DATA USAGE, PERSONAL INFORMATION, AND PROCESSING PRINCIPLES

These principles summarize and describe the information and data we process, the method of processing, and the duration of their storage. You will also find here your rights arising from the General Data Protection Regulation (GDPR) and methods for exercising them. These principles apply to Boleslavova 3, s.r.o. and Castle Rock Investments, s.r.o. and its subsidiaries arranged in a holding structure.

WHY WE PROCESS YOUR DATA

As a data controller, we process the personal data of our clients, representatives of suppliers, visitors to our website, and, where applicable, other individuals, for the following main reasons:

  • Legal obligations – To fulfill legal duties or to establish and perform contractual relationships.
  • Legitimate interests of the controller – Including processing anonymized data for analysis, handling business and operational communication, protecting property and personal safety, etc.
  • Consent of the data subject – For example, for the purpose of sending marketing communications.

PURPOSES OF PERSONAL DATA PROCESSING

  • Preparation and performance of contractual obligations with customers, suppliers, employees, and job applicants.
  • Communication with customers, supplier representatives, and other data subjects.
  • Improving and evaluating the quality of services provided to clients.
  • Protection of property and personal safety.
  • Sending marketing communications.
  • Accounting and financial record-keeping.

WHAT DATA WE PROCESS AND HOW

We categorize all data you provide while browsing our website or requesting/using our products and services into two groups:

  • Anonymized Data
  • Non-anonymized (Personal) Data

Anonymized data refers to information that cannot be used—either alone or in combination with other data—to identify an individual.

This includes, but is not limited to: cookies, device identifiers, website visit records, IP addresses, visit date and time, usage behavior on our website and services, server log information (e.g., search queries), geolocation data, and user preferences. This data is processed automatically through secure applications. We do not link it to specific users or clients in a way that would make the data personally identifiable.

Non-anonymized (personal) data refers to information that can be easily associated with a specific user or client and, when combined, constitutes personally identifiable information. This includes, but is not limited to: full name, address, age, personal ID number, phone number, email address, gender, date of birth, nationality, document numbers, etc.

We process such data exclusively within secure applications that comply with GDPR requirements and store it in internal, access-restricted company systems.

HOW LONG WE RETAIN YOUR DATA

All personal data is processed and stored according to the nature and purpose of its collection.

Data used for analytics, service improvement, and marketing purposes is processed based on your consent and retained for a maximum of 10 years, unless the consent is renewed.

Data collected via our website (such as cookies and usage logs) is retained for a maximum of 4 years. You can manage or limit data collection, for example, by using the Google Analytics Opt-out Browser Add-on.

Data arising from contractual relationships (e.g., invoices, contracts, receipts) is retained for the duration required by law.

Data Stored and Processed by Third Parties

When using third-party applications, we ensure that all data is stored and transmitted in encrypted form and that such applications comply with the General Data Protection Regulation (GDPR).

YOUR RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

  • The right to access, rectify, transfer, and erase your data, provided that no legal obligations prevent this.
  • The right to receive information about how your personal data is processed.

HOW TO EXERCISE YOUR RIGHTS

You can request information about how your data is processed or stored by emailing us at [email protected] or in writing to the company’s registered address. Depending on the nature of the request, you may be asked to verify your identity before the data is provided.

You may also exercise your right to erasure in the same manner.

You may object to the processing of your personal data for direct marketing purposes by using the unsubscribe link provided in our communications.

You can file a complaint with the supervisory authority, which is the Office for Personal Data Protection.

Contact Details

Castle Rock Investments, s.r.o.
Company ID: 07470983
VAT ID: CZ07470983
Registered Office: Sokolovská 428/130, 186 00 Prague 8, Czech Republic
Website: www.castlerock.cz
E-mail: [email protected]

Back to top Arrow
View