Privacy Policy
Your privacy is important to us at AOS (Adam Ondra’s company). We collect and process your personal data exclusively in accordance with the laws and regulations applicable in the Czech Republic as well as in accordance with the European General Data Privacy Regulation (“GDPR”). This privacy policy explains the nature, extent, and purpose of collecting and processing of personal data.
1. Responsible controller/contact information
The controller responsible in accordance with data protection laws (hereinafter referred to as the “Controller”) is:
Adam Ondra's s.r.o., limited liability company registered in the Czech Republic, ID No. 17302561, with registered offices at Lidická 700/19, Veveří, 602 00 Brno, file No. C 129513 with Regional Court in Brno.
If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by email at contact@adamondra.com.
2. Subject matter of data protection
The subject matter of data protection is personal data. According to Art. 4 No. 1 GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.
3. Collection and use of your personal data
3.1 Collection of data by automated means (logs)
When accessing our website, your device automatically transmits data for technical reasons. Your IP address is not collected in the course of protocol. The following data is stored separately (logs) from other data that you may transmit to us:
- Date and time of accessing our website
- Name of the requested file/URL
- Status code of the request (success/fail)
- Bytes sent by the HTTP-body
- Browser type and version
- Response time of the request
The legal basis for the temporary storage of data is Art. 6 (1) lit. f GDPR.
This temporary storage is necessary in order to maintain the functionality of the website as well as for the optimization of the website and for ensuring the security of the IT systems.
For these purposes, our legitimate interest in the processing of data according to Art. 6 (1) lit. f GDPR.
The data contained in log files will be deleted at the latest after seven days.
3.2 Registration
In order to be able to use all functionalities of our platform, you can be registered at adamondra.com, however, you need to provide the following required information:
- User name
- Email address
- Password
- First name
- Surname
- Address
- Telephone number
This data is necessary in order to provide you with a dedicated user account and to maintain the account for you so that you can use all features and functionalities of our platform. Furthermore, we may need those and additional data to support you and communicate with you.
Processing of any data entered in the context of the registration function is necessary to provide you with the function of the platform and services as intended, Art. 6(1) lit. (b) GDPR. Insofar as we collect and process your data for the purpose to provide the functionalities of our platform and services, as described above, you are contractually obliged to provide this data, as we are simply not able to provide our services to you or gain access to the platform without that.
During the registration process, this may also be required in view of the fulfillment of a contract or prior to an envisaged contract, even in the case that such data is not required anymore for the actual execution of a such contract. Even after the actual conclusion of the contract contractual or regulatory obligations may exist to keep the personal data of the contractual partner.
3.3 Contact Form
If you contact AOS via the contact form provided online, your input data including contact data is collected and used to process and respond to your request. Thus, we collect your contact data in order to receive your requests and to be able to respond accordingly.
The legal basis for the storage of data is Art. 6 (1) lit. f GDPR. In case that the contact via email is intended to conclude a contract, an additional legal basis for the processing is Art. 6 Abs. 1 lit. b GDPR.
AOS has a legitimate interest to reply to the request of a user. Thus, the processing of data collected via the contact form is necessary unless a reply would simply not be possible. Consequently, the legitimate interest of AOS prevails, Art. 6 Abs. 1 lit. f GDPR.
In general, the data is erased once the purpose of the storage is fulfilled. For personal data collected via online forms, this is the case once the respective communication with the user has ended in the sense that when taking all circumstances into consideration, the request at hand is entirely settled to the satisfaction of both parties and the nature of such request.
Furthermore, you are able to provide additional, non-necessary information via the online forms which are entirely voluntary and only help AOS when reaching out to the user and in responding to the specific request or in case of question.
The legal basis for the storage of data is Art. 6 (1) lit. f GDPR as AOS’s legitimate interest prevails.
AOS has the interest to address and respond to the request of a user, in particular, to contact him, in order to take care of the request in a timely manner. This interest is even in line with the interest of the user himself to get the response he was requesting or referring to and who has signaled by providing respective data that he wants to be approached.
In general, the voluntarily provided not necessary data is also erased once the purpose of the storage is fulfilled. This is also the case once the respective communication with the user has ended in the sense that when taking all circumstances into consideration, the request at hand is entirely settled to the satisfaction of both parties and the nature of such request.
4. Transfer of data to third parties
In general, your personal data, protocol data, or data provided through online forms will only be passed on without your explicit prior consent in the following cases:
If it is necessary to discover or investigate any illegal use of our services or for prosecution, personal data will be forwarded to the law enforcement authorities and, if necessary, to affected third parties. However, this only happens if there are specific indications of illegal or abusive activity. A transfer may also take place if this serves to enforce terms of use or other agreements. We are also legally obliged to provide information to certain public authorities upon request. These are law enforcement authorities, authorities that prosecute fined administrative offenses, and tax authorities.
The transfer of this data is justified by our legitimate interest in preventing abuse, prosecuting criminal offenses, and securing, asserting and enforcing legal claims and that your rights and interests in protecting your personal data do not prevail, Art. 6(1) lit. (f) GDPR.
For the provision of services, we can be depending on contractually affiliated external companies and external service providers (hereinafter referred to as the "Processors"). In such cases, personal data will be transferred to these Processors in order to enable them to further process the data. These Processors are carefully selected and regularly reviewed by us to ensure that your privacy is protected. The Processors may only use the data for the purposes specified by us and are also contractually obligated to treat your data in accordance with this privacy policy and applicable Czech and European data protection laws. Data is passed on to contract Processors on the basis of Art. 28(1) GDPR.
If European data protection authorities or courts may come to the conclusion that Art. 28 Abs. 1 GDPR was no standalone legal basis for the transfer of personal data to contract Processors, such transfer shall be deemed based on our legitimate interest in regard to the commercial benefit by the involvement of specialized contract Processors and the fact that in comparison, these benefits are deemed predominant to your interest in view of protection of personal data, Art. 6 Abs. 1 lit. f GDPR.
We also process data in countries outside of the European Economic Area (EEA).
For data transfer to the USA, the European Commission has decided by resolution dated 12 July 2016 that the regulations of the EU/US Data Privacy Shield provide for an adequate level of data protection (Art. 45 GDPR). Thus, we use the following services provider that is certified in accordance with the EU/US Privacy Shield:
- Google, Inc.
5. Cookies
AOS stores so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. "Cookies" are small files that are stored on your computer with the help of your Internet browser. If you do not wish the usage of "cookies", you can prevent the storage of "cookies" on your computer by appropriate settings of your Internet browser. Cookies, that are already stored, can be deleted at any time, this can also be done automatically. Please note that the functionality and range of functions of our website may be reduced as a result.
These cookies cannot identify you as a person. In any case, the use of cookies is justified on the basis of our legitimate interest in a demand-based design as well as in the statistical evaluation of our website usage and the fact that your legitimate interests do not override ours, Art. 6(1) lit. (f) GDPR.
Furthermore, we may store cookies of third parties, such as:
- Youtube (embedded videos)
- Google Analytics
When loading our website, we inform the user appropriately about the use of cookies for the purpose of analysis and request to opt-in for the processing of the user’s personal data in this regard. Furthermore, we also inform the user about this privacy policy and its application.
The legal basis for the processing of personal data by using cookies for purposes of analysis in case of the existence of an opt-in, is Art. 6 (1) lit. a GDPR. The legal basis for the storage of data is Art. 6 (1) lit. f GDPR.
The purpose of using cookies that are technically necessary is to make the usage of the website easier for the user. Some of the functionalities of our website cannot be offered without the use of such cookies; for these, it is necessary that the browser is recognized even while browsing across different web pages.
The use of such cookies is based on our legitimate interest in an appropriate design, the statistical evaluation, and the efficient usage of our website as well as marketing and the fact that your legitimate interests do not predominate, Art. 6 (1) lit. f GDPR.
6. Your rights as a data subject
In case your personal data is processed, you are the data subject within the meaning of GDPR and you have the rights outlined hereafter.
6.1 Right of confirmation and access (Information)
Each data subject shall have the right granted by the European legislator to obtain from the Controller the confirmation as to whether or not personal data concerning him or her are being processed.
In case such processing occurs, the data subject may request access to the following information:
- the purposes of the processing of personal data;
- the categories of personal data concerned in the processing;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject shall have the right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer in accordance with Art. 46 GDPR.
6.2 Right to rectification of inaccurate data
You have the right that AOS shall immediately correct or complete any personal data concerning you if it is inaccurate or incomplete. We as the Controller would have to execute your request without undue delay.
6.3 Right to restriction of processing
You have the right that AOS shall restrict processing of your personal data subject to the following prerequisites:
- The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to Art. 21 (1) of the GDPR pending the verification of whether the legitimate interests of the Controller override those of the data subject.
- In case the processing of your personal data was subject to restriction, and notwithstanding their storage, such data shall only be processed with your consent or for the establishment, exercise, or defense of claims or for the procurement of the protection of rights of a natural or legal person or for purposes of an important public interest of the European Union or a member state.
- In case the restriction of processing has been executed in accordance with the above, you shall be informed by the Controller prior to the cancellation of such restriction.
6.4 Right to erasure (“Right to be forgotten”)
a) Right to erasure
Each data subject shall have the right to request from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller shall have the obligation to erase personal data without undue delay where one of the following reasons applies, as long as the processing is not necessary:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent to which the processing is based according to Art. 6 (1) lit. a GDPR, or Art. 9 (2) lit. a GDPR, and where there is no other legal reason for the processing;
- the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
- the personal data has been unlawfully processed;
- the personal data must be erased for compliance with a legal obligation in Union or Member State law which the Controller is subject to;
- the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Information to third parties
Where the Controller has made personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the Controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data, from these controllers.
c) Exemption
The right to erasure does not apply where the processing is necessary:
- for the exercise of the right of freedom of speech and information;
- for the fulfillment of a mandatory legal obligation that is mandatory, according to European or the respective member state’s law the Controller is subject to, or is necessary for the performance of a task carried out in the public interest or in the execution of official authority given to the Controller;
- for reasons of public interest in regard to public safety and health pursuant to Art. 9 Abs. 2 lit. h and i as well as Art. 9 (3) GDPR;
- for archives in the public interest, scientific, historical, or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the granted right mentioned in a) above would likely make the achievement of such purposes impossible or seriously endangered;
- or for establishing, exercising, or defending legal claims.
6.5 Right of information
In case you have claimed the right of rectification, erasure, or restriction of the processing towards the Controller, the Controller is obliged to inform all recipients of personal data belonging to you such rectification, erasure, or restriction accordingly, unless such information seems to be impossible or only possible by needing inappropriate efforts.
You are entitled to be informed by the Controller about such recipients.
6.6 Right to data portability
You shall have the right to receive the personal data concerning you, which was provided to us as the Controller, in a structured, commonly used and machine-readable format. You shall also have the right to transmit this data to another controller without hindrance from the Controller to which the personal data has been provided, as long as the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or of Art. 9 (2) lit. a GDPR, or on a contract pursuant to Art. 6 (1) lit. b GDPR, and the processing is carried out by automated means.
Furthermore, in exercising your right to data portability, the data subject shall have the right to have personal data transmitted directly from one Controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
The right to data portability only applies as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
6.7 Right to object
Each data subject shall have the right to object, based on his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on Art. 6 (1) lit. e, or f GDPR. This also applies to profiling based on these provisions.
AOS shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate reasons for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
If AOS processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
If the data subject objects to AOS for the processing for direct marketing purposes, AOS will no longer process the personal data for these purposes.
In order to exercise the right to object, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
6.8 Right to withdraw data protection consent
You as a data subject shall have the right to withdraw your consent to the processing of your personal data at any time. Irrespective of such withdrawal of the consent, the legitimation of the processing of personal data until the withdrawal shall remain unaffected.
6.9 Automated individual decision-making, including profiling
Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision:
is not necessary for entering into, or the performance of, a contract between the data subject and a Controller,
or is not authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests,
or is not based on the data subject's explicit consent.
Notwithstanding the aforementioned, such decisions shall not be based on specific categories of personal data pursuant to Art. 9 (1) GDPR, insofar Art. 9 (2) lit. a or lit. g do not apply and in case that suitable measures to safeguard the data subject's rights and freedoms and legitimate interests were procured.
In view of the cases 1 to 3 above, the Controller shall procure suitable measures to safeguard the data subject's rights and freedoms and legitimate interests. This means that the Controller is at least required to procure the right to obtain human intervention on the part of the Controller, to express his or her point of view and contest the decision.
6.10 Right to file complaints with the regulatory authority
Notwithstanding any other administrative and judicial procedures, you shall have the right to file a complaint with a competent regulatory authority, in particular in the member state where you are situated, you have your place of work, or where the alleged breach has occurred; if you believe that the processing of your personal data is a breach of the regulations set forth in the GDPR.
The regulatory authority, that has been approached by you, shall inform you about the status of the results of an investigation on an ongoing basis as well as about the possibility of a judicial procedure according to Art. 78 GDPR.
7. Amendments of our privacy policy
The current version of this data protection declaration is available at all times at https://www.adamondra.com/privacy-policy. Please note that we may change or update this privacy policy from time to time. We will publish the corresponding changes at the above-mentioned link.