Personal Data Processing and Protection Policy

1. Introductory provisions

The company IMMIX spol. s r.o., with its registered office at Otiskova 2823/30, 628 00 Brno, Czech Republic, ID No.: 26920450, registered in the Commercial Register maintained by the Regional Court in Brno, under file No. C 45433 (hereinafter referred to as the “Controller”), hereby provides information on the processing of personal data in accordance with the relevant legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “GDPR”).

2. Purposes and legal basis for processing

We process personal data only to the extent necessary to achieve the following purposes:

handling your inquiries (sent, for example, via the contact form on the website or by email), providing our services or fulfilling the rights and obligations arising from the concluded contract, where the legal basis for such processing is the performance of the contract or the implementation of measures taken prior to the conclusion of the contract at your request within the meaning of Article 6(1)(b) of the GDPR,
conducting business and contractual communication, where the legal basis for such processing is the performance of a contract or the implementation of measures taken prior to the conclusion of a contract at your request within the meaning of Article 6(1)(b) of the GDPR, or the legitimate interest of the controller or third parties (e.g., in the enforcement of a debt) within the meaning of Article 6(1)(f) of the GDPR,
sending commercial communications (e.g., newsletters), including offers of our services, based on your consent within the meaning of Article 6(1)(a) of the GDPR or the legitimate interest of the controller within the meaning of Article 6(1)(f) of the GDPR,
ensuring the proper technical operation and security of the website through cookies based on the legitimate interest of the controller within the meaning of Article 6(1)(f) of the GDPR,
analyzing website traffic and user behavior through cookies based on your consent within the meaning of Article 6(1)(a) of the GDPR,
protection of the rights and legal claims of the controller, based on the legitimate interest of the controller or third parties within the meaning of Article 6(1)(f) of the GDPR,
fulfillment of the legal obligations of the controller laid down by the laws of the Czech Republic and the European Union (e.g., accounting, tax records) within the meaning of Article 6(1)(c) of the GDPR.

The controller does not carry out automated decision-making or profiling within the meaning of Article 22 of the GDPR.

3. Categories of data processed

For the above-mentioned purposes of processing, we may process the following personal data in particular:

identification and contact details (name, surname, email address, telephone number),
content of communication (in particular messages via web form or email),
technical data (IP address, device and browser type and version, access time, logs, and other information necessary for website security and operation),
data on website behavior (data on website traffic, user movement, and interactions, only in anonymized form unless consent is given),
data for direct marketing (email address, subscription record, information about preferences and history of interactions with our communications, if consent is given).

4. Sources of personal data

We obtain personal data:

directly from data subjects (e.g., by filling out a form, by email, or by phone),
from website traffic and technical logs,
from analytics and marketing service providers (if consent is given).

The provision of personal data is:

necessary for the purpose of responding to an inquiry or concluding a contract (without providing it, we cannot process the request),
voluntary for the purpose of sending commercial communications and analytics.

5. Recipients of personal data

Personal data may be transferred to the extent necessary to:

contractual processors (IT administration, marketing agencies, providers of email and analytical tools),
public authorities and third parties, if required by law.

Any transfer outside the EU is carried out only on condition that an adequate level of protection is ensured in accordance with Article 44 et seq. of the GDPR. The current list of processors is available on request via the contact details below.

6. Retention period of personal data

We only retain personal data for as long as is necessary to fulfill the purpose of the processing.

In order to process your inquiries, provide our services, fulfill the rights and obligations arising from the concluded contract, and conduct business and contractual communication, we store personal data for the duration of the contractual relationship.

After the termination of the contractual relationship, we may retain your personal data for the duration of our legitimate interests, which is the protection of rights and legal claims, but no longer than the statutory limitation period of 10 years from the termination of the contractual relationship or the emergence of a claim, unless judicial, administrative, or other proceedings are initiated.

If we process personal data to fulfill legal obligations, we only store it for the period specified by applicable law (e.g., the Accounting Act, the Archives and Records Act, or the Value Added Tax Act).

If personal data is processed on the basis of your consent, we store it until it is revoked, unless the processing is simultaneously justified by another legal basis.

After these periods have expired, the data is securely deleted or anonymized.

7. Rights of the data subject

You have the following rights in relation to our processing of your personal data:

the right to access your personal data,
the right to correct inaccurate or incomplete data,
the right to erasure (“right to be forgotten”),
the right to restrict data processing,
the right to data portability,
the right to withdraw consent to the processing of personal data,
the right to object to processing,
the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection (www.uoou.cz).

Your rights are explained below so that you can get a clearer idea of their content.

You can exercise all your rights by contacting us using the contact details provided below in section 8. Contact details of the Controller.

7.1 Right of access to your personal data

You may request confirmation from us at any time as to whether we process your personal data, for what purpose, to what extent, to whom it is disclosed, how long we will process it, whether automatic decision-making or profiling takes place on the basis of your personal data, where we obtained your personal data, and what rights you have in relation to the processing. You also have the right to obtain a copy of your personal data, with the first provision being free of charge; for further provisions, we may request a reasonable reimbursement of administrative costs.

7.2 Right to correct inaccurate or incomplete data

You may ask us to correct or supplement your data at any time if it is inaccurate or incomplete.

7.3 Right to erasure (“right to be forgotten”)

We must erase your personal data if (i) it is no longer necessary for the purposes for which it was processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are required to do so by law.

However, the right to erasure does not apply if the processing is necessary for compliance with the controller’s legal obligations, for archiving or statistical purposes, or for the establishment, exercise, or defense of the legal rights and claims of the controller or other persons.

7.4 Right to restriction of processing

Until we resolve any disputed issues regarding the processing of your personal data, we must restrict the processing so that we can only store it and use it for the purpose of determining, exercising, or defending legal claims. You have this right in particular if you dispute the accuracy of the personal data or if the processing is unlawful.

7.5 Right to data portability

You have the right to receive the personal data we process in a structured, commonly used, and machine-readable format for the purpose of transferring it.

7.6 Right to withdraw consent to the processing of personal data

If you have given your consent to the processing of personal data, you have the option to withdraw this consent at any time, but this does not affect the lawfulness of the processing based on the consent given prior to its withdrawal.

7.7 Right to object to processing

You have the right to object at any time to the processing of your personal data that we carry out on the basis of our legitimate interest (e.g., for direct marketing). If you object, we will no longer process your personal data for this purpose, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

8. Contact details of the Controller

IMMIX spol. s r.o.
Otiskova 2823/30
628 00 Brno, Czech Republic
📞 +420 601 370 424
📧 info@immix.cz
📬 Data box ID: cbdbn7s

Service	Processor	Cookies designation
Dynamic Cookies Bar	IMMIX spol. s r.o.	dcb_dsv, dcb_config	Active
Google Tag Manager	Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States	cookiePreferences	Active