Privacy policy
We recognize that our customers, visitors, users and others who visit our website (collectively, “Users”) value their privacy. This document therefore contains important information regarding the rules we follow when processing personal data.
All processing of personal data on our part is always carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
BASIC INFORMATION
Identification and contact information of the Provider:
| name: | Behaim ITS a.s. |
|---|---|
| ID: | 05530831 |
| head office: | Horní náměstí 371/1, Olomouc |
| e-mail: | info@behaimits.com |
| phone: | +420 734 174 043 |
(hereinafter referred to as “Provider”)
Data Protection Officer:
The Provider has not appointed a data protection officer as it is not an obliged person under Article 37 of the GDPR.
Transfer of personal data to a third country or international organization:
The Provider does not transfer personal data to third countries or international organisations within the meaning of Article 44 et seq. of the GDPR.
Automated individual decision-making and profiling:
The Provider does not carry out profiling or automated individual decision-making.
Supervisory authority:
The supervisory authority in the place of the Provider’s registered office is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: 234 665 125.
ISO 27001:2014. Certificate until 21.09.2025
Status of the Provider:
The Provider acts only as a personal data controller.
THE PROVIDER IS THE CONTROLLER OF THE PERSONAL DATA
The provider acts as a data controller in relation to the personal data of the following persons: contractual partners, employees, visitors to the website.
What personal data does the Provider process, for what purpose and on what legal basis?
Visiting the website. The Provider processes the data it receives from individuals by visiting the Provider’s website. When visiting the website, the Provider collects and processes the following types of personal data that are stored: IP address. Furthermore, the Provider processes the following data: browser type and language, server requests, including time and referring URL. These data are necessary to be able to display the website correctly. In addition, they may also be used as necessary to maintain the secure operation of the website and for other purposes as described in this Privacy Policy. The Provider processes this personal data on the basis of its legitimate interest or the User’s consent. Information about cookies is set out below.
For the purpose of performance of the contract (in particular, conclusion of the contract, communication with the customer), implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations) or performance of legal obligations (in particular, bookkeeping, issuing and recording tax documents), the Provider processes in particular the following personal data: name, surname, residence, e-mail, telephone number.
The Provider obtains personal data directly from the User when concluding the contract, so it always informs which of the personal data it must provide for the purpose of fulfilling the contract.
The principle of data minimization is respected by requesting only the information that the Provider necessarily needs to conclude the contract or to fulfill its contractual obligations or that the Provider is legally obliged to handle. The provision of other personal data is voluntary.
In case the User is a customer of the Provider, the Provider may send him/her commercial communications – newsletters – to his/her e-mail address due to legitimate interest. In other cases, the sending of newsletters is only possible on the basis of consent. The sending of newsletters can be cancelled at any time.
If the Provider intends to process personal data other than those specified in this article, or for other purposes, it may only do so on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted on a separate document.
Information on the processing of personal data of the Provider’s employees is provided in a separate internal company regulation.
Sensitive personal data
The Provider does not process, as a personal data controller, personal data of Users that belong to special categories of personal data pursuant to Article 9 of the GDPR.
For how long does the Provider process personal data?
Personal data are processed only for the period of time for which there is a legal reason for storing them, after which the data are deleted without delay.
Personal data processed for the performance of obligations arising from special legal regulations are processed by the Provider for the period of time specified by the relevant legislation. This includes, for example, statutory data retention or documentation obligations. These are in particular data retention obligations arising from civil, commercial or tax law. If the data retention obligation ceases to apply, the personal data will be deleted without delay.
Other personal data are processed for as long as: as long as necessary for the purposes for which the personal data are processed or as long as the consent to the processing of personal data is valid
DATA SECURITY METHODS
In order to secure the User’s data against unauthorized or accidental disclosure, the Provider uses reasonable and appropriate technical and organizational measures.
The Provider shall ensure that, in the case of servers located in a data centre operated by a third party, similar technical and organisational measures are implemented at that third party.
All data are located only on servers located in the European Union or in countries that ensure protection of personal data in a manner equivalent to the protection provided by the legislation of the Czech Republic.
The Provider uses the following data security procedures: We are ISO 27001:2014 certified.
USER RIGHTS
Each User has:
- the right of access to personal data: The User has the right to obtain confirmation from the Provider as to whether or not the personal data concerning him/her are being processed and, if they are, the right to access such personal data and the following information: (a) the purpose of the processing; (b) the categories of personal data concerned; (c) the recipients to whom the personal data have been or will be disclosed; (d) the intended duration for which the personal data will be stored; (e) the existence of the right to request from the controller the rectification or erasure of the personal data or the restriction of their processing, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) any available information on the source of the personal data, unless obtained from Users; (h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to obtain a copy of the personal data processed.
- the right to rectification of personal data: the User has the right to have the Provider correct inaccurate personal data concerning him/her without undue delay or to complete incomplete personal data.
- the right to erasure of personal data: the User has the right to have the Provider erase the personal data concerning him/her without undue delay if: (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the User withdraws the consent on the basis of which the data were processed and there is no further legal basis for the processing; (c) the User objects to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data must be erased to comply with a legal obligation under Union or Member State law; (f) the personal data were collected in connection with the offer of information society services. However, the right to erasure shall not apply where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims and in other cases provided for in the GDPR.
- right to restriction of processing: the User has the right to have the Provider restrict processing in any of the following cases: (a) the User denies the accuracy of the personal data, for the time necessary to allow the Provider to verify the accuracy of the personal data; (b) the processing is unlawful and the User refuses to erase the personal data and requests instead to restrict its use; c) the Provider no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims; d) the User objects to the processing until it is verified that the legitimate grounds of the Provider outweigh the legitimate grounds of the data subject.
- the right to object to processing: the user has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which are processed on grounds of legitimate interest. In this case, the Provider shall not further process the personal data until it has demonstrated compelling legitimate grounds for the processing which override the interests or rights of the Users or for the establishment, exercise or defence of legal claims.
- the right to data portability: the User has the right to obtain the personal data concerning him/her that have been transmitted to the Provider, in a structured, commonly used and machine-readable format, and the right to transmit these data to another controller, if: a) the processing is based on consent and b) the processing is carried out by automated means. In exercising his/her right to data portability, the User has the right to have personal data transmitted directly from one controller to the other, if technically feasible.
- the right to lodge a complaint with the supervisory authority: If the User considers that the Provider does not process his/her personal data in a lawful manner, he/she has the right to lodge a complaint with the supervisory authority. The contact details of the supervisory authority are listed above.
- the right to be informed about the rectification or erasure of personal data or restriction of processing: the provider is obliged to notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this proves impossible or requires disproportionate effort. If the User so requests, the Provider shall inform the User of these recipients.
- the right to be informed in the event of a personal data breach: if a particular personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of the breach without undue delay.
- the right to withdraw consent to the processing of personal data: if the processing of some of the personal data is based on consent, the User has the right to withdraw his/her consent to the processing of personal data at any time in writing by sending a letter of disagreement with the processing of personal data to the e-mail address: info@behaimits.com.
COOKIES
The Provider uses cookies, which are small text files that identify users of the Provider’s website and record their user activities.
The text in the cookie file is often made up of a series of numbers and letters that uniquely identify the User’s computer, but do not provide any specific personal information about the User. A cookie usually contains the name of the domain from which it was sent, age information and an alphanumeric identifier.
The Provider’s website automatically identifies the User’s IP address. All of this information is recorded in an activity file by the server, which enables subsequent processing of the data. The Provider also records the request from the browser and the time of the request, the status and the amount of data transferred as part of this request. It also collects information about the browser and computer operating system used and their versions. It also records the web pages from which you accessed the Provider’s website. The IP address of your computer is only stored for the period of time that the website has been used and then only for as long as necessary. After the expiry of these, the IP address is deleted or anonymised by shortening.
Types of cookies and similar technologies
Technical cookies and similar technologies: because of its legitimate interest, the Provider uses technically necessary cookies that are necessary for the operation of the website and to ensure its functionality. These may be persistent or one-off cookies. A persistent cookie remains on your hard drive even after you close your browser. Persistent cookies may be used by the browser on subsequent visits to the Provider’s website. Persistent cookies can be deleted. One-time cookies are temporary and are deleted once the browser is closed. This data is used by the Provider to operate the website, in particular to identify and resolve errors, to determine the use of the website and to make adjustments or improvements. These are purposes for which the Provider has a legitimate interest in the processing of the data pursuant to Article 6(1)(f) GDPR.
The User can set his browser to block these cookies. The Provider warns that in this case some parts of the website will not work.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
With the User’s permission, the Provider uses additional cookies:
Analytical cookies and similar technologies: these cookies help the Provider to analyse how Users use the website. They may be used, for example, to measure and improve the performance of the website. For example, these cookies make it possible to determine how the User arrived at the Website, whether directly, through a search engine or via a link on a social network. In addition, the Provider learns how long Users stay on the website and what links they click on.
These cookies are only set on the User’s device if they give their consent to this when they first visit the website (pursuant to Article 6(1)(a) of the GDPR). Analytical cookies can be refused at any time by simply making a change in the Detailed Cookie Settings.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
Advertising cookies and similar technologies: advertising cookies allow advertising to be displayed based on the User’s preferences. They may be used, for example, to enable the Operator to create a profile of the User’s interests and to display relevant advertisements to the User.
These cookies are only set on the User’s device if the User consents to this during his/her first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Advertising cookies can be refused at any time by simply making a change in the Detailed Cookie Settings. If the User does not give his consent, he will not receive content and advertisements tailored to his interests.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
possibly other cookies / similar technologies if they are listed in the table below.
To obtain and manage the User’s consent, the Provider uses the CookiesLišta.cz platform from Soft Evolution s.r.o., ID: 46982230, Martinice 100, 594 01 Velké Meziříčí. The platform collects device information, browser information, anonymised IP address, date and time of visit, URL requests, web path and geographical location. This makes it possible to inform the User about the Provider’s web environment and to obtain, manage and document the User’s consent. The legal basis for the data processing is Article 6(1)(c) GDPR, as the Provider is legally obliged to provide proof of consent in accordance with Article 7(1) GDPR. The data will be deleted as soon as it is no longer needed for logging and there are no legal requirements for retention. For further information on data protection at the platform provider, please visit: https://www.cookieslista.cz.
Third-party cookies may also be placed on the Provider’s website. The Provider uses the following cookies:
| Processor | Cookies marking | Personal data | Purpose of processing | Legal reason | Duration of processing |
|---|---|---|---|---|---|
| Technické cookies / podobné technologie | |||||
| Behaim ITS a.s. | dcb_dsv | no | Version of the consent for processing cookies | legitimate interest | local repository / 365 days |
| Behaim ITS a.s. | dcb_config | no | Cookie consent configuration | legitimate interest | local repository / 365 days |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | cookiePreferences | no | Registers user’s cookies preferences. | user’s consent | 2 years |
| Behaim ITS a.s. | kgKoRY | no | website functionality | legitimate interest | 24 hours |
| Behaim ITS a.s. | PHPSSEID | no | website functionality | legitimate interest | session |
| Behaim ITS a.s. | qFaUlRErxdSnzI | no | website functionality | legitimate interest | 24 hours |
| Analytical cookies / similar technologies | |||||
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga | no | ID used to identify users | user’s consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga_ | no | ID used to identify users | user’s consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gid | no | ID used to identify users for 24 hours after the last activity | user’s consent | 24 hours |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat | no | Used to monitor the number of Google Analytics server requirements when using Google Brand Administrator | user’s consent | 1 minute |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _dc_gtm_ | no | Used to monitor the number of requirements of Google Analytics server | user’s consent | 1 minute |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | AMP_TOKEN | no | Contains token code that is used to upload the client’s ID from the AMP Client ID service. | user’s consent | 30 seconds to 1 year |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat_gtag_ | no | Used to set and retrieve tracking data | user’s consent | 1 hour |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gac_ | no | Contains information related to user’s marketing campaigns, shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked | user’s consent | 90 days |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utma | no | ID used to identify users and sessions | user’s consent | 2 years after last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmt | no | Used to track the number of server requests in Google Analytics | user’s consent | 10 minutes |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmb | no | Used to distinguish new sessions and visits. This cookie is set when a library of javascript GA.js is uploaded and there is no existing cookie __utmb. The cookie is updated every time data is sent to Google Analytics server. | user’s consent | 30 minutes after last activity |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmc | no | Only used with old Urchin Google Analytics versions, not GA.js. It serves to distinguish between new sessions and visits at the end of the session. | user’s consent | Session end (browser) |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmz | no | Contains information about the traffic source or campaign that directed the user to the website. Set when the GA.js javascript is loaded and updated when data is sent to the Google Analytics server. | user’s consent | 6 měsíců po poslední aktivitě |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmv | no | Custom information for web developers is received through the _setCustomVar method in Google Analytics. The cookie contains new updates and messages on the Google Analytics server. | user’s consent | 2 roky po poslední aktivitě |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmx | no | Used to determine if the user is included in an A/B or multivariate test. | user’s consent | 18 měsíců |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | __utmxx | no | Used to determine when an A/B or multivariate test the user participates in ends. | user’s consent | 18 měsíců |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjid | no | This cookie is set when a customer first accesses the Hotjar script page. It is used to store a random user ID, unique to that site, in the browser. This ensures that the behaviour on subsequent visits to the same site is attributed to the same user ID. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjIncludedInSample | no | This session cookie is set so that Hotjar knows whether a given visitor is included in the sample that is used to generate paths. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjClosedSurveyInvites | no | This cookie is set as soon as a visitor interacts with the modal pop-up invitation to explore. It is used to ensure that the same invitation does not reappear if it has already been displayed. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjDonePolls | no | This cookie is set once a visitor completes a survey using the Survey Feedback widget. It is used to ensure that the same survey does not reappear if it has already been completed. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjMinimizedPolls | no | This cookie is set as soon as a visitor minimizes the feedback survey widget. It is used to ensure that the widget remains minimized as the visitor navigates through your site. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjDoneTestersWidgets | no | This cookie is set as soon as a visitor submits their information to the Recruit User Testers widget. It is used to ensure that the same form does not reappear if it has already been filled out. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjMinimizedTestersWidgets | no | This cookie is set once a visitor minimizes the Recruit User Testers widget. It is used to ensure that the widget remains minimized as the visitor navigates through your site. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjShownFeedbackMessage | no | This cookie is set when a visitor minimizes or completes incoming feedback. This is done so that incoming feedback is loaded as minimized immediately if they navigate to another page where it is set to display. | user’s consent | 365 days |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjTLDTest | no | When the Hotjar script runs, we try to determine the most generic cookie path that we should use, instead of the hostname of the page. This is done so that cookies can be shared across subdomains (if possible). To figure this out, we try to store the _hjTLDTest cookie for various alternative URL substrings until it fails. After this check, the cookie is removed. | user’s consent | Session end (browser) |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjUserAttributesHash | no | User attributes sent through the Hotjar Identify API are cached for the duration of the session to determine when an attribute has changed and needs to be updated. | user’s consent | Session end (browser) |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjCachedUserAttributes | no | This cookie stores user attributes that are sent via the Hotjar Identify API whenever the user is not in the sample. These attributes will only be stored if the user interacts with the Hotjar Feedback tool. | user’s consent | Session end (browser) |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjLocalStorageTest | no | This cookie is used to check whether the Hotjar tracking script can use local storage. If possible, this cookie is set to 1. The data stored in_hjLocalStorageTest has no expiration time, but is deleted immediately after it is created, so the expected storage time is under 100 ms. | user’s consent | local storage |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjptid | no | This cookie is set for logged in Hotjar users who have administrator team member permissions. It is used during pricing experiments to display consistent prices for admins across the site. | user’s consent | Session end (browser) |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjAbsoluteSessionInProgress | no | The cookie is set so that Hotjar can track the start of the user’s journey for the total number of sessions. It does not contain any identifiable information. | user’s consent | 30 minutes |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjFirstSeen | no | The cookie is set so that Hotjar can track the start of the user’s journey for the total number of sessions. It does not contain any identifiable information. | user’s consent | 30 minutes |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjIncludedInPageviewSample | no | This cookie is set so that Hotjar knows whether a visitor is included in the data sampling defined by your site’s page view limit. | user’s consent | 30 minutes |
| Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian\’s STJ 3141, Malta | _hjIncludedInSessionSample | no | This cookie is set so that Hotjar knows whether a visitor is included in the data sampling defined by your site’s page view limit. | user’s consent | 30 minutes |
| Advertising cookies / similar technologies | |||||
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | _fbp | no | It uses Facebook to deliver a range of advertising products, such as real-time offers from third-party advertisers. | user’s consent | 3 months |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | tr | no | It uses Facebook to deliver a range of advertising products, such as real-time offers from third-party advertisers. | user’s consent | Session end (browser) |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | s | no | Identification, authentication, marketing and other functional cookies specific to Facebook. | user’s consent | 90 days |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | fr | no | It contains a unique browser and user ID that is used for targeted advertising. | user’s consent | 90 days |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | oo | no | Cookie to opt out of advertising. | user’s consent | 5 years |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | js_ver | no | Records the age of Facebook javascript files. | user’s consent | 7 days |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | rc | no | It is used to optimize site performance for advertisers. | user’s consent | 7 days |
| Meta Platforms, Inc. – Hacker Way, Menlo Park, California, United States | campaign_click_url | no | It records the Facebook URL that an individual clicked on an ad promoting Facebook. | user’s consent | 30 days |
Setting cookies in your browser
Most web browsers accept cookies automatically. However, it is possible to use controls that allow you to block or delete them.
Instructions for blocking or removing cookies in browsers can usually be found in the privacy policy or in the help documentation of each browser.
Social networks
The Provider is present on social networks in order to communicate with customers, prospects and users who are logged in and to inform them about its offers.
The Provider points out that the User uses these platforms and their functions at his own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The Provider assumes no responsibility for the handling of this personal data and points out that personal data may be processed outside the European Union.
FINAL PROVISIONS
This Privacy Policy will be updated by the Provider in case of any changes. The current version of the Privacy Policy will always be available on the Provider’s website. If there is a material change in the way personal data is handled in this Privacy Policy, the Provider shall inform the User by prominently posting a notice prior to the implementation of such changes.
Last modified 13 December 2023