Privacy policy

Information on the Processing of Your Personal Data

We process your personal data because such processing is necessary to fulfill the obligations arising from the mutual contract concluded by the operator of this website, it is necessary for the purposes of complying with the legal obligations of the website operator, and it is also necessary for the purposes of the website operator’s legitimate interests (only for the purposes of direct marketing).

Since the conditions for the lawfulness of personal data processing pursuant to Article 6(1)(b), (c), and (f) of Regulation (EU) No. 2016/679 (hereinafter “the Regulation”) are met, your consent to the processing of your personal data is not required for these purposes.

Providing your personal data is a requirement that must be stipulated in the mutual contract; without providing your personal data it would not be possible to fulfill the contractual obligations, and the website operator would therefore not conclude the contract without the provision of personal data.

The data controller is ICEDREAM s.r.o., ID No. 02895374, with registered office at Za Řekou 91, Náchod, ZIP 547 01, www.icedream.cz, telephone +420 722 901 291, e-mail address: icedream@icedream.cz (hereinafter “Controller”).

Your personal data will, for the purpose of fulfilling the obligations under the mutual contract, be transferred to business partners responsible for distributing promotional materials on behalf of the Controller.

Your personal data will, for the purpose of fulfilling the Controller’s legal obligations, be transferred to business partners providing accounting, tax advisory, and legal services on behalf of the Controller.

Your personal data in the scope of your first name, last name, date of birth, and address will be stored by the Controller for a period of 10 years.

You are informed that you have the right to obtain confirmation from the Controller as to whether your personal data are being processed, and if so, you have the right to access these personal data and to receive the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or in international organizations;
d) the planned period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
e) the existence of the right to request from the Controller the correction or deletion of personal data concerning you or to restrict their processing, or to object to such processing;
f) the right to lodge a complaint with a supervisory authority, namely the Office for Personal Data Protection, (uoou.cz);
g) a copy of the processed personal data.

You are further informed that you have the right to require the Controller to correct any inaccurate personal data concerning you without undue delay. In view of the purposes of processing, you also have the right to obtain the completion of incomplete personal data, including by providing an additional statement.

You are informed that you have the right to require the Controller to delete your personal data concerning you without undue delay, and the Controller is obliged to delete the personal data without undue delay if one of the following reasons applies:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) you object to the processing for the purposes of direct marketing;
c) the personal data have been processed unlawfully;
d) in order to comply with a legal obligation imposed on the Controller by Union or Member State law.

You are informed that you have the right to require the Controller to restrict the processing of your personal data in the event that:

a) you contest the accuracy of the personal data, for a period sufficient for the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and you request, instead of deletion, the restriction of the use of your personal data;
c) the Controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims.

If the processing has been restricted, such personal data, except for storage, may only be processed with your consent, or for the purpose of establishing, exercising, or defending legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. The Controller is obliged to inform you in advance that the restriction on processing will be lifted.

You are informed that the Controller will notify the individual recipients to whom your personal data have been disclosed of any corrections or deletions of personal data or restrictions on processing, except in cases where this proves impossible or would require disproportionate effort. The Controller will inform you about these recipients upon your request.

You are informed that you have the right to obtain from the Controller the personal data concerning you that you have provided, in a structured, commonly used, and machine-readable format, and that you have the right to transmit those data to another Controller.

You are informed that you have the right at any time to object to the processing of your personal data for direct marketing purposes. If you object, your personal data will no longer be processed for those purposes.

Your personal data are properly secured by both technical and organizational measures implemented by the Controller. You are informed that, in the event of a breach of the security of your personal data that poses a high risk to the rights and freedoms of natural persons, the Controller will notify you of this breach without undue delay. This does not apply if:

a) the Controller has implemented appropriate technical and organizational protective measures and these measures have been applied to the personal data affected by the breach (in particular, measures that render the data unintelligible to anyone not authorized to access them, such as encryption);
b) the Controller takes subsequent measures to ensure that the high risk to the rights and freedoms of data subjects is unlikely to materialize;
c) it would require disproportionate effort (in which case data subjects will be informed by public notice or a similar measure);
d) the supervisory authority decides otherwise.