Privacy Policy

I. Basic provisions

The administrator of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR") is NITTIN, s.r.o., ID No. 06947743, with its registered office at Branická 26/43, 147 00 (hereinafter referred to as the "Company"). The Company is the administrator and at the same time the processor of the personal data of the users of the www.nittin.cz website (hereinafter referred to as the "Users"). Within the Company, personal data is made available only to authorized employees, and only to the extent strictly necessary for the purposes of processing. The Company may use other processors listed below for the processing of personal data. This document describes how the Company collects, processes and shares information from users using its services. This policy does not apply to information that the Company's customers process using their services.

Contact details of the administrator:

• Petra Fialová

• Branická 26/43, 147 00 - Prague, Czech Republic

• fialova@nittin.cz

II. Sources and categories of processed personal data

The Company processes the data provided by the User on the basis of filling out the contact form. Some personal data is necessary for the submission of the form (name and e-mail address) and is used for basic identification of the user. The data that the Company processes when submitting the contact form may be the following: Name and surname, e-mail address, telephone number. The Company also processes data obtained on the basis of the use of the website and through cookies. To better target advertising campaigns and improve the website, the Company uses information about the pages viewed by the user, or about the links they clicked on and other activities on the website. This data is obtained automatically through the Company's tools and the tools of the data processors listed below. If you have cookies enabled on your device, this data is also collected through these files. You can find more information about all the cookies used by the Company here.

III. Legal Reason and Purpose of Personal Data Processing

The legal reason for the processing of personal data is the performance of a contract between the user and the Company pursuant to Article 6 (1) of the GDPR. 1 lit. b) GDPR, the legitimate interest of the Company in the provision of direct marketing (in particular for sending commercial messages and newsletters) pursuant to Article 6 (1) of the GDPR. 1 lit. f) GDPR, the user's consent to processing for the purpose of providing direct marketing (in particular for sending commercial messages and newsletters) pursuant to Article 6 (1) of the GDPR. 1 lit. a) GDPR in conjunction with § 7 para. 2 of Act No. 480/2004 Coll., on Certain Information Society Services, in the event that the goods or services were not ordered. The purpose of personal data processing is to process the order and exercise the rights and obligations arising from the contractual relationship between the user and the Company; when placing an order, personal data are required that are necessary for the successful processing of the order (name and contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or perform it by the Company, sending commercial communications and performing other marketing activitiesAutomatic individual decision-making takes place on the part of the controller within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.

IV. Other recipients of personal data

Personal data are processed primarily by the Company and its employees, who are bound by confidentiality. The Company may also use so-called processors for the processing of personal data. These entities may process personal data only for the purposes and in the manner determined by the Company and may not disseminate them without further consent. We only transfer to processors the data that they absolutely need to provide their services. The company uses Google analytics (a web analytics tool) as a processor

V. Data retention period

The Company stores personal data for the period necessary to ensure all rights arising from the contract, i.e. at least for the period of ensuring the implementation of the contractual relationship (including the period of full settlement of rights and obligations arising from the contract and simultaneous proof of the history of the contractual relationship) for the period until the consent to the processing of personal data for marketing purposes is withdrawn, no longer than 5 years if the personal data is processed on the basis of consent. After the expiration of the personal data retention period, the Company will delete the personal data. Data obtained for marketing purposes are processed for the entire duration of the consent, i.e. also for the period when the user allows the storage of cookies on the website or in their browser. Processing may continue even after the withdrawal of consent, no longer than until the expiry of the relevant type of Cookies.

VI. Rights of the data subject

If the data subject is an identifiable natural or legal person and proves his/her identity, the following rights will have the following rights: the right of access to his/her personal data pursuant to Article 15 of the GDPR, the right to rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 GDPR.prthe right to restriction of data processing pursuant to Article 18 of the GDPRthe right to erasure of personal data pursuant to Article 17 GDPR.prto object to processing pursuant to Article 21 of the GDPR and the right to data portability pursuant to Article 20 of the GDPR.prAct, to withdraw consent to the processing in writing or electronically to the address or email of the Company specified in Article VIII of these podmínek.prto file a complaint with the Office for Personal Data Protection. A complaint may be lodged with the supervisory authority of the place of residence, place of employment or place where the alleged infringement occurred. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.

VII. Terms and conditions for the security of personal data

1. The Company declares that it has taken all appropriate technical and organizational measures to secure personal data.

2. The Company has taken technical measures to secure data repositories and repositories of personal data in paper form.3. The Company declares that only persons authorized by it have access to personal data.

VIII. Contact

If you have any questions about this Privacy Policy, the collection, processing and sharing of personal data, or the exercise of your rights, please contact us at nittin@nittin.cz.

The administrator of your personal data is NITTIN, s.r.o., ID 06947743, with its registered office at Branická 26/43, 147 00.

IX. Final provisions

1. By ticking your consent via the online form, you agree that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

2. By submitting the data from the online contact form, you confirm that you are familiar with the terms and conditions of personal data protection and that you accept them in their entirety.

3. The Company is entitled to change these terms and conditions. The new version of the terms and conditions of personal data protection will be published on its website, or by sending a new version of these terms and conditions to the provided e-mail address.

These terms and conditions come into force on 28.7.2023.