Processing of personal data

In this Privacy Policy, we want to clarify the most important concepts and processes we use to protect your data and provide you with information, particularly about what personal data we collect, how we handle it, the sources from which we obtain it, the purposes for which we use it, to whom we may provide it, where you can obtain information about your personal data that we process, and what your individual rights are in the area of personal data protection..

Data Controller

The company Trachea Wood, a.s., registered at Vinohradská 2828/151, 130 00 Praha 3 – Žižkov, Company ID No.: 19807899, registered with the Regional Court in Praha, section B, insert 28426, (hereinafter also referred to as the „company“, „we“, or the „controller“), informs data subjects, i.e., natural persons whose personal data it processes, in accordance with the Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the „GDPR Regulation“) and Act No. 480/2004 Coll. on certain information society services (hereinafter referred to as the Anti-Spam Act), about the principles and conditions of the processing of their personal data, which data subjects voluntarily provide to the controller.

 

Basic information on the processing of personal data

We process your personal data on the basis of:

 
The possibility and lawfulness of processing based on the above follows directly from applicable legal regulations, and your consent for this processing is not required.

We process your personal data beyond the legitimate interest mentioned above only based on your consent. We always strive to obtain this consent in written or electronic form. However, you always have the option, in a simple way, including by ticking a box in a received message (or by the method described below), to withdraw the consent you have given.

 

What data we collect:

The controller processes personal data you have provided or personal data the controller has obtained based on fulfilling your order.
The controller processes your identification and contact details and data necessary for the performance of the contract.
These personal data include:

Identification data:
• First and last name
• Contact details (email address, phone number)
• Billing information
• Delivery address
• Order note
• Login to the user account
• IP address
– Information provided by the data subject for the purpose of sending commercial communications
• Email address
• First and last name
• Optionally, phone number

Communication data
Payment card details: first and last name, PAN (payment card number), expiration date, CVV/CVC of the payment card, and payment transaction history based on applications that allow the digitalization of your payment card in a mobile device, enabling transactions and displaying transaction history (Apple Pay, Google Pay, Garmin Pay).
Cookies: see the Cookies section.

We do not process Special Categories of Personal Data (special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning a person's sexual life or sexual orientation. Genetic and biometric data processed for the purpose of uniquely identifying a natural person are also considered special categories of data.)

 

How long we process data (so-called processing period):

The controller processes personal data for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years from the termination of the contractual relationship due to time limits resulting from generally binding legal regulations and due to limitation and preclusion periods). If you have purchased a product from us that is subject to a warranty period exceeding the mentioned 15 years, we process personal data for this longer period.

If you have given us consent for marketing purposes but do not become our client, meaning you do not order any products or services, we process your personal data for only 2 years from the time of consent. We may store the consent itself and changes or withdrawals of consent on the grounds of legitimate interest even after the termination or withdrawal of consent.

After the retention period has expired, the controller deletes or shreds personal data.

When handling your data, we adhere to the principle of data minimization. This means that we have procedures in place to ensure that we do not process data longer than we are authorized to.

 

For what purposes we process data and what is the legal reason for processing

The legal reason for processing personal data is the performance of a contract between you and the controller according to Article 6 (1) (b) of the GDPR, the legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6 (1) (f) of the GDPR, Your consent to processing for the purpose of direct marketing (especially for sending commercial communications and newsletters) according to Article 6 (1) (a) of the GDPR in connection with Section 7 (2) of Act No. 480/2004 Coll. on certain information society services, in cases where no goods or services were ordered.

The purpose of processing personal data is
- to process your order and exercise rights and obligations arising from the contractual relationship between you and the controller (e.g., complaints, returns, etc.); when ordering, personal data necessary for successful order processing are required (name and address, contact), providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data, it is not possible to conclude the contract or for the controller to fulfill it,
- to manage customer relationships,
- to send commercial communications and carry out other marketing activities,
- accounting management: keeping records of accounting according to accounting and tax legislation,
- defending our rights and legitimate interests.

 
Personal data processing does not involve decision-making based on automatic processing or profiling. Your personal data is not transferred outside the EU.

 
Registration for access to Trachea OS
Our computer program Trachea OS, including help programs, program libraries, scripts, product data, as well as other relevant written materials, is primarily intended for our business partners and customers. Trachea OS serves customers of our products to create and submit orders online. After registration and approval, you can enjoy the benefits of the Trachea OS ordering system together with us.

 

To whom we transfer data

Your personal data is transferred or made available only to those entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that the processing meets legal requirements, particularly GDPR requirements, and to ensure the protection of your rights at all times.

Data processors:
• our personal data, to the extent of first and last name, contact details (email address, phone number), billing details, delivery address, order note, may be transferred to your chosen distribution partner (authorized reseller) from the list of authorized resellers available at https://www.trachea.cz/…ani-prodejci, for the purpose of processing and fulfilling your order
– sending commercial communications
• Your personal data, to the extent of your email address, will be processed by the controller in the email address list at the processor Ecomail.cz, s.r.o., Company ID No.: 02762943, Na Mlejnku 18, Praha 4, 147 00, www.ecomail.cz.

When your data is transferred to third parties involved in personal data processing, so-called data processors, a processing agreement is concluded with them, which contains the same guarantees for personal data processing as we adhere to ourselves under our legal obligations.

Other personal data processors include: accountants and tax advisors, IT system administrators, providers of hosting and cloud services, marketing and advertising companies, email distribution platforms, online campaign management services, providers of analytical tools and research and analytical agencies, staffing agencies and payroll processors, payment system providers, logistics and courier entities, cybersecurity and protection providers, and others.

Recipients of personal data:
In accordance with applicable legal regulations, we are authorized to transfer your personal data directly, without your consent, to:
a) relevant state authorities, courts, and law enforcement agencies for the purpose of fulfilling their obligations and for the purposes of enforcing decisions;
b) banks and other payment service providers;
c) other persons to the extent specified by legal regulations, such as third parties for the purpose of debt collection.

 

What are your rights

Applicable legal regulations and the GDPR grant you the following rights:
Right of access
You have the right to request confirmation from us whether your personal data is being processed, and if so, to obtain a copy of this data and the information arising from Article 15 of the Regulation. In the case of a large amount of data, we may request that you specify the request for specific data we process about you.

Right to rectification
To ensure that we only process your current personal data, we need you to inform us of any changes as soon as possible. If we process inaccurate or incomplete data about you, you have the right to request its correction or completion.

Right to erasure
If the conditions of Article 17 of the Regulation are met, you can request the deletion of your personal data. You can request erasure, for example, if you have withdrawn your consent to processing, successfully objected to our legitimate interest, and no other legal basis for processing exists, or if we process your personal data unlawfully or the purpose for which we processed your personal data no longer exists, and we are not processing it for another compatible purpose. However, we will not delete your data if it is necessary for the establishment, exercise, or defense of legal claims, to comply with a legal obligation, or to perform a task carried out in the public interest.

Right to restrict processing
If the conditions of Article 18 of the Regulation are met, you may request that we restrict the processing of your personal data. You can request a restriction, for example, if you dispute the accuracy of the data being processed, or if the processing is unlawful and you do not wish the data to be deleted. We will continue to process your data if there are reasons for the establishment, exercise, or defense of legal claims, for the protection of another person's rights, or for reasons of important public interest.

Right to data portability
If processing is based on your consent or carried out to fulfill a contract with you and performed by automated means, you have the right to receive your personal data from us, which we have obtained from you, in a structured, commonly used, and machine-readable format. If you wish, and it is technically feasible, we will transfer your personal data directly to another controller.

Right to object to processing
If we process your personal data based on the performance of a task carried out in the public interest or in the exercise of official authority vested in us or if processing is based on our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Based on your objection, we will restrict personal data processing, and unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or reasons for the establishment, exercise, or defense of legal claims, we will no longer process and will delete your personal data.

Right to lodge a complaint
If you believe that we are processing your personal data in violation of the Regulation or other data protection regulations, you have the right to lodge a complaint with one of the competent supervisory authorities, particularly in the Member State of your habitual residence, place of work, or place of the alleged violation. For the territory of the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, Holešovice, 170 00 Prague 7, Czech Republic, website www.uoou.cz, tel.: +420 234 665 111.

 

You can exercise your rights related to the processing of personal data via email at trachea@trachea.cz.

In this regard, we would like to point out that we may request that you prove your identity in a suitable manner to verify your identity. This is a preventive security measure to prevent unauthorized persons from accessing your personal data. Requests concerning your rights are processed free of charge. If requests submitted by the data subject are manifestly unfounded or excessive, especially because they are repeated, the controller may either:
• impose a reasonable fee reflecting the administrative costs associated with providing the requested information or communication or making the requested actions; or
• refuse to comply with the requests.
The controller will substantiate the manifest unfoundedness or excessive nature of the request.

Withdrawal of consent:
You can withdraw your voluntarily given consent to the processing of personal data at any time, free of charge, by sending an email to trachea@trachea.cz. However, withdrawing consent does not affect the processing of personal data that we process on another legal basis, such as when processing is necessary for the performance of a contract, legal obligation, or for other reasons stipulated by applicable legal regulations.

If you have any questions regarding our Privacy Policy, please contact us at trachea@trachea.cz.

 

Document history

The controller reserves the right to change these terms. The new version of the Privacy Policy will be published on our website.

First version: 25.5.20218
Current revision: 1.10. 2024

   

Cookies

Cookies are small text files that websites can use for many purposes, such as personalizing content and ads, providing social media features, or analyzing traffic. Some cookies are used to remember your preferences. These files are stored on your device (e.g., computer, tablet, or mobile phone). Each website can send its own cookies to your browser, provided your browser settings allow it.
The law stipulates that we can store cookies on your device if they are strictly necessary for the operation of this website (see Necessary Cookies section), without your consent. For all other types of cookies, we need your consent, which you can withdraw at any time using the cookie banner on our website.

Types of cookies

Cookies are categorized based on their purpose as follows:

Necessary (technical)
These cookies help make websites usable. They provide basic functions such as page navigation or adjusting the browser's resolution based on your device's size. Without these cookies, the website cannot function properly.
These cookies can be blocked (disabled), but parts of the website may not display correctly, and some features may not work. Instructions for the most commonly used browsers are available here:
• Google Chrome
• Firefox
• Internet Explorer and Edge
• Safari
• Opera

Preference
Preference cookies allow a website to remember information that changes how the website behaves or looks, such as your preferred language or region in which you are located.

Analytical (statistical)
These cookies help website owners understand how visitors interact with the site by collecting and reporting information, often anonymously.

Advertising
Advertising cookies are used to track visitors and their behavior. The purpose is to display advertisements that are relevant and engaging for individual users and therefore more valuable for publishers and third-party advertisers.

 
List of all cookies

Name Domain Type Processing Duration Description
_ga_1GW1C26RD6 Google Performance 13 months This cookie is used by Google Analytics to maintain session status.
_ga Google Performance 13 months This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in every page request on the website and is used to calculate visitor, session, and campaign data for website analytics reports.
cookie_consent_level .trachea.cz Necessary 62 days This cookie is used to store the user's consent status with different categories of cookies used on the website, indicating which types of cookies the user has allowed.

 
In the event of changes in cookie collection, processing purposes, or tools used for data collection, the above table will be updated based on our reviews.

Overview of third-party cookies
In addition to our privacy policy, here we also provide an overview of third-party cookies and their own privacy policies:
• Facebook
• Google
• Microsoft
• Seznam.cz