Information on the processing of personal data
We are aware that our customers, visitors, users and others who visit our website (hereinafter collectively referred to as “Users”) appreciate their privacy. This document, therefore, contains important information regarding the rules that we obey when processing personal data.
We process personal data in accordance with Regulation 2016/679/EC of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and on the repeal of regulation 95/46/EC (the “GDPR”).
Notice: In the event of any conflict between the Czech and foreign-language versions of this Privacy Policy, the Czech version shall prevail. Different language versions of this policy are available here: https://furchguitars.com/cs/informace-o-ochrane-osobnich-udaju/, https://furchguitars.com/us/information-on-the-processing-of-personal-data/.
BASIC INFORMATION
Identification and contact details of Provider:
|
Name: |
Furch Guitars, s.r.o. |
|
Company registration No.: |
27668002 |
|
Registered seat: |
Městečko 27, 691 63 Velké Němčice |
|
Contact email: |
|
|
Contact telephone: |
+420 519 417 285 |
(hereinafter referred to as the “Provider”)
Data protection officer:
The Provider has not appointed a data protection officer, as it is not a liable person as per Article 37 of the GDPR.
The transfer of personal data to a third country or international organisation
The Provider does not transfer personal data to third countries or to international organizations as defined in Article 44 et seq. of the GDPR.
Automated individual decision-making and profiling
The Provider does not perform profiling or automated individual decision-making.
Supervisory authority:
The supervisory authority in the location of the Provider’s registered seat is the Office for Personal Data Protection, at Pplk. Sochora 27, 170 00 Prague 7, e-mail: , Phone: +420 234 665 125.
Provider’s position:
The Provider acts solely in the position of the personal data controller.
PROVIDER ACTING AS THE PERSONAL DATA CONTROLLER
The Provider acts as the personal data controller in relation to the personal data processing of the following persons: visitors to the website and owners of Furch guitars.
What personal data is processed by the Provider, for what purpose and on what legal grounds?
Website visit. The Provider processes data obtained from natural persons by visiting the Provider’s website. When visiting the website, the Provider collects and processes the following types of personal data to be stored: name and surname, e-mail address, country, model and serial no. of guitars, date of purchase, preferred guitar playing method. The Provider further processes the following data: browser type and language, server requirements, including time data and referencing URL. This data is necessary to correctly display the website. Further, it may also be used as necessary to maintain secure operation of the website and for other purposes described in this Privacy Policy. The Provider processes this personal data on the basis of its legitimate interest or consent of the User. Information regarding cookies is listed below.
In the event that the User is a customer of the Provider, the Provider may, for reasons of legitimate interest, send commercial communications – newsletters to them at their email address. In the other cases, it is only possible to send newsletters based on consent. Newsletters can be unsubscribed at any time.
Should the Provider intend to process other personal data than that specified in this article, or possibly for other purposes, the Provider may only do so based on valid consent allowing the processing of the relevant personal data. The consent to personal data processing is to be provided in a separate document.
Information about the processing of personal data of the Provider’s employees is provided in a separate internal regulation.
Sensitive personal data
The Provider, as the personal data controller, does not process the User’s personal data belonging to special categories of personal data pursuant to Article 9 of the GDPR.
How long will we retain your personal data?
The personal data shall only be retained for as long as there is a legal reason for its storage and the data shall then be deleted without delay.
The Provider processes the personal data for the fulfilment of obligations ensuing from special legal regulations for the time defined by the special legal regulations. These include, for example, legitimate retention of data or documentation obligations. These include, in particular, obligations relating to the retention of data arising from civil, commercial or tax legislation. If the obligation to keep the data ceases, the personal data shall be deleted without delay.
Other personal data is processed for the duration of the contractual relationship and subsequently for the period of time stipulated by law for the possible exercise of a claim against the Provider.
DATA SECURITY METHODS
In order to secure the User’s data against unauthorised or accidental disclosure, the Provider shall use adequate and appropriate technical and organisational measures.
If servers are located in a data centre operated by a third party, the Provider shall ensure that similar technical and organisational measures are implemented by said third party as well.
The Provider only stores any and all data on servers located in the European Union or in countries providing protection of personal data in the manner equal to protection ensured by the statutory regulations of the Czech Republic.
The Provider uses the following data security procedures: firewalls, updated antivirus programs, https protocol and others.
USER’S RIGHTS
Every user has
- The right of access to personal data:The User has the right to obtain from the Provider confirmation as to whether the personal data related to them is processed or not processed, and if it is, the User has the right to access the personal data including the following information: a) the purpose of the processing; b) categories of personal data concerned; c) recipients to whom personal data has been or will be made available; d) scheduled time for which personal data will be stored; e) the right to request the Provider to correct or delete personal data or to limit personal data processing or to object against processing; f) the right to submit a complaint at the supervisory authority; g) the right to access all available information related to the source of personal data, unless the data has been obtained from the Users; h) whether automated decision-making is taking place, including profiling. The User also has the right to obtain a copy of the processed personal data.
- The right to rectification of personal data:The User has the right to request the Provider to rectify inaccurate personal data related to the User, without undue delay, or to supplement incomplete personal data.
- The right to erasure of personal data:The User has the right to request that the Provider immediately delete any personal data related to the User and in the following cases: a) personal data is no longer needed for the purpose for which it was collected or processed; b) the User withdraws the consent on which basis the data was processed and there is no legal reason for data processing; c) the User submits an objection against data processing and there are no significant legal reasons to continue with the processing; d) personal data was processed illegally; e) personal data must be deleted upon the fulfilment of legal obligations specified in EU legislature or the Czech Republic; f) personal data was collected based on a service offer provided by an information company. The right for data deletion shall not apply if processing is necessary for the fulfilment of legal obligations or to determine, exercise or defend legal claims as well as in other cases specified in the GDPR.
- The right to restriction of processing:The User has the right to request the Provider restrict its data processing in any of the following cases: a) the User denies the accuracy of personal data and such restrictions shall last for the necessary time allowing the Provider to verify the accuracy of personal data; b) processing is illegal and the User rejects deletion of personal data but demands data use restriction instead; c) the Provider does not need data for processing purposes but the User needs the data to define, exercise or defend legal claims; d) the User submitted an objection against processing until it is verified that the legitimate reasons of the Provider outweigh any legitimate reasons of the data subject.
- The right to object to processing:Based on a particular situation and reasons of the User, the User is entitled to submit an objection against the processing of personal data related to the User at any time, and which the Provider processes based on a legitimate interest. In such case, the Provider stops processing the personal data until it proves serious justified reasons for the processing exceeding the interests or the rights and freedoms of the Users, or for the determination, performance or defence of legal claims.
- The right to data portability:The User has the right to obtain personal data, related to the User and provided to the Provider, in a structured and commonly used machine-readable format and forward this data to another administrator, whereas the Provider may not block the transfer and the User may do so if: a) the processing is based on consent, and b) the processing is done automatically. When exercising the right to data portability, the User shall have the right that the personal data is transferred directly by one controller to another, should it be technically feasible.
- The right to file a complaint with the supervisory authority:If the User believes that the Provider does not process their personal data lawfully, they have the right to file a complaint with the supervisory authority. The contact details of the supervisory authority are provided above.
- The right to information regarding correction or erasure of personal data or processing restrictions:The controller shall inform the individual recipients who have been provided with access to personal data of any correction or erasure of the personal data or its processing restriction, which shall not apply if it turns out to be impossible or if it requires inadequate effort. If requested by the User, the Provider shall inform the User about these recipients.
- The right to be informed when personal data security has been violated:If a certain data security breach scenario is likely to result in a high risk to the rights and freedoms of natural persons, the Provider shall report the breach to the relevant User without undue delay.
- The right to withdraw consent to personal data processing:Should the Provider process certain personal data based on consent, the User has the right to withdraw the consent to the personal data processing in a written form and at any time by emailing the notice of consent withdrawal to: .
COOKIES
The Provider uses cookies, which are small text files that identify users of the Provider’s website and upload the User activities.
Text in cookies usually represents a line of numbers and letters that clearly identify the User’s computer, but do not provide any particular information about the User. Cookies typically contain the domain name from which it was sent, age information and alphanumeric identifier.
The Provider’s website automatically identifies the IP address of the User. All this information is recorded in the activity log by the server, which allows further information processing. The Provider further records the request from the browser and the time of the request, the status and the amount of data transferred within this request. It also collects information about the browser used and the computer operating system and its versions. It also records the websites from which you have reached the Provider’s website. The IP address of your computer is only stored for as long as the website has been used and for the necessary period of time. Upon expiration, the IP address is deleted or anonymised by truncating.
TYPES OF COOKIES AND SIMILAR TECHNOLOGIES
Technical cookies and similar technologies: Due to its legitimate interest, the Provider uses technically necessary cookies that are required for the operation of the website and for ensuring its functionality. These may be permanent or temporary cookies. Permanent cookies remain on the hard drive even after the browser is closed. Permanent cookies may be used by the browser during the next visits to the Provider’s website. Permanent cookies can be removed. Temporary cookies are deleted when the browser is closed. The Provider uses this data to operate the website, in particular, to identify and resolve errors, to determine the website traffic and to make modifications or improvements. This concerns the purposes for which the Provider has a legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR.
You can configure your browser to block cookies. The Provider points out that in such a case some parts of the website will not work.
In the same manner and for the same reasons, the Provider uses the WebStorage provided in the table below.
OTHER COOKIES ARE USED BY THE PROVIDER WITH THE USER’S CONSENT:
Analytical cookies and similar technologies: These cookies help the Provider analyse how Users use the website. They can be used, for example, to measure and improve the performance of websites. These cookies make it possible, for example, to find out how the User found the website, whether directly, via a search engine or via a link to social media. Further, the Provider learns how long Users stay on the website and what links they click on.
These cookies are only set on the User’s device if they give their consent to it upon their first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Analytical cookies can be rejected at any time simply by making a change in the Detailed Cookies Settings.
In the same manner and for the same reasons, the Provider uses the WebStorage provided in the table below.
Advertising cookies and similar technologies: Advertising cookies allow you to display advertisement based on user preferences. They may be used, for example, to enable the Provider to create a profile of the User’s interests and to display relevant advertisements for the User.
These cookies are only set on the User’s device if they give their consent to it upon their first visit to the website (pursuant to Article 6(1)(a) of the GDPR). Advertising cookies may be rejected at any time simply by making a change in the Detailed Cookies Settings. If the User does not give their consent, they will not be the recipient of content and advertisements adapted to their interests.
In the same manner and for the same reasons, the Provider uses the WebStorage provided in the table below.
or other cookies / similar technologies, if listed in the table below.
To obtain and manage the User’s consent, the Provider uses the CookiesLišta.cz platform from Soft Evolution s.r.o., Company registration No.: 46982230, Martinice 100, 594 01 Velké Meziříčí. The platform collects device information, browser information, anonymised IP addresses, visit dates and times, URL requests, web paths and geographical locations. This allows the User to be informed about the Provider’s web environment and to obtain, manage and document the Provider’s consent. The legal ground for data processing is Article 6(1)(c) of the GDPR, as the Provider has the statutory obligation to provide proof of the consent in accordance with Article 7(1) of the GDPR. Data will be deleted as soon as it is no longer needed for logging and there will be no legal requirements for retention. More information related to the personal data protection provided by the platform provider can be found at: https://www.cookieslista.cz.
The Provider’s website may also post third-party cookies. The Provider uses the following cookies.
| Processor |
Cookies indication |
Personal data |
Purpose of data processing |
Legal title |
Processing times |
|---|---|---|---|---|---|
|
Functional cookies / similar technology |
|||||
|
Furch Guitars, s.r.o. |
dcb_dsv |
no |
Version for consent of processing cookies. |
legitimate interest |
internal storage / 365 days |
|
Furch Guitars, s.r.o. |
dcb_config |
no |
Configuration of consent of processing cookies. |
legitimate interest |
internal storage / 365 days |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
cookiePreferences |
no |
Registration of user’s cookie preferences. |
user consent |
2 years |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_GRECAPTCHA |
no |
Google reCAPTCHA sets the necessary cookie on startup (_GRECAPTCHA) to provide risk analysis. |
legitimate interest |
179 days |
|
Analytical cookies / similar technology </th > |
|||||
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_ga |
no |
ID used for user identification. |
user consent |
2 years |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_ga_ |
no |
ID used for user identification. |
user consent |
2 years |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gid |
no |
ID used for user identification after 24 hours since last activity. |
user consent |
24 hours |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gat |
no |
Used to track the number of Google Analytics requests when using Google Tag Manager. |
user consent |
1 minute |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_dc_gtm_ |
no |
Used to track the number of Google Analytics requests. |
user consent |
1 minute |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
AMP_TOKEN |
no |
Contains the token code that is used to retrieve the client ID from the AMP Client ID service. |
user consent |
30 seconds to 1 year |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gat_gtag_ |
no |
Used to set up and retrieve tracking data. |
user consent |
1 hour |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gac_ |
no |
Contains information related to the user’s marketing campaigns. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked. |
user consent |
90 days |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utma |
no |
ID used to identify users and sessions. |
user consent |
2 years after last activity |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmt |
no |
Used to track the number of Google Analytics requests. |
user consent |
10 minutes |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmb |
no |
Used to distinguish between new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time the data is sent to the Google Analytics server. |
user consent |
30 minutes after last activity |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmc |
no |
Used only with older versions of Urchin Google Analytics, not with GA.js. Used to distinguish between new sessions and end-of-session visits. |
user consent |
end of session (browser) |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmz |
no |
Contains information about the traffic source or campaign that directed users to the site. The cookie is set when the javascript GA.js is loaded and updated when the data is sent to the Google Anaytics server. |
user consent |
6 months after last activity |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmv |
no |
Custom information for web developers is received through the _setCustomVar method in Google Analytics. The cookie contains new updates as well as new messages on Google Analytics. |
user consent |
2 years after last activity |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmx |
no |
Used to determine whether a user is included in an A/B test or a multivariate test. |
user consent |
18 months |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
__utmxx |
no |
Used to determine when an A /B test or multivariate test in which a user participates ends. |
user consent |
18 months |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gac_UA-* |
no |
Saving and counting pageviews. |
user consent |
90 days |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
goog_pem_mod |
no |
Providing ad serving or redirects. |
user consent |
permanently |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
ads/ga-audiences |
no |
Storing information for remarketing purposes. |
user consent |
immediately |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
session_depth |
no |
Save the frequency with which your ad is shown. |
user consent |
30 minutes |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
_gac_* |
no |
Saving and counting pageviews. |
user consent |
90 days |
|
Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
google_pem_mod |
no |
Providing ad serving or redirects. |
user consent |
permanently |
| Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399
|
_clck |
no |
Stores information about the behavior of website visitors |
user consent |
1 year |
COOKIES SETTING IN THE BROWSER
The majority of browsers receive cookies automatically. However, these browsers provide control elements that may be used to remove or block cookies.
Guidelines for cookies blocking or deletion in the browser are usually found in the browser privacy policy or in the browser help documentation.
LOG FILES
The User’s browser automatically reports some information every time the Provider’s website is opened. Servers automatically record certain information that a web browser sends on each visit to a website. These log files may contain information such as web requests, IP addresses, Internet browser types, browser languages.
SOCIAL MEDIA
The Provider is present on social media to communicate with customers, interested parties and users who are logged in there and to inform them about their offers.
The Provider points out that these platforms and their functions are used by the Users under their own responsibility. This particularly applies to the use of interactive functions (e.g. commenting, sharing, evaluation). The Provider bears no responsibility for the handling of this personal data and advises that the personal data may even be processed outside the European Union.
FINAL PROVISIONS
This Privacy Policy shall be updated by the Provider in the event of any change. The current version of the Privacy Policy shall always be available on the Provider’s website. If there is a substantial change in the methods of handling the personal data in this Privacy Policy, the Provider shall inform the User accordingly by visibly publishing a respective notice prior to the implementation of such changes.
Last modified on 19 May 2022
