Last updated: October 1st 2025

Data Controller

In accordance with Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), the data controller of your personal data is: EMPLORIAL s.r.o. Registered office: Pekařova 860/8, Bohnice, 181 00 Prague, Czech Republic; Company ID: 23626984 (hereinafter referred to as the “Controller”). The Controller processes your personal data under the conditions described below. The Controller has appointed Ing. Ondřej Trousil, general manager, as Data Protection Officer.

Personal Data We Process

“Personal data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity. We only process personal data that you provide to us in connection with the use of our services — typically when sending an inquiry via our contact form or during the provision of services under a service agreement.This may include in particular:

  • Name and surname

  • Email address

  • Phone number

  • Other data voluntarily provided by you in the form

  • Data necessary for the performance of a service contract

We may also process data obtained automatically when you use our website or services, such as:

  • IP address

  • Cookies (see our [Cookie Policy])

  • Other online identifiers

Our website also uses JavaScript as part of its source code for functionality and performance purposes.

Purpose and Legal Basis for Processing

Your personal data are processed lawfully and fairly, on the following legal bases:

  • Performance of a contract between you and the Controller under Article 6(1)(b) GDPR.

  • Compliance with legal obligations applicable to the Controller (e.g., bookkeeping and record retention) even without your consent.

  • Legitimate interest of the Controller in direct marketing (e.g., sending newsletters or commercial messages) under Article 6(1)(f) GDPR.

The purposes of processing include:

  • handling your inquiries and requests,

  • providing services under the service agreement,

  • analysis and measurement for the purpose of displaying content tailored to your individual needs,

  • sending commercial and marketing communications.

No automated individual decision-making within the meaning of Article 22 GDPR takes place.

Data Access and Retention

The Controller declares that it has taken all appropriate technical and organizational measures to secure your personal data. Access to your personal data is restricted to authorized persons only. All partners entrusted with your data are capable of ensuring adequate technical and organizational protection to prevent unauthorized or accidental access, misuse, or destruction. Third parties who may have access to your personal data to the necessary extent include:

  • persons involved in the delivery of services and payment processing,

  • analytics providers monitoring website traffic,

  • IT and security service providers ensuring technical operation and integrity,

  • operators of advertising systems for targeted marketing,

  • payment gateways or banks (in case of recurring payments),

  • public authorities, where required by law.

The Controller does not intend to transfer personal data to countries outside the EU. All data are stored within the EU or in countries recognized by the EU as providing an adequate level of protection. The Controller retains personal data only for the time necessary to perform rights and obligations arising from contractual relationships and to assert any related claims — typically for 10 years after the end of the contractual relationship, unless legal obligations require otherwise. After this period, personal data are securely deleted.

Data Security

We treat the protection of your personal data with the utmost care. All data are secured using standard technologies and procedures, which are regularly reviewed and updated. Access to your data is password-protected, and sensitive data are encrypted during transmission between your browser and our servers. However, even the best security measures cannot guarantee 100% protection. We therefore encourage you to follow basic online safety principles — keep your login credentials confidential and use strong passwords that are difficult to guess.

Processing Without Consent

In certain cases, we may process your personal data without your explicit consent, in accordance with applicable law. This applies when the data are necessary:

  • to fulfill contractual obligations and provide our services or products,

  • to meet legal obligations under applicable legislation,

  • or to pursue the Controller’s legitimate interests (e.g., ensuring website security).

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access – to obtain confirmation as to whether or not your personal data are being processed and, if so, access to them.

  • Right to rectification – to request correction of inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) – to request deletion of your data under certain conditions.

  • Right to restriction of processing – to request limitation of data use in specific cases.

  • Right to data portability – to receive your data in a structured, commonly used, and machine-readable format and to transfer them to another controller.

  • Right to object – to object to data processing, especially in relation to direct marketing.

  • Right to be informed – in the event of a personal data breach.

To exercise any of these rights, please contact us using the contact details provided below. We will inform you about the measures taken without undue delay and within one month of receiving your request. In complex cases, this period may be extended by up to two additional months. If we refuse your request, we will notify you within one month and explain the reasons. In cases of unreasonable or repetitive requests, we reserve the right to charge a reasonable administrative fee. If you believe that your rights have been violated, you may lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů) or seek judicial protection.

How to Contact Us

If you have any questions or wish to exercise your rights, please contact us at: info@emplorial.cz; Pekařova 860/8, Bohnice, 181 00 Prague, Czech Republic To verify your identity, we may ask you to provide additional information. This is a security measure to ensure that no unauthorized person gains access to your personal data.