Information on the Processing of Customer Personal Data

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

This document outlines the principles and procedures for processing personal data, as well as related rights, in accordance with the above Regulation and Act No. 480/2004 Coll., on certain information society services, as amended.

I. Definitions

Personal Data

Any information relating to an identified or identifiable customer; an identifiable customer is a natural person who can be directly or indirectly identified, especially by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Controller

Con Gusto s.r.o. (hereinafter referred to as the “Controller”), the entity that determines the purposes and means of the processing of personal data, performs the processing, and is responsible for it. The Controller may authorize or assign a Processor to process personal data, unless otherwise provided by special law.

Processor

Any entity that processes personal data on behalf of the Controller, either based on a special law or under contract, according to the Regulation.

Data Subject

A natural person (including self-employed individuals) to whom the personal data relate (e.g., potential, current or former customer).

II. Principles of Personal Data Processing

Lawfulness, fairness, and transparency
Purpose limitation – collected only for specific, explicit, and legitimate purposes
Data minimization – adequate, relevant, and limited to what is necessary in relation to the purpose
Accuracy – reasonable steps are taken to ensure that inaccurate data are corrected or deleted promptly
Storage limitation – data are stored no longer than necessary, subject to technical and organizational safeguards
Integrity and confidentiality – secured against unauthorized or unlawful processing and accidental loss, destruction, or damage

III. Customer Rights

Right to know

Purposes of data processing
Which personal data are being processed
Identities of processors
Planned storage period or criteria for determining it
Legitimate interests of the Controller or third parties (if applicable)
Source of the personal data

Other rights

Access, correct, delete, or restrict the processing of personal data
Object to processing
Lodge a complaint with a supervisory authority
Withdraw consent at any time, with effect for the future only
Obtain confirmation whether personal data are being processed
Have inaccurate personal data corrected or completed
Request erasure under specific legal grounds
Request restriction of processing under certain conditions
Receive personal data in a structured, commonly used, machine-readable format
Not be subject to decisions based solely on automated processing, including profiling

IV. Exercising Customer Rights

The Customer may contact the Controller via the following channels:

Email: info@congusto.cz
Postal address: Con Gusto s.r.o., Údolní 532/76, 602 00 Brno

V. Sources of Personal Data

The Controller collects personal data mainly from the Customer during purchases, service inquiries, newsletter subscriptions or reservations on www.monte-bu.cz.

It may also be collected based on the Customer’s explicit consent.

VI. Scope of Processing

The Controller and authorized processors may process the following categories of personal data:

Name, surname, business address, ID number, bank account number
Contact data: phone number, mobile number, email address
Other data: IP address, cookies, authentication certificates, social media or communication platform identifiers (e.g. Skype)

VII. Legal Basis for Processing

1. Legitimate Interest of the Controller

Data are processed for purposes of identifying contractual parties, contract performance, documentation, and defense of legal claims. Based on Article 6(1)(b)(f) of the Regulation.

Retention: for the duration of the contractual relationship and 10 years after its end (unless longer storage is required by law).

Processors may include:

Con Gusto s.r.o.
Email client providers
Relevant banking institutions
Other service/software providers (if used)

2. Contract Fulfillment

Data are processed to fulfill obligations from purchase contracts with Customers (typically: name, surname, email, phone number).

Duration: for the entire contractual period.

3. Valid Consent

When data are processed for other purposes (e.g., marketing), it is based on voluntary and informed Customer consent.

Example: email addresses submitted via www.monte-bu.cz for receiving marketing communications.

Duration: 3 years from consent (can be extended or revoked at any time via email, mail, or unsubscribe link).

Processors are the same as above.

VIII. Processing Method

Data are processed both automatically and manually, and may be accessed by the Controller’s staff and authorized processors only if necessary.

IX. Processors

Processors act solely based on a contract with the Controller, with guarantees for technical and organizational protection and clear definition of processing purposes. They may not use data for other purposes.

X. Data Protection

The Controller protects data within processing systems using unique usernames and passwords, stored securely on the Controller’s computer.

Processors are contractually bound to data protection obligations.

XI. Termination of Processing

Data processing ends upon termination of the contractual relationship, expiration of consent, or absence of legal grounds for data retention.

XII. Data Breach Notification

In the event of a security breach or data leak, the Controller will notify the Customer and the Office for Personal Data Protection within 24 hours.

GDPR