Your Independent Consultancy for Energy Solutions.

Personal Data Processing Policy (GDPR)

I.
Basic Provisions

1. The personal data controller according to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is the operator of this website - ENACO, s.r.o., Čechtická 386/4, 142 00 Prague 4 – Kamýk, ID: 02751704, registered with the Municipal Court in Prague, Section C, Insert 223306 (hereinafter referred to as the "controller").

2. The controller's contact details are ENACO, s.r.o., Čechtická 386/4, 142 00 Prague 4 – Kamýk, email: info@enaco.cz

3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

 

II.
Sources and Categories of Processed Personal Data

1. The controller processes personal data that you have provided or personal data that the controller has obtained based on the contact form. If you contact the controller this way, the controller needs the information provided in the contact form (primarily your first and last name, email address). If the controller does not have this information, they would not be able to contact you back.

2. When you visit the controller's website www.enaco.cz (hereinafter referred to as the "website"), the controller may collect certain information about you, such as your IP address, date and time of access to the website, information about your web browser, operating system, or language settings. The controller may also process information about your behavior on its websites, i.e., which links on our websites you visit. However, the information about your behavior on the website is anonymized for your maximum privacy and therefore cannot be assigned to a specific user, i.e., a specific person.

3. If you access the controller's website from a mobile phone or a similar device, the controller may also process information about your mobile device (data about your mobile phone, etc.).

4. For the purposes of sending commercial communications (email marketing) and telemarketing, the controller processes your personal data based on your consent. If you do not grant consent and are a customer of the controller, the controller may send you commercial communications (or call you within telemarketing) even without your consent. In any case, it applies that you can easily prohibit such marketing communication from the controller via the contact email provided in Article I, paragraph 2 of these principles. If you grant the controller your consent to process personal data, you can also revoke it at any time by sending a message to the email provided in Article I, paragraph 2 of these principles.

 

III.
Cookies

1. The controller automatically processes cookies, a small text file created by visiting each website. It is used as a standard tool for storing information about how the controller's pages are used.

2. The controller uses these cookies: see Cookies - manage preferences section

3. If you are interested in influencing which cookies the controller processes, you can do so in the Cookies - manage preferences section.

 

IV.
Reason and Purpose of Processing Personal Data

1. The reason for processing personal data is

  • processing orders and fulfilling the contract between you and the controller according to Article 6, paragraph 1, letter b) GDPR,
  • the controller's legitimate interest in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6, paragraph 1, letter f) GDPR,
  • your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6, paragraph 1, letter a) GDPR in conjunction with Section 7, paragraph 2 of Act No. 480/2004 Coll., on certain information society services, if no order for goods or services has been placed.

2. The purpose of processing personal data is

  • processing your order and exercising rights and obligations arising from the contractual relationship between you and the controller; when ordering, personal data necessary for successful order processing (name and address, contact) are required; providing personal data is a necessary requirement for concluding and fulfilling the contract; without providing personal data, it is not possible to conclude or fulfill the contract by the controller,
  • sending commercial communications and performing other marketing activities.

3. The controller does not perform automatic individual decision-making within the meaning of Article 22 GDPR.

 

V.
Data Retention Period

1. The controller retains personal data

  • for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and to enforce claims from these contractual relationships.
  • for 7 years or until the withdrawal of consent to the processing of personal data for marketing purposes if personal data are processed based on consent.
  • for the duration of the website's functionality, personal data (name, surname, age (in years), city (origin, residence), gender) will be retained to maintain the history of results.

2. After the expiration of the retention period, the controller will delete personal data.

 

VI.
Recipients of Personal Data (Controller's Subcontractors)

1. Recipients of personal data may be individuals: undefined

2. The controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organization or any other person or third party.

 

VII.
Your Rights

1. Under the conditions set out in the GDPR, you have

  • the right to access your personal data under Article 15 GDPR,
  • the right to correct personal data under Article 16 GDPR, or to restrict processing under Article 18 GDPR,
  • the right to delete personal data under Article 17 GDPR,
  • the right to object to processing under Article 21 GDPR,
  • the right to data portability under Article 20 GDPR and
  • the right to withdraw consent to processing in writing or electronically to the address or email of the controller provided in Article I, paragraph 4 of these conditions.

2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

 

VIII.
Personal Data Security Conditions

1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

2. The controller has taken technical measures to secure data storage and personal data storage in paper form. The controller declares that only authorized persons have access to personal data.

 

IX.
Final Provisions

1. By sending a message from the website's internet contact form, you confirm that you are familiar with the conditions of personal data protection and that you accept them in their entirety.

2. The controller is entitled to change these conditions. The new version of the personal data protection conditions will be published on its website, or the new version of these conditions will be sent to you at the email address you provided to the controller.

 

These principles take effect on August 1, 2024.