Personal data processing policy

1. Introduction

Railsformers s.r.o. is the owner of all rights and permissions to:

("Systems").

Railsformers s.r.o. processes the personal data of all users of the Systems who are natural persons ("data subjects"), regardless of whether or not such users use the Systems for their business ("data subjects"). Thus, all personal data is processed by Railsformers s.r.o. primarily for the purpose of providing the services of the Systems and purposes related thereto.

Railsformers s.r.o. ensures that the processing of personal data is lawful, fair, transparent, accurate, confidential and that personal data is processed only to the extent necessary.

Railsformers s.r.o. also makes sure that personal data is properly secured and that all the rules set out in the General Data Protection Regulation (hereinafter referred to as "GDPR") as well as other legal regulations in the field of personal data handling and protection are observed when processing personal data, and at the same time that all the rules from the perspective of cybersecurity are observed, both the general regulations and recommendations and the specific requirements of the users of the Systems arising from their obligations.

Further information on the scope and manner of processing of personal data is provided in other articles of this Policy.

2. Scope of processed personal data

Railsformers s.r.o. processes, in particular, identification and contact data of data subjects (name, surname, title, name, identification number, tax identification number, residence, registered office, telephone, e-mail) and other personal data that data subjects enter into the Systems. The scope of the data processed is always determined by the data controller.

In addition, Railsformers s.r.o. may in some cases also process personal data of a technical nature, such as cookies, IP address or other online identifiers, GPS location, etc. Further information regarding cookies can be found in this document below in the section on information about cookies.

3. Position of controller vs. processor of personal data

In order to inform personal data subjects in a transparent manner, it is necessary to distinguish the specific situation of Railsformers s.r.o. in relation to personal data subjects. Namely, whether it is the position of a data controller or a data processor (or another data processor in the case of so-called chaining).

3.1 Identification and contact details

Identification data of Railsformers s.r.o., ID No.: 24704440, with registered office at Vřesinská 2371/33, 708 00 Ostrava Poruba, Czech Republic, a company registered in the Commercial Register maintained by the Regional Court in Ostrava, Section C, Insert 36254..

Representatives of Railsformers s.r.o. can be contacted in particular as follows:

  • Electronically (by e-maile)info@railsformers.com - general information
    gdpr@railsformers.com - Data Protection Officer, “DPO”
  • In writing (corespondence address)Railsformers s.r.o., Vřesinská 2371/33, 708 00 Ostrava Poruba, Czech Republic

3.2 Data Protection Officer

On 1 May 2018, Railsformers s.r.o. appointed its Data Protection Officer (DPO), hereinafter referred to as "DPO". As of 1 August 2022, he is:

Name and surname of the Data Protection Officer Ing. Soňa Macíčková

Contact details of the Data Protection Officer e-mail: gdpr@railsformers.com

3.3 Controller or processor of personal data

Railsformers s.r.o. may be in the following positions in terms of personal data protection, always in relation to the purpose and legal basis for processing personal data.

A detailed distinction of this position is given in the following chapters, the basic division of the position is therefore:

  • Personal Data Controller - in the case of normal browsing of the System from the end user's perspective, displaying information pages, creating and managing a user account (without reservations).
  • Personal data processor - in the case of processing personal data on the basis of the controller's instructions - mainly based on the license agreement between Railsformers s.r.o. and the client of Railsformers s.r.o. This mainly concerns the actual process of offering free dates to a specific service provider (i.e. the client of Railsformers s.r.o.) and the subsequent processes of creating and managing reservations.
  • Another personal data processor - or also sub-processor, is a specific position where Railsformers s.r.o. has a license agreement with a processor who has its own license agreement with the controller. Railsformers s.r.o. therefore provides the system as a subcontractor.

4.1 Providing system services

Railsformers s.r.o. processes personal data mainly for the purpose of providing the Systems services.

Railsformers s.r.o. provides the Systems on the basis of a license agreement. Thus, the processing of personal data for the purpose of providing the Services of the Systems is processing of personal data for the purpose of entering into a license agreement and the performance of the rights and obligations arising from the license agreement. This processing is a necessary condition for the provision of the Systems services, where the specific specification of the purpose of the processing is determined by the controller (the system subscriber). Without such processing, Railsformers s.r.o. would not be able to provide the Systems services to the users. In this case, Railsformers s.r.o. is in the position of a processor (or further processor - depending on the parameters of the specific license agreement).

The processing of personal data for the aforementioned purpose may be carried out by Railsformers s.r.o. without any consent of the data subjects. The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).

4.2 Creating and maintaining a user account

A user account is a prerequisite for using the services of the Account System, Win Auction System, Redmine and Reservatic. Railsformers s.r.o. therefore assumes that every data subject who creates a user account is interested in using the services of the Systems at least temporarily. Even when using the services of the Systems free of charge or on a trial basis, a licence agreement is concluded.

General Terms and Conditions for the Systems:

In view of the above, Railsformers s.r.o. will also process personal data for the purpose of setting up and maintaining a user account.

The legal basis for this processing is the processing necessary for the performance of a contract to which the data subject is a party, or for the adoption of measures taken before the conclusion of the contract at the request of the data subject (see Article 6(1)(b) GDPR).

Railsformers s.r.o. also processes personal data for the purpose of fulfilling its legal obligations.

This includes legal obligations arising for Railsformers s.r.o. in particular from accounting and tax laws (e.g. VAT Act). In addition, Railsformers s.r.o. is obliged to be able to demonstrate that it processes personal data in accordance with generally binding legislation, in particular the GDPR. This purpose of processing personal data also falls under the legal obligations of Railsformers s.r.o.

The processing of personal data for the aforementioned purposes may also be carried out by Railsformers s.r.o. without any consent from the data subject. The legal basis for this processing is the fulfilment of a legal obligation to which Railsformers s.r.o. is subject as a data controller (see Article 6(1)(c) GDPR).

4.4 Legitimate interests of Railsformers s.r.o.

Railsformers s.r.o. is also entitled to process personal data for the following purposes:

  • customer records;
  • analysis of the use of the Systems by its users;
  • establishing, exercising or defending legal claims (in particular, legal claims arising from a concluded licence agreement).

The processing of personal data for any of the above purposes may also be carried out by Railsformers s.r.o. without any consent of the data subjects. The legal basis for this processing is the legitimate interest of Railsformers s.r.o. (see Article 6(1)(f) GDPR).

This processing is not possible unless the interests or fundamental rights and freedoms of the data subjects override the interests of Railsformers s.r.o., which require the protection of personal data.

The data subject may object to processing of personal data based on a legitimate interest of Railsformers s.r.o. at any time (see Article 21 of the GDPR).

Based on the consent to the processing of personal data, Railsformers s.r.o. is entitled to process personal data for any purpose specified in the respective consent. The legal basis for this processing is the data subjects' consent to the processing of personal data (see Article 6(1)(a) GDPR).

Consent to the processing of personal data is entirely voluntary. Any failure to give consent will have no adverse consequences for the data subject.

Each data subject has the right to withdraw consent to the processing of personal data at any time, in particular:

  • by electronic notification sent to the e-mail address gdpr@railsformers.com
  • by written notification sent to the address of the registered office of Railsformers s.r.o.

Withdrawal of consent does not affect the lawfulness of the processing of personal data in the period before the withdrawal of consent, on the basis of which the processing of personal data was carried out.

5. Direct marketing

5.1 General

Processing of personal data for direct marketing purposes means processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as "Act No. 480/2004 Coll.").

Commercial communication means any form of communication, including advertising and encouragement to visit the website of the online shop, intended to directly or indirectly promote the goods or services or the image of Railsformers s.r.o. (hereinafter referred to as "Communication").

The ability to send commercial communications may be governed (limited) by a specific license agreement between Railsformers s.r.o. and the service provider using the System under that license agreement.

5.2 Method of sending communications

The processing of personal data for the purpose of sending the Communication may be carried out by Railsformers s.r.o. on the basis of the existence of a legitimate interest (see recital 47 of the GDPR). Also, the actual sending of the Communication may be carried out by Railsformers s.r.o. without consent (in accordance with Section 7(3) of Act No. 480/2004 Coll.), unless the data subject has initially refused it (e.g. by ticking the box "I do not wish to receive any emails from Railsformers").

5.3 Termination of processing

Railsformers s.r.o. shall terminate the processing of personal data for direct marketing purposes without delay after the data subject has expressed his or her opposition to such processing. The objection may be made, for example, in one of the following ways:

  • by unsubscribing from the Communication (which can be done in each Communication or by ticking the "I do not want to receive any emails from Railsformers" box);
  • by objecting to such processing (subject to Article 21 of the GDPR).

Notwithstanding the foregoing, the Operator shall cease processing personal data for direct marketing purposes no later than 2 years after the last active use of the System or logging into a user account (whichever is later). With each active use of the System or login to the user account, the processing period is extended for another 2 years.

6. Categories of recipients of personal data

The recipient of personal data is anyone to whom Railsformers s.r.o. provides personal data in connection with the above-mentioned purposes of processing personal data.

Railsformers s.r.o. may provide personal data to recipients whose services are used primarily in the operation and maintenance of the System. These include, in particular, entities providing accounting, printing and mailing services, legal services, IT services, cloud services, messaging services or operators of payment gateways and systems, etc.

These recipients will process personal data either as independent controllers (i.e. as entities that determine the purposes and means of processing personal data themselves, independently of Railsformers s.r.o.) or as processors (i.e. as entities that process personal data for Railsformers s.r.o. on its instructions).

In addition, Railsformers s.r.o. will provide personal data to public authorities if it is or will be obliged to do so by generally binding legislation. However, public authorities in the exercise of their investigative powers are not considered recipients.

6.1 Other processors of personal data and third parties to whom personal data are transferred

Among the specific other data processors and third parties to whom personal data is transferred, whose services are provided by Railsformers s.r.o. within the systems (or which are used directly by the subject when using the product of the systems), are in particular the following recipients of personal data:

  • Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA providing the reCaptcha Enterprise security feature.
  • Seznam.cz, a.s., Radlická 3294/10, 150 00 Praha 5, ID No.: 26168685, VAT No.: CZ26168685 for the marketing channel Sklik
  • The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA providing the Mailchimp e-mailing service.
  • Meta Platforms, Inc., One Hacker Way Menlo Park, CA 94025, USA for advertising purposes on Meta's social media channels
  • GOPAY s.r.o., Planá 67, 370 01 Planá, Czech Republic, providing a payment module for ordering Reservatic services as well as processing direct payments by entities to individual service providers who offer paid services through the Reservatic system.
  • Openstreetmap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom providing map data for displaying the addresses of Railsformers s.r.o. and addresses of individual service providers.
  • ATS Praha s.r.o., Kubánské nám. 11, Praha 10, Czech Republic, providing sms services for ordering services in the Reservatic system.
  • The company Bankovní identita, a.s., with its registered office at Smrčkova 2485/4, 180 00 Prague 8 – Libeň, Company ID: 09513817, Tax ID: CZ09513817, digital user verification provided by banks for the identification of users of the Per rollam system.
  • The company Digital Solutions, s.r.o., with its registered office at 17. listopadu 203, 530 02 Pardubice, Company ID: 25998706, Tax ID: CZ25998706, provision of digital signatures and related solutions for electronic authentication and signing of documents in the Per rollam system.

7. Period of processing of personal data

Railsformers s.r.o. will process personal data only for the period necessary for the purpose of processing, but generally for a maximum of 2 years. The termination of one of the legal bases for processing personal data does not affect the processing of personal data (to the extent necessary) on the basis of another legal basis (and for the relevant purpose).

The duration of the processing of personal data may be governed by a specific licence agreement between Railsformers s.r.o. and the service provider using the System under that licence agreement.

7.1 Provision of system services

Railsformers s.r.o. will process personal data for the purpose of providing the Services of the Systems (performance of the License Agreement) for at least the duration of the obligation under the License Agreement.

7.1.1 Creating and maintaining a user account

The User Account may be cancelled at any time at the same time as the termination of the use of the System services, based on a request for cancellation of the User Account sent to any of the contact addresses listed in Article 3 above (in particular, the e-mail addresses gdpr@railsformers.com and info@railsformers.com). In the event of termination of the use of the services in any of the System, Railsformers s.r.o. shall terminate the processing of the personal data entered in the user account no later than 2 years from the termination of the obligation under the license agreement (termination of the use of the System) or from the last login to the user account, if the data subject no longer uses the System.

If the data subject has never started to use the System services (e.g. has only set up a user account), Railsformers s.r.o. shall cancel the user account and cease processing the personal data entered into the user account immediately upon receipt and confirmation of an e-mail request sent to one of the contact addresses listed in Article 3 above, or at the latest within 2 years from the last login to the user account.

For the purpose of fulfilling legal obligations, Railsformers s.r.o. will process personal data for the duration of the relevant legal obligation set by generally binding legal regulations (e.g. tax documents containing personal data must be kept by Railsformers s.r.o. for 2 years).

7.3 Legitimate interests of Railsformers s.r.o.

For the purpose of direct marketing (sending of the Communication), Railsformers s.r.o. will process personal data until the time of expressing opposition to such processing, but no longer than for a period of 2 years from the last termination of the obligations under the license agreement (termination of use of the System) or logging into the customer account, if the data subject does not use the System.

For the purpose of customer registration, Railsformers s.r.o. will process personal data for a period of 2 years from the termination of the obligations under the license agreement (termination of use of the System) or login to the customer account, unless the data subject does not use the System.

For the purpose of analysing the use of the System by its users, Railsformers s.r.o. will process personal data for a period of 2 years from the last login of the user.

For the purpose of establishing, exercising or defending legal claims, Railsformers s.r.o. will process personal data for as long as the relevant legal claim exists, but for a maximum of 1 year after the expiry of the limitation period under generally binding legal regulations. In the event of the initiation and continuation of judicial, administrative or any other proceedings in which the rights or obligations arising from the relevant legal claim are addressed, the period of processing of personal data for this purpose shall not expire before the final conclusion of such proceedings.

For the purpose stated in the respective consent to the processing of personal data (if the data subject has given such consent to Railsformers s.r.o.), Railsformers s.r.o. will process the personal data until the consent is withdrawn, otherwise for a maximum of 2 years from the moment of giving consent to the processing of personal data.

8. Rights of data subjects

Each data subject has, inter alia, the following rights:

  • the right of access to personal data (under the terms of Article 15 GDPR)
  • the right to rectification of personal data (under the terms of Article 16 GDPR)
  • the right to erasure of personal data (under the terms of Article 17 GDPR)
  • the right to restrict the processing of personal data (under the terms of Article 18 GDPR)
  • the right to object to processing (under the terms of Art. 21 GDPR)
  • the right to the portability of personal data (under the terms of Article 20 GDPR)
  • the right to lodge a complaint with a supervisory authority (i.e. the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, e-mail posta@uoou.gov.cz)
  • the right to withdraw consent to the processing of personal data

9. Information about cookies

We, the company Railsformers s.r.o., ID No.: 24704440, with its registered office at Vřesinská 2371/33, 708 00 Ostrava Poruba, Czech Republic, registered in the Commercial Register kept by the Regional Court in Ostrava, Section C, Insert 36254, as the controller, processor or other processor (depending on the specific situation) of personal data, would like to inform you that for the purpose of:

  • measuring website traffic
  • creating statistics regarding the traffic on our website and the behaviour of visitors on our website
  • the correct functionality of our website
  • adapting our website to your needs
  • identifying which pages and features visitors to our website use most frequently
  • improving the use of our servers

we use small amounts of data that are stored on your end device ("cookies"). You can find out more about cookies, for example, by visiting the following sources of information:

Cookies are used by almost every website in the world, and are generally a useful service because they increase the user-friendliness of a website you visit repeatedly (they allow your computer to remember the pages you have visited and your preferred settings for each page).

9.1 Advertising cookies

Cookies are used to improve your user experience on the website by allowing the website to identify your browser, either for the duration of your visit (using session cookies) or for repeat visits (using persistent cookies). This is useful, for example, when displaying your shopping cart, browsing history, hiding commercial messages, logging in, etc.

Our website also uses cookies for behaviourally targeted advertising, which allows us to tailor advertising and ensure it is relevant to you, based on the areas you view on our website and the geographic location of your IP address. These cookies are placed by third party advertising networks with our consent.

We use the following cookies on our website:

  • Technical - first parties, short term. They ensure the basic technical functionality of the website, i.e. logging in, remembering settings, using services, etc.
  • Statistical and diagnostic (e.g. Google Analytics companies ) - first pages, long-term. They are used to generate anonymous statistics about the use of the website. We use them to help us better tailor the site to you. We only use analytical functions in Google Analytics that do not collect the data needed to profile site users (age, gender, interests, IP address, etc.).
  • First and third party advertising. These are cookies from the advertising systems of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 - Ireland, Seznam.cz a.s., Radlická 3294/10, Praha 5 - Smíchov 150 00 and Meta Platforms Ireland Limited, Inc. 1601 Willow Rd, Menlo Park, CA 94025 (third party, long-term). These cookies are used for marketing profiling. They enable us to stay in touch with you, for example, through personalised advertising on social media. They are used for targeted advertising, whether it is recurring (remarketing, retargeting) or behavioral. That is to say, if advertising must be displayed (as the main income for the website and its content creation), then let the user/reader be shown offers that may actually interest him/her.

9.2 Generally cookies

The use of cookies can be set using your browser. Most internet browsers automatically accept cookies by default. However, you can refuse cookies by setting your internet browser. You can find more information on how to set this on the following pages:

At the same time, in accordance with the legislation in force, we allow you to approve the use of all cookies, or to select them (with the exception of necessary technical cookies) according to your preferences directly in the system.

However, technical cookies that are necessary for the functionality of our website will only be stored for the time necessary for the functioning of the website.

You can object to the processing of cookies under the terms of Article 21 GDPR. An objection can be sent to Railsformers s.r.o. or its Data Protection Officer via one of the contact addresses listed in Article 3 of this Policy. If you object to the processing of technical cookies, the full functionality and compatibility of our website cannot be guaranteed in this case.

The cookies that are collected for the purpose of measuring the traffic to our website and generating statistics concerning the website's traffic and the behaviour of visitors to the website are processed in a nearly anonymised form that, although it allows your identification, only with considerable and professional effort.

All cookies are stored for the period of time indicated below for each type of cookie.

The collected cookies may be processed by other processors:

In the context of the optional simplified registration or login to user systems, these processors may also (using the Single Sign-On system of the listed processors) create and handle additional cookies in accordance with their contractual terms available here:

In accordance with the GDPR, you have the following rights in terms of cookies - see Article 8 of this Privacy Policy - Data Subject Rights.

For other cookie arrangements, we follow our Privacy Policy set out in the previous sections of this document.

9.3 List of cookies for each system

The list of cookies that may (but may not, depending on the functions of the System used by the personal data subject) be processed in the Systems are listed in the following subsections for each System.

You can change your settings for storing cookies at any time in the cookie settings in the footer or on the Systems' websites.

9.3.1 Cookies for the System https://railsformers.cz/

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
cookie_consent_settings_set 1 year Custom Cookies settings -
cookie_consent_performance 1 year Custom Cookies settings -
cookie_consent_targeting 1 year Custom Cookies settings -
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_gat_* Visit Google Google Analytics -
_ga 2 years Google Google Analytics -
_gid 1 day Google Google Analytics -
_ga_* 2 years Google Google Analytics -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_fbp* 1 day Facebook Facebook Pixel -
_gcl_au 3 months Google Google Ads -

9.3.2 Cookies for the System https://www.sucto.cz/

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
PHPSESSID Session Custom Default site settings -
cc_cookie 365 days Custom Saving cookie preferences -
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_ga 2 years Google Google Analytics session marking -

9.3.3 Cookies for the Systems https://srecepty.cz/, https://srecetas.es/, https://www.srecipes.eu/ a https://srecepty.pl/

Necessary technical cookies
Name Expiry Expiry Description Security
_srecepty_new_session4 Session Custom Session identification -
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
PHPSESSID Session Custom Default site settings -
cc_cookie 365 days Custom Saving cookie preferences -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_ga 2 years Google Google Analytics -
_gid 1 day Google Google Analytics -
_gads 1 hour Google Google Ads -
_gat_* 1 day Google Google Analytics -
_gat_gtag_* 1 hodina Google Google Analytics -
_fbp 3 months Facebook alytics, Facebook pixel identification -

9.3.4 Cookies for the System https://redmine.rails.cz

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
PHPSESSID Session Custom Default site settings -
cc_cookie 365 days Custom Saving cookie preferences -
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_ga 2 years Custom Google Analytics session marking -
_gid Session Custom Google Analytics session marking -
_gat_gtag_UA_26590382_1 Session Custom Google Analytics session marking -

9.3.5 Cookies for the System https://mineralfit.cz/

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
cc_cookie 365 days Custom Saving cookie preferences -
_cms_session 365 days Custom Unique session identifier encrypted
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
viewed_posts Session Custom Number of articles viewed -
_gat_UA-7407797-3 Session Custom Google Analytics session marking -
_ga 2 years Custom Google Analytics session marking -
_gads 365 days Custom Google Analytics session marking -
_gid Session Custom Google Analytics session marking -

9.3.6 Cookies for the System https://chovatelka.cz/

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
cc_cookie 365 days Custom Saving cookie preferences -
_cms_session 365 days Custom Unique session identifier encrypted
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
viewed_posts Session Custom Number of articles viewed -
_gat_UA-7407797-3 Session Custom Google Analytics session marking -
_ga 2 years Custom Google Analytics session marking -
_gads 365 days Custom Google Analytics session marking -
_gid Session Custom Google Analytics session marking -

9.3.7 Cookies for the System https://samuraj.cz/

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
cc_cookie 365 days Custom Saving cookie preferences -
_cms_session 365 days Custom Unique session identifier -
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
viewed_posts Session Custom Number of articles viewed -
_gat_UA-7407797-3 Session Custom Google Analytics session marking -
_ga 2 years Custom Google Analytics session marking -
_gads 365 days Custom Google Analytics session marking -
_gid Session Custom Google Analytics session marking -

9.3.8 Cookies for the System https://reservatic.com   and a mobile application called “Reservatic"

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_reservatic_session2020_a session Custom Unique session identifier encrypted
cc_cookie 365 days Custom Cookie preferences (valid from 29.12.2021) -
cookie_eu_consented 365 days Cookie preferences (historical, valid until 29 December 2021) Reservation token -
reservation_detail_token 1 hour Custom Reservation token -
return_to session Custom URL of the service when using our web forms -
user.id session Custom User identification for internal chat signed
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
colorTheme 7 days Custom User interface settings colorTheme
Analytical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
- - - - -

9.3.9 Cookies for system https://per-rollam.com/  and https://system.per-rollam.com

Necessary technical cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
cc_cookie 365 days Custom Saving cookie preferences -
_GRECAPTCHA 365 days Third party (Google) Used reCAPTCHA to verify that the user is not a robot. Encryption, Secure
ANONCHK 1 day Third party (Microsoft Clarity) Visitor identification in Microsoft analytics services. Pseudonymization
CLID 365 days Third party (Microsoft Clarity) Visitor identification across visits. Pseudonymization
SM Session Third party (Microsoft Clarity) Manage the user session within the session. Pseudonymization
Preference cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_ga* 2 years Google Stores the session and user state within a specific Google Analytics instance 4. Used to properly measure interactions on the site. Pseudonymization
_ga_EWJ3DRMKZ0 2 years Third party (Google) Google Analytics instance 4 (web measurement). Pseudonymization
_clck 2 years Third party (Microsoft Clarity) User identification on repeat visits. Pseudonymization
_clsk 1 day Third party (Microsoft Clarity) Combining data from multiple sites into a single visit record. Pseudonymization
SRM_B 365 days Third party (Microsoft/Bing) Manage user sessions within Bing Analytics. Pseudonymization
MR Several days Third party (Microsoft/Bing) Tracking user behaviour for analytics and advertising. Pseudonymization
MUID 365 days Third party (Microsoft/Bing) Identifying a device when visiting a Microsoft site. Pseudonymization
Marketing cookies
Name Expiry Who has access to the information
(us or another processor)		 Description Security
_gcl_au 90 days Google Used with Google AdSense to experiment with ad effectiveness. Pseudonymization
IDE 365 days Google Used with Google AdSense to experiment with ad effectiveness. Pseudonymization
DV 1 day Google It is used to process information about visitor behaviour for analytical purposes. Pseudonymization
test_cookie 15 minutes Google Used to test whether the browser allows cookies to be stored. No data
sid 30 days seznam.cz It is used for conversion tracking and retargeting in the Sklik advertising system. Pseudonymization
_fbp 90 days Meta It is used by Facebook to deliver ads to users who have already visited the site. Pseudonymization
udid 365 days Third party (Microsoft/Bing) Tracking user behaviour and delivering personalised advertising. Pseudonymization

10. Cooperation with the professional public

Railsformers s.r.o. also consults representatives of the professional public on aspects of personal data protection. Subsequently, Railsformers s.r.o. implements processes and procedures to improve organisational and technical measures to ensure adequate protection of personal data. The representatives of the professional public are highly professional data protection bodies:

You can read more about the cooperation, for example, here:

https://digitalnisvobody.cz/blog/2021/10/18/registrace-k-ockovani-nove-bez-googlu/

11. Further information on the processing of personal data

In case of questions regarding the processing of personal data or in case of exercising the rights of the data subject referred to in Article 8 of this Policy, Railsformers s.r.o. or its Data Protection Officer may be contacted via one of the contact addresses listed in Article 3 of this Policy.

General information on the processing of personal data can also be found on the website of the Data Protection Authority available at https://uoou.gov.cz/.

This Policy shall take effect on 31 March 2022.