Terms and Information on Personal Data Processing

Terms and Information on Personal Data Processing

1. Introductory Provisions

1.1. The company SPLY s.r.o., Company ID (IČO): 24214540, Tax ID (DIČ): CZ24214540, with its registered office at Novoměstská 960, 537 01 Chrudim, registered in the Commercial Register maintained by the Regional Court in Hradec Králové, Section C, File 47720, as the personal data controller (hereinafter referred to as the “Controller”), establishes these Terms and Information on Personal Data Processing (hereinafter referred to as the “Terms”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as “GDPR”).

1.2. When communicating with potential clients and operating the website www.sply.cz, the Controller processes the personal data of its prospective clients and business partners; this processing is governed by these Terms.

1.3. The Controller processes the personal data of natural persons who contact it via the contact form or email (hereinafter referred to as the “Data Subject”).

1.4. The Controller has not appointed a Data Protection Officer.

1.5. The contact details of the Controller are as follows:

• Address: Novoměstská 960, 537 01 Chrudim, Czech Republic
• Email: [email protected]

2. Personal Data

2.1. The Controller is authorized to process only the personal data of the Data Subject that the Data Subject provides themselves by filling out the contact form, sending a direct email, or such data that is necessary for the potential conclusion of a contract or the fulfillment of the Controller’s legal obligations.

2.2. The Controller processes primarily the following personal data:

• first and last name,
• contact details (phone number and email address),
• information provided in the project description or in follow-up communication.

3. Application of General Principles for Personal Data Protection 3.1. During processing, the Controller observes the principles of lawfulness, proportionality, transparency, integrity and confidentiality, storage limitation, and data accuracy in accordance with applicable legal regulations.

4. Processing and Security of Personal Data

4.1. All processing of personal data is carried out in accordance with legal regulations.

4.2. The legal basis for processing personal data is:

• taking steps at the request of the Data Subject prior to entering into a contract (processing an inquiry from the form),
• the pursuit of the legitimate interests of the Controller (subsequent communication),
• the performance of a contract or compliance with a legal obligation (if cooperation is established).

4.3. All data is appropriately secured technically and organizationally and protected against unauthorized access by third parties.

4.4. Processors with whom the Controller has concluded a contract (e.g., IT service providers or external accountants) may have access to personal data to the necessary extent.

4.5. The Controller processes personal data in electronic or printed form, without the use of automated decision-making.

4.6. In the event of a personal data breach posing a risk to Data Subjects, the Controller shall report this fact to the supervisory authority within 72 hours.

5. Rights of Data Subjects

5.1. The Data Subject has the right to information about the processing (Art. 15 GDPR), the right of access to the data, the right to rectification of inaccurate data, and the right to erasure (“right to be forgotten”) if the data is no longer necessary for the given purposes.

5.2. The Data Subject has the right to restriction of processing, the right to object, and the right to lodge a complaint with a supervisory authority (the Office for Personal Data Protection). These rights can be exercised via the email [email protected].

6. Retention Period of Personal Data

6.1. We retain personal data from the contact form and email inquiries for the duration of processing the inquiry and potential pre-contractual negotiations (usually no longer than 1 year from the end of communication if a contract is not concluded).

6.2. In the event of a contract conclusion, data is retained for the duration of the cooperation and subsequently for the period stipulated by applicable laws (e.g., 10 years for tax documents). Upon expiration of these periods, the Controller shall completely destroy the data.

7. Transfer of Personal Data

7.1. The Controller does not transfer personal data to third countries outside the European Union or to international organizations.

8. Final Provisions

8.1. These Terms and Information on Personal Data Processing take effect on March 9, 2026.