PRIVACY POLICY

Your personal data and that of your clients are safe with us. We protect the privacy of all data we access and the information you entrust to us.

The Provider of the services is Blaze Lounge club s.r.o., registered at Branická 213/53, Braník, 147 00 Prague, ID No.: 19602448 (hereinafter referred to as the “Provider”).

The User is any legal or natural person who submits an order to the Provider in written or oral form.

I. Personal Data Protection

1.1. By placing an order for the provision of services, the User confirms that they are familiar with the personal data protection terms, agree with them, and fully accept them.

1.2. The Provider is the data controller of the users’ personal data under Article 4(7) of Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR). The Provider undertakes to process personal data in accordance with all applicable legislation, especially the GDPR.

1.3. Personal data refers to any information relating to an identified or identifiable natural person. An identifiable person is one who can be directly or indirectly identified, especially by reference to a name, ID number, location data, online identifier, or one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.

1.4. When placing an order, the personal data required to fulfill it is collected (such as name, address, contact). The purpose of processing this data is to fulfill the user’s order and legal obligations arising from the contractual relationship between the Provider and the User. Another purpose is to send marketing communications. The legal basis for processing is the performance of a contract (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), and the legitimate interest of the Provider (Art. 6(1)(f) GDPR) for direct marketing.

1.5. To fulfill the contract, the Provider uses subcontractors, such as email service providers (which may store data outside the EU) and hosting providers. These subcontractors are carefully vetted. Contracts are in place to ensure responsibility for physical and digital data protection lies with the subcontractor.

1.6. Personal data is stored only for the period necessary to meet contractual and legal obligations (15 years after the end of the relationship), after which it is deleted.

1.7. The User has the right to request access to their data (Art. 15 GDPR), rectification (Art. 16), restriction (Art. 18), erasure (Art. 17), object to processing (Art. 21), and request data portability (Art. 20).

1.8. The User has the right to lodge a complaint with the Data Protection Authority if they believe their data protection rights have been violated.

1.9. Providing personal data is voluntary but necessary to conclude and fulfill a contract. Without it, the Provider cannot fulfill the agreement.

1.10. The Provider does not use any automated decision-making or profiling as defined by Art. 22 GDPR.

1.11. By placing an order, the User:

agrees to receive commercial communications, direct marketing, and promotional offers from the Provider and third parties, no more than once a week;
confirms that such communications are not considered spam under Czech law (Act No. 40/1995 and Act No. 480/2004);
may revoke their consent at any time by emailing info@nemaszac.cz.

1.12. Cookies are used to enhance service quality, personalize content, collect anonymized data, and for analytics. By using the website, the User agrees to the use of cookies.

II. Rights and Obligations Between Controller and Processor

2.1. The Provider acts as the data processor for the User’s clients’ data under Art. 28 GDPR. The User is the data controller.

2.2. These terms define mutual rights and obligations in processing data accessed by the Provider under a contract concluded on www.nemaszac.cz.

2.3. The Provider undertakes to process data within the scope and for the purposes set out in clauses 2.4 – 2.7. Processing is automated and includes collection, storage, blocking, and deletion. The Provider shall not process data beyond these terms.

2.4. The Provider processes the following types of personal data:

common personal data,
special categories of data under Art. 9 GDPR,
obtained by the User during business activities.

2.5. The purpose of processing is to deliver online marketing services, consulting, and website/e-shop creation and management.

2.6. Data may be processed only at the Provider’s or subcontractors’ facilities within the EU.

2.7. Data will be processed for as long as needed to fulfill contractual obligations (15 years from the last service).

2.8. The User consents to the involvement of subcontractors. The Provider must inform the User of any changes and ensure that subcontractors are bound by the same obligations.

2.9. Security measures include:

processing in accordance with the law and User’s instructions,
technical and organizational protection to prevent unauthorized access, loss, or misuse,
ensuring ongoing confidentiality, integrity, and availability,
access restricted to authorized personnel using unique identifiers,
confidentiality agreements for employees and subcontractors, continuing beyond termination of employment,
support for compliance with Articles 32–36 of the GDPR,
deletion or return of personal data after the end of processing unless otherwise required by law,
enabling audits or inspections as requested by the User.

2.10. The User undertakes to promptly report any known circumstances that could affect the fulfillment of these terms and provide necessary cooperation.

2.11. The Provider shall keep all personal data confidential, shall not publish or share it outside of authorized staff or subcontractors, and will ensure that this duty of confidentiality continues even after the termination of the contractual relationship.