We, the IOSEC SE are the controller according to the GDPR and therefore responsible for the data processing explained herein.

You can contact our Data Protection Officer at any time by using the following contact details: dpo@iosec.eu.

• Your visit to our website and/or use of our online services will be logged. The IP address currently used by your device, date and time, the browser type and operating system of your device and the pages accessed. This data is collected for the purposes of optimizing and improving our website as well as our online services. The processing is legally based on legitimate interest as it is in our legitimate interest to protect our website and to improve the quality of our services. Additionally, your personal data is only stored if you provide it to us on your own account, e.g. as part of a registration, a survey, an online application or for online purchase (performance of a contract). We have taken appropriate measures to ensure that the data provided to us during the registration is adequately protected. These measures include, but are not limited to, encryption, access control, segregation of duties etc.

• Personal Data
  Any information relating to an identified or identifiable natural person ("Data Subject") who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  
  
• Data Controller
  The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
  
  
• Data Processor
  A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.
  
  
• Processing
  An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
  
  
• Group Undertaking
  Any holding company together with its subsidiary.
  
  
• Personal Data Breach
  means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  
  
• Information system
  includes all servers and clients, network infrastructure, system and application software, data, and other computer subsystems and components which are owned or used by the organization or which are under the organization's responsibility.  The use of an information system also includes the use of all internal or external services, such as Internet access, e-mail, etc.
  
  
• Supervisory Authority
  means an independent public authority which is established by a Member State pursuant to Article 51.

• Newsletter Registration
  If you wish, you can subscribe for our newsletter on our website [link to newsletter registration page] by filling out the registration form provided there. The personal data that are collected in the registration form will only be processed for sending newsletters to your e-mail address and only if you have given your consent to this data processing. Your personal data will be processed until you unsubscribe from the newsletter by clicking the link “unsubscribe” which is provided in each newsletter you receive from us. Please note that you will not receive any newsletters from us anymore after you unsubscribe.
  
  
• Contact Form
  You can use the contact form on our website to contact us for any request. The personal data that you filled out into the contact form will only be processed for answering your request. Filling in and submitting the contact form constitutes an affirmative action by which you have given your consent to the data processing.
  
  
• Online Shop
  You can use our online shop and place an order by visiting the link. All personal data you have given in our online shop will only be used for the purposes of purchasing and/or delivering of our products, services and content.  Without your personal data, we will not be able to process your order. Your personal data will stored as long as it is necessary for us to  fulfill our obligations towards you including but not limited to delivery of the products or services, providing warranties, support etc., except where we are legally obliged to further store your data for the purposes of submitting it to public authorities, for example to tax authorities. This storage and transfer of your personal data to public authorities is based on fulfilling a legal obligation.
  
  
• Customer/User Account Registration
  If you wish, you can create a customer account on our website by using the link [link to Customer account registration form]. If you create a customer account, you will not have to send us your personal data every time you are using our online shop or when you try to access information/materials intended only for registered customers. The personal data that you provided in the registration form will only be processed for creating and maintaining your customer account. Your personal data will only be stored until you delete your account. If you delete your account, your personal data will be deleted without undue delay except where we are legally obliged by law to further store your data. Please note that you will not be able to use your customer account anymore, after it has been deleted.
  
  
• Registration of suppliers and customers representatives
  The processing of the personal data of suppliers and customers shall be carried out in accordance with the legitimate interests of the controller, according to Article 6 (2). 1, par. (f) of the Regulation. Scope of the personal data processed: title, first name, surname, job title, job position, employee's personal number, department, place of work, telephone number, fax number, e-mail address of the workplace and employer's identification data.
   
• Cookies 
  To make your visit to our website more pleasant and to enable the use of certain functions, we may use “cookies” on various pages. Cookies are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session. Other cookies remain on your device and enable us or our partner companies to recognize your browser on your next visit. You can set your browser in such a way that you are informed about the setting of cookies separately and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. For more information, see the help function of your Internet browser. If cookies are not accepted, the functionality of our website may be limited.

• To find out more about how we use cookies you can access our "Cookies Policy".
  
  
• Data Recipients 
  We may use third party service providers to process your personal data. These service providers may be located in countries within and outside the European Union (EU) and the European Economic Area (EEA). We ensure that these service providers process personal data in accordance with European data protection legislation to guarantee an adequate data protection level, even if personal data are transferred into a country outside the EEA for which no adequacy decision of the EU Commission exists. Transfers of personal data to other recipients is not performed, except where we are obliged to do so by law. For more information about appropriate safeguards for the international data transfer or a copy of them, please contact our Data Protection Officer.
  
  
• Retention Period 
  Personal data provided to us via our website will only be stored until the purpose for which they were processed has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data can be up to 10 years. However, storage periods may also be amended due to our legitimate interest (e.g. to guarantee data security, to prevent misuse or to prosecute criminal offenders).

As a data subject, you can contact our Data Protection Officer at any time with a notification under the contact information mentioned above to make use of your rights. These rights are the following:

• The right to receive information about the data processing and a copy of the processed data;
• The right to demand the rectification of inaccurate data or the completion of incomplete data;
• The right to demand the erasure of personal data;
• The right to demand the restriction of the data processing;
• The right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller;
• The right to object to the data processing;
• The right to withdraw a given consent at any time to stop a data processing that is based on your consent;
• The right to file a complaint with the competent supervisory authority: Úřad pro ochranu osobních údajů, Pplk. Sochora 27 170 00 Praha 7, e-mail: posta@uoou.cz.