and we are not processing it for another
compatible purpose. However, we will not delete your data if it is necessary for
the establishment, exercise, or defense of legal claims, to comply with a legal
obligation, or to perform a task carried out in the public interest.
Right to restrict processing
If the conditions of Article 18 of the Regulation are met, you may request that
we restrict the processing of your personal data. You can request a restriction,
for example, if you dispute the accuracy of the data being processed, or if the
processing is unlawful and you do not wish the data to be deleted. We will
continue to process your data if there are reasons for the establishment,
exercise, or defense of legal claims, for the protection of another
person's rights, or for reasons of important public interest.
Right to data portability
If processing is based on your consent or carried out to fulfill a contract with
you and performed by automated means, you have the right to receive your
personal data from us, which we have obtained from you, in a structured,
commonly used, and machine-readable format. If you wish, and it is technically
feasible, we will transfer your personal data directly to another
controller.
Right to object to processing
If we process your personal data based on the performance of a task carried out
in the public interest or in the exercise of official authority vested in us or
if processing is based on our legitimate interests or the legitimate interests
of a third party, you have the right to object to such processing. Based on your
objection, we will restrict personal data processing, and unless we demonstrate
compelling legitimate grounds for the processing that override your interests,
rights, and freedoms or reasons for the establishment, exercise, or defense of
legal claims, we will no longer process and will delete your personal data.
Right to lodge a complaint
If you believe that we are processing your personal data in violation of the
Regulation or other data protection regulations, you have the right to lodge a
complaint with one of the competent supervisory authorities, particularly in the
Member State of your habitual residence, place of work, or place of the alleged
violation. For the territory of the Czech Republic, the supervisory authority is
the Office for Personal Data Protection, Pplk. Sochora 27, Holešovice, 170
00 Prague 7, Czech Republic, website www.uoou.cz, tel.: +420 234 665 111.
You can exercise your rights related to the processing of personal data via email at trachea@trachea.cz.
In this regard, we would like to point out that we may request that you prove
your identity in a suitable manner to verify your identity. This is a preventive
security measure to prevent unauthorized persons from accessing your personal
data. Requests concerning your rights are processed free of charge. If requests
submitted by the data subject are manifestly unfounded or excessive, especially
because they are repeated, the controller may either:
• impose a reasonable fee reflecting the administrative costs associated with
providing the requested information or communication or making the requested
actions; or
• refuse to comply with the requests.
The controller will substantiate the manifest unfoundedness or excessive nature
of the request.
Withdrawal of consent:
You can withdraw your voluntarily given consent to the processing of personal
data at any time, free of charge, by sending an email to trachea@trachea.cz.
However, withdrawing consent does not affect the processing of personal data
that we process on another legal basis, such as when processing is necessary for
the performance of a contract, legal obligation, or for other reasons stipulated
by applicable legal regulations.
If you have any questions regarding our Privacy Policy, please contact us at trachea@trachea.cz.
Document history
The controller reserves the right to change these terms. The new version of the Privacy Policy will be published on our website.
First version: 25.5.20218
Current revision: 1.10. 2024
Cookies
Cookies are small text files that websites can use for many purposes, such as
personalizing content and ads, providing social media features, or analyzing
traffic. Some cookies are used to remember your preferences. These files are
stored on your device (e.g., computer, tablet, or mobile phone). Each website
can send its own cookies to your browser, provided your browser settings allow
it.
The law stipulates that we can store cookies on your device if they are strictly
necessary for the operation of this website (see Necessary Cookies section),
without your consent. For all other types of cookies, we need your consent,
which you can withdraw at any time using the cookie banner on our website.
Types of cookies
Cookies are categorized based on their purpose as follows:
Necessary (technical)
These cookies help make websites usable. They provide basic functions such as
page navigation or adjusting the browser's resolution based on your
device's size. Without these cookies, the website cannot function properly.
These cookies can be blocked (disabled), but parts of the website may not
display correctly, and some features may not work. Instructions for the most
commonly used browsers are available here:
• Google Chrome
• Firefox
• Internet Explorer and Edge
• Safari
• Opera
Preference
Preference cookies allow a website to remember information that changes how the
website behaves or looks, such as your preferred language or region in which you
are located.
Analytical (statistical)
These cookies help website owners understand how visitors interact with the site
by collecting and reporting information, often anonymously.
Advertising
Advertising cookies are used to track visitors and their behavior. The purpose
is to display advertisements that are relevant and engaging for individual users
and therefore more valuable for publishers and third-party advertisers.
List of all cookies
| Name | Domain | Type | Processing Duration | Description |
|---|---|---|---|---|
| _ga_1GW1C26RD6 | Performance | 13 months | This cookie is used by Google Analytics to maintain session status. | |
| _ga | Performance | 13 months | This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every page request on the website and is used to calculate visitor, session, and campaign data for website analytics reports. | |
| cookie_consent_level | .trachea.cz | Necessary | 62 days | This cookie is used to store the user's consent status with different categories of cookies used on the website, indicating which types of cookies the user has allowed. |
In the event of changes in cookie collection, processing purposes, or tools used
for data collection, the above table will be updated based on our reviews.
Overview of third-party cookies
In addition to our privacy policy, here we also provide an overview of
third-party cookies and their own privacy policies:
• Facebook
• Google
• Microsoft
• Seznam.cz