CZ | EN
Find a distributor

Data Protection

Statement on Confidentiality, Data Protection

Privacy Policy

The data controller pursuant to Article 4(7) of the European Parliament and Council Regulation (EU) 2016/679 on the protection of natural persons in relation to the processing of personal data and the free movement of such data (hereinafter "GDPR") is the business corporation HOLOMÝ s.r.o., Company ID: 03402495, with registered office at Hemy 829, Krásno nad Bečvou, 757 01 Valašské Meziříčí, registered in the Commercial Register at the Regional Court in Ostrava, Section C, File 60025 (hereinafter also "controller").

Contact details of the controller: Hemy 829, Krásno nad Bečvou, 757 01 Valašské Meziříčí,

Email: sales@holomy.cz, phone: +420 571 685 970. Website: www.holomy.cz

What personal data do we process?

When you use our services, we collect various types of data, such as your username and password and your contact information. If you make a purchase or create an account with us, we also process your first and last name (e.g., as a company contact person), your orders, and the data you set in your account. Data relating exclusively to legal entities are not considered personal data.

We process the following personal data:

  • Identification data, meaning especially the name and surname of the individual entrepreneur, username and password (as a representative of a company or as an authorized person of an individual entrepreneur), Company ID and VAT ID if assigned;
  • Contact information, meaning personal data allowing us to contact you, especially email address, phone number, delivery and billing address;
  • Data about your orders, meaning especially data about goods and services you ordered, delivery and payment method including account number, and information about complaints;

 

Why do we process personal data and what is our legal basis?

Your personal data is processed in different situations for various purposes. If you register with us, we use your data to manage your account and provide related functions. If you make a purchase, we use your data to process your order, protect our legal claims, and comply with legal obligations. We also use your contact and other data to display and send personalized offers. Our legal basis for processing personal data is either contract performance, compliance with legal obligations, our legitimate interests, or your consent.

We process personal data for different purposes and to varying extents either:

  • without your consent based on contract performance, our legitimate interest, or legal obligation, or
  • based on your consent.

What processing can we perform without your consent depends on the purpose of the processing and your position with respect to us – whether you are just visiting our website, registered with us, or making a purchase. We may also process your data if you are the recipient of goods or services ordered with us or if you communicate with us.

 

If you register with us

If you register, we carry out the following processing:

Processing based on contract performance

If you create an account on the website www.holomy.cz, we process your identification and contact data, account settings, and order data (if you later purchase) based on contract performance with you (without your consent) to manage your account. The contract arises upon creation of your account. We use this personal data for the duration of your account, which you can delete at any time.

 

If you make a purchase with us

If you make a purchase, we carry out the following processing:

Processing based on contract performance

If you purchase as an individual entrepreneur, we process your personal data for the purpose of fulfilling your order including your identification, contact data, and order details. If you have an account with us, we may also use your account settings for this purpose.

If you purchase as a representative of a legal entity, we process the same data for the same purpose based on our legitimate interest in concluding and performing the contract with the person you represent.

Processing your data for order fulfillment means we may use it especially to:

  • complete your order on the website, e.g., ensure items in your cart or unfinished orders are saved;
  • communicate with you regarding your order, e.g., send confirmations or shipping notifications;
  • facilitate delivery of goods; in this context, we may share your data with our delivery partners solely for the purpose of delivering the goods;
  • use your personal data as long as necessary to fulfill your order or contractual requests, such as complaints.

 

Processing based on legitimate interests

If you make a purchase, we retain your identification and contact data and order information based on our legitimate interests (without your consent) to protect legal claims and for internal record-keeping and control. Our legitimate interests include protecting legal claims and ensuring proper service delivery.

For legal claim protection and internal control, we process the data for 3 years, plus one year after expiration for claims made at the end of the limitation period. In the event of legal, administrative, or other proceedings, we process your personal data as long as necessary for such proceedings and for the remainder of the limitation period afterward.

For other purposes, personal data is retained for a maximum of 6 months.

You have the right to object to processing based on our legitimate interests.

 

Processing based on legal obligations

We must fulfill certain statutory obligations. If your personal data is processed for this reason, we do not require your consent. On this legal basis, we process your identification, contact data, and order details to comply with, in particular, the following laws:

  • Civil Code No. 89/2012 Coll.,
  • VAT Act No. 235/2004 Coll.,
  • Accounting Act No. 563/1991 Coll.

We retain these personal data for up to 10 years from the issuance of the last document related to your order.

 

If you are the recipient of goods or services ordered

If you are the recipient of goods or services ordered with us, we process your identification and contact data:

  • based on our legitimate interest to prepare, conclude, and perform a contract with our customer. Fulfillment of this contract is also our legitimate interest;
  • based on our legitimate interest to obtain information to improve our services in the future or for internal statistics and reports;
  • for compliance with legal obligations, particularly VAT Act No. 235/2004 Coll. and Accounting Act No. 563/1991 Coll.;
  • to protect legal claims and for internal control; our legitimate interests are the protection of rights and ensuring proper service delivery.

For order preparation, conclusion, and fulfillment, personal data is used only as long as necessary to process the order. Afterward, data is retained based on our legitimate interests for legal claim protection and internal control, for 3 years plus one year after the limitation period, and during proceedings, as needed. For legal compliance, data is retained up to 10 years per order.

You have the right to object to processing based on legitimate interest.

Who processes your personal data and to whom do we transfer it?

In most cases, we process your data as the controller for our own purposes. We may transfer data to partners for payment, shipping, and order fulfillment.

All personal data mentioned are processed by us as controller, meaning we define purposes, processing methods, and are responsible for proper execution.

We may also transfer data to other entities acting as controllers, including:

  • delivery partners involved in order fulfillment, e.g., General Logistics Systems Czech Republic s.r.o., DACHSER Czech Republic a.s., PPL s.r.o., Česká pošta s.p., UPS Czech Republic, Direct Parcel Distribution CZ s.r.o., TOPTRANS EU a.s., WE|DO CZ s.r.o., Geis CZ s.r.o.;
  • suppliers or service centers of the manufacturer regarding complaints;
  • authorized persons performing mandatory audits or supporting e-shop services;

Most personal data is obtained directly from you via our website or communication. Additional data may come from partners like banks or shipping companies.

 

Data sources

Transfers outside the EU

The controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.

 

Your rights regarding personal data processing

You have certain rights regarding your personal data, including:

Right of access

You have the right to know what data we process, why, for how long, where it comes from, to whom it is transferred, who else processes it, and your other rights. You can request confirmation and a copy of your personal data; the first copy is free, further copies may incur a fee.

Right to rectification

You have the right to correct inaccurate or incomplete personal data without undue delay.

Right to erasure

In certain cases, you may request erasure if:

  • data is no longer needed for processing;
  • you withdraw consent for processing;
  • you object to processing based on legitimate interests and no overriding interests exist;
  • processing is no longer lawful.

Note: this right does not apply if data is needed for legal obligations or defense of legal claims.

Right to restriction

You may request restriction of processing temporarily instead of erasure in certain cases, e.g., dispute over accuracy, processing without legal basis, data needed for legal claims, or objection raised.

Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format if processed on consent or contract basis.

Right to object

You may object to processing based on legitimate interests. For marketing, processing will stop immediately; otherwise, we will continue only if we have compelling reasons.

Right to lodge a complaint

You may lodge a complaint with the relevant supervisory authority, particularly if you believe your data is processed unlawfully, e.g., with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.

How to exercise rights

Requests can be sent via email, company data mailbox, registered email, or in paper form with a notarized signature.

Requests are processed without undue delay, usually within one month. In exceptional cases, this may be extended by 2 months with notification.

Data Protection Officer

HOLOMÝ s.r.o. has not appointed a Data Protection Officer.

Cookies

See Cookie Policy

Automated decision-making

The controller does not perform automated individual decision-making under Article 22 GDPR.

Controller statement

The controller has implemented appropriate technical and organizational measures to secure personal data, including passwords, antivirus programs, and encryption. Access is limited to authorized personnel.

Final provisions

By submitting an order via the online form, you confirm that you are familiar with the privacy policy and accept it. Consent is given by checking the consent box. The controller may update the policy and will publish it on the website.

These terms take effect on January 1, 2025.

Where every second counts, you will be seen in time.