Privacy Policy

I. Basic Provisions

The controller of personal data under Article 4, Paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is So Concrete a.s., Company ID No. 28212126, with its registered office at Pobřežní 667/78, Karlín, 186 00 Prague (hereinafter referred to as the "Controller").

Controller’s contact information:

  • Address: Pobřežní 667/78, Karlín, 186 00 Prague

  • Email: info@so-concrete.com

  • Phone: +420 603 267 617

Personal data refers to any information about an identified or identifiable natural person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

The Controller has not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

The Controller processes personal data:

  • Provided by you, or

  • Obtained by the Controller based on the performance of your order.

The Controller processes your identification and contact details and data necessary for contract performance.

III. Legal Basis and Purpose of Data Processing

The legal basis for processing personal data is:

  • Performance of a contract between you and the Controller under Article 6, Paragraph 1(b) GDPR,

  • Legitimate interest of the Controller in providing direct marketing (e.g., sending commercial communications and newsletters) under Article 6, Paragraph 1(f) GDPR,

  • Your consent for the purposes of direct marketing (e.g., sending commercial communications and newsletters) under Article 6, Paragraph 1(a) GDPR in conjunction with Section 7, Paragraph 2 of Act No. 480/2004 Coll., on certain information society services, if no goods or services were ordered.

The purpose of data processing is:

  1. Fulfillment of your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. When placing an order, personal data required for successful order processing (e.g., name, address, contact information) is mandatory; without it, the contract cannot be concluded or performed by the Controller.

  2. Sending commercial communications and carrying out other marketing activities.

The Controller does not engage in automated individual decision-making as defined in Article 22 GDPR.

IV. Data Retention Period

The Controller retains personal data:

  • For the time necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and for claiming rights from these contractual relationships (15 years after the termination of the contractual relationship).

  • Until consent for processing personal data for marketing purposes is withdrawn, or for a maximum of 2 years, if processing is based on consent.

After the expiration of the retention period, personal data will be deleted.

V. Recipients of Personal Data (Controller’s Subcontractors)

Recipients of personal data include entities:

  • Involved in the delivery of goods/services or payment processing under a contract,

  • Ensuring the operation of services,

  • Providing marketing services.

The Controller does not intend to transfer personal data to third countries (countries outside the EU) or international organizations. Recipients of personal data in third countries may include providers of mailing or cloud services.

VI. Your Rights

Under the GDPR, you have the following rights:

  • Access your personal data under Article 15 GDPR,

  • Rectify personal data under Article 16 GDPR or restrict processing under Article 18 GDPR,

  • Delete personal data under Article 17 GDPR,

  • Object to processing under Article 21 GDPR,

  • Data portability under Article 20 GDPR,

  • Withdraw consent for processing in writing or electronically to the Controller's address or email specified in Article III.

Additionally, you have the right to file a complaint with the Office for Personal Data Protection if you believe your rights regarding personal data protection have been violated.

VII. Personal Data Security Measures

The Controller declares that it has taken appropriate technical and organizational measures to secure personal data.

These include:

  • Technical measures to secure data storage and physical document storage (e.g., encryption, antivirus systems, firewalls, and secure spaces for physical documents).

  • Restricting access to personal data to authorized personnel only.

VIII. Final Provisions

By submitting an order via the online order form, you confirm that you are familiar with the terms of personal data protection and accept them in full.

You agree to these terms by ticking the consent box in the online form. By doing so, you confirm that you are familiar with the terms of personal data protection and accept them in full.

The Controller reserves the right to amend these terms. The updated version of the Privacy Policy will be published on the Controller’s website or sent to the email address you provided.

These terms are effective as of January 1, 2025.