Privacy policy

TABLE OF CONTENTS

1 GENERAL CONDITIONS
2 WHAT CONSTITUTES PERSONAL DATA
3 WHOSE PERSONAL DATA WE PROCESS
4 SOURCES OF PERSONAL DATA
5 WHAT PERSONAL DATA WE PROCESS
6 REASON, PURPOSE AND DURATION OF PERSONAL DATA PROCESSING
7 USAGE OF COOKIES AND OTHER TECHNOLOGIES
8 PROCESSING AND PROTECTION OF PERSONAL DATA
9 SHARING OF PERSONAL DATA
10 YOUR RIGHTS
11 RIGHT TO OBJECT
12 FINAL PROVISIONS

1 GENERAL CONDITIONS

These principles governing the processing and protection of personal data (hereinafter referred to as the “Policy“) establish the fundamental guidelines under which entrepreneur Peter Sova, ID: 02718618, with a registered office at Náměstí Junkových 2870/3, 155 00 Prague 5 – Stodůlky (hereinafter referred to as the “Administrator“), acting as the operator of the private studio INHALEUM (hereinafter referred to as the “Studio“), manages the collection and processing of personal data obtained from you through the website www.inhaleum.cz (hereinafter referred to as the “Website“).

This Policy has been formulated in compliance with legal regulations governing the processing of personal data, notably Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (general data protection regulation) (hereinafter referred to as “GDPR”).

This Policy is applicable to all parties engaging in business relationships with the Administrator and to all individuals visiting the Administrator’s website www.inhaleum.cz, regardless of whether they have entered into a contractual arrangement with the Administrator or not.

For inquiries regarding the protection of personal data, you can contact the designated data protection officer at info@inhaleum.cz.

The Administrator bears responsibility for ensuring that your personal data is processed in accordance with this Policy and the relevant legal regulations.

2 WHAT CONSTITUTES PERSONAL DATA

Personal data encompasses any information that, either on its own or when combined with other data, can distinctly identify an individual (hereinafter referred to as the “Data subject“). This includes, but is not limited to, details such as your name, email addresses, telephone numbers, location data, etc., all of which pertain to your individual identity (hereinafter referred to as “Personal data“).

3 WHOSE PERSONAL DATA WE PROCESS

In the course of conducting business activities, the Administrator processes Personal data of:

  • customers, defined as individuals with whom a service contract has been established (hereinafter referred to as the “Contract“);
  • potential customers, defined as individuals with whom negotiations for a Contract were initiated but not concluded;
  • natural persons whose Personal data has been provided to the Administrator by a customer or potential customer in connection with the Administrator’s business activities (e.g. legal representatives, individuals acting under power of attorney, co-participants in salt therapy sessions, etc.);
  • contractual partners who provide services or deliver products to us;
  • participants in our contests, which are announced by the Administrator on its Website or social networks;
  • individuals interested in the Studio and salt therapy, referred to as persons who have expressed interest in the Studio’s services through verbal or telephone contact, or who have contacted us via email, submitted inquiries on our website or social networks, engaged with us via chat services, or used other electronic communication channels;
  • subscribers to our newsletters, comprising individuals who have registered to receive our newsletters.

4 SOURCES OF PERSONAL DATA

The Administrator acquires your Personal data from the following sources:

  • directly from Data subjects: emails, telephone communications, the Website, contact forms on the Website, interactions on social networks, business cards, contract negotiations etc.
  • suppliers and business partners;
  • publicly accessible registers, lists, and records like the commercial register, trade register, real estate register, and similar publicly accessible records;
  • state administrative bodies;
  • as required by specific legal regulations.

5 WHAT PERSONAL DATA WE PROCESS

The Administrator processes the following categories of Personal data:

  • address and identification data such as name, surname, date of birth or social security number, address, and for entrepreneurs, the seat or place of business, ID, and VAT number;
  • contact details, typically, contact addresses, telephone numbers, email addresses, and data mailbox details;
  • invoicing data required by the Administrator for payment transactions, including financial details that vary based on the selected payment method, such as payment card or bank account information;
  • personal data from publicly accessible registers, lists, or records like the commercial register, trade register, real estate register, insolvency register, etc.;
  • personal data that are necessary for the conclusion of contracts or for the preparation of draft contracts;
  • personal data resulting from established contractual relationships and service provision, such as data on concluded contracts, contract durations, payment history, contract changes etc.;
  • personal data needed for fulfilling obligations arising from applicable legal regulations;
  • personal data resulting from communication between the Administrator and the Data subject, including IP addresses, social network addresses, location data, written records of personal communication, and communication logs;
  • login to the customer account and customer account activity, especially the information filled in by the user in the customer account, registration time, and the date of the last profile update;
  • information collected from Internet browsers, including data about the Data subject’s behavior on the Website (more details on cookies can be found in the Cookie Policy);
  • information intentionally shared with the Administrator, such as details provided for contract purposes, optional fields in contact forms on the Administrator’s website, questions and answers related to inquiries, and other data shared during communication or engagement with the Administrator.

6 REASON, PURPOSE AND DURATION OF PERSONAL DATA PROCESSING

Contractual agreement and fulfillment

You furnish us with Personal data in the course of negotiating or executing a contractual agreement, such as the Contract for service provision, and to fulfill the associated contractual obligations.

Legal basis: contract performance

Processing duration: throughout the contractual relationship

Establishment and Management of Customer Account

You voluntarily provide us with Personal data by creating a customer account in our reservation system on the Reservanto platform and subsequently updating it within the customer account. By creating a customer account, you can take advantage of the benefits it offers.

Legal basis: contract performance

Processing duration: throughout the contractual relationship

Communication with customer support, responding to emails, social network messages, or other inquiries

When you reach out to us via email, telephone, contact form, or through social networks, we process your Personal data to address your inquiry.

Zákonný důvod: consent to processing for the purpose of handling the inquiry

Processing duration: after processing your inquiry, Personal data will be deleted, this does not apply if you become a customer

Website traffic analysis, website security, server error detection, and prevention of fraud and server attacks

When you place an order or reservation for our Studio, particularly for salt therapy, through our Website, you voluntarily provide Personal data, typically through an electronic form. We also collect information about your Website visits for traffic analysis, security, error detection on our servers, and to prevent fraud and server attacks. This information may encompass details like your IP address, access date and time, browser information, operating system, and language settings. We may also examine your browsing history on the Website, such as which links you’ve visited. However, this behavioral data is anonymized to safeguard your privacy.

If you access our Website from a mobile device, we may also process information related to your mobile device.

We gather this data through logs or via the use of cookies and other tracking technologies.

Legal basis: legitimate interest, consent

Processing duration: the specific storage duration for cookie files depends on the type of cookie and is in accordance with the duration of your consent

Subscribing to business communications

When you register for our newsletter, you consent to receiving informative content and promotional offers related to our services. If you wish to stop receiving emails, simply click the “unsubscribe” link located in the footer of each email.

Legal basis: consent

Processing duration: as long as your consent remains valid or for up to 2 years from your last active interaction with our newsletter, unless you unsubscribe earlier

Marketing and promotion of our website and services

We may send promotional communications to users based on our legitimate interest in promoting our services, until they choose to unsubscribe from these messages. We make unsubscribing easy with a simple click in every promotional email we send. Additionally, based on our legitimate interest in promoting our services, we may also use phone numbers to send promotional SMS messages. In this case, users can opt out of SMS subscriptions by sending a short message to info@inhaleum.cz. You have the right to object to the processing of your Personal data based on our legitimate interests at any time (see the section on your rights for more details).

Legal basis: legitimate interest in service promotion

Processing duration: until consent is withdrawn (until you unsubscribe)

Contests and other promotions

We may organize surveys, contests, or other promotions on the Website or through social networks. Your participation in these promotions is entirely voluntary. During these surveys, contests, and promotions, we might request Personal information such as your first and last name, address, telephone number, email address, username, and similar details. We will use the Personal data you provide solely for the administration of these promotions or for any other purposes specified in the terms and conditions of a particular promotion.

Legal basis: consent

Processing duration: 2 years from the conclusion of the last competition, unless you withdraw your consent earlier – or a different period, if specified differently in the competition’s terms and conditions

Credit card payment

If you choose to make a payment using your credit card, please be aware that we do not have access to your credit card details. Our knowledge is limited to the fact that you are using a card for payment, while the actual processing of your card details is handled by trusted parties responsible for payment processing on our behalf. This includes secure payment gateways and the respective banking institution.

Legal basis: compliance with legal cbligations and contractual performance

Processing duration: retention of tax documents for 15 years

Handling claims or complaints

We may need to process your Personal data, which may include your name, surname, email address, customer phone number, details of the concluded rental agreement, and essential payment data, to fulfill our legal obligations concerning the processing of your claim or complaint.

Legal basis: compliance with legal obligations

Processing duration: for the duration of the contractual relationship and an additional 4 years following its termination

Accounting and tax purposes

We process various Personal data as mandated by legal requirements. Specifically, we are obligated to retain accounting documents and records (invoices) for a duration of 5 years following the conclusion of the relevant accounting period. Additionally, we are required to retain tax-related documents for a period of 10 years from the conclusion of the tax period in which the transaction occurred.

Legal basis: contractual obligation, legal obligation

Processing duration: accounting data for 5 years, tax documents for 10 years

7 USAGE OF COOKIES AND OTHER TECHNOLOGIES

Our Website utilizes cookies to gather information about user behavior. Cookies are small text files that websites store on your computer or mobile device as you browse. These files contain data about your actions and preferences. We employ cookies to enhance the user experience, enhance site functionality and performance, and for marketing and promotional purposes. You can review our complete cookie policy here.

Our Website features widgets, which are small interactive programs running on our site to provide specific services from third-party companies. These services may encompass displaying news, opinions, videos, and other content. These widgets may collect personal information, such as email addresses, and may also employ cookies for their proper operation. The information collected by widgets is subject to the privacy policy of the respective company that created them.

Furthermore, we collaborate with third parties to manage our advertisements on external sites. These partners may employ cookies or similar technologies to deliver ads based on your browsing behavior and interests.

For remarketing purposes, the Administrator collects cookies stored in visitors’ browsers. Remarketing entails displaying ads to visitors based on their previous visits to the Administrator’s website. Upon visiting our website, visitors are anonymously categorized and added to a target audience list, a process facilitated by cookies. We utilize this data exclusively for segmenting visitors to deliver more relevant advertising. Segments are formulated based on general visitor behavior patterns. Commercial messages are displayed on search engines like Google, Seznam, and others through remarketing platforms such as Google AdWords, Seznam Sklik, and more.

You have the option to expressly decline the display of such advertisements. Opting out will result in you seeing generic ads that are not tailored to your interests. For instructions on expressing your disagreement with interest-based ads:

8 PROCESSING AND PROTECTION OF PERSONAL DATA

The Administrator conducts Personal data processing within their facilities and corporate headquarters, overseen by designated authorized personnel or processors. Processing occurs through computer technology or manual methods for paper-based Personal data, all while upholding stringent security principles for Personal data management and processing.

To this end, the Administrator has implemented technical and operational security measures aimed at safeguarding Personal data. These measures are designed to prevent unauthorized or accidental access, alteration, destruction, or loss of Personal data, unauthorized transfers, unauthorized processing, and any other forms of Personal data misuse.

These protective measures comprise routine data backups, firewall usage, encryption, meticulous access rights management, careful processor selection, and various technically and commercially sensible steps to provide robust protection for your Personal data.

As applicable, we may also create data backup copies and employ additional safeguards to prevent inadvertent damage or loss of your personal information. These measures establish an appropriate level of security commensurate with the risks associated with processing and the nature of the Personal data in question.

All entities with potential access to Personal data adhere to the Data subject’s right to privacy protection and are bound to operate in accordance with prevailing legal regulations pertaining to Personal data protection.

It is important to note, however, that while we employ recognized online payment security systems for all online payments you make to us, absolute security cannot be guaranteed when transmitting data over the internet.

In the event of any security breach involving your Personal data that could potentially pose a significant risk to you, we will promptly notify you.

9 SHARING OF PERSONAL DATA

The Administrator may share your Personal data with third parties for various purposes related to conducting business, enhancing and personalizing our services, facilitating marketing and other business communications, and for other legitimate reasons as allowed by applicable laws or with your explicit consent.

We may share personal information in the following ways:

  • With business partners, service providers, and authorized agents. This includes collaborating with our business partners, service providers, or authorized third-party agents to deliver requested solutions, services, or transactions. Examples encompass processing orders and transactions, processing reservations and managing customer accounts, website hosting, support during sales activities, post-sales support, and customer service.
  • We may disclose Personal data in response to information requests from competent authorities when we believe that such disclosure complies with or is required by applicable laws, regulations, or legal processes.
  • Personal data may be shared with law enforcement agencies, government bodies, or other third parties when necessary to comply with legal requirements imposed by public authorities or court requests in legal disputes. This sharing may be conducted to safeguard the rights, property, or safety of the Controller, business partners, Data subjects, or other individuals, or as mandated by relevant laws.
  • In certain instances, we may share data in an aggregated or anonymized format, with any identifying information removed. This ensures that the information cannot reasonably be used to identify you.
  • If we intend to share data in a manner not covered by the above points, we will notify you and seek your explicit consent before proceeding with the sharing.

10 YOUR RIGHTS

In accordance with the General Data Protection Regulation (GDPR), Data subjects possess the following rights:

  • Right to access: You have the right to request free access to your Personal data processed by the Administrator. This includes obtaining information from the Administrator regarding whether your Personal data is being processed and, if so, gaining access to that data.
  • Right to rectification: You can request the correction or supplementation of your inaccurate Personal data processed by the Administrator.
  • Right to rrasure (right to be forgotten): You have the right to request the deletion of some or all of your Personal data under certain circumstances. This includes situations where the processing purpose has ceased, you have withdrawn your consent, you object to the processing, or your Personal data is being processed unlawfully.
  • Right to restriction of processing: You may request the restriction or cessation of processing of some or all of your data.
  • Right to data portability: You can obtain your Personal data, which you provided and is processed with your consent or for the performance of a contract or pre-contractual measures, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another data controller.
  • Right to object: You have the right to object to the processing of your Personal data.
  • Right to lodge a complaint: If you believe that your Personal data is being processed unlawfully or your rights are otherwise violated, you have the right to lodge a complaint with the supervisory authority. This can be done, in particular, in the Member State of your habitual residence or place of work.

To exercise any of these rights, you can send your requests and inquiries to info@inhaleum.cz. The Administrator will promptly acknowledge receipt of each application as per the points mentioned above and provide the necessary information or details about the measures taken, typically within one month.

This period may be extended by an additional two months if necessary, taking into account the complexity and the number of requests. In certain specific cases defined in the GDPR, the Administrator is not obligated to fully or partially comply with the requests. This will be especially true if the request is clearly unfounded or disproportionate, particularly because it is repetitive, or if the requested information threatens the privacy of other individuals or their legitimate rights, or where the costs of providing access would be disproportionate to the privacy risks to the individual in that particular case. In such cases, the Administrator may impose a reasonable fee to cover administrative costs associated with providing the requested information or may reject the requests. The requester will always be informed of this.

If the Administrator has reasonable doubts about your identity when requesting information, they may request additional information to confirm your identity.

Information regarding the exercise of your rights will be retained by the Administrator for a reasonable period (typically 3 years) for record-keeping, statistical, service improvement, and rights protection purposes.

Please note that if you request the deletion or restriction of any Personal data, the Administrator may be unable to continue providing services.

11 RIGHT TO OBJECT

In cases where the legal basis for processing Personal data is referred to as a “legitimate interest,” the Data Subject holds the right to object to such processing of their Personal data at any time. Should such an objection be raised, the Personal data shall cease to be processed unless compelling legitimate grounds for the processing override the interests, rights, and freedoms of the Data Subject, or if the data is required for the establishment, exercise, or defense of legal claims.

To raise an objection against the processing, the concerned individual can directly contact us at info@inhaleum.cz. When composing the email, kindly outline the specific circumstances leading you to conclude that the Administrator should refrain from processing your data. In cases of data processing for direct marketing purposes, objections can be made without further justification.

12 FINAL PROVISIONS

The Administrator acknowledges that changes to this Policy may occur due to technological advancements, amendments to relevant laws, or the introduction of new products and applications by the Administrator. Therefore, the Administrator reserves the right to modify the content of this Policy at any time and without prior notice. All modifications take effect immediately upon the publication of the updated Privacy policy on the Administrator’s website.

If you have any inquiries regarding our Privacy policy, please do not hesitate to contact us at info@inhaleum.cz. If you are dissatisfied, you may submit a request or complaint at any time to the Office for the Protection of Personal Data, located at Plk. Sochora 727/27, 170 00 Prague 7 – Holešovice (for more information, visit https://www.uoou.cz/).

 

This Privacy Policy is in effect as of March 1, 2024.