Personal data protection

1. Introduction

This document (hereinafter referred to as the “Rules”) is provided to customers, suppliers and business partners (hereinafter referred to as the “Data Subject”) of ŽALUZIE NEVA s.r.o., with its registered office at Háj 370, 798 12 Kralice na Hané, ID 26301270, registered with the Registry Court in Brno, file number C 42544 (hereinafter referred to as “Controller”), information on how their personal data is processed and on the rights related thereto, as provided for in Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).

Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, network identifier, etc. of that natural person. 

The controller has not appointed a data protection officer.

2. Personal data controller

The Controller is entitled to transfer personal data to entities with which it has concluded a contract for the processing of personal data and which will process personal data for the Controller as its processors. On the basis of the above, the Controller is entitled to transfer personal data of the Data Subject to the following entities or categories of entities: 

  • companies or persons providing transport of goods,
  • assembly groups,
  • to persons operating the software and storing data (order creation).

Personal data of the Data Subject may be further transferred to the following recipients/​categories of recipients:

  • the Administrator’s suppliers,
  • employees of the Administrator,
  • persons in another contractual relationship with the Controller (e.g. providers of marketing and advertising services),
  • financial institutions and insurance companies,
  • state authorities in the performance of the Controller’s legal obligations set out in the relevant legislation.

3. Categories of personal data processed

The Controller is entitled to process in particular the following personal data of the Data Subject:

  • address and identification data used to uniquely and unmistakably identify the Data Subject (e.g. name, surname, title, permanent address, business address, delivery address, ID number, VAT number) and contact details with the Data Subject (e.g. contact address, telephone number, e‑mail address, etc.),
  • descriptive data (e.g. bank details, order history),
  • photos, thumbnails, banners and videos,
  • data provided in excess of the applicable laws processed within the scope of the consent given by the Data Subject (e.g. use of personal data for the purpose of personnel management, use of personal data for the purpose of promotion, etc.),
  • personal settings (preferences), including marketing settings and the use of cookies by the Data Subject,
  • other data necessary for the performance of the contract,
  • other personal data provided by the Data Subject to the Controller.

4. Purposes of the processing of personal data

The Controller processes the Data Subject’s personal data for the purposes of:

  • A) performance of the contract, on the basis of Article 6(1)(b) GDPR, 
  • B) compliance with a legal obligation of the Controller established by a generally binding legal regulation, based on Article 6(1)© GDPR (e.g. the Controller’s obligation to keep accounting and tax documents), 
  • C) the establishment, exercise or defence of legal claims of the Controller, on the basis of Article 6(1)(f) GDPR, 
  • D) sending commercial communications on the basis of Article 6(1)(f) GDPR due to the existence of a legitimate interest of the Controller consisting in direct marketing, 
  • E) other marketing purposes of the Controller related to the offer of products and services; sending information about news (products, technologies, showrooms), company presentations (trade fairs, exhibitions), services, etc. (e.g. by sending newsletters, telemarketing); contacting for market research and marketing surveys; contacting for the purpose of wishing for important public holidays and sending gift vouchers, etc. on the basis of Article 6(1)(a) GDPR. 

5. Duration of processing of personal data

Personal data will be processed only for the time necessary for the purpose of processing. In view of the above: 

  • for the purpose referred to in A) above, the personal data will be processed until the termination of the obligations under the contract (this does not affect the possibility of the Controller to further process the personal data subsequently — to the extent necessary 
  • for the purpose of (B), ©, (D) and/​or (E) above, 
  • for the purpose under B) above, the personal data will be processed for the duration of the relevant legal obligation of the Controller, 
  • for the purpose of point C) above, the personal data will be processed until the end of the 4th calendar year following the end of the contractual warranty period (if a quality guarantee has been agreed in the contract), but at least until the end of the 5th calendar year. calendar year following the termination of the obligations under the contract,
    in the event of the commencement and continuation of judicial, administrative or other proceedings in which the rights or obligations of the Data Controller in relation to the relevant Data Subject are addressed, the period of processing of personal data for the purpose referred to in point C) above shall not expire before the end of such proceedings, 
  • for the purpose of sending commercial communications pursuant to point D) above, personal data will be processed until the Data Subject expresses his/​her opposition to such processing, 
  • for the purposes referred to in point E) above, the personal data will be processed for the period for which the Data Subject has given consent to the Controller in accordance with the separately agreed consent to the processing of personal data. The Data Subject acknowledges in this case that before the expiry of this period, the Controller may contact him/​her to renew his/​her consent. 

By the end of the calendar quarter following the expiry of the processing period above at the latest, the relevant personal data for which the purpose of processing has ceased shall be destroyed (by shredding or in another way that ensures that unauthorised persons cannot access the personal data) or anonymised.

6. Method of processing personal data

The processing of personal data is carried out by the Controller. The processing is carried out in the premises, branches and headquarters of the Controller by authorised employees of the Controller, or by Processors. The processing is carried out by means of computer technology or, where applicable, manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the Controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing and other misuse of personal data. All entities to which personal data may be disclosed shall respect the Data Subjects’ right to privacy and shall comply with applicable data protection laws. No automated individual decision-making or profiling will be carried out on the basis of the data provided. Personal data of Data Subjects will not be transferred to third countries (i.e. countries outside the EU and EEA). 

7. Rights and context of personal data processing

In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Controller:

  • access to your personal data (under the terms of Article 15 GDPR),
  • rectification or erasure of personal data (under the terms of Article 16 or Article 17 GDPR),
  • restriction of the processing of personal data (under the terms of Article 18 GDPR),
  • object to the processing of personal data (under the terms of Article 21 GDPR),
  • the right to data portability (under the terms of Article 20 GDPR),
  • the right to withdraw consent to the processing of personal data in writing or electronically to the address or email of the Administrator specified in these Rules.

If the Data Subject discovers or believes that his/​her personal data is being processed in violation of the protection of the Data Subject’s private and personal life or in violation of the law, he/​she has the right to contact the Controller to request an explanation and/​or seek redress. The request must be made in writing by sending a letter or email to the contact details of the Data Controller: info@neva.eu.

If the Data Subject’s request is found to be justified, the Controller shall promptly remedy the defective condition. This is without prejudice to the Data Subject’s ability to contact directly the supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 555, www.uoou.cz.

8. Conclusion

These rules shall apply in relation to Data Subjects, unless otherwise agreed between the third party and the Controller. The Controller reserves the right to amend these terms and conditions for the protection and processing of personal data at any time and at any time, and the current status will always be posted on the website www.neva.eu/gdpr.

Declaration on the use of cookies

1. What are cookies 

Cookies are short text files created by a web server and stored on your computer via your browser. When you return to the same website at a later date, the browser sends the stored cookie back and the server retrieves all the information it has previously stored for you. Cookies are used by the vast majority of websites. 

2. How cookies are divided

Cookies can be divided according to who places them on your website, i.e. on: 

  1. First party cookie – these are limited to the domain of the website you are viewing. These cookies are considered more secure. 
  2. Third party cookie – these are placed by a script from another domain. This allows users to be tracked across domains. They are often used to evaluate the effectiveness of advertising channels. 

According to their durability, cookies can be divided into: 

  1. Short-term (session cookies) – they are deleted from your computer when you close your browser
  2. Long-term (persistent cookies) – they are retained after you close your browser, they are deleted only after a very long time (this depends on your browser and cookie settings). You can also delete them manually. 

The use of cookies can be categorised as follows: 

  1. Technical – these cookies are needed for the proper functioning of the website, security, correct display on a computer or mobile phone, functioning filling out and submitting forms, etc. Technical cookies cannot be turned off because the website would no longer function properly. 
  2. Analytical and performance – Analytical and performance cookies allow us to measure the performance of our website and our advertising campaigns. We use them to determine the number of visits and sources of visits to our website. We process the data obtained through these cookies in aggregate, without using identifiers that point to specific users of our website. The more people have statistical cookies enabled, the better we can optimize our site to be more relevant to what people are doing on the site. 
  3. Personalised and advertising – by using personalised cookies, we won’t have to ask you for the same information over and over again, or we can offer you products based on your interests or tailor the content of the site to you. Advertising cookies are used by us or our partners to remind you of offers you’ve viewed on our site and elsewhere on the internet: on Facebook, Google or even on Seznam. With this consent, you won’t see more ads, but you will mainly see ads that match your search. You can revoke your consent to these cookies at any time. 

3. What do we use cookies for?

We use the following cookies on our website: 

  1. Technical – first parties, short term. They ensure the basic technical functionality of the website, i.e. login, use of services, etc. 
  2. Google Tag Manager – the service is only for easy management of measurement codes, it does not use any cookies and does not record any data. Terms of data processing by Google Tag Manager.
  3. Google Analytics – first party, long term. They are used to generate anonymous statistics about website usage. Google LLC is the data processor of the data obtained from cookies. Terms and conditions for data processing by Google Analytics.
  4. Facebook Pixel – first party, long term, remarketing and conversion. Facebook data processing terms.
  5. Leads – third party, long term and conversion. Leady Data Processing Terms.

We never place sensitive or personal data in cookies. We may place a user ID in cookies, but this does not allow third parties to identify a specific person. 

4. How can I modify the use of cookies?

Deleting

You can delete cookies in your browser – usually located in the “History” of the pages you visit.

Blocking

Browsers allow you to block the placement of cookies on your computer. In this case, however, the functionality of this website will be limited. For information on how to set your browser to store cookies, please visit the website of your browser provider: 

For more information about cookies and their use, please visit https://www.aboutcookies.org/.

5. This website uses Google Analytics

This website uses Google Analytics, a service provided by Google, Inc. (“Google”). Google Analytics uses cookies. Information about your use of the site, together with the contents of the cookie, will be transmitted by Google and stored on servers in the United States. Google will use this information for the purposes of evaluating your use of the website and compiling reports on website activity for website operators and for the provision of other services relating to website activity and internet usage in general. Google may also disclose this information to third parties if required to do so by law or if such third parties process this information for Google. 

Google Analytics is enhanced by related advertising features provided by Google, namely: 

  • reports on impressions in the Google ad network, 
  • remarketing (displaying ads on the content network based on product views), 
  • Enhanced demographic reports (reporting of anonymous demographic data), 
  • user id – Google Analytics, which allows you to measure and analyse user behaviour across devices. We use a string of numbers or letters as user id’s, we never use personal information that would allow third parties to identify a specific person. 

For more information about the processing and use of data, please refer to Google’s terms and conditions.

6. How do I disable Google Analytics tracking?

If you do not want to provide anonymous data about your use of the website to Google Analytics, you can use a plugin provided by Google. Once installed in your browser and activated, no further data will be sent.

21 March 2025