Privacy Policy

Privacy Policy

As an entrepreneurial natural person operating this beauty salon, I am the Controller of your personal data, which means that I determine the purpose and means of processing your personal data, carry out the processing of your personal data and am responsible for this processing (hereinafter referred to as the "Controller").

In this document you will find general information about the processing of personal data that occurs in the course of my business activities and that I process in accordance with data protection regulations, in particular EU Regulation 2016/679 (the "Regulation").

GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA

What personal data is processed?

For the purposes set out, I process in particular the following categories of personal data:

How is your personal data collected?

Your personal data is collected from you, from publicly available sources or from your own activities. If personal data is obtained from you, you are always informed whether the provision of personal data is a legal or contractual requirement and whether you are obliged to provide personal data and the possible consequences of not providing personal data.

from you, in particular:

from publicly available sources, in particular:

from their own activities:

For what purposes is your personal data processed?

Your personal data is processed only to the extent necessary for the purpose(s) and for the period of time necessary to fulfil the purpose(s).

Your personal data is processed in particular:

(a) for the purposes of concluding contracts, for the performance of a contract that has been concluded and for the processing of your requests,

b) for the purpose of fulfilling the legal obligations of the Controller,

c) for the purposes of the legitimate interests of the Controller,

(d) for marketing purposes.

How is your personal data processed and how is your personal data secured?

The processing of personal data is always done in such a way that your personal data is well secured and cannot be misused.

The processing of your personal data may be either manual or automated. Automated processing takes place in the information systems of any processors (e.g. accounting). Therefore, your personal data may be accessed by employees of the processors only to the extent necessary for the performance of their activities for the Controller.

What are your rights?

You may exercise the following rights at any time during the processing of your personal data:

If the Controller receives a request to exercise your aforementioned right, the applicant will be informed of the measures taken without undue delay and in any case within one month of receipt of the request. This period may be extended by a further two months if necessary. The controller is not obliged to grant the request in whole or in part in certain cases provided for in the Regulation. This will be the case, in particular, if the request is manifestly unfounded or unreasonable, in particular because it is repetitive. In such cases, a reasonable fee may be imposed on such applicant (i) taking into account the administrative costs involved in providing the requested information or communication or in taking the requested action, or (ii) refusing to comply with the request.

If the Controller has reasonable doubt about the identity of the applicant, the Controller may ask the applicant to provide additional information necessary to confirm his or her identity.

Information about the fact that the data subject has exercised his/her rights with the Controller and how his/her request was handled will be stored for a reasonable period of time (4 years) for the purpose of proving this fact, for statistical purposes, improving the services and protecting the rights of the Controller.

In the event that the data subject believes that the Controller processes his/her personal data unlawfully or otherwise violates his/her rights, he/she has the right to file a complaint with the supervisory authority (Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7) or has the right to seek judicial protection.

PERSONAL DATA PROCESSING INSTRUCTIONS for contractual partners, contact persons of contractual partners and clients

Overview of the (types of) data processed and their sources

Personal data means any information relating to an identified or identifiable natural person (also referred to as a 'data subject'); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity. The personal data that will be processed about you is usually obtained directly from you or as part of a contractual relationship with you. In justified cases (in particular when recovering amounts owed), additional information about you may also be sought from open sources.

PROCESSING OF PERSONAL DATA OF CONTRACT PARTNERS - natural persons (hereinafter referred to as "Partner")

This includes, in particular, the data provided by such persons (typically name and surname, place of business, VAT number, account number, contact details (email address and telephone number), date of birth, details of the contract, amounts invoiced and paid (due), details of ongoing performance and communications with partners (or their employees). In connection with communication with the partner, the Controller may also store certain technical data, i.e. the time of the communication with the partner and the IP address from which it will be sent. For potential contractual partners - entrepreneurs, the Controller may process data obtained from open sources (e.g. their websites or advertisements submitted by them) in order to contact them by telephone with an offer of services. The Controller may store such basic data in its CRM system for the purpose of further contact if it uses this system.

PROCESSING OF PERSONAL DATA OF CONTACT PERSONS OF CONTRACT PARTNERS

Within the processing of personal data of actual or potential contractual partners, data on their contact persons (e.g. their statutory bodies or employees who deal with the Controller) are also processed. Within the scope of this data, data on the name and surname of such persons, their e-mail address, their job title, their telephone number and, where applicable, minutes of meetings with them are usually processed. These data are processed for the same purposes and to a similar extent and duration as the data of the contractual partners.

PROCESSING OF PERSONAL DATA FOR CLIENTS USING SERVICES PROVIDED BY THE ADMINISTRATOR (beauty salon services)

The personal data of clients using the Services - natural persons (hereinafter referred to as "Client"), which will be processed by the Controller, includes in particular data provided by such persons, typically:

Purposes of processing

Usually, each data is used for several purposes at the same time. The means of processing, the duration of processing, etc., are then determined by the stated purposes. In certain cases provided for by the Regulation, your data may be processed for purposes other than those listed below, but these are exceptional and limited cases, which the Regulation makes subject to other conditions.

The primary purpose of processing the personal data of the contractual partner/client will be the conclusion and performance of the concluded contract/order. In this context, the data will also be used for the registration and proper performance of the contractual relations of the Controller, for statistical purposes, for the further development of the Controller's services, either the services covered by the concluded contract or the internal administrative procedures of the Controller, for the recovery of debts and for the protection of the rights of the Controller and third parties (e.g. other contractual partners), in particular against illegal activities. The data (in particular, data obtained from communications with the partner/client, such as IP address and time of communication) will also be used for IT security purposes of the Controller. In addition, the personal data of the partner/client will be processed by the Controller for the purpose of fulfilling its legal obligations, in particular under accounting and tax regulations, data protection regulations, advertising regulation regulations, etc. as well as for the purposes of direct marketing in accordance with Article 47 of the Regulation (i.e. in particular sending offers for products and services, i.e. contacting by e-mail or telephone).

Legal basis for processing

Any processing of personal data must be lawful - it must be based on one of the legal grounds for processing listed in the Regulation. As with the purpose, any data may be processed on the basis of more than one legal ground for processing. If all the legal grounds fall away, then the Controller will stop processing your data. The possible legal grounds for processing are listed in Article 6 of the Regulation. If your personal data will be processed on the basis of your consent, you have the possibility to withdraw this consent at any time (for withdrawal, please contact the Controller at the contacts below). Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. However, the data of contractual partners are not usually processed on the basis of consent.

The legal basis for the processing of partners'/clients' personal data is:

Right to object

The right to object is an important right. It allows you to have processing carried out on the basis of the so-called legitimate interest of the Controller reviewed where your particular situation justifies it - i.e. where the processing itself is permissible but there are specific reasons on your side why you do not want the processing to take place anyway. However, the possibility to object does not apply to all cases of processing, e.g. it cannot be used if your data is processed strictly necessary for the performance of a contract or if the processing is required by law. The right to object is enshrined in Article 21 of the Regulation.

If the legal reason for processing the partner's/client's personal data is the legitimate interest of the Controller (in particular, the processing of data for IT security purposes, statistical purposes and the further development of the Controller's supplier/customer relationships and the protection of the rights of the Controller and third parties), the partner/client has the right to object to such processing of personal data at any time for reasons relating to his/her particular situation. In this case, the Controller will not further process such personal data unless there are compelling legitimate grounds for the processing which override the interests of the partner/client or their rights and freedoms, or unless the processing is for the establishment, exercise or defence of legal claims. The partner/client may object to the processing by using the contact details below or preferably by emailing info@mbbeautysalon.cz. In the email, you must indicate the specific situation that leads you to conclude that the Data Controller should not process the data.

In the case of data processing for direct marketing purposes (sending marketing messages), it is always possible to object without further notice, in which case you do not need to give any reasons why you do not wish to continue receiving marketing messages. In these cases, the best way to object is to opt-out of further communications by following the link that will usually be included in the communications for this purpose.

However, even in the above-mentioned cases, there will sometimes be parallel processing of personal data for other purposes that will justify the Controller continuing to process such data.

The period for which the data will be processed

The controller cannot process your data for an arbitrarily long period of time, but the processing period is limited to the period when it actually needs your data. The length of this period is limited to take due account of both your interests and the interests of the Controller. Sometimes it is more difficult to determine the necessary processing period, or for security reasons it is not appropriate to disclose the exact length of this period, so below are at least some of the criteria used by the Controller to determine the length of processing of your data.

The Administrator will process the contact data of partners/clients for the purpose of sending commercial communications until the partner/client expresses his/her consent to such sending. However, even then, the Controller will process basic data on why it has sent the partner/client commercial communications for a reasonable period of time to demonstrate the legitimacy of such communication.

The personal data will be processed for a reasonable period of time with regard to the purpose of the processing. If the processing period is prescribed by law, the personal data will be processed for such a period, unless the following reasons justify a longer processing period. Furthermore, in determining the proportionality of the processing period, the following considerations will be taken into account in particular (i) the length of the limitation period, (ii) the likelihood of legal claims, (iii) the usual practices in the market, (iv) the likelihood and significance of the risks involved and (v) any recommendations of supervisory authorities.

Data update

The controller is obliged to process accurate data or, if necessary, to complete incomplete data in view of the circumstances. If you provide the Controller with information about a change to your data, you will help the Controller to fulfil this obligation properly.

If there is a change in the data provided or other data provided by the partner/client, it is desirable to send information about such change to the Controller.

In order to update the data, the Administrator can be contacted at the contacts listed below, preferably by email at info@mbbeautysalon.cz  

Business messages

Data about potential, current or past partners/clients may also be processed for the purposes of so-called direct marketing, which is typically sending emails or telephone contacts with offers of similar products or services to those you have received. The sending of offers is not limited in time, but if you express your wish not to receive such offers any longer, you will be granted. However, the Controller will continue to process basic data about the mailing for a reasonable period of time to be able to demonstrate why these offers were sent to you. Your data will not be passed on to any third parties for the purpose of sending you offers (except for subcontractors - processors of the Controller who carry out processing for the Controller).

The Controller may send commercial communications to the address of the Partner (including e-mail) in accordance with the provisions of Section 7 of Act No. 480/2004 Coll., and may be contacted by unsolicited direct mail containing commercial communications relating to the Controller's products, trade and services. The Partner may refuse this mailing at any time at the address of the Administrator's registered office or via the e-mail address info@mbbeautysalon.cz. Such refusal shall not - unless the Partner expressly states otherwise - affect the sending of commercial communications other than those to which the Partner responds.

How the processing will take place and its consequences

Nowadays, most processing is computerised, so your data will usually be processed in a computer system (e.g. in the Controller's CRM system, in Outlook for emails, in an accounting system for billing data, etc.). This does not, of course, exclude the processing of documents in filing systems such as the system for storing paper contracts or business card filing systems.

The controller will process personal data mainly on its computer systems and on the computer systems of processors. The Controller will process correspondence in its filing system. The provision of the processed data by the partner is voluntary (however, without the provision of certain data the contract will not be concluded and in some cases certain data are subsequently required by law, in particular accounting regulations).

Birth number

Your personal identification number will only be processed if you voluntarily provide it on the contract or if required by law (unless expressly required by law, the Controller does not insist that you provide your personal identification number on contracts, so please do not provide it in contracts).

In the event that the partner - a natural person provides the Administrator with information about his/her birth number on the basis of or in connection with the concluded contract, he/she agrees, as the holder of this birth number within the meaning of Section 13c(1) of Act No. 133/2000 Coll., that the Administrator shall use this birth number for the purposes of recording contracts, provided services and protecting the rights of the Administrator, to archive, process and use it for this purpose. Any withdrawal of consent under this Article shall not affect the Controller's authorisation to process information and data arising from the relevant legislation or for other purposes, unless expressly provided otherwise.

Transfer of personal data to other persons (recipients of personal data)

Not all processing of personal data is carried out by the Controller itself. It sometimes hires third parties, so-called personal data processors, to process personal data, and these are sufficiently trustworthy.

The controller may disclose personal data to third parties only if required or permitted by law or with the consent of the partner. The Controller discloses personal data only to the usual extent to processors or other recipients - suppliers of external services (typically programming or other technical support services, suppliers of computer systems, server services, email distribution and archiving service providers), operators of (backup) servers or operators of technologies used by the Controller who process them in order to ensure the functionality of the respective services. In addition, personal data may be disclosed to the extent necessary to legal, economic and tax advisors and auditors who process them for the purpose of providing consulting services. Personal data relating to debtors may also be disclosed to debt insurance companies or other companies for the purpose of debt recovery. Personal data may also be disclosed to public authorities on request or in the event of suspected infringements.

Transfer of personal data abroad

While the principle of free movement of persons within the EU applies under the Regulation, the Regulation restricts the transfer of personal data abroad outside the EU. The controller does not transfer personal data abroad outside the EU as a standard practice. However, it may happen that your personal data is processed in a computer system whose servers are located outside the EU, although the Controller tries to avoid such situations. With respect to systems typically used in the course of business, this would be at most systems using servers located in the United States of America. In this case, a company will be selected as a contractual partner that meets the conditions approved by the European Commission for the secure transfer of data between the EU and the US, the so-called Privacy Shield. Should your personal data be transferred outside the EU, you will be informed in an appropriate manner if necessary.

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF VISITORS TO THE WEBSITE OF THE CONTROLLER

In addition to the Regulation, the Administrator also proceeds in accordance with Act No. 110/2019 Coll., on the Protection of Personal Data, Act No. 127/2005 Coll., on Electronic Communications, Act No. 480/2004 Coll., on Certain Information Society Services, as amended, and other legal regulations.

For what purposes is your data processed?

The controller does not process the personal data of users other than for the purposes permitted by law or for the purposes to which the user has consented, in particular for the purposes listed below:

Your data is usually processed in the Controller's own computer systems, or third party systems (so-called processors) may be used.

Legal basis for processing

The legal basis for processing your personal data is

interest in protecting its rights, processing for statistical purposes, measuring website traffic, analysing your preferences and displaying content that matches your individual preferences, improving website content and development, ensuring system and network security and direct marketing) and third parties and

Processing for certain purposes may also be based on your

Consents granted for the processing of personal data can be revoked at any time using the cookie button at the foot of the page. This does not affect the lawfulness of processing based on consent that was given before its withdrawal.

What data is processed, for how long and what are its sources?

In particular, data about your activity on the website, IP address, date and time of access, basic geographical location, etc. are processed for the above purposes. In addition, data on how you have provided data or consent to the processing of your personal data is processed, usually by storing information on how and when consent was given, including, for example, your IP address from which you clicked the relevant box and when you withdrew it.

Where your consent is required, data is also processed on the fact that you have given such consent and how it was given (by storing information on the method and time of giving consent, including your IP address from which you ticked the relevant box) and when you withdrew it.

For how long your data will be processed

All personal data is processed only to the extent necessary for the fulfilment of the above purposes and only for the period necessary to achieve the stated purposes, but no longer than the period specified by or in accordance with the relevant legal regulations. Personal data processed with consent are processed until the consent is withdrawn, after which the data may be processed if there is another legal reason for doing so (e.g. to prove consent, to defend against legal claims, etc.).

In particular, the length of the processing period is determined by considering (i) the length of the limitation period, (ii) the likelihood of legal claims against the Controller, (iii) the expected time to detect attacks on our network or other breaches of security, (iv) common market practices and recommendations of supervisory authorities, and (v) the likelihood and significance of the risks involved.

If information is needed from you that will directly identify you or enable us to contact you, you will be explicitly asked for it.

Source of processed data

The source of the personal data processed about you is mainly your activity on the website.

The personal data processed by the controller is obtained either directly from you (by providing it, for example, by filling in a form on the website or from individual correspondence with you) or by tracking your activity on the website.

To whom can your data be disclosed?

The Controller may disclose your personal data to third parties only where required or permitted by law or with your consent, in particular:

COOKIES

In accordance with the provisions of § 89 of Act No. 127/2005 Coll., on electronic communications, the Administrator informs that the servers use for their activities, in particular for the differentiation of individual computers and the individual setting of certain services, so-called cookies - small amounts of data that the servers send to your computer and which enable better use of our servers and adaptation of their content to your needs and preferences.

Cookies can be thought of as the memory of a website, which recognises the user on the next visit to the same computer. Almost every website in the world uses cookies. Cookies are generally useful because they increase the user-friendliness of a repeatedly visited website. If you use the same computer and browser to visit our website, cookies help your computer remember the pages you visit and your preferred settings for each page.

Cookies take up almost no space on your computer's hard drive and are usually a few kilobytes in size.

Standard web browsers support the management of cookies. Please use your browser's help for more detailed information.

None of the cookies used on our website collect information that contains your direct identification data.

Types of cookies

Depending on the period of time they are stored on your device, cookies are divided into temporary (called session) and permanent (called permanent). Temporary cookies are deleted after the end of your visit. They are used to make the offer clearer, easier to understand and safer for users. Permanent cookies help to identify the specific needs of individual user groups and serve to ensure that the needs of individual users can always be responded to as quickly as possible, and remain stored on your device after you have finished visiting the website, for the period of time indicated for each cookie. However, these files do not serve to personally identify users of the website.

Depending on the function and purpose for which cookies are used, they are usually divided into the following types:

Use of cookies

To save your personal settings

During the first visit, the computer and internet connection parameters are tested. This is then used to optimally set up, for example, a video player.

To improve the website

From time to time, a website may use functionality that tracks how users behave on the website, in particular which links they click on most and where they mouse over first. This helps to optimise the website to make it more user-friendly.

For statistical recording, traffic measurement and network security

The analytics software stores its own cookies each time you visit the website. These help to determine how many users visit the website repeatedly. This contributes to a better understanding of how readers behave on the website, what they prefer and what interests them. Google Analytics is used for these purposes. If you want to opt-out of having your traffic measured by Google Analytics, install the Google Analytics Opt-out Browser in your browser. This information is not linked to other information in any way.

The website also uses tools to analyse your preferences when viewing content. Such tools allow you to find out what part of the website is most visited and determine how to lay out the site based on that.

The recorded data can also be used to secure the network and prevent attacks on it.

To deliver relevant website content

Some cookies are also used to show you content that may be of interest to you. To this end, tools are also used to track users' movements around the website in order to organise the website in a more user-friendly way.

For advertising purposes

Some cookies are used to better target advertising according to user behaviour (behavioural advertising). This is data that is not linked to other types of cookies. The data collected in this way is used solely to segment visitors in order to deliver more relevant advertising messages. Segments are created based on several general patterns of visitor behaviour and the content of the pages they visit. No detailed profiles of website visitors are created.

Some of the above systems also use retargeting techniques where you may be shown content on third party sites.

BROWSER SETTINGS AND COOKIE SETTINGS AND THE ABILITY TO DELETE THEM

When you visit the website, a cookie banner is displayed with the option to set optional cookies by accepting or rejecting them. Use the cookie banner to select your preferences and confirm your selection. You can change your choice at any time using the cookie button in the footer of the website.

You can also disable cookies by changing the settings in your browser that allow you to refuse the use of all or selected cookies. However, if you use your browser settings to disable all cookies (including strictly necessary cookies), you may not be able to access the website and the functionality of the offer may be limited. Disabling cookies does not remove them from the browser and they must be removed independently in the browser.

In the Help tab of the bar of most commonly used browsers, there are instructions on how to prevent your browser from accepting new cookies, how to receive notifications when cookies are accepted, and how to deactivate all of them. It is also possible to deactivate or completely delete similar data used by your browser as add-on modules, such as flash cookies, by changing the settings of the add-on module or by visiting the website of its manufacturer.

Most web browsers accept cookies by default. However, users can change their browser settings to refuse and remove cookies. The specific procedure varies from browser to browser, so please refer to your browser's help for more information. For the most widely used browsers these are:

Chrome - https://support.google.com/accounts/answer/61416?hl=cs
Firefox - https://support.mozilla.org/cs/kb/vymazani-cookies
MS Internet Explorer/Edge - https://windows.microsoft.com
Safari - https://support.apple.com
Opera - https://help.opera.com

RISKS AND RECOMMENDED PRACTICES

Any processing of personal data carries certain risks. These may vary depending on the scope of the data processed and the way it is processed. Below are some best practices that can help you protect your data:

HOW TO CONTACT THE ADMINISTRATOR?

You can use the following contacts for any comments and questions about data protection and to contact us regarding the exercise of your legal rights:

E-mail: info@mbbeautysalon.cz

This information on the processing of personal data is valid and effective as of 1.9.2025. The current version of this document is published on the website www.mbbeautysalon.cz  

Our services

Discover care that combines beauty, harmony and the power of nature.