PERSONAL DATA PROTECTION POLICY

Privacy Policy

1. Data Controller

The controller of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (“GDPR”), is:

Garden Company s.r.o.
Company ID No.: 23062088
Registered office: U Špejcharu 409, 252 67 Tuchoměřice, Czech Republic
Registered in the Commercial Register maintained by the Municipal Court in Prague under file number C 420729
(hereinafter referred to as the “Controller”).

Controller’s contact details:

Email: kontakt@gardencompany.cz
Telephone: +420 606 025 902
Website: www.gardencompany.cz

The Controller has not appointed a Data Protection Officer.

2. Scope of Personal Data Processed

The Controller processes in particular personal data provided directly by customers or visitors to the website, including:

  • first name and surname,

  • email address,

  • telephone number,

  • address of the place where services are to be provided,

  • billing address,

  • company details, including company name, registered office, company identification number and VAT number,

  • information included in an enquiry, order or other communication,

  • information relating to ordered services, quotations, contracts, project implementation and payments,

  • photographs or other materials relating to a garden, property or completed project,

  • technical data necessary for the operation and security of the website.

The Controller does not normally process special categories of personal data unless such data are voluntarily provided by the customer and their processing is necessary to deal with a specific request.

3. Purposes and Legal Bases of Processing

Personal data are processed mainly for the following purposes:

  • receiving and handling enquiries,

  • preparing quotations,

  • taking steps prior to entering into a contract,

  • concluding and performing contracts for gardening and related services,

  • communicating with customers before, during and after completion of a project,

  • planning, carrying out and recording completed work,

  • handling complaints, requests and follow-up service work,

  • issuing invoices and maintaining accounting and tax records,

  • complying with the Controller’s legal obligations,

  • protecting the rights, property and legitimate interests of the Controller,

  • preventing fraudulent or unlawful conduct,

  • sending commercial communications, service offers or reminders relating to regular maintenance, where permitted by law,

  • ensuring the operation, security and improvement of the website.

The legal basis for processing personal data is, in particular:

  • taking steps at the customer’s request prior to entering into a contract,

  • performance of a contract,

  • compliance with a legal obligation,

  • the legitimate interests of the Controller,

  • the consent of the data subject, where required.

Providing personal data necessary for handling an enquiry or carrying out a project is a contractual requirement. Without such data, the Controller may be unable to process the enquiry or provide the requested services.

4. Contact and Enquiry Forms

Where a visitor submits a contact or enquiry form through the website, the Controller processes the submitted data for the purpose of handling the request, preparing a quotation or discussing potential cooperation.

Data submitted through a form are processed for the period necessary to deal with the request and subsequently for as long as their retention may be necessary to protect the Controller’s rights.

5. Photographs of Completed Projects

In connection with a project, the Controller may take photographs of the garden, property, plants, technical elements or completed work, primarily for the following purposes:

  • documenting the condition before and after the work,

  • recording the progress of the project,

  • handling complaints or follow-up service requests,

  • demonstrating the scope and quality of the completed work.

Photographs that make it possible to identify a specific person or property will not be published for marketing or presentation purposes without an appropriate legal basis or, where necessary, the prior consent of the person concerned.

6. Commercial Communications

The Controller may send existing customers information relating to previously provided services, such as reminders concerning regular garden maintenance, fertilisation, lawn scarification, irrigation system winterisation or offers of similar services.

Recipients may unsubscribe from commercial communications at any time by using the unsubscribe link included in the relevant message or by sending a request to kontakt@gardencompany.cz.

Where commercial communications are sent on the basis of consent, such consent may be withdrawn at any time.

7. Recipients of Personal Data

Personal data may be disclosed, to the extent necessary, to:

  • employees and contractors of the Controller,

  • accounting, tax and legal advisers,

  • providers of IT, hosting, cloud and email services,

  • providers of enquiry management and customer communication tools,

  • providers of analytics or marketing services, where such tools have been activated in accordance with applicable law,

  • suppliers and subcontractors involved in carrying out a project,

  • carriers or material suppliers, where necessary for delivery to the place of performance,

  • public authorities where the Controller is legally required to provide the data.

The Controller does not disclose personal data to third parties for their own marketing purposes without an appropriate legal basis.

8. Transfers of Personal Data Outside the European Union

Some providers of technical, cloud, analytics or marketing services may process personal data outside the European Union or the European Economic Area.

Any such transfer will take place only where an adequate level of data protection is ensured, in particular on the basis of an adequacy decision of the European Commission, standard contractual clauses or another transfer mechanism permitted under the GDPR.

9. Retention Period

The Controller retains personal data only for as long as necessary to fulfil the purpose for which they were processed.

Data relating to an enquiry that did not result in a contract may be retained for the period necessary for further communication and for the protection of the Controller’s legitimate interests.

Data relating to a contract and a completed project are retained for the duration of the contractual relationship and subsequently for the period necessary to establish, exercise or defend the Controller’s legal claims, generally for the duration of the applicable limitation periods.

Accounting and tax documents are retained for the period required by applicable law, in some cases for up to 10 years.

Data processed on the basis of consent are retained until the consent is withdrawn, but no longer than the period specified when the consent was given.

Data used for sending commercial communications are retained until consent is withdrawn, an objection is raised or the legitimate reason for processing ceases to apply.

10. Cookies and Technical Data

The website may use cookies and similar technologies.

Strictly necessary cookies may be used without the visitor’s consent where they are required for the correct, secure and reliable operation of the website.

Analytics, preference and marketing cookies are used only on the basis of the visitor’s consent, unless applicable law provides otherwise.

Visitors may withdraw or change their consent at any time through the cookie settings available on the website.

Detailed information about individual cookies, their providers, purposes and duration is provided in the cookie settings or in a separate Cookie Policy.

11. Rights of Data Subjects

Subject to the conditions laid down in the GDPR, data subjects have the right to:

  • obtain confirmation as to whether the Controller processes their personal data,

  • access their personal data,

  • have inaccurate personal data corrected or incomplete data completed,

  • request the erasure of personal data,

  • request restriction of processing,

  • receive their personal data in a portable format,

  • object to processing based on legitimate interests,

  • withdraw consent at any time,

  • not be subject to a decision based solely on automated processing where that decision produces legal or similarly significant effects,

  • lodge a complaint with the competent supervisory authority.

The competent supervisory authority is:

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Czech Republic
www.uoou.gov.cz

Data subject rights may be exercised by sending a request to kontakt@gardencompany.cz.

Before processing a request, the Controller may ask the applicant to provide reasonable proof of identity.

12. Security of Personal Data

The Controller has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or destruction.

Access to personal data is limited to persons who require such access in order to perform their employment or contractual duties and who are subject to confidentiality obligations.

13. Automated Decision-Making

The Controller does not carry out automated individual decision-making or profiling that would produce legal or similarly significant effects for data subjects.

14. Final Provisions

This Privacy Policy is effective from [INSERT DATE OF PUBLICATION].

The Controller may update this Privacy Policy where appropriate, in particular in the event of changes to applicable law, the services used or the manner in which personal data are processed.

The current version of this Privacy Policy is always available at www.gardencompany.cz.