GDPR

1. Basic Provisions
  1. The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”) is MICHÁLEK s.r.o., Company ID No.: 25292497, registered office at Tovární 1156, Chrudim IV, 537 01 Chrudim, registered in the Commercial Register maintained by the Regional Court in Hradec Králové, Section C, File 13837 (hereinafter referred to as the “Controller”).
  2. Controller’s contact details:
    • Address: Tovární 1156, Chrudim IV, 537 01 Chrudim
    • E-mail: michaleksro@michaleksro.cz
    • Phone: +420 469 638 316
  3. “Personal data” within the meaning of the GDPR refers to any information about an identified or identifiable natural person. These principles apply to the processing of personal data of all data subjects who have been referred to them, as well as to all visitors to the website www.michaleksro.cz.
2. Sources and Categories of Processed Data
  1. The Controller processes personal data you have provided, or data the Controller has obtained in connection with fulfilling your enquiry or order. This includes, in particular:
    • First and last name
    • Email address
    • Postal address
    • Telephone number
  2. The Controller processes your identification and contact data, as well as data necessary for fulfilling the contractual relationship.
3. Legal Basis and Purpose of Processing
  1. The legal basis for processing personal data is:
    • Performance of a contract between you and the Controller.
    • Compliance with legal obligations (especially in the field of accounting).
    • Legitimate interest of the Controller (e.g., direct marketing to existing customers).
    • Your consent to processing (e.g., for sending newsletters if you are not a customer).
  2. The purpose of processing personal data is:
    • Processing your enquiry or order and exercising rights and obligations arising from the contractual relationship.
    • Fulfilling legal obligations towards the state.
    • Sending commercial communications and other marketing activities.
  3. The Controller does not engage in automated individual decision-making within the meaning of Article 22 GDPR.
4. Data Retention Period
  1. The Controller retains personal data for the period necessary to exercise rights and obligations arising from the contract and for the period required by law (particularly the Accounting Act, usually 10 years).
  2. Data processed on the basis of consent is retained until such consent is withdrawn.
  3. After the retention period, the Controller will securely delete the personal data.
5. Recipients of Personal Data
  1. Recipients of personal data may include carriers, accounting firms, IT service providers, or providers of marketing tools.
  2. The Controller does not intend to transfer personal data to a third country (outside the EU).
6. Your Rights
  1. Under the conditions set out in the GDPR, you have:
    • The right to access your personal data.
    • The right to rectification.
    • The right to erasure.
    • The right to restriction of processing.
    • The right to object to processing.
    • The right to data portability.
    • The right to withdraw consent at any time.
  2. You also have the right to lodge a complaint with the Office for Personal Data Protection.
7. Security of Personal Data
  1. The Controller declares that it has taken all appropriate technical and organisational measures to secure personal data and that such data is accessible only to authorised persons.
8. Final Provisions
  1. By submitting an enquiry via the online form on the website www.michaleksro.cz, you confirm that you have read and accepted these personal data protection terms.
  2. The Controller is entitled to amend these terms, and any new version will always be published on its website.
These terms are effective as of 16 July 2025