We recommend that all customers and visitors of the online shop and website available at www.regulace.org, before providing any personal data and/or completing any electronic form, carefully familiarize themselves with this document. The following Privacy Policy, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), specifies which personally identifiable information may be collected and used. These principles also address other essential matters relating to the protection of privacy.

I. Data Controller

The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 (GDPR) is a natural person / entrepreneur:

Ing. Tomáš Halabala
Company ID (IČ): 756 93 267
Registered office: Kudlovice 363, 687 03 Kudlovice, Czech Republic

(hereinafter referred to as the “Controller”)

Contact details of the Controller:

Address: Ing. Tomáš Halabala, Kudlovice 363, 687 03 Kudlovice, Czech Republic
E-mail: tomas.halabala@regulace.org
Phone: +420 728 677 659

II. Personal Data We Process

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Controller has not appointed a Data Protection Officer.

We process only the personal data that you voluntarily provide to us, in particular:

• first name and last name

• e-mail address

• telephone number

• billing details (postal address, registered office address, Company ID, VAT ID, company name)

• content of messages sent via the contact form or by e-mail

The website may also process technical data:

• IP address

• device and browser type

• cookies (see below)

III. Legal Basis and Purpose of Processing

The legal basis for processing personal data is:

• performance of a contract between you and the Controller pursuant to Article 6(1)(b) GDPR

• compliance with legal obligations (accounting and tax records)

• the legitimate interest of the Controller in providing direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR

• your consent to processing for the purposes of direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, where no order of goods or services has been placed

The purpose of processing personal data is:

• handling your inquiry or order and exercising rights and obligations arising from the contractual relationship between you and the Controller

• when placing an order, personal data required for successful processing of the order (name, address, contact details) are required; providing personal data is a necessary requirement for concluding and performing the contract, and without providing such data it is not possible to conclude or perform the contract

• communication with customers

• protection of the legitimate interests of the Controller

The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

IV. Data Retention Period

The Controller stores personal data:

• for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller and for the assertion of claims arising from such contractual relationships (for a period of 15 years from the termination of the contractual relationship)

• for the period required by legal regulations (e.g. Accounting Act)

• for the duration of the Controller’s legitimate interest

• until consent to the processing of personal data for marketing purposes is withdrawn, if personal data are processed on the basis of consent

• for the duration of the validity of purchased or free software licenses

After the expiration of these periods, the personal data are securely deleted or anonymized.

V. Recipients of Personal Data

Personal data may be disclosed to:

• persons involved in the delivery of goods/services or the execution of payments under the contract

• accounting or tax service providers

• public authorities where required by law

• IT and web hosting service providers

Personal data are not transferred to third countries outside the EU or to any international organization. The Controller does not intend to sell or otherwise disseminate personal data.

VI. Cookies

The website regulace.org uses cookies solely for the purpose of:

• ensuring proper functionality of the website

• internal evaluation of website traffic

Cookies used on this website do not require the user’s active consent, as only technical cookies are used. You may restrict or completely disable the use of cookies in your web browser settings. No third-party analytical tools such as Google Analytics, Google Ads, etc. are implemented on this website.

VII. Rights of the Data Subject

You have the right to:

• access your personal data

• rectification of inaccurate personal data

• erasure of personal data (the “right to be forgotten”)

• restriction of processing

• data portability pursuant to Article 20 GDPR

• object to processing

• lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated

• withdraw your consent to the processing of personal data in writing to the address or electronically to the e-mail address of the Controller specified in Section I of this document

VIII. Security of Personal Data

The Controller has adopted all appropriate technical and organizational measures to protect personal data against misuse, loss or unauthorized access. Passwords of registered customers are stored in the database in a one-way encrypted form, and the communication channel for accessing the website is also encrypted. The Controller declares that only authorized persons appointed by the Controller have access to personal data.

IX. Final Provisions

By submitting an order via the online order form, you confirm that you have been familiarized with these Privacy Policy and that you accept them in their entirety.

These Privacy Policy are valid and effective as of 13 December 2025.

The Controller reserves the right to update these Privacy Policy at any time. Each updated version of the Privacy Policy will be published on this website.