Privacy Policy

Basic Provisions

  1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is: GRAPO s.r.o., company ID 25514440 with registered office at Šlechtitelů 583/1, 77900 Olomouc, Holice (hereinafter referred to as the "Controller").
  2. The contact details of the Administrator are: GRAPO s.r.o., Šlechtitelů 583/1, 77900 Olomouc, Holice, email: grapo@grapo.cz and telephone +420 587 435 600.
  3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that physical person.

Sources and categories of personal data processed

  1. The controller processes personal data that you have provided to it.
  2. The controller processes your identification, contact and contract data.

Lawful basis and purpose for processing personal data

  1. The lawful reason for processing personal data is:
  • Performance of the contract between you and the controller pursuant to Article 6(1)(b) GDPR,
  • the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
  1. The purpose of the processing of personal data is:
  • the exercise of rights and obligations arising from the contractual relationship between you and the controller
  • sending commercial communications and carrying out other marketing activities. The provision of personal data is a necessary requirement to enable this activity, without the provision of personal data, the newsletter service and the sending of commercial communications by the controller cannot be performed.
  1. There is no automatic individual decision-making by the controller within the meaning of Article 22 GDPR.

Data retention period

  1. The controller retains personal data:
  • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from this contractual relationship (for 15 years from the termination of the contractual relationship). 
  • for the period until consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 3 years if the personal data is processed on the basis of consent.
  1. After the expiry of the retention period, the controller will delete the personal data.

Your rights

  1. Under the terms of the GDPR, you have:
  • The right to access your personal data under Article 15 of the GDPR,
  • the right to rectification of your personal data pursuant to Article 16 GDPR or restriction of processing pursuant to Article 18 GDPR.
  • the right to erasure of personal data under Article 17 GDPR
  • the right to object to processing under Article 21 GDPR; and
  • the right to data portability under Article 20 GDPR.
  • the right to withdraw consent to processing in writing or electronically to the address or email of the controller set out in Article III of these terms and conditions.

Personal data security conditions

  1. The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
  2. The controller has taken technical measures to secure data storage and storage of personal data in paper form.
  3. The controller declares that only persons authorised by the controller have access to the personal data.

Final provisions

  1. By your consent, you acknowledge that you have read the privacy policy and accept it in its entirety.
  2. By giving your consent you declare that you are over 15 years of age. If you do not meet this age limit, consent to the processing of personal data in accordance with these terms and conditions must be given or authorised by the person who exercises parental responsibility. You cannot register without consent.
  3. The controller is entitled to change these terms and conditions. It will post the new version of the privacy policy on its website and will also send you a new version of this policy to the email address you have provided to the controller.

Cookie Policy

What are cookies

Cookies are small text files that your browser uses to communicate with our servers. For example, they store information about past site settings (such as language settings) so that they are ready for you when you return. They can also serve as a web analytics tool for website operators.

How we use cookies on grapo.cz

  1. Some cookies are strictly necessary to ensure the technical operation of the www.grapo.cz website. However, this type of cookie does not store any personal data.
  2. We also use cookies on www.grapo.cz for web analytics and marketing purposes. This enables us to tailor the site to best meet the needs of our visitors.
  3. The site also uses third party cookies, specifically Google cookies.

Why do we need your consent?

We need consent to process cookies for our traffic measurement and other analysis purposes. These cookies may not be stored without your consent. In accordance with Article 17 of the GDPR, cookies that process personal data will be deleted within 13 months at the latest.