Personal Data Protection

1. Introduction

This document (hereinafter referred to as the “Policy”) provides customers, suppliers and business partners (hereinafter referred to as the “Data Subject”) of ŽALUZIE NEVA s.r.o., with its registered office at Háj 370, 798 12 Kralice na Hané, Company Registration No. 26301270, registered by the Registration Court in Brno, file ref. C 42544 (hereinafter referred to as the “Controller”), with information on how their personal data are processed and the rights related to it, as provided for in Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”).

Personal data means any and all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, etc. of that natural person.

The Controller has not appointed a data protection officer.

2. Personal Data Controller

The Controller is entitled to transfer personal data to entities with which it has concluded a contract for the processing of personal data and which will process personal data for the Controller as its processors. On the basis of the above, the Controller is entitled to transfer personal data of the Data Subject to the following entities or categories of entities:

  • companies or persons providing the carriage of goods,
  • installation groups,
  • persons ensuring the software functionality and storing data (purchase order creation).

Personal data of the Data Subject may also be transferred to the following recipients/​categories of recipients:

  • Controller’s suppliers,
  • Controller’s employees,
  • persons in another contractual relationship with the Controller (e.g. providers of marketing and advertising services),
  • financial institutions and insurance companies,
  • state authorities in relation to the performance of the Controller’s legal obligations set out in the applicable legislation.

3. Categories of Personal Data Processed

The Controller is entitled to process, in particular, the following personal data of the Data Subject:

  • address and identification data used to uniquely and unmistakably identify the Data Subject (e.g. name, surname, title, permanent address, business address, delivery address, company registration No., VAT No.) and contact details with the Data Subject (e.g. contact address, telephone number, e‑mail address, etc.),
  • descriptive data (e.g. bank details, history of purchase orders),
  • photos, thumbnails, banners and videos,
  • data provided beyond the scope of the applicable laws processed within the scope of the consent given by the Data Subject (e.g. use of personal data for the purpose of personnel management, use of personal data for the purpose of promotion, etc.),
  • personal settings (preferences), including marketing settings and the use of cookies by the Data Subject,
  • other data necessary for the performance of the contract,
  • other personal data provided by the Data Subject to the Controller.

4. Purposes of the Personal Data Processing

The Controller processes the Data Subject’s personal data for the purposes as follows:

  • A) performance of the contract, pursuant to Article 6(1)(b) of the GDPR,
  • B) compliance with a legal obligation of the Controller established by a generally binding legal regulation, pursuant to Article 6(1)© of the GDPR (e.g. the Controller’s obligation to retain accounting and tax documents),
  • C) the establishment, exercise or defence of legal claims of the Controller, pursuant to Article 6(1)(f) of the GDPR,
  • D) sending commercial communications pursuant to Article 6(1)(f) of the GDPR due to the existence of a legitimate interest of the Controller consisting in direct marketing,
  • E) other marketing purposes of the Controller related to the offering of products and services; sending information about news (products, technologies, showrooms), company presentations (trade fairs, exhibitions), services, etc. (e.g. by sending newsletters, telemarketing); contacting for market research and marketing surveys; contacting for the purpose of sending cards on the occasion of significant public holidays and sending gift vouchers, etc. pursuant to Article 6(1)(a) of the GDPR.

5. Period of the Personal Data Processing

Personal data will be processed only for the period of time necessary for the purpose of processing. In view of the above:

  • for the purpose referred to in A) above, the personal data will be processed until the termination of the obligations under the contract (this does not affect the possibility of the Controller to further process the personal data subsequently — to the extent necessary
  • for the purpose of B), C), D) and/​or E) above,
  • for the purpose of B) above, the personal data will be processed for the duration of the relevant legal obligation of the Controller,
  • for the purpose of point C) above, the personal data will be processed until the end of the 4th calendar year following the end of the contractual warranty period (if a quality guarantee has been agreed in the contract), but at least until the end of the 5th calendar year following the termination of the obligations under the contract,
    in the event of the commencement and continuation of judicial, administrative or other proceedings in which the rights or obligations of the Controller in relation to the relevant Data Subject are at issue, the period of processing of personal data for the purpose referred to in point C) above shall not expire before the end of such proceedings,
  • for the purpose of sending commercial communications pursuant to point D) above, the personal data will be processed until the Data Subject expresses his/​her disapproval of such processing,
  • for the purposes referred to in point E) above, the personal data will be processed for the period for which the Data Subject has given consent to the Controller in accordance with the separately agreed consent to the processing of personal data. The Data Subject acknowledges in this case that before the expiry of this period, the Controller may contact them to renew their consent.

By the end of the calendar quarter following the expiry of the processing period above at the latest, the relevant personal data for which the purpose of processing has ceased shall be destroyed (by shredding or in another way that ensures that unauthorised persons cannot access the personal data) or anonymised.

6. Personal Data Processing Method

The processing of personal data is carried out by the Controller. The processing is carried out in the premises, branches and headquarters of the Controller by authorised employees of the Controller, or by Processors. The processing is carried out using computer technology or, where applicable, manually for personal data in paper form, in compliance with any and all security principles for the management and processing of personal data. To this end, the Controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing and other misuse of personal data. Any and all entities to which personal data may be disclosed shall respect the Data Subjects’ right to privacy and shall comply with applicable data protection laws. No automated individual decision-making or profiling will be carried out on the basis of the data provided. Personal data of Data Subjects will not be transferred to third countries (i.e. countries outside the EU and EEA).

7. Personal Data Processing Related Rights and Context

In connection with the processing of their personal data, Data Subjects have a number of rights, including the right to request from the Controller:

  • access to their personal data (pursuant to Article 15 of the GDPR),
  • rectification or erasure of their personal data (pursuant to Article 16 or Article 17 of the GDPR),
  • restriction of the processing of personal data (pursuant to Article 18 of the GDPR),
  • object to the processing of their personal data (pursuant to Article 21 of the GDPR),
  • the right to data portability (pursuant to Article 20 of the GDPR),
  • the right to withdraw consent to the processing of their personal data in writing or electronically to the address or e‑mail of the Controller specified in this Policy.

If the Data Subject discovers or believes that their personal data are processed in violation of the protection of the Data Subject’s private and personal life or in violation of the law, they shall have the right to contact the Controller to request an explanation and/​or seek redress. The request should be made in writing by sending a letter or e‑mail to the contact details of the Controller:

If the Data Subject’s request is found to be justified, the Controller shall promptly remedy the defective condition. This shall be without prejudice to the Data Subject’s option to contact directly the supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, +420 234 665 555,

8. Conclusion

This Policy shall apply in relation to Data Subjects unless otherwise agreed between the third party and the Controller. The Controller reserves the right to amend these terms and conditions for the protection and processing of personal data at any time and to any extent, whereas the current status will always be posted on

Cookies Statement

1. About cookies 

Cookies are short text files created by a web server and stored on your computer via your browser. When you return to the same website at a later date, the browser sends the stored cookie back and the server retrieves all the information it has previously stored for you. Cookies are used by the vast majority of websites. 

2. Types of cookies

Cookies can be divided according to who places them on your website, i.e.

  1. First-party cookies – their validity is limited to the domain of the website you are viewing. These cookies are considered more secure. 
  2. Third-party cookies – placed by a script from another domain. Users can thus be tracked across domains. They are often used to evaluate the effectiveness of advertising channels. 

Based on the duration thereof, cookies can be divided into: 

  1. Session cookies – they are deleted from your computer when you close your browser
  2. Persistent cookies – they are retained after closing the browser, they are deleted only after a very long period of time (this depends on your browser and cookie settings). You can also delete them manually.

Based on their purpose, cookies can be categorised as follows: 

  1. Technical – these cookies are needed for the proper functioning of the website, security, correct display on your computer or mobile phone, functional filling in and submission of forms, etc. Technical cookies cannot be disabled as the website would no longer function properly.
  2. Analytical and performance – analytical and performance cookies allow us to measure the performance of our website and our advertising campaigns. We use them to determine the number of visits and sources of visits to our website. We process the data obtained through these cookies in aggregate, without using identifiers that point to specific users of our website. The more people have statistical cookies enabled, the better we can optimise our site to be more relevant to what people are doing on the website.
  3. Personalised and advertising – by using personalised cookies, we won’t have to ask you for the same information over and over again or be able to offer you products based on your interests or tailor content directly to you. Advertising cookies are used by us or our partners to remind you of offers you have viewed on our website and elsewhere on the internet: on Facebook, on Google or on Seznam. With this consent, you will not see more ads, but you will mainly see ads that match your search. You can revoke your consent to these cookies at any time.

3. What do we use cookies for?

We use the following cookies on our website: 

  1. Technical – first-party, short term. They ensure the basic technical functionality of the website, i.e. login, use of services, etc. 
  2. Google Tag Manager – the service is only for easy management of measurement codes, it does not use any cookies and does not record any data. Google Tag Manager Data Processing Terms.
  3. Google Analytics – first-party, long-term. They are used to generate anonymous statistics about website usage. Google LLC is the processor of the data obtained from cookies. Google Analytics Data Processing Terms and Conditions.
  4. Facebook Pixel – first-party, long-term, remarketing and conversion. Facebook Data Processing Terms.
  5. Leads – third-party, long-term and conversion. Leads Data Processing Terms and Conditions.

We never place sensitive or personal data in cookies. We may place a user ID in cookies, but this does not allow third parties to identify a specific person.

4. How to adjust the use of cookies?


You can delete cookies in your browser – usually located in the “History” of the pages you visit.


Browsers allow you to block the placement of cookies on your computer. In this case, however, the functionality of this website will be limited. For information on how to set your browser to store cookies, please visit the website of your browser provider:

For more information about cookies and their use, please go to

5. This website uses Google Analytics

This website uses Google Analytics, a service provided by Google, Inc. (“Google”). Google Analytics uses cookies. Information about your use of the site, together with the contents of the cookie, will be transmitted by Google and stored on servers in the United States. Google will use this information for the purposes of evaluating your use of the website and compiling reports on website activity for website operators and for the provision of other services relating to website activity and internet usage in general. Google may also disclose this information to third parties if required to do so by law or if such third parties process this information for Google. 

Google Analytics is enhanced by related advertising features provided by Google, namely: 

  • reports on impressions in the Google ad network, 
  • remarketing (displaying ads on the content network based on product views), 
  • enhanced demographic reports (reporting of anonymous demographic data), 
  • user ID – a Google Analytics feature that allows you to measure and analyse user behaviour across devices. We use a string of numbers or letters as user IDs, we never use personal data that would allow third parties to identify a specific person. 

For more information on data processing and use, please see Google Terms and Conditions.

6. How do I disable Google Analytics tracking?

If you do not want to provide anonymous data about your use of the website to Google Analytics, you can use the plugin provided by Google. Once installed in your browser and activated, no further data will be sent.

21 January 2022