GDPR

Notice on the Collection and Processing of Personal Data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”), effective from 1 June 2021

The company Epos spol. s r.o., ID No. 4094201 (hereinafter referred to as the “controller” or “contracting authority”) hereby informs its customers – purchasers (as well as employees of our customer who is a legal entity, or persons acting on behalf of the purchaser by authorization, appointment, election, or within the performance of their function, designated as authorized persons for individual areas of communication related to the supply of products and services within contractual relationships) – about the collection and processing of their personal data.

Personal Data Protection Principles

Your personal data is processed solely on the basis of legal grounds defined by the Regulation or national law. As the data controller, we are responsible for the protection of your personal data that we have obtained or will obtain in accordance with the Regulation and national law, to the extent and in the manner stated in this information notice. If you have any questions regarding the processing of your personal data, you can contact us personally or by post at our registered office, or directly by email at: info@eposprint.cz, subject: "Submission-GDPR".

Your personal data will be securely stored and backed up in accordance with our security policies and those of our processors, only for the duration stated below in this notice.

Access to your personal data will be granted to recipients and persons authorized by us who process it based on our instructions and in accordance with our security policies. As a data controller, we are obliged to ensure data backup in accordance with the security requirements of the Regulation and national law.

Source of Personal Data Collection

We primarily obtain your personal data directly from you, if you provide it voluntarily in connection with an inquiry or request for our products addressed to us in person, by telephone, by mail, or electronically—either at your request or via predefined forms available on our website.

If you are an employee of a customer who is a legal entity or entrepreneur and have been designated as an authorized person for communication related to the delivery of products and services, we receive your personal data from your employer. Providing this data does not relieve your employer of their duty to inform you under Article 13 of the Regulation.

We may also receive your personal data from our external collaborators performing door-to-door sales or from our contractual partners or other authorized entities in connection with fulfilling our contractual or pre-contractual obligations.

Necessity of Providing Personal Data

We need your personal data to establish a contractual relationship between the supplier and customer, as your identification is a fundamental requirement of the contract. However, if you choose not to provide your phone number or email, this won’t prevent the establishment of a contractual relationship, but communication may be less efficient. Without your email address, we can only send invoices by post.

For individuals designated to receive deliveries, we will require proof of ID to ensure secure handover and resolve potential complaints.

Refusing to provide personal data may significantly hinder or even prevent the execution of contracts or communication between parties.

Recipients of Personal Data

Your personal data will be stored in our internal systems and may be provided to:

Supervisory and state authorities (e.g., Czech Trade Inspection, Office for Personal Data Protection, Tax Office).
Courts or law enforcement authorities upon request or based on legitimate interest.
Service providers (e.g., IT infrastructure support, software administration, postal and transport services, financial and insurance services).
Other authorized recipients required by law or legitimate interest, such as auditors, legal advisors, accountants, insurers, banks, and employees performing work or exercising rights who are bound by confidentiality.

We have contracts with all processors to ensure your personal data is protected according to applicable legislation.

Purpose of Data Processing

Your personal data will be collected and processed for the following purposes:

Contractual performance and obligations, including order processing, communication, complaints, claims, invoicing, and legal enforcement. Legal basis: Art. 6(1)(b), (c) GDPR.
Property security, including CCTV monitoring, based on legitimate interest to protect assets and individuals. Legal basis: Art. 6(1)(f) GDPR.
Accounting, invoicing, and tax compliance. Legal basis: Art. 6(1)(c) GDPR and the Accounting Act.
Marketing, with your consent, for sending promotional messages. Legal basis: Art. 6(1)(a) GDPR.
Protection of supplier’s financial interests, in case of breach of obligations. Legal basis: legitimate interest.
Legal claims, disputes, and debt recovery. Legal basis: same as for the original processing or Art. 9(2)(c) GDPR if sensitive data is involved.
Mail management, archiving, and document processing. Legal basis: Art. 6(1)(c), (e) GDPR.
Data subject rights compliance. Legal basis: legal obligation.
IT security and network information protection, including threat detection and system management. Legal basis: Art. 6(1)(f) GDPR.

Data Retention Period

We retain your data only as long as necessary:

During the contract and for 10 years afterward, due to legal accounting obligations.
Video surveillance data is retained for 60 days.
Requests from data subjects may be stored for 5 years.
Consent-based processing lasts only while the consent is valid. Consent can be withdrawn at any time.

Transfers to Third Countries or International Organizations

If applicable, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCC), approved codes of conduct, certification mechanisms, or explicit consent.

Withdrawal of Consent

You may withdraw your consent at any time. Withdrawal does not affect the legality of processing prior to withdrawal. Consent can be revoked in the same way it was granted.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in our data processing.

Personal Data on Our Website

Voluntary Submission

You may voluntarily provide contact information through forms (e.g., name, company, address, phone, email, position). We use it to contact you and may share it within our company group or partners if necessary.

Cookies and Usage Data

We collect website usage data through cookies, tags, analytics tools, etc. For more details, visit our website.

Linked Websites

Our website may contain links to third-party sites. We are not responsible for their content or privacy policies.

Children

Our website is not intended for children, and we do not knowingly collect or sell data from children. If such data is discovered, we will delete it.

Your Additional Data Protection Rights

Under GDPR, you also have the right to:

Access your data (Art. 15).
Correct inaccurate data (Art. 16).
Erase data (“right to be forgotten,” Art. 17).
Restrict processing (Art. 18).
Data portability (Art. 20).
Object to processing, including for marketing purposes (Art. 21).
Not be subject to automated decision-making or profiling (Art. 22).

For more details, contact us personally, by post, or at: info@eposprint.cz, subject: "Submission-GDPR".

Amendments to This Privacy Notice

We reserve the right to amend or update this privacy notice at any time. Please check regularly for updates.