Privacy Policy
- ČESKÁ VERZE ZDE
- Purple Group is managed by a controlling entity Purple Holding a.s., Reg. No.: 065 28 554, registered office at Masarykova 409/26, Brno-město, 602 00 Brno, consisting, inter alia, of Purple Ventures r.o., Reg. No.: 057 75 574, registered office at Masarykova 409/26, Brno-město, 602 00 Brno.
- Purple Group hereby declares that with regard to the nature of personal data, it processes it with high respect towards its protection and purpose of processing, while such data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection natural persons with regard to the processing of personal data (hereinafter referred to only as the “GDPR”) and other valid legislation. Pursuant to art. 12 of GDPR, we inform the data subjects, i.e. the website visitors, about the processing and protection of their personal data and about their rights.
2 Who is the personal data administrator?
- Where personal data about users of the website is collected as part of the use of cookies on the website, Purple Ventures s.r.o. (“Company” or “we”) is the data controller.
3 Who is this information intended to?
- This information is intended for users of the website purple-ventures.com and other websites where this Policy is available (hereinafter collectively referred to as “users” or “you” unless specifically stated otherwise).
4 What personal data do we process?
- When browsing the website, data about individual users, their preferences, behaviour and general use of the website is collected through the use of cookies. Cookies may be used to collect certain data that can be classified as personal data within the meaning of the GDPR. If personal data is collected through cookies when browsing the site, such data is subsequently processed by us in accordance with the relevant law and this Policy.
- The extent of data collected may vary from user to user depending on whether or not you consent to the use of cookies. Detailed information on the use of cookies and the data collected may be found here.
5 Why do we process such data?
- We process data for the purpose of marketing activities and improving the quality of services provided.
- We process personal data primarily on the basis of your consent; besides that, we process the data for the purposes of fulfilling our legal obligations, or for our legitimate interest.
- Unless you have given your consent to the processing of personal data, only those data which the Company is entitled to process on other legal grounds are processed, and only to the relevant extent.
6 Purpose of personal data processing
- Cookies are used to collect data about the browsing activity of website users and user preferences, which the Company uses for its marketing needs.
7 Do you have to provide us with your personal data?
- The provision of personal data is always voluntary. If you do not consent to the use of cookies, no personal data will be collected through them. In this context, only your choice regarding the use of cookies will be stored in accordance with the Cookie Policy (this is not personal data within the meaning of the GDPR).
8 How do we process personal data?
- Processing is carried out by authorised persons. The processing is carried out by computer technology in compliance with all security principles for the administration and processing of personal data.
- We process personal data on the basis of information we obtain directly from users.
9 How long do we keep personal data?
- Personal data of users of website is processed for as long as the cookies store it. The duration of data collection through cookies varies according to the specific type of cookie and is set out in the Cookie Policy.
- We keep personal data collected via cookies according to the retention period specified for the specific type of cookie file. This is without prejudice to the processing of personal data on other legal grounds, if they last beyond the abovementioned periods.
10 How is the personal data secured?
- The security of personal data is ensured by appropriate electronic procedures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing or other misuse of personal data.
- All personal data is under constant physical, electronic and procedural control. All persons who come into contact with personal data in their work position (or in the context of their contractual obligations) are trained and bound by the obligation of confidentiality.
11 Who has access to personal data?
- The Company does not, as a matter of principle, share your personal data with other data controllers, unless the Company is obliged or entitled to do so by law or by its legitimate interest or you have given your consent thereto.
- Your consent is not required to share personal data with data processors. We always carefully screen entities that are to become processors of personal data that Purple Group manages to ensure that they comply with appropriate technical and organisational security measures. Any entity that, in the course of its activities for us, may become a processor of personal data, which we control, is subject to a written contract for the processing of personal data. Such processor is authorised to process personal data only to the extent necessary for the performance of its task, for the purposes of its task and for the agreed period of time.
- We may involve third parties – our suppliers – in some of our activities. Depending on the nature of the activity in question, your personal data may be processed by this supplier in its capacity as a processor or data controller.
- The Company is part of a group around the parent company Purple Holding a.s., which have outsourcing agreements between them under which certain activities that would otherwise be carried out or could be carried out by one of them are carried out through related companies and vice versa. Our suppliers are companies based in the European Economic Area (“EEA”).
- We may be required by law to share your personal data without your consent with third parties (e.g. bailiffs, health insurance companies, labour offices, social security authorities, insolvency practitioners) for the purpose of fulfilling their obligations and, where applicable, enforcing decisions.
- Each user has the right to access his/her personal data and following information about:
- – purpose of processing,
- – category of relevant personal data,
- – recipient or category of recipients who such personal data was or will be made accessible to,
- – a planned period during for which such personal data is stored,
- – all accessible information about the source of personal data, unless acquired from the user.
- If you find out or believe that the Company is processing your personal data in breach of the law, you may:
- – request explanation from the Company,
- – request limitation of data processing,
- – request the Company to perform rectification, supplementation or erasure of personal data.
- If you have provided consent to the processing of your personal data, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
- If you make a request concerning the rights described in the preceding paragraphs, you will be informed by the Company of the measures taken without undue delay, at the latest within 1 month of receipt of the request. In justified cases, taking into account the complexity and number of requests, this period may be extended by up to 2 months.
- Upon request, we will provide you with a copy of the personal data processed. If the requests made are manifestly unfounded or unreasonable (e.g. due to repetition), you will be charged a fee equal to the administrative costs or the request may not be processed in full or in part.
- In the event that the request does not contain all the information necessary for its processing, you may be asked by the Company to provide further information or to carry out activities to verify your identity. The requested information will be provided electronically unless you request otherwise.
- If your request is not granted by the Company, you have the right to lodge a complaint with the Data Protection Authority.
- In relation to the exercise of your rights and in case of questions or information regarding the processing of personal data, you may contact us by e-mail to e-mail address legal@purple-ventures.com or by mail to address Masarykova 409/26, Brno 602 00, the Czech republic.
- This Privacy Policy (the “Policy”) is issued in writing and is accessible to all via the Company’s website.
- Interpretation of Policy and related generally binding legislation shall be provided to the applicants, if necessary, by the Legal Department.
- Proposals to amend or supplement the Policy shall be submitted to the Legal Department. Amendments and supplements to the Policy shall be adopted and issued in writing by the Company’s statutory body.
- This Policy comes into effect on 1.2023.