Privacy Policy
We recognize that our customers, visitors, users and others who visit our website (collectively, "Users") value their privacy. This document therefore contains important information regarding the rules we follow when processing personal data.
All processing of personal data on our part is always carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR").
Basic Information
Identification and contact information of the Provider:
| name: | Behaim ITS a.s. |
| ID: | 05530831 |
| head office: | Horní náměstí 371/1, Olomouc |
| e-mail: | info@behaimits.com |
| phone: | +420 734 174 043 |
(hereinafter referred to as "Provider")
Data Protection Officer:
The Provider has not appointed a data protection officer as it is not an obliged person under Article 37 of the GDPR.
Transfer of personal data to a third country or international organization:
The Provider does not transfer personal data to third countries or international organisations within the meaning of Article 44 et seq. of the GDPR.
Automated individual decision-making and profiling:
The Provider does not carry out profiling or automated individual decision-making.
Supervisory authority:
The supervisory authority in the place of the Provider's registered office is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, e-mail: posta@uoou.cz, tel.: 234 665 125.
ISO 27001:2014. Certificate until 21.09.2025
Status of the Provider: The Provider acts only as a personal data controller.
The Provider is the Controller of the Personal Data
The provider acts as a data controller in relation to the personal data of the following persons: contractual partners, employees, visitors to the website.
What personal data does the Provider process, for what purpose and on what legal basis?
Visiting the website. The Provider processes the data it receives from individuals by visiting the Provider's website. When visiting the website, the Provider collects and processes the following types of personal data that are stored: IP address. Furthermore, the Provider processes the following data: browser type and language, server requests, including time and referring URL. These data are necessary to be able to display the website correctly. The Provider processes this personal data on the basis of its legitimate interest or the User's consent. Information about cookies is set out below.
For the purpose of performance of the contract (in particular, conclusion of the contract, communication with the customer), implementation of measures taken prior to the conclusion of the contract (pre-contractual negotiations) or performance of legal obligations (in particular, bookkeeping, issuing and recording tax documents), the Provider processes in particular the following personal data: name, surname, residence, e-mail, telephone number.
The Provider obtains personal data directly from the User when concluding the contract, so it always informs which of the personal data it must provide for the purpose of fulfilling the contract.
The principle of data minimization is respected by requesting only the information that the Provider necessarily needs to conclude the contract or to fulfill its contractual obligations or that the Provider is legally obliged to handle. The provision of other personal data is voluntary.
In case the User is a customer of the Provider, the Provider may send him/her commercial communications – newsletters – to his/her e-mail address due to legitimate interest. In other cases, the sending of newsletters is only possible on the basis of consent. The sending of newsletters can be cancelled at any time.
If the Provider intends to process personal data other than those specified in this article, or for other purposes, it may only do so on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted on a separate document.
Information on the processing of personal data of the Provider's employees is provided in a separate internal company regulation.
Sensitive personal data
The Provider does not process, as a personal data controller, personal data of Users that belong to special categories of personal data pursuant to Article 9 of the GDPR.
For how long does the Provider process personal data?
Personal data are processed only for the period of time for which there is a legal reason for storing them, after which the data are deleted without delay.
Personal data processed for the performance of obligations arising from special legal regulations are processed by the Provider for the period of time specified by the relevant legislation. This includes, for example, statutory data retention or documentation obligations. These are in particular data retention obligations arising from civil, commercial or tax law. If the data retention obligation ceases to apply, the personal data will be deleted without delay.
Other personal data are processed for as long as necessary for the purposes for which the personal data are processed or as long as the consent to the processing of personal data is valid.
Data Security Methods
In order to secure the User's data against unauthorized or accidental disclosure, the Provider uses reasonable and appropriate technical and organizational measures.
The Provider shall ensure that, in the case of servers located in a data centre operated by a third party, similar technical and organisational measures are implemented at that third party.
All data are located only on servers located in the European Union or in countries that ensure protection of personal data in a manner equivalent to the protection provided by the legislation of the Czech Republic.
The Provider uses the following data security procedures: We are ISO 27001:2014 certified.
User Rights
Each User has:
- The right of access to personal data: The User has the right to obtain confirmation from the Provider as to whether or not the personal data concerning him/her are being processed and, if they are, the right to access such personal data and the following information: (a) the purpose of the processing; (b) the categories of personal data concerned; (c) the recipients to whom the personal data have been or will be disclosed; (d) the intended duration for which the personal data will be stored; (e) the existence of the right to request from the controller the rectification or erasure of the personal data or the restriction of their processing, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) any available information on the source of the personal data, unless obtained from Users; (h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to obtain a copy of the personal data processed.
- The right to rectification: the User has the right to have the Provider correct inaccurate personal data concerning him/her without undue delay or to complete incomplete personal data.
- The right to erasure: the User has the right to have the Provider erase the personal data concerning him/her without undue delay if: (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the User withdraws the consent on the basis of which the data were processed and there is no further legal basis for the processing; (c) the User objects to the processing and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data must be erased to comply with a legal obligation under Union or Member State law; (f) the personal data were collected in connection with the offer of information society services. However, the right to erasure shall not apply where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims and in other cases provided for in the GDPR.
- Right to restriction of processing: the User has the right to have the Provider restrict processing in any of the following cases: (a) the User denies the accuracy of the personal data, for the time necessary to allow the Provider to verify the accuracy of the personal data; (b) the processing is unlawful and the User refuses to erase the personal data and requests instead to restrict its use; c) the Provider no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims; d) the User objects to the processing until it is verified that the legitimate grounds of the Provider outweigh the legitimate grounds of the data subject.
- The right to object to processing: the user has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which are processed on grounds of legitimate interest. In this case, the Provider shall not further process the personal data until it has demonstrated compelling legitimate grounds for the processing which override the interests or rights of the Users or for the establishment, exercise or defence of legal claims.
- The right to data portability: the User has the right to obtain the personal data concerning him/her that have been transmitted to the Provider, in a structured, commonly used and machine-readable format, and the right to transmit these data to another controller, if: a) the processing is based on consent and b) the processing is carried out by automated means. In exercising his/her right to data portability, the User has the right to have personal data transmitted directly from one controller to the other, if technically feasible.
- the right to lodge a complaint with the supervisory authority: If the User considers that the Provider does not process his/her personal data in a lawful manner, he/she has the right to lodge a complaint with the supervisory authority. The contact details of the supervisory authority are listed above.
- The right to be informed about the rectification or erasure of personal data or restriction of processing: the Provider is obliged to notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this proves impossible or requires disproportionate effort. If the User so requests, the Provider shall inform the User of these recipients.
- The right to be informed in the event of a personal data breach: if a particular personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of the breach without undue delay.
- The right to withdraw consent to the processing of personal data: if the processing of some of the personal data is based on consent, the User has the right to withdraw his/her consent to the processing of personal data at any time in writing by sending a letter of disagreement with the processing of personal data to the e-mail address: info@behaimits.com.
Cookies
The Provider uses cookies, which are small text files that identify users of the Provider's website and record their user activities.
The text in the cookie file is often made up of a series of numbers and letters that uniquely identify the User's computer, but do not provide any specific personal information about the User. A cookie usually contains the name of the domain from which it was sent, age information and an alphanumeric identifier.
The Provider's website automatically identifies the User's IP address. All of this information is recorded in an activity file by the server, which enables subsequent processing of the data. The Provider also records the request from the browser and the time of the request, the status and the amount of data transferred as part of this request. It also collects information about the browser and computer operating system used and their versions. It also records the web pages from which you accessed the Provider's website. The IP address of your computer is only stored for the period of time that the website has been used and then only for as long as necessary. After the expiry of these, the IP address is deleted or anonymised by shortening.
Types of cookies and similar technologies
Technical cookies and similar technologies: because of its legitimate interest, the Provider uses technically necessary cookies that are necessary for the operation of the website and to ensure its functionality. These may be persistent or one-off cookies. A persistent cookie remains on your hard drive even after you close your browser. Persistent cookies may be used by the browser on subsequent visits to the Provider's website. Persistent cookies can be deleted. One-time cookies are temporary and are deleted once the browser is closed. This data is used by the Provider to operate the website, in particular to identify and resolve errors, to determine the use of the website and to make adjustments or improvements. These are purposes for which the Provider has a legitimate interest in the processing of the data pursuant to Article 6(1)(f) GDPR.
The User can set his browser to block these cookies. The Provider warns that in this case some parts of the website will not work.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
With the User's permission, the Provider uses additional cookies:
Analytical cookies and similar technologies: these cookies help the Provider to analyse how Users use the website. They may be used, for example, to measure and improve the performance of the website. For example, these cookies make it possible to determine how the User arrived at the Website, whether directly, through a search engine or via a link on a social network. In addition, the Provider learns how long Users stay on the website and what links they click on.
These cookies are only set on the User's device if they give their consent to this when they first visit the website (pursuant to Article 6(1)(a) of the GDPR). Analytical cookies can be refused at any time by simply making a change in the Detailed Cookie Settings.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
Advertising cookies and similar technologies: advertising cookies allow advertising to be displayed based on the User's preferences. They may be used, for example, to enable the Operator to create a profile of the User's interests and to display relevant advertisements to the User.
These cookies are only set on the User's device if the User consents to this during his/her first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Advertising cookies can be refused at any time by simply making a change in the Detailed Cookie Settings. If the User does not give his consent, he will not receive content and advertisements tailored to his interests.
In the same way and for the same reasons, the Provider uses the WebStorage listed in the table below.
Possibly other cookies / similar technologies if they are listed in the table below.
Third-party cookies may also be placed on the Provider's website. The Provider uses the following cookies:
| Processor | Cookie(s) | Purpose | Legal basis | Duration |
|---|---|---|---|---|
| Technical Behaim ITS a.s. | behaim-cookie-consent | Stores the user's cookie consent preferences | Legitimate interest | localStorage / until cleared |
| Analytical | _ga, _ga_*, _gid, _gat | _ga and _ga_* identify unique users and sessions for Google Analytics 4. _gid identifies users for 24 hours. _gat throttles the request rate to Google Analytics servers. | User's consent (analytics) | _ga / _ga_*: 2 years; _gid: 24 hours; _gat: 1 minute |
| Marketing | VISITOR_INFO1_LIVE, YSC, CONSENT, GPS | Set by YouTube when an embedded video is played. Used to estimate bandwidth, track video playback sessions, and store user consent preferences for YouTube. | User's consent (marketing) | VISITOR_INFO1_LIVE: 6 months; YSC: session; CONSENT: 2 years; GPS: 30 minutes |
| Marketing | bcookie, bscookie, lidc, li_gc, AnalyticsSyncHistory, UserMatchHistory | Used to display LinkedIn embedded posts and to track interactions with LinkedIn content for advertising and analytics purposes. LinkedIn acts as an independent data controller. | User's consent (marketing) | Up to 2 years (varies by cookie) |
| Technical | session_id, frontend_lang | Set by the embedded Odoo events calendar. session_id maintains the user's session; frontend_lang stores the preferred display language. | Legitimate interest | session_id: session; frontend_lang: persistent |
| Technical | presence.focus, presence.lastPresence | Stored in localStorage by the embedded Odoo events calendar to track window focus state and the user's last activity timestamp. | Legitimate interest | localStorage / until cleared |
Setting cookies in your browser
Most web browsers accept cookies automatically. However, it is possible to use controls that allow you to block or delete them.
Instructions for blocking or removing cookies in browsers can usually be found in the privacy policy or in the help documentation of each browser.
Social Networks
The Provider is present on social networks in order to communicate with customers, prospects and users who are logged in and to inform them about its offers.
The Provider points out that the User uses these platforms and their functions at his own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The Provider assumes no responsibility for the handling of this personal data and points out that personal data may be processed outside the European Union.
Final Provisions
This Privacy Policy will be updated by the Provider in case of any changes. The current version of the Privacy Policy will always be available on the Provider's website. If there is a material change in the way personal data is handled in this Privacy Policy, the Provider shall inform the User by prominently posting a notice prior to the implementation of such changes.
Last modified: March 2026