PRIVACY POLICY
PRIVACY POLICY
This Privacy Policy is here to help you understand what information we collect about you and why (hereinafter referred to as the “Privacy Policy”). When you choose to use our services, you entrust us with your personal information. We take personal data protection seriously and we work hard to protect your personal information and enable you to manage it.
- INTRODUCION
1.1 If we refer to ourselves in the first person plural as “we”, this refers to our company FBL Group s.r.o., with its registered office at Petrohradská 387/18, Vršovice, 101 00 Prague 10, ID No: 075 25 915, a company registered in the Commercial Register kept by the Municipal Court in Prague under file number C 302493, acting as the personal data controller (hereinafter referred to as the “Controller”).
1.2. When we refer to you in the second person plural as “You”, this refers to the customer of the Controller who has decided to use our services. This person has the status of a data subject (hereinafter referred to as the “Data Subject”).
1.3. These Privacy Policy are drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
1.4. Personal data are any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.5. Other terms such as "special categories of personal data", "data subject", "processing of personal data", "controller", "processor", "risk-based processing", "automated individual decision-making including profiling" and "appropriate technical and organizational measures" have meaning and need to be interpreted in accordance with and in the context of the GDPR.
- PERSONAL DATA WE PROCESS
2.1. We process the following data about you:
a) address and identification data: name and surname, title, job position, date of birth, correspondence address, e-mail, telephone, company name, link/links to your profiles on social networks,
b) billing and payment data: optional ID, VAT number, registered office address,
c) data on communication with the Controller.
2.2. Personal data may be stored for a longer period than specified in the table below if it is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
- PURPOSE AND LEGAL BASIS OF DATA PROCESSING – PERIOD OF PROCESSING
|
Personal data processed |
Purpose of processing |
Legal basis for processing |
Processing period |
|
Address and identification data |
Fulfillment and realization of contractual relationship |
Performance of the contract; Our legitimate interest |
For the duration of the contractual relationship; For a period of 4 years from its termination; In the event of a dispute, it is extended by the duration of the dispute |
|
Payment and billing information |
Fulfillment and realization of contractual relationship, accounting management |
Performance of a contract; Compliance with legal obligations; Our legitimate interest |
For the duration of the contractual relationship; For a period of 10 years from the taxable performance |
|
Communication data with the Controller |
Fulfillment and realization of contractual relationship
|
Performance of the contract; Our legitimate interest |
For the duration of the contractual relationship; For a period of 4 years from the taxable performance |
- PRINCIPLES OF PROCESSING PERSONAL DATA
4.1. We process personal data fairly, lawfully and transparently. This Policy informs you of the scope, content and manner in which we process your personal data.
4.2. The personal data we process are adequate, relevant and limited to what is necessary for the fulfilment of the stated purpose in relation to our contractual relationship.
4.3. We need your personal data to be accurate and up-to-date. If any of the data you have provided is out of date, please let us know as soon as possible so that we can correct it.
4.4. We process personal data in a manner that ensures its appropriate security, including its protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
4.5. As part of the processing of your personal data, new technologies (Google Gemini, Google Firebase Authentication and OpenAI ChatGPT) will be involved, always in accordance with the relevant privacy policies of the entities concerned.
4.6. Similarly, in order to improve our products, we will analyse any malfunctions and errors in our products (analysis of so-called crash logs, etc.) in an anonymized form.
- RECIPIENTS OF PERSONAL DATA AND INTENT TO TRANSFER INFORMATION
5.1. We may also transfer your personal data to a third party as a recipient. However, we always do this only in justified cases. We may transfer personal data to the following recipients:
a) processors who process your personal data according to our instructions and the relationships with which they are treated according to the requirements of Article 28 of the GDPR; for example, cooperating lawyers, providers of programs that we use to better secure and operate our services - they will have access only to the extent necessary and for the purpose of administration and technical support of the programs used;
b) public authorities and other entities, if required by applicable law;
c) other entities in the event of an unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or safety.
5.2. We do not intend to transfer your personal data to a third country or international organization. This does not affect the provisions of Article 4, paragraph 4.5 of these Privacy Policy.
- YOUR RIGHTS
6.1. Your rights are an important element of personal data protection. If you exercise any of your rights listed below, we will provide you with information about the measures taken without undue delay and in any case within one month of receiving your request. We may extend this period by up to two months in exceptional cases. We will inform you of the extension of the period and the reason for the extension.
6.2. Your personal data are processed automatically in electronic form.
6.3. You have the right to:
a) be informed about the processing of your personal data -
We will provide you with information about the processing of your personal data through this Privacy Policy.
b) access your personal data -
If you request it, you will receive information from us (confirmation) as to whether or not your personal data is being processed. If it is being processed, you have the right to obtain the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the planned period for which the personal data will be stored; the existence of the right to request us to correct or delete your personal data; the right to object; the right to lodge a complaint with a supervisory authority; all available information about the source of your personal data, if not obtained from you; the fact that automated decision-making, including profiling, is taking place. You will find most of this information in this Policy, but if you wish, you can also ask about the above.
c) correct or completion - If you know or believe that we are processing your inaccurate personal data, please inform us and we will correct it. If you would like to complete any incomplete personal data taking into account the purpose of the processing, please inform us and we will also correct it.
d) erasure - This right of yours obliges us to destroy your personal data in accordance with Article 17(1) of the GDPR if at least one of the following conditions is met:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdraw your consent and there is no other legal ground for the processing;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been processed unlawfully;
- the personal data must be erased for compliance with a legal obligation;
- the personal data have been collected in connection with the offering of information society services pursuant to Article 8(1) of the GDPR;
and at the same time, none of the exceptions listed in Article 17(3) of the GDPR can be applied.
e) restrict processing - Within the framework of this right, you have the right to ask us to restrict the processing of your personal data. If the conditions under Article 18(1) of the GDPR are met, we must do so.
f) data portability - As a data subject, you have the right to obtain, in particular, download, your personal data from us in a structured, commonly used and machine-readable format and you also have the right to have your personal data directly provided by us to another controller.
g) raise an objection - In some cases, you have the opportunity to raise a so-called objection to processing. This mainly concerns situations where you did not have the opportunity to influence the fact that your data is processed, and at the same time it is not a matter of fulfilling a legal obligation or a vital interest, when this impossibility is defensible. You have the opportunity to raise three types of objections to processing. These are objections to:
- processing based on the legal basis of legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
- processing for direct marketing purposes based on the legal basis of legitimate interest;
- processing for scientific or historical research purposes or for statistical purposes.
If an objection is raised, we will no longer process the data unless we demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms, or for the establishment, exercise or defence of legal claims. If an objection is raised to the processing of personal data for direct marketing or profiling purposes, we must stop processing the personal data.
i) withdraw consent to the processing of personal data, if the processing is based on consent
- You can withdraw your consent to the processing of your personal data, which we process on the basis of this consent, at any time.
j) obtain information about a breach of the security of your personal data - If there is a likelihood that there will be a high risk to your rights and freedoms as a result of a breach of our security, we will notify you without undue delay.
k) file a complaint with a supervisory authority - If you have the impression that we are violating our obligations when processing your personal data, you have the right to file a complaint with the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7;
e-mail: posta@uoou.cz; www: https://www.uoou.cz; phone number: +420 234 665 111.
- OUR CONTACT DETAILS
7.1. If you wish to contact us in connection with the processing of your personal data, please contact us at the following addresses:
a) in writing to the registered office address: Petrohradská 387/18, Vršovice, 101 00 Prague 10
b) by e-mail to our e-mail address: support.linio@fblgroup.cz
THESE PRIVACY POLICY WILL COME INTO FORCE AND EFFECTIVE ON 11. 8. 2025
FBL Group s.r.o.