CERVA GROUP a.s., Company ID No. 267 12 121, with its registered office at Průmyslová 483, 252 61, Jeneč, registered in the Companies Register of the Municipal Court in Prague under File No. B 7786, represented by Albert Giliaev (hereinafter also "us", "our" or "we"), as a personal data controller, informs you, the users of the website www.cerva.com our customers, distributors and suppliers about what personal data we collect and about our privacy regulations as described below.

The privacy of your personal data is important for us and, therefore, in all our dealings with you we will always observe the provisions of this Privacy Policy. This Privacy Policy especially explains:

• Which of your personal data we will process;
• For what purposes and how we will process your personal data and the legal basis for this processing;
• To whom your personal data may be transferred;
• For how long we will process your personal data; and
• Your rights related to the processing of your personal data.

If you need an explanation of any part of this document, if you need any advice or if you need to discuss further processing of your personal data, you can contact us anytime at the e-mail address GDPR_Info(at)cerva(dot)com.

SCOPE OF PROCESSING PERSONAL DATA

When you contact us via the website, you may be asked to fill in certain information about yourself or your company. This information may include:

• name and surname or business name;
• address or registered office of the company;
• date of birth or identification number and tax identification number;
• telephone number;
• e-mail address;
• IP address
• data obtained through cookies in Google Analytics

Our website is not intended for children under 16 years of age. We do not process the personal data of children under 16 years of age.

COOKIES

Our website uses cookies (small text files placed on your device) that are used to provide websites and online services and collect data. The text in a cookie often consists of a series of numbers and letters that identify your web browser or computer, but it may also contain other information. We may collect this information when you interact with the website, such as subscribing to a newsletter, submitting a contact form or requesting our services or goods, logging into the customer or supplier zone, or filling in other form-type fields. You can learn more about cookies, for example, on the online encyclopedia Wikipedia here. We only collect this data when you submit one of the above-mentioned forms.

Furthermore, our websites may collect information including, for example, browser or operating system type, IP address, website visits, internet connection provider and other similar information.

All data is collected through our websites using the Google Analytics and Google Tag Manager systems and is used exclusively to improve services to our website visitors and for marketing purposes. The option to prevent the collection of this information is described in the paragraph below. However, we do not sell, exchange or rent this data in any case.

Most web browsers automatically accept cookies, but provide controls that allow them to be blocked or deleted. Our company uses the following cookies:

HOW TO REFUSE THE USE OF COOKIES

Cookies are used to provide some of the functionality of our services. Even if you have agreed to the use of cookies that track your behavior on the website, you can block their use. If you choose to block cookies, you may not be able to log in or use these features and you may lose your cookie-based preferences. You can control the use of cookies using your web browser. Most browsers automatically accept cookies by default. You can use your web browser to refuse cookies or to set the use of only some cookies.

You can find information about browsers and how to set your cookie preferences on the following websites:

• Chrome
• Firefox
• Internet Explorer
• Safari
• Android

An effective cookie management tool is also available here.

PURPOSE OF PROCESSING AND LEGAL BASIS FOR PROCESSING

We use the data you provide to contact you back and provide you with the information you have requested from us or for the purpose of performing a contract. All personal data is processed lawfully and transparently and only adequate, relevant and necessary data in relation to the purpose of the processing is required. The legal basis for this processing is processing for the purpose of performing a contract.

We may also use your name, surname and e-mail address to send you commercial communications, i.e. to inform you about events, publications or services that we provide and that we believe may be of interest to you. The provision of personal data for the purpose of performing a contract and the provision of personal data for the purpose of answering questions you have raised or information you have requested are our contractual requirements and failure to provide them may result in the failure to conclude a contract or to provide an answer to your questions. We may also use your personal data for our internal needs, particularly in relation to monitoring your satisfaction, optimizing and improving the quality of the products and services provided, developing new products and reducing risks.

The legal basis for the above processing is processing based on our legitimate interest, which is given by our interest in promoting our products and at the same time our interest in improving the quality of the services we provide.

You can refuse the processing of your personal data for the purpose of sending commercial communications at any time and this will not affect our other mutual relationships. Simply send us an e-mail with the relevant request to GDPR_Info_Slo@cerva.com or to the address from which you received commercial communications from us, or you can opt out of the mailing using the unsubscribe link at the footer of each newsletter.

Your personal data will not be used for the purposes of any automated decision-making, including profiling.

WHO HAS ACCESS TO YOUR PERSONAL DATA

Your Personal Data will be processed for us by processors who provide

• server, web, cloud or IT services;
• accounting services
• legal services
• marketing agencies

Due to the changing nature of the providers of some services, it is not possible to list all of these Personal Data processors by name. A current list of specific recipients of Personal Data can be provided upon request at GDPR_Info_Slo(at)cerva(dot)com

PERIOD OF PROCESSING PERSONAL DATA

We will process your personal data for the period during which we provide you with our services or perform our mutual contract or for the period necessary to fulfill archiving obligations under applicable laws, such as the Accounting Act, the Archiving and Records Act or the Value Added Tax Act.

We therefore retain your personal data for the period necessary to provide products and complete required transactions or for other necessary purposes, such as compliance with our legal obligations, dispute resolution and legal enforcement of our agreements. These needs may vary for different types of data in the context of different products, and therefore the actual retention period may vary significantly. The criteria on the basis of which the retention period is determined include:

• How long is the personal data needed to provide the products and ensure the operation of our company? This includes activities such as maintaining and improving the performance of these products, maintaining the security of our systems and maintaining relevant business and financial records. This is a general rule of thumb that is the basis for determining the retention period in most cases.
• Do you provide us with your data with the expectation that we will keep it until you explicitly request its deletion?
• Is this personal data sensitive? If so, it is generally appropriate to use a shortened retention period.
• Have we established and communicated a specific retention period for a particular type of data? If so, we will never exceed it.
• Have you consented to an extension of the retention period? If so, we will retain the data in accordance with your consent.
• Are we subject to legal, contractual or similar obligations to retain the data? Examples include laws governing mandatory data retention, government orders to retain data related to an investigation, or data that must be retained for the purposes of litigation.
• 
  

YOUR RIGHTS RESULTING FROM THE PROCESSING OF PERSONAL DATA

You have the following rights in relation to the processing of your personal data by us:

• the right to access your personal data;
• the right to rectification;
• the right to erasure ("right to be forgotten");
• the right to restriction of data processing;
• the right to object to processing;
• the right to data portability;
• the right to lodge a complaint about the processing of your personal data.

Your rights are explained below so that you can have a clearer idea of ​​their content.

The right of access means that you can at any time request our confirmation as to whether or not personal data concerning you are being processed, and if so, for what purposes, to what extent, to whom they are disclosed, for how long we will process them, whether you have the right to rectification, erasure, restriction of processing or objection, including possible profiling. You also have the right to obtain a copy of your personal data, the first provision of which is free of charge, for subsequent provision we may charge a reasonable administrative fee of €4.

The right to rectification means that you can at any time request us to correct or supplement your personal data if it is inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are required to do so by law.

The right to restriction of processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data other than by storing it and, where applicable, using it only with your consent or for the establishment, exercise or defence of legal claims.

The right to object means that you can object to the processing of your personal data that we process for direct marketing purposes or for legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes, in the event of an objection to processing based on legitimate interest, this objection will be assessed and we will subsequently inform you whether we have complied with it and we will no longer process your data or that the objection was not justified and the processing will continue. In any case, the processing will be restricted while the objection is being resolved.

The right to portability means that you have the right to obtain personal data concerning you that are processed automatically and on the basis of consent or a contract, in a structured, commonly used and machine-readable format, and the right to have these personal data transmitted directly to another controller;

If you have any comments or complaints regarding personal data protection or a question for the person responsible for data protection in our company or if you are exercising any of your rights, please contact us using our web form. We will respond to your questions or comments within 30 days.

Our activities are also supervised by the Data Protection Authority, to which you can file a complaint if you are dissatisfied. You can find out more on the Authority's website.

REPORTING SECURITY INCIDENTS

In today's era of modern technology, there is a small but still significant risk that your personal data could be leaked, misused or lost. As part of our activities, we will do everything in our power to prevent such a security incident from occurring, in particular, we will regularly train all our employees who come into contact with your personal data on the subject of personal data protection, we will adopt and familiarize employees with internal company regulations governing the protection of your personal data, and we will always use technical software solutions.

However, if, despite our best efforts, a security incident occurs and this incident could pose a high risk to your rights and freedoms, we will inform you of such a fact immediately, via the e-mail address provided and by publishing such information on our website, including all necessary details.

CHANGES TO THE POLICY

Our privacy policy may be changed from time to time. We will not limit your rights under this Privacy Policy without your express consent. We will post any changes to this Privacy Policy on this page and, if they are significant, we will notify you more prominently (for some services, we may notify you of changes to this Privacy Policy by email). We will archive previous versions of this Privacy Policy for your future reference. They are available from the links at the beginning of this Policy.

This Privacy Policy is effective as of May 14, 2018