As a data controller, we process the personal data of our clients, representatives of suppliers, visitors to our website, and, where applicable, other individuals, for the following main reasons:
We categorize all data you provide while browsing our website or requesting/using our products and services into two groups:
Anonymized data refers to information that cannot be used—either alone or in combination with other data—to identify an individual.
This includes, but is not limited to: cookies, device identifiers, website visit records, IP addresses, visit date and time, usage behavior on our website and services, server log information (e.g., search queries), geolocation data, and user preferences. This data is processed automatically through secure applications. We do not link it to specific users or clients in a way that would make the data personally identifiable.
Non-anonymized (personal) data refers to information that can be easily associated with a specific user or client and, when combined, constitutes personally identifiable information. This includes, but is not limited to: full name, address, age, personal ID number, phone number, email address, gender, date of birth, nationality, document numbers, etc.
We process such data exclusively within secure applications that comply with GDPR requirements and store it in internal, access-restricted company systems.
All personal data is processed and stored according to the nature and purpose of its collection.
Data used for analytics, service improvement, and marketing purposes is processed based on your consent and retained for a maximum of 10 years, unless the consent is renewed.
Data collected via our website (such as cookies and usage logs) is retained for a maximum of 4 years. You can manage or limit data collection, for example, by using the Google Analytics Opt-out Browser Add-on.
Data arising from contractual relationships (e.g., invoices, contracts, receipts) is retained for the duration required by law.
When using third-party applications, we ensure that all data is stored and transmitted in encrypted form and that such applications comply with the General Data Protection Regulation (GDPR).
Under the GDPR, you have the following rights regarding your personal data:
You can request information about how your data is processed or stored by emailing us at [email protected] or in writing to the company’s registered address. Depending on the nature of the request, you may be asked to verify your identity before the data is provided.
You may also exercise your right to erasure in the same manner.
You may object to the processing of your personal data for direct marketing purposes by using the unsubscribe link provided in our communications.
You can file a complaint with the supervisory authority, which is the Office for Personal Data Protection.
Castle Rock Investments, s.r.o.
Company ID: 07470983
VAT ID: CZ07470983
Registered Office: Sokolovská 428/130, 186 00 Prague 8, Czech Republic
Website: www.castlerock.cz
E-mail: [email protected]