We are aware that our customers, visitors, users and others who visit our website (collectively referred to as “Users”) value their privacy. This document therefore contains important information regarding the rules we follow when processing personal data.
All processing of personal data by us is always carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
BASIC INFORMATION
Identification and contact details of the Provider:
| name: | Alkion service s.r.o. |
|---|---|
| ID: | 28875931 |
| registered office: | Kruh 83, 514 01 Kruh |
| contact email: | info@alkion.eu |
| contact telephone number: | +420 777 743 881 |
(hereinafter also referred to as the “Provider”)
Data Protection Officer:
The Provider has not appointed a data protection officer, as it is not a obligated person pursuant to Article 37 of the GDPR.
Transfer of personal data to a third country or international organization:
The Provider does not transfer personal data to third countries or international organizations within the meaning of Art. 44 et seq. GDPR.
Automated individual decision-making and profiling:
The Provider does not perform profiling or automated individual decision-making.
Supervisory authority:
The supervisory authority at the place of the Provider’s registered office is the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: 234 665 125.
Provider’s position:
The Provider acts only in the position of a personal data controller.
PROVIDER PERSONAL DATA CONTROLLER
The Provider acts in the position of a personal data controller in relation to the personal data of the following persons: customers, natural persons who visit the Provider’s website.
What personal data does the Provider process, for what purpose and on what legal basis?
Visiting the website. The Provider processes data that it obtains from individuals by visiting the Provider’s website. When visiting the website, the Provider collects and processes the following types of personal data that are stored: IP address. The Provider also processes the following data: browser type and language, server requirements, incl. time data and referring URL. This data is necessary to enable the website to be displayed correctly. In addition, it may be used as necessary to maintain the secure operation of the website and for other purposes described in this Privacy Policy. The Provider processes this personal data based on its legitimate interest or the User’s consent. Information about cookies is provided below.
If the Provider intends to process personal data other than that specified in this article, or for other purposes, it may do so only on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be given on a separate document.
Sensitive personal data
As a personal data controller, the Provider does not process the personal data of Users that belong to special categories of personal data according to Article 9 of the GDPR.
For how long does the Provider process personal data?
Personal data is processed only for the period for which there is a legal reason for their storage, after which the data is deleted without delay.
Personal data processed for the fulfillment of obligations arising from special legal regulations is processed by the Provider for the period specified in the relevant legal regulations. This includes, for example, statutory data retention or documentation obligations. This includes in particular obligations relating to data retention arising from civil law, commercial law or tax regulations. If the obligation to retain data expires, the personal data will be deleted without delay.
Other personal data are processed for the period of: Personal data are processed for the duration of the contractual relationship with the customer and subsequently for a period of 1 year after the termination of the contractual relationship.
DATA SECURITY METHODS
In order to secure the User’s data against unauthorized or accidental disclosure, the Provider uses appropriate and suitable technical and organizational measures.
The Provider ensures that in the case of servers being located in a data center operated by a third party, similar technical and organizational measures are also implemented by this third party.
All data is located only on servers located in the European Union or in countries that ensure the protection of personal data in a manner equivalent to the protection provided by the legal regulations of the Czech Republic.
The Provider uses the following data security procedures: Technical measures consist of the application of technologies that prevent unauthorized access by third parties to the User’s data, in particular the use of firewalls, updated antivirus programs, etc. For the purpose of maximum protection, the Provider uses data encryption. Access to areas with a high concentration of personal data processing is protected by electronic security systems. Organizational measures constitute a set of rules of conduct for employees and are incorporated into the Provider’s internal regulations, which are considered confidential for security reasons. The procedures are based solely on minimizing the number of persons who have access to personal data and the ability to handle personal data. All employee access to personal data, as well as the methods of handling it, are monitored.
USER RIGHTS
Each User has:
- the right to access personal data: The User has the right to obtain from the Provider confirmation as to whether or not personal data concerning him or her are being processed, and if so, the right to access such personal data and the following information: a) the purpose of the processing; b) the categories of personal data concerned; c) the recipients to whom the personal data have been or will be disclosed; d) the planned period for which the personal data will be stored; e) the existence of the right to request the controller to correct or delete personal data or to restrict their processing, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) all available information about the source of personal data, unless it is obtained from the Users; h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to obtain a copy of the processed personal data.
- right to rectification of personal data: The user has the right to have the Provider correct inaccurate personal data concerning him or her without undue delay, or to complete incomplete personal data.
- right to erasure of personal data: The user has the right to have the Provider erase personal data concerning him or her without undue delay if: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the user withdraws the consent on the basis of which the data were processed and there is no other legal ground for the processing; c) the user objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been processed unlawfully; e) the personal data must be erased to comply with a legal obligation under Union or Member State law; f) the personal data have been collected in connection with the offering of information society services. However, the right to erasure does not apply if the processing is necessary for compliance with legal obligations, for the establishment, exercise or defence of legal claims and in other cases provided for in the GDPR.
- right to restriction of processing: The User has the right to obtain from the Provider restriction of processing in any of the following cases: a) The User disputes the accuracy of the personal data, for the period necessary for the Provider to verify the accuracy of the personal data; b) the processing of the data is unlawful and the User refuses the erasure of the personal data and requests the restriction of their use instead; c) The Provider no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise or defence of legal claims; d) The User has objected to the processing, pending verification of whether the legitimate grounds of the Provider override those of the data subject.
- right to object to processing: The User has the right, on grounds relating to his or her particular situation, to object at any time to the processing of personal data concerning him or her which is processed on the basis of a legitimate interest. In such a case, the Provider shall not further process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests or rights of the Users, or for the establishment, exercise or defence of legal claims.
- right to data portability: The User has the right to obtain the personal data concerning him or her, which have been provided to the Provider, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller, where: a) the processing is based on consent and b) the processing is carried out by automated means. When exercising his or her right to data portability, the User has the right to have personal data transmitted directly from one controller to another, where technically feasible.
- right to lodge a complaint with a supervisory authority: If the User believes that the Provider is not processing his or her personal data lawfully, he or she has the right to lodge a complaint with a supervisory authority. The contact details of the supervisory authority are provided above.
- right to information regarding the correction or erasure of personal data or restriction of processing: The Provider is obliged to notify the individual recipients to whom the personal data have been made available of any correction or erasure of personal data or restriction of processing, except in cases where this proves impossible or requires disproportionate effort. If the User so requests, the Provider shall inform him/her of these recipients.
- right to be informed in the event of a personal data breach: If it is likely that a particular personal data breach will result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of this breach without undue delay.
- Right to withdraw consent to the processing of personal data: In the event that the processing of some of the personal data is based on consent, the User has the right to withdraw his consent to the processing of personal data at any time in writing by sending a statement of disagreement with the processing of personal data to the e-mail address: info@alkion.eu.
COOKIES
The Provider uses cookies, which are small text files that identify users of the Provider’s website and record their user activities.
The text in a cookie file is often made up of a series of numbers and letters that uniquely identify the User’s computer, but do not provide any specific personal data about the User. A cookie file usually contains the name of the domain from which it was sent, information about its age and an alphanumeric identifier.
The Provider’s website automatically identifies the User’s IP address. All this information is recorded in an activity file by the server, which enables subsequent data processing. The Provider also records the request from the browser and the time of the request, the status and amount of data transferred within the framework of this request. It also collects information about the browser used and the computer’s operating system and their versions. It also records the websites from which you reached the Provider’s website. Your computer’s IP address is stored only for the period of time the website was used and then for the necessary period. After their expiration, the IP address is deleted or anonymized by shortening.
Types of cookies and similar technologies
Technical cookies and similar technologies: Due to its legitimate interest, the Provider uses technically necessary cookies that are necessary for the operation of the website and to ensure its functionality. These can be permanent or one-time cookies. A permanent cookie file remains on the hard drive even after the browser is closed. Permanent cookies can be used by the browser during subsequent visits to the Provider’s website. Permanent cookies can be deleted. One-time cookies are temporary and are deleted as soon as the browser is closed. The Provider uses this data to operate the website, in particular to identify and resolve errors, to determine the use of the website and to make adjustments or improvements. These are purposes for which the Provider has a legitimate interest in processing data pursuant to Article 6(1)(f) of the GDPR.
The User can set their browser to block these cookies. The Provider warns that in such a case some parts of the website will not work.
In the same way and for the same reasons, the Provider uses WebStorage listed in the table below.
With the User’s permission, the Provider uses other cookies:
Analytical cookies and similar technologies: These cookies help the Provider analyze how Users use the website. They can be used, for example, to measure and improve the performance of the website. These cookies allow, for example, to determine how the User came to the website, whether directly, using a search engine or via a link on a social network. The Provider also learns how long Users stay on the page and what links they click on.
These cookies are set on the User’s device only if they give their consent to this when they first visit the website (according to Article 6(1)(a) GDPR). Analytical cookies can be rejected at any time, simply by making a change in the Detailed cookie settings.
In the same way and for the same reasons, the Provider uses WebStorage listed in the table below.
Advertising cookies and similar technologies: Advertising cookies allow the display of advertising based on the User’s preferences. They can be used, for example, so that the Operator can create a profile of the User’s interests and display relevant advertisements to the User.
These cookies are set on the User’s device only if the User gives consent to this when visiting the website for the first time (pursuant to Article 6(1)(a) GDPR). Advertising cookies can be rejected at any time by making a change in the Detailed cookie settings. If the User does not consent, he will not be the recipient of content and advertisements tailored to his interests.
In the same way and for the same reasons, the Provider uses WebStorage listed in the table below.
or other cookies / similar technologies, if they are listed in the table below.
To obtain and manage the User’s consent, the Provider uses the CookiesLišta.cz platform from Cookies lišta, s.r.o., ID: 17418640, Příčná 1892/4, Prague 1, 110 00 Prague. The platform collects information about the device, browser information, anonymized IP address, date and time of visit, URL request, path to the website and geographical location. This makes it possible to inform the User about the Provider’s web environment and to obtain, manage and document his consent. The legal basis for data processing is Art. 6 para. 1. letter c) GDPR, as the Provider is legally obliged to provide proof of consent in accordance with Article 7(1) GDPR. The data will be deleted as soon as they are no longer needed for logging and there are no legal retention requirements. Further information on the topic of personal data protection at the platform provider can be found at: https://www.cookieslista.cz.
The Provider’s website may also contain third-party cookies. The Provider uses the following cookies:
Processor Cookies designation Personal data Purpose of processing Legal Reason Processing time Technical cookies / similar technologies Alkion service s.r.o. dcb_dsv no Version of consent to the processing of cookies. legitimate reason local storage / 365 dní Alkion service s.r.o. dcb_config no Configuration of consent to the processing of cookies. legitimate reason local storage / 365 dní Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States cookiePreferences no Registers the user's cookie preferences. user consent 2 years Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _GRECAPTCHA no Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) at startup in order to provide a risk analysis. legitimate reason 179 days Analytical cookies / similar technologies Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _ga no ID used to identify users user consent 2 years Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _ga_ no ID used to identify users user consent 2 years Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gid no ID used to identify users for 24 hours after the last activity user consent 24 hours Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gat no Used to track the number of Google Analytics server requests when using Google Tag Manager user consent 1 minute Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _dc_gtm_ no Used to track the number of requests from the Google Analytics server user consent 1 minute Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States AMP_TOKEN no It contains the token code that is used to retrieve the client ID from the AMP Client ID service. user consent 30 seconds to 1 year Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gat_gtag_ no It is used to set up and get tracking data. user consent 1 hour Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gac_ no It contains information related to the user's marketing campaigns. These are shared with Google AdWords/Google Ads when Google Ads and Google Analytics accounts are linked. user consent 90 days Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utma no An ID used to identify users and sessions. user consent 2 years after last activity Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmt no It is used to track the number of requests from the Google Analytics server. user consent 10 minutes Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmb no It is used to differentiate between new sessions and sessions. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated each time data is sent to the Google Analytics server. user consent 30 minutes after the last activity Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmc no It is only used with old versions of Urchin Google Analytics, not with GA.js. It is used to differentiate between new sessions and sessions at the end of the session. user consent End of session (browser) Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmz no It contains information about the traffic source or campaign that directed users to the website. The cookie is set when the GA.js javascript is loaded and is updated when data is sent to the Google Analytics server. user consent 6 months after last activity Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmv no Custom information for web developers is received through the _setCustomVar method in Google Analytics. The cookie contains new updates as well as new reports on the Google Analytics server. user consent 2 years after last activity Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmx no It is used to determine whether a user is included in an A/B test or a multivariate test. user consent 18 months Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States __utmxx no It is used to determine when an A/B or multivariate test in which the user participates ends. user consent 18 months Advertising cookies / similar technologies Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gac_UA-* no The function is to store and count page views. user consent 90 days Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States goog_pem_mod no The function is to provide ad serving or redirects. user consent permanently Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ads/ga-audiences no The function is to store information for remarketing purposes. user consent immediately Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States session_depth no The function consists of saving the frequency of display of advertisements. user consent 30 minutes Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States _gac_* no The function is to store and count page views. user consent 90 days Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States google_pem_mod no The function is to provide ad serving or redirects. user consent permanently Seznam.cz, a.s. - Radlická 3294/10, 150 00 Praha 5, Česká republika sid no Conversion tracking. user consent 30 days Seznam.cz, a.s. - Radlická 3294/10, 150 00 Praha 5, Česká republika Sklik-* no Retargeting. user consent 30 days
Cookie settings in the browser
Most web browsers accept cookies automatically. However, it is possible to use controls that allow you to block or delete them.
Instructions for blocking or deleting cookies in browsers can usually be found in the privacy policies or help documentation of individual browsers.
Log files
The User’s browser automatically reports certain information each time the Provider’s website is viewed. Servers automatically record certain information that the web browser sends each time the website is visited. These server logs (so-called “log files”) may contain information such as: web request, IP address, browser type, browser language, referring/exit pages and URLs, platform type, number of clicks, domain names, landing pages, number of pages viewed and the order of these pages, amount of time spent on certain pages, date and time of the request and one or more cookies that can uniquely identify the internet browser.
Social networks
The Provider is present on social networks in order to communicate with customers, interested parties and users who are logged in there and to inform them about its offers.
The Provider points out that the User uses these platforms and their functions at their own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The Provider bears no responsibility for the handling of this personal data and points out that personal data may also be processed outside the European Union.
FINAL PROVISIONS
The Provider will update this Privacy Policy in the event of any changes. The current version of the Privacy Policy will always be available on the Provider’s website. If there is a material change in the methods of handling personal data in this Privacy Policy, the Provider will inform the User by visibly posting a notice before implementing these changes.
Last modified 25. 3. 2024