top of page
logo Společnosti COMACO

Privacy Policy

The processing of personal data takes place in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and Act No. 110/2019 Coll., on the processing of personal data.

I. Introductory Provisions

The Personal Data Processing Policy (hereinafter referred to as the "Policy") is issued in accordance with the GDPR to fulfill the information obligation of COMACO s.r.o., pursuant to Art. 13 and Art. 14 of the GDPR. The objective of this Policy is to inform data subjects about what personal data COMACO s.r.o. processes, for what purposes and for how long it will be stored, and to whom and for what reason it may be transferred. Furthermore, COMACO s.r.o. informs data subjects of their rights regarding the processing of their personal data.

II. Definitions

  • Controller: The entity that determines the purpose and means of processing personal data and bears responsibility for it. The Controller is COMACO s.r.o., Saarinenova 1130/7, 198 00 Prague 9, ID: 06288201.

  • Data Subject: The natural person to whom the personal data relates (e.g., employee, job applicant, business partner, website visitor).

  • Personal Data: Any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).

  • Website: Available at www.comaco.cz.

  • Cookies: Short text files stored by a web or mobile browser to improve website functionality and marketing targeting.

  • Consent: A free, specific, informed, and unambiguous expression of will.

  • Processor: An entity that processes personal data for the Controller based on a contract.

​​

III. Processors of Personal Data

The Controller utilizes specialized services from third parties (e.g., sales representatives, legal services, internet advertising). These processors may handle personal data only within the scope of the Controller's instructions. Processors include state administration bodies, banks, insurance companies, and external service providers (H&S, accounting).

IV. Categories of Personal Data

The Controller processes:

  1. Identification data: Name, surname, address, ID/VAT number.

  2. Contractual data: Bank account number, order history.

  3. Electronic contact data: Phone number, email address.

  4. Other electronic data: IP address, cookies.

V. Sources of Personal Data

Data is obtained directly from subjects (forms, emails, contracts) or from public records (Public Register, Commercial Register).

VI. Scope of Processing

Data is processed to the extent provided by the subject in connection with a contract or as collected by the Controller in accordance with legal regulations.

VII. Conditions for Processing

Processing is based on:

  • Consent.

  • Performance of a contract.

  • Legal obligations of the Controller.

  • Legitimate interests of the Controller or a third party.

VIII. Method of Processing and Security

Processing is carried out manually or via computer systems by authorized employees or processors. The Controller has implemented technical and organizational measures to prevent unauthorized access, loss, or misuse of data.

IX. Retention Period

Data is kept for the necessary duration, typically 10 years after the termination of a contractual relationship, as required by law.

X. Processing Based on Consent

Consent (usually a checkbox) can be withdrawn at any time. Note on "Customer Verified" (Ověřeno zákazníky): We use your email to send satisfaction surveys via Heureka.cz based on our legitimate interest. You can object to this at any time via the link in the email.

XI. Rights of Data Subjects

  1. Right to explanation: If you believe your data is handled unlawfully, you may request rectification or deletion.

  2. Right to information: Regarding the identity of the Controller, purposes, and recipients of data.

  3. Right of access: Confirmation of whether your data is being processed and a copy of the data.

  4. Right to rectification: Correction of inaccurate data.

  5. Right to erasure ("Right to be forgotten"): If data is no longer necessary or consent is withdrawn.

  6. Right to restriction of processing.

  7. Right to object: Against processing based on legitimate interests.

  8. Right to lodge a complaint: With the Office for Personal Data Protection (ÚOOÚ).

XII. Identity Verification

Before processing a request (access, erasure, etc.), the Controller must verify the applicant's identity. This may be done via a verified signature, electronic signature, or data box. Verification is not required if the request comes from an email/phone already registered in the Controller’s system.

XIII. Final Provisions

  • The Controller does not process data of children or sensitive data (Art. 9 GDPR).

  • No automated decision-making or profiling (Art. 22 GDPR) occurs.

  • All data is stored within the EU or third countries meeting GDPR conditions (Art. 44).

  • The Controller may update this Policy; subjects will be informed of changes.

Contact for Data Protection: vaclav@comaco.cz

Updated as of: April 1, 2026

bottom of page