Company Paleto s.r.o., ID number: 17938635, with registered office at Hradecká 1172/3, 500 03 Hradec Králové, registered in the commercial register maintained by C 50607 at the Regional Court in Hradec Králové, (hereinafter referred to as "Operator"), as the administrator of personal data, hereby informs about the processing of personal data carried out in connection with the use of the platform, the Paleto auction system, the available website www.paleto.eu (hereinafter "Platform") by persons who have registered to the Platform and use the services offered by the Platform (hereinafter referred to as "User").

Part of this document is information on the rights that data subjects have in connection with this processing.

For any questions regarding the protection of privacy and the exercise of your rights, use this contact:

1. For what purpose and what personal data do we process?

1.1 Conclusion and performance of the Agreement

To use the Platform and use the services offered by the Platform, the User enters into a contract with the Operator by registering on the Platform (hereinafter referred to as "Contract"). In order to negotiate and conclude the Agreement and its subsequent performance, including maintaining a user account within the Platform, the Operator needs the following personal data of the User - a natural person:

  • identification and contact data of the User - natural person (name, surname, telephone, e-mail, delivery and billing address),
  • payment information,
  • data from communication with the User, any other data in the User's user account and other data about the fulfillment of the Agreement.

Without the above-mentioned data, it is not possible to conclude or fulfill the Agreement, i.e. without providing this data, it is not possible to properly provide the services offered by the Platform to the User. The legal title of the processing of this data is the conclusion and fulfillment of the Agreement at the request of the User.

1.2 Fulfillment of obligations arising from legal regulations

The operator must process personal data in cases where it is required by law. For this purpose, the Operator mainly processes personal data to the extent required by relevant legal regulations in connection with the Operator's obligation to keep accounts and in the fulfillment of related tax obligations, or for the fulfillment of obligations imposed by the Archiving Act.

1.3 Legitimate interests of the Operator

In justified cases, the Operator may also process personal data on the basis of a legal title, which is the protection of its legitimate interests. However, the operator always consistently assesses and ensures that the interest in processing your data for this purpose does not unreasonably interfere with your privacy.

Identification of persons acting within the Platform on behalf of the User: These are typically members of statutory bodies, employees or other authorized persons who are not parties to the Agreement, but conclude the Agreement on behalf of the User, communicate with the Operator and otherwise act on behalf of the User. We need the personal data of these persons in order to be able to communicate and act through them with the User for the purpose of concluding the Agreement and its further performance. For these persons, we usually process the name, surname, e-mail, telephone number, delivery address, information about the job position or other relationship with the User and data from communication with them.

Proof of agreement with the Operator's terms and conditions: The User concludes the contract with the Operator by electronic means, when the Operator expresses consent to the terms and conditions by sending the registration form available within the Platform. Therefore, in order to protect the legitimate interests of the Operator (so that we have proof that a specific User has given consent to the Operator's business terms and conditions in a specific wording), the Operator stores the data necessary to identify the User as a contractual party and information about the agreement to the terms and conditions.

Defense and enforcement of legal claims of the Operator: The Operator further processes personal data for the purposes of protecting the legitimate interest, which is to ensure the possibility of the Operator's defense within the framework of possible legal disputes, proceedings before a court or during inspections by state authorities or other public administration authorities. We process this data in order to be able to prove, if necessary, that we have acted in accordance with our contractual obligations and legal regulations.

Analysis and improvement of Platform services: The Operator may also process data about the User's activity within the software ensuring the operation of the Platform, in which the User's user account is activated (activity logging) for the purposes of protecting the legitimate interest - analyzing the use of the software and its further improvement.

For this purpose, within the scope of our legitimate interest, we can also process data obtained using so-called cookies or other similar technologies that store data on the User's device or obtain data from these devices.

1.4 Sending commercial messages

We also process the e-mail and/or telephone number of Users for the purpose of sending information and news about our services that we offer within the Platform (business communications). The processing of personal data for the purpose of sending commercial messages is the legitimate interest of the Operator.

The user has the option to refuse further sending of commercial communications at any time, free of charge, by following the procedure specified in each commercial communication sent, or within the user account, or by contacting us at the contact e-mail listed above in this document.

2. From whom do we receive personal data and to whom do we pass it on?

We obtain personal data primarily from data subjects. We do not collect any other data about you, except for those that you give us yourself, or which are created by your activity within the Platform and user account (login). You are required to provide us with only accurate information and if your personal information changes, you must update the information.

We can transfer personal data under the conditions set by law to public administration bodies where the law requires us to do so, or if the given body requests it within its competences.

For data processing, we use processors, which are mainly IT service providers, the operator of the platform for e-mail and omni-channel communication, and external accountants.

Personal data may also be transferred to our business partners, who act as independent personal data administrators with respect to your personal data.

Should Personal Data be transferred to a third country (i.e. to a country outside the EU), the Operator undertakes to take all steps to ensure that the transfer of Personal Data to a third country complies with legal regulations.

3. How do we process personal data?

We process your personal data manually in accordance with the relevant purpose where manual processing is necessary or appropriate. When managing your data, our employees or other persons working for us may act, among other things, for the purpose of eliminating errors, inaccuracies, etc. However, these persons may process personal data only under the conditions and to the extent stated above and are bound by the obligation to maintain confidentiality about personal data data and security measures, the disclosure of which would jeopardize the security of personal data.

Personal data may be processed in electronic form by automated means, specifically within the software ensuring the operation of user accounts or the systems of individual processors, as listed above.

We always process personal data in accordance with the relevant legal regulations and ensure proper care and protection. We make sure that you do not suffer damage to your rights, especially the right to maintain human dignity and your private and personal life.

4. How long do we process personal data?

  • Agreement with the User

We process personal data processed for the purpose of concluding and fulfilling the Agreement for the duration of the conclusion and fulfillment of the given Agreement (i.e. for the time necessary to fulfill the obligations arising from it).

Even after that, we may process personal data for the following purposes:

  • Compliance with legal obligations

We process personal data processed as a result of our legal obligations within the time limits set by these laws.

We must process personal data that is required by law governing the tax and accounting obligations of the Operator (typically invoicing data and information about the provision of services) for the purposes of accounting and the fulfillment of tax obligations. The processing period is 5 (five) years from the end of the accounting period, in the case of documents relevant for VAT payments, it is 10 (ten) years from the end of the tax period in which the performance took place. We archive relevant personal data in accordance with the requirements of the Archiving Act for the period specified therein.

  • Legitimate interests

We process personal data even after the termination of the Agreement for the protection of our legitimate interests (i.e. for the purpose of defense against possible claims of Users or third parties, including before a court, for the purposes of recording and proving consent to the terms and conditions and identification of persons dealing with the Operator on behalf of the User) for the duration of the applicable limitation periods, which in the Czech Republic can last up to 15 years from the occurrence of the relevant event. If the relevant claim is not asserted, this period is typically 5 years from the termination of the Agreement.

We process information about the use of the Platform for the purpose of protecting our legitimate interest in analyzing its use and improving it for the duration of the Agreement. After this period, we can only process this data further in an anonymized form.

  • Sending commercial messages

We will send commercial communications as described above until you unsubscribe from them. The option to withdraw consent is included in each message sent and is free of charge. Consent can be revoked at any time via the user account or contact email listed above.

  • Longer processing

Personal data may be processed even longer than stated above, in the event that a relevant reason for further processing arises, typically an administrative or judicial proceeding is initiated for which the personal data are relevant.

5. What are your rights?

First of all, you have the right to ask us for access to your personal data, including making a copy of all your personal data. You can do this by using the email listed in the header of this document.

Because personal data is not processed on the basis of consent, it is not possible to withdraw consent to processing. However, based on your request, we will always assess whether it is necessary to still process your personal data for any of the above-mentioned purposes.

Your other rights:

We will always inform you about:

  • the purpose of personal data processing,
  • personal data, or categories of personal data that are the subject of processing, including all available information about their source,
  • the nature of automated decision-making, including profiling, and information regarding the procedure used, as well as the meaning and anticipated consequences of such decision-making for the data subject,
  • recipients, or categories of recipients to whom personal data has been or will be transferred, and in the case of transfer of personal data to a third country, also on appropriate guarantees applicable to the transfer to ensure the security of personal data,
  • the planned period for which personal data will be stored, or if it cannot be determined, the criteria used to determine this period,
  • all available information about the source of personal data, if not obtained from you.

Your other rights include:

  • ask us for an explanation,
  • demand that we remove the resulting situation, in particular it may be blocking, correction, addition, restriction of processing or disposal of personal data (right to be forgotten),
  • request a copy of the processed personal data, or request personal data relating to you in a structured, commonly used and machine-readable format, and transfer this data to another administrator, without us preventing this in any way,
  • ask a question or complaint to the Office for Personal Data Protection,
  • object to the processing of personal data concerning you.

6. How we protect your personal data

We protect your data. The following security means are used for this in particular: implementation and enforcement of internal regulations for the protection of personal data, anti-virus protection, firewalls, encryption, control of access to personal data and authorization data, backups, physical means of protection and others.