Privacy Policy for the Processing of Personal and Other Processed Data

Introduction

When Using Intexcompany.Cz You Entrust Us With Your Personal Data. We Do Everything We Can To Ensure That Your Trust Is Not Misplaced. Therefore, We Would Like To Explain How We Protect Your Privacy. This Privacy Policy Describes What Personal Data We Collect, How We Use And Share It, And How You Can Control It.

We process your personal data in accordance with applicable data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), as well as Act No. 110/2019 Coll., on the Processing of Personal Data (hereinafter referred to as the “Act”).

These Privacy Policies also apply to the processing of personal data in connection with the creation and use of the Intex Customer Account, as described in the Terms of Use of the Intex Customer Account.

1. Who processes your data?

The operator of the services of the websites intexcompany.cz, intexcompany.com, intexsupport.com, intexeshop.com is Intex Trading s.r.o., with its registered office at Hradecká 2526/3, 130 00 Prague 3, Vinohrady – Czech Republic, Company ID No: 26150808, registered in the Commercial Register maintained by the Municipal Court in Prague under file number C 74759 (hereinafter referred to as the “Operator” or “Intex”), and as the data controller we will process your personal data under the conditions set out below.

Controller contact details:

Data Protection Officer:

The company Intex Trading s.r.o. is not legally obliged to appoint a Data Protection Officer pursuant to Article 37 GDPR, as its core activities do not involve large-scale regular and systematic monitoring of data subjects, nor large-scale processing of special categories of personal data.

2. What personal data do we process?

Depending on how you use our services, we process the following categories of personal data:

a) Enquiries and contact forms

  • First and last name
  • Email address
  • Telephone number
  • Content of your enquiry or request

b) Registration in the e-shop and customer account (my.intexsupport)

  • First and last name
  • Email address
  • Telephone number
  • Password (in hashed form)
  • Billing address (first and last name / company name, street, city, postal code, country, Company ID / VAT ID)
  • Delivery address
  • Order and purchase history
  • Information on payment methods (payment type, not card numbers)
  • Data related to complaints and service requests

c) Newsletter

  • Email address
  • Name (if provided)
  • Information on newsletter opens and clicks (for performance measurement)
  • Date of subscription and unsubscription

d) Website visitors

  • IP address
  • Data obtained via cookies (device type, browser, visited pages, time of visit)
  • Geolocation data (country, city – based on IP address)
  • Behavioural data (interests, on-site behaviour) – only with consent

3. What sources do we use to obtain your data?

We usually obtain the personal data we process about you directly from you, when you:

  • visit our website,
  • subscribe to our newsletter or create a customer account,
  • complete a contact form or enquiry,
  • make a purchase in our e-shop,
  • communicate with us in writing or by telephone.

In justified cases (in particular when recovering outstanding debts or verifying information), we may also obtain information about you from publicly available sources, such as:

  • Commercial Register (justice.cz)
  • Trade Licensing Register
  • Insolvency Register
  • Register of Economic Entities
  • Other public registers and lists

4. Why and on what legal basis do we process your personal data?

**Purpose of processing** **Legal basis** **Categories of data** **Retention period**
Handling of enquiries, communication Performance of a contract (Article 6(1)(b) GDPR) Name, email, telephone number, content of the enquiry 6 months from the termination of communication
Registration and management of the customer account Performance of a contract (Article 6(1)(b) GDPR) Registration data, contact details For the duration of the active account + 12 months after account cancellation
Order processing in the e-shop Performance of a contract (Article 6(1)(b) GDPR) Name, address, email, telephone number, payment details, order history 3 years from delivery of the goods
Accounting and tax records Legal obligation (Article 6(1)(c) GDPR) – Act No. 563/1991 Coll., Act No. 235/2004 Coll. Billing data, payment data 10 years from the end of the tax period
Newsletter – new subscribers Consent (Article 6(1)(a) GDPR) Email address, name Until consent is withdrawn + 12 months from the last open interaction
Newsletter – existing customers Legitimate interest (Article 6(1)(f) GDPR) + Section 7(3) of Act No. 480/2004 Coll. Email address 36 months from the last order
Website analytics (Google Analytics) Legitimate interest (Article 6(1)(f) GDPR) – improvement of the user interface IP address (anonymised), cookies, on-site behaviour 14 months
Marketing cookies, targeted advertising Consent (Article 6(1)(a) GDPR) Behavioural data, interests, cookies Until consent is withdrawn, maximum 12 months
System security Legitimate interest (Article 6(1)(f) GDPR) – protection against attacks IP address, access logs 6 months
Protection and enforcement of legal claims Legitimate interest (Article 6(1)(f) GDPR) – defence in legal proceedings, debt recovery Data relevant to the specific case 3 years (general limitation period under Section 619 of the Civil Code), or 10 years for accounting documents
Complaint handling (claims processing) Performance of a contract (Article 6(1)(b) GDPR) + legal obligation (Article 6(1)(c) GDPR) Name, contact details, product information, description of the defect 3 years from the settlement of the complaint

Justification of Legitimate Interest:

When processing personal data on the basis of legitimate interest, we have carried out a balancing (proportionality) test and concluded that our interests (improvement of services, security, protection of rights) override your rights, because:

  • the processing is necessary for the stated purpose,
  • the scope of processing is minimal and proportionate,
  • the data is secured by appropriate technical and organisational measures,
  • you have the right to object at any time.

5. Automated Decision-Making and Profiling

Automated decision-making:

In our company, we do not carry out automated decision-making that produces legal effects or similarly significant impacts within the meaning of Article 22 GDPR.

Profiling:

We carry out profiling to a limited extent for the following purposes:

  • personalisation of website content based on your interests,
  • displaying relevant product recommendations,
  • targeted advertising based on on-site behaviour,
  • analysis of purchasing behaviour in order to improve our offering.

The legal basis for profiling is consent (marketing cookies) or legitimate interest (service improvement). You may object to profiling at any time by contacting gdpr@intexcompany.cz or by changing your cookie settings.

6. Who will have access to your data?

Your data is safe with us. We carefully select our partners to whom we entrust your data, and who are able to ensure such technical and organisational security of your data so that no unauthorised or accidental access to your data, or any other misuse of your data, can occur. All our partners are bound by confidentiality obligations and data processing agreements and may not use the provided data for any purposes other than those for which we have made it available to them.

a) Technical Operation and Hosting

  • VSHosting s.r.o. – hosting of the website and e-shop
  • Processed data: all data stored on servers
  • Purpose: technical operation of the website and databases

b) Analytics and Traffic Measurement

  • Google Ireland Limited – Google Analytics
  • Processed data: IP address (anonymized), cookies, behavior on the website
  • Purpose: traffic analysis, improvement of the user interface

c) Marketing Tools

  • The Rocket Science Group LLC (Intuit Mailchimp) – newsletter distribution
  • Processed data: email address, name, open rate statistics
  • Purpose: distribution of newsletters and commercial communications

d) Transport and Logistics (only in the case of a purchase in the e-shop)

  • PPL CZ s.r.o.
  • Processed data: name, delivery address, telephone number, order number
  • Purpose: delivery of the shipment to the customer

e) Payment Services (only in the case of a purchase in the e-shop)

  • GoPay s.r.o.
  • Processed data: name, amount, order number (payment data are processed directly by the payment gateway)
  • Purpose: processing of the payment

f) Legal, Accounting and Tax Services

  • External accountants and tax advisors
  • Processed data: billing details, accounting documents
  • Purpose: maintenance of accounting records, tax advisory services

g) Authorized Dealers

If you contact us via the websites of our authorized dealers, your contact details (name, email, telephone number) may be shared with the relevant dealer for the purpose of providing the service. Each authorized dealer acts as an independent data controller and is responsible for the lawful processing of personal data.

h) Public Authorities

Under conditions stipulated by law, we are obliged to disclose certain of your personal data to public authorities:

  • Policie ČR, law enforcement authorities (including ÚOOZ, Celní správa ČR)
  • Tax authorities
  • Courts and enforcement officers
  • Úřad pro ochranu osobních údajů (Czech Data Protection Authority)

7. Are your personal data transferred to third countries?

Given that we provide a range of services in the online environment, transfers of data outside the European Union (to so-called third countries) may occur in the course of providing such services. In such cases, we transfer your personal data only on the condition that appropriate safeguards are ensured in accordance with Articles 44–49 of the GDPR.

a) United States of America (USA)

Google Ireland Limited (Google Analytics)

  • Safeguards: EU-US Data Privacy Framework (adequacy decision of the European Commission dated 10 July 2023)
  • Certification: https://www.dataprivacyframework.gov/
  • Verification: search for “Google LLC” in the list of certified companies

Ecomail.cz s.r.o. (uses Amazon Web Services)

  • Safeguards: EU Standard Contractual Clauses approved by the European Commission
  • Copy of the clauses: available upon request at gdpr@intexcompany.cz

b) Other Third Countries

At present, we do not transfer personal data to any other third countries beyond those specified above. In the event of any change, we will inform you by updating these policies.

Copies of the relevant safeguards are available upon request at the following email address gdpr@intexcompany.cz.

8. What rights do you have in relation to the protection of personal data?

In relation to your personal data, you have the following rights in accordance with the GDPR:

a) Right of access to personal data (Article 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and, if so, you have the right of access to such data and to information regarding the processing (purposes, categories of data, recipients, retention periods, sources).

b) Right to rectification (Article 16 GDPR)

You have the right to rectification of inaccurate personal data and to have incomplete personal data completed.

c) Right to erasure – “right to be forgotten” (Article 17 GDPR)

You have the right to request the erasure of your personal data if:

  • the data are no longer necessary for the purpose for which they were collected,
  • you withdraw your consent and there is no other legal basis for the processing,
  • you object and there are no overriding legitimate grounds for the processing,
  • the data have been processed unlawfully.

Exceptions – we cannot erase the data if they are necessary for:

  • compliance with a legal obligation (accounting – 10 years pursuant to Act No. 563/1991 Coll.),
  • the exercise or defence of legal claims (limitation periods – 3 years pursuant to Section 619 of the Civil Code),
  • archiving purposes in the public interest.

d) Right to Restriction of Processing (Article 18 GDPR)

You have the right to request restriction of processing in cases provided for by the GDPR. During the restriction period, your data will only be stored and will not be subject to any further active processing.

e) Right to Data Portability (Article 20 GDPR)

You have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format (CSV, JSON) and the right to transmit those data to another controller.

This right applies only to data:

  • that you have provided directly to us,
  • processed on the basis of consent or a contract,
  • processed by automated means.

Scope: registration data, order history, contact details. Format: CSV or JSON file sent via email within 30 days of the request.

f) Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data:

  • carried out on the basis of legitimate interests,
  • for direct marketing purposes (in this case, we will always comply with your objection),
  • for profiling purposes.

g) Right to Withdraw Consent (Article 7(3) GDPR)

If we process your personal data on the basis of consent, you may withdraw it at any time free of charge. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

h) Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

  • Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz
  • Alternatively, you may seek protection of personality rights before the competent court.

9. How to exercise your rights?

Contact details for exercising your rights:

Handling of requests:

We will respond to your request without undue delay, and in any case within 1 month of receipt of the request. In justified cases (complexity of the request, number of requests), we may extend this period by a further 2 months, of which we will inform you.

Fees:

The handling of your requests is generally free of charge. If your request is manifestly unfounded or excessive (in particular due to its repetitive nature), we may charge a reasonable fee reflecting administrative costs or refuse to act on the request.

Identity verification:

To protect your personal data, we may request proof of your identity by appropriate means (copy of ID card, verification via email from a registered address, etc.). This is a preventive security measure to prevent unauthorised persons from gaining access to your personal data.

10. Obligation to Provide Data

You provide your personal data to us voluntarily. However, for the provision of our services, the handling of your enquiries, or the fulfilment of our legal obligations, the processing of personal data is necessary. In such cases, we are unable to provide the services without the provision and processing of your data.

**Service** **Necessary Data** **Consequence of Non-Disclosure**
Enquiry, contact form Name, email or telephone number We are unable to respond to you
Customer account registration Name, email, password We are unable to create an account
E-shop purchase Name, address, email, telephone number We are unable to process the order
Newsletter Email address We are unable to send you updates

For compliance with legal obligations (accounting, taxation), the processing of personal data is mandatory under applicable law. Failure to provide such data would prevent compliance with a legal obligation.

11. How is your personal data secured?

All personal data you provide to us are secured using standard procedures and technologies. We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or misuse.

Technical measures:

  • SSL/TLS encryption during data transmission (HTTPS)
  • Encryption of sensitive data in databases
  • Regular security updates of systems and software
  • Firewall and antivirus protection
  • Regular data backups
  • Restriction of access to personal data based on the principle of least privilege

Organisational measures:

  • Regular employee training on personal data protection
  • Confidentiality agreements with employees and contractors
  • Regular security audits and vulnerability testing
  • Internal procedures for reporting and handling security incidents
  • Monitoring and logging of access to personal data

The implemented security measures are regularly updated in line with the current state of technology.

Your responsibility:

Without your assistance and responsible behaviour, we are unable to fully ensure the security of your data. Please help us by:

  • keeping your passwords and access credentials confidential,
  • using strong and unique passwords,
  • not sharing access credentials with third parties,
  • reporting any suspicious activity to gdpr@intexcompany.cz.

12. Notification of Personal Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we proceed in accordance with Articles 33 and 34 of the GDPR:

Our obligations:

  • We notify the Úřad pro ochranu osobních údajů of the breach within 72 hours of its detection.
  • We inform you without undue delay if the breach is likely to pose a high risk to your rights and freedoms.

Method of informing data subjects:

  • By email to your registered email address
  • By notice on our website intexcompany.cz
  • By telephone in serious cases

Information on the breach will include:

  • The nature of the breach and categories of personal data concerned
  • Approximate number of data subjects concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the risks
  • Contact for further information: gdpr@intexcompany.cz

13. Cookies and Online Identifiers

Our website uses cookies and similar technologies. Detailed information can be found in the Cookie Policy.

a) Essential (technical) cookies

  • Purpose: ensuring basic website functionality (login, shopping cart, session security)
  • Legal basis: legitimate interest (Article 6(1)(f) GDPR) + Section 89(3) of Act No. 127/2005 Coll. (exemption from consent for technically necessary cookies)
  • Retention period: for the duration of the session or up to 12 months
  • These cookies cannot be rejected, as they are necessary for the functioning of the website.

b) Analytical cookies

  • Purpose: traffic measurement, analysis of user behaviour, website improvement
  • Legal basis: consent (Article 6(1)(a) GDPR)
  • Retention period: up to 14 months
  • Provider: Google Analytics (Google Ireland Limited)

c) Marketing cookies

  • Purpose: targeted advertising, remarketing, content personalisation
  • Legal basis: consent (Article 6(1)(a) GDPR)
  • Retention period: up to 12 months
  • Providers: Google Ads, Facebook Pixel

Cookie management:

You may change your cookie preferences at any time:

  • In the cookie settings (cookie banner) on our website
  • In your internet browser settings

14. Changes to these policies

We may update these policies from time to time due to changes in legislation, changes to our services, or in order to improve the protection of your personal data.

We will inform you of material changes:

  • by publishing a new version on our website intexcompany.cz,
  • by email to your registered address in case of significant changes,
  • in advance, at least 30 days before the changes take effect.

The date of the last update is always stated in the footer of this document. We recommend that you review these policies regularly.

15. Contact

For any questions regarding personal data protection, exercising your rights, or withdrawal of consent, please contact us:

Intex Trading s.r.o.

  • Email: gdpr@intexcompany.cz
  • Correspondence address: Hradecká 2526/3, 130 00 Praha
  • Office hours: Mon–Fri 9:00–16:00

Supervisory authority:

If you believe that the processing of your personal data violates the GDPR or Act No. 110/2019 Coll., you have the right to lodge a complaint with a supervisory authority:

Úřad pro ochranu osobních údajů (“ÚOOÚ”)

  • Adress: Pplk. Sochora 27, 170 00 Prague 7
  • Website: www.uoou.cz
  • Email: posta@uoou.cz
  • Telephone number: +420 234 665 111

These Personal Data Protection and Other Processed Data Policies are valid and effective as of 27 April 2026.

Date of last update: 24 April 2026.