The 4BREEZE s.r.o. company, located at Bílkova 855/19, Staré Město, 110 00 Praha 1, IČ 17500877, registered with the Municipal Court in Prague, Section C, Insertion 371867, hereby issues this 4BREEZE s.r.o. Company Privacy Policy (hereinafter “Policy”) as a personal data controller according to the General Data Protection Regulation No. 2016/679 (hereinafter “GDPR”).

This Policy explains in detail how 4BREEZE s.r.o. works with your personal data, which is obtained and subsequently processed mainly in relation to the sale of company products, when providing services, during communication with customers and, last but not least, through the use of our website.

1. Data Processing for Business Purpose

In relation to selling products and providing services, the 4BREEZE s.r.o. company will process your personal data in the scope necessary for handling a given contract, providing related services, and handling your potential queries related to purchased products or services. The following table summarizes relevant information on processing your personal data:

    Processing purpose Business purposes:

● Processing personal data in order to sell products and provide services.

● Providing services for purchased products and services.

● Handling queries related to purchased products and services.

    Data subjects ● Customers

● Business partners

    Personal data scope Billing information:

● First and last name.

● Degree (if provided).

● Mailing address (for legal entities or sole traders: address of a given company; for natural persons: mailing address provided by the customer)

● E-mail address.

● Phone number.

Additional identification and contact data:

● Job title.

● Organization’s name.

● IČO (Company Registration Number)

● Seat or place of business address.

Banking information:

● Bank account No (if payments are handled via e-banking)

Business information:

● Information on purchased products and/or services.

● Information obtained when communicating with and answering queries of current customers and business partners related to selling products and services.

    Processing legal title ● Performance of contract.

● Legal obligations (for invoices: tax liability)

    Processing method ● Automated.

● Manual.

    Processing period ● Contracts – for the contract duration + 3 years since the contract has been terminated (for the purpose of potential legitimate requirements from the controller).

● Invoices – according to appropriate tax regulations (currently: 10 years).

● Handling queries – until the query has been dealt with and subsequently 3 years according to the Civil Code, for the purpose of potential legitimate requirements from the controller.

    Recipients ● Subjects participating in performing the contract (if a product or service is provided in cooperation with another subject, e.g. a supplier)

● Delivery services (e.g. the Czech post, courier services) related to performing the contract

● Financial auditors (if the data is requested by a financial auditor)

    Processors ● Yes (when providing training courses for customers and business partners).
    Passing on personal data abroad ● No data is passed on abroad, except when it is needed to ensure services for a purchased product or a service from a producer located abroad.

2. Use of Cookies

The 4BREEZE s.r.o. website does not require and does not capture or store so called cookies (electronic communications metadata). As such, no data processing occurs relative to the activities end-user conducts while visiting the website.

3. Security of your Personal Data

4BREEZE s.r.o. is aware of the paramount importance to protect your personal data. 4BREEZE s.r.o. has implemented appropriate technical and organizational measures. Given the ever-growing development of modern technologies, 4BREEZE s.r.o. always closely watches the most recent trends and adjusts its personal data protection accordingly.

While not a holder of the Information Security Management Systems (ISMS) certification according to the ISO/IEC 27001 norm, 4BREEZE s.r.o. observes a set of organizational and controlling measures defined by the ČSN ISO/IEC 27001:2013 norm, which are based on procedural approach and aiming at maintaining measures and tasks defined in the Privacy Policy of the 4BREEZE s.r.o. company at a level corresponding to current risks and needs for securing 4BREEZE's information and information systems.

4. Your Rights related to Data Protection and Privacy

As a data subject, you have the following rights:

- Right to access personal data: If you want to ask if 4BREEZE s.r.o. processes your personal data, you have the right to obtain information whether such data is processed and, if that is the case, you have the right to access such data.

- Right to rectification of inaccurate data and to update incomplete data: If you assume 4BREEZE s.r.o. processes inaccurate data about you or you want to update your personal data, you have the right to request such a rectification or update of your personal data.

- Right to erasure (“right to be forgotten”): If you request your personal data to be erased, 4BREEZE s.r.o. will evaluate your request and we will erase your personal data provided that: a) your personal data is no longer necessary for the purposes why it was collected or processed in another way; b) processing such data is illegal; c) you object to processing such data and there are no prevailing legitimate reasons to process your personal data; or d) the legal obligation to process your personal data has been revoked in the EU or national law.

- Right to restriction of personal data processing: If you request a restriction of processing your personal data, 4BREEZE s.r.o. will make your data inaccessible or it will take all necessary steps in order to ensure the proper exercise of this right.

- Right to personal data portability: You have the right to request we pass on your personal data, processed via an automated method (in an electronic form), to another controller in a structured, commonly used and machine-readable form. The right to personal data portability can be used on the condition 4BREEZE s.r.o. processes your personal based on a contract or consent to the processing of personal data, and on the condition it is technically feasible. If, by exercising this right, the rights and freedoms of other individuals might be affected, 4BREEZE s.r.o. will not be able to meet your request.

- Right to object: If you exercise your right to object to your data being processed and 4BREEZE s.r.o. acknowledges your requests as legitimate, it will cease processing your personal data without unnecessary delay. If your data is processed for the purposes of direct marketing, you can object to your personal data being processed at any time; in such a case, your personal data will no longer be processed for these purposes.

- Right to appeal to the Office for Personal Data Protection: You have right to appeal with your complaint to the supervisory authority: the Office for Personal Data Protection, based at Pplk. Sochora 27, 170 00 Praha 7, Czech Republic.

5. Information on Processing of your Request

Protecting your privacy and your personal data is a priority for us. We will evaluate your request without unnecessary delay, but always considering the technical capabilities of the 4BREEZE s.r.o. company.

We will process your requests free of charge. But we would also like to inform you that in case of repeated or clearly unjustified requests (“harassing use of data subject rights”) to exercise hereinabove rights, 4BREEZE s.r.o. is entitled to charge an appropriate fee for exercising a given right, or to eventually reject your request. In such a case, you will be informed about such a decision.

6. How can you contact us?

If you have any question regarding your personal data protection, you can contact us:

- Via email to gdpr@4breeze.com. To increase the speed of processing your request, please use “REQUEST – PERSONAL DATA PROTECTION” as the subject of your email.
- Or via post mail to Bílkova 855/19, 110 00 Praha 1 - Nové Město. To increase the speed of processing your request, please write “PERSONAL DATA PROTECTION” on the envelope.

7. Policy Effective Date

This Policy is effective as of September 5, 2022 and will be subject to regular reviews.