INFORMATION ON PERSONAL DATA PROCESSING

INSTRUCTIONS REGARDING RIGHTS ASSOCIATED TO PERSONAL
DATA PROTECTION

INTRODUCTORY INFORMATION

The company Omega Optix, s.r.o., with registered office Klimentská 1216/46, Nové Město, 110 00
Prague, Company ID No.: 64572366, registered in the commercial register administered by the
Municipal Court of Prague, section C, entry 87154 (hereinafter the “Controller” or the “Company”) as
the Controller of personal data, hereby declares the method and scope of personal data processing by
this Company, including the scope of rights of Data Subjects associated with the processing of their
personal data by the Company as a user of the website https://www.omega-optix.cz (hereinafter
“Website”).

You can contact us:
• in writing to Omega Optix, s.r.o., Pražská 1012, 250 01 Brandýs nad Labem;
• electronically to the email address: info@omega-optix.cz;
• by telephone at tel. no.: +420 326 920 011.

The Company processes personal data in accordance with the law of the European Union, namely in
accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), also in accordance
with international conventions to which the Czech Republic is bound, in particular the Convention for
the Protection of Individuals with Regard to Automatic Processing of Personal Data No. 108, decreed
under No. 115/2001 Coll., and also in accordance with domestic regulations, in particular Act
No. 101/2000 Coll., on personal data protection and the amendment of certain related acts, as amended
(hereinafter “Act on Personal Data Protection”).

LEGAL BASIS FOR PROCESSING PERSONAL DATA

The processing of personal data is lawful provided that at least one of the conditions listed below is
met and only in the commensurate scope:
a) the Data Subject has given consent to the processing of his or her personal data for one or more
specific purposes;
b) processing is necessary for the performance of a contract to which the Data Subject is party or in
order to take steps at the request of the Data Subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Controller is subject;
d) processing is necessary in order to protect the vital interests of the Data Subject or of another natural
person;
e) processing is necessary for the performance of a task carried out in the public interest or in the
exercise of official authority vested in the Controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by
a third party, except where such interests are overridden by the interests or fundamental rights and
freedoms of the Data Subject which require protection of personal data, in particular where the Data
Subject is a child.

SCOPE OF PERSONAL DATA PROCESSED BY THE COMPANY AND PURPOSES OF
PROCESSING PERSONAL DATA

Personal data means any and all information related to an identifiable natural person (hereinafter “Data
Subject”), on the basis of which the given natural person can be identified either directly or indirectly.
As the Controller of personal data in association with the provision of services, we process and retain
personal data under the conditions and within the limitations stipulated by applicable law, in particular
the provisions of Article 6 Section 1 items a), b) and f) of GDPR.
Once the purpose of processing ceases, or once we will no longer have any legal basis for processing
personal data, we delete the personal data.

  1. The provision of our products and services – concluding a contractual relationship
    A lawful basis for processing your personal data is the fact that this processing is essential for performing
    the contracts for provisions services and products concluded between you and our company or for
    performing measures prior to concluding such an agreement in the sense of Article 6 para. 1 item b) of
    GDPR.
    In such cases we process personal data in the following scope: custnumb, custname, first name, last
    name, address, country, username, and password. Personal data is processed for the period absolutely
    necessary in order to provide for the mutual rights and obligations arising from the contractual
    relationship, i.e. always for a minimum period of the duration of the contract, and subsequently for the
    period for which we as the Controller are obligated or entitled to store such data under GDPR and other
    generally binding legal regulations, such as the Act on Accounting, the Act on Archiving and RecordKeeping, or the Act on Value-Added Tax; the same applies even if a contract is not ultimately concluded.
    Personal data are stored in accordance with the above for a maximum of 5 years of the end of the legal
    relationship of the Data Subjects.
  2. Protocol files
    As part of access to the website, the Controller processes protocol files for access to this website for the
    purpose of protecting its legitimate interests consisting of ensuring the protection of such website and
    the improvement of its functionality. Protocol files are processed without the consent of the visitor to a
    web page. Protocol files are stored for a period of 5 years from the visit to the web page. We will carry
    out the processing of these protocol files ourselves or by contracting a third party. We process the
    following data as part of the processing of protocol files, which may (but need not) include the personal
    data of the visitor to the web page:
    • the webpage visited by the website visitor;
    • IP address;
    • date of access and duration of access;
    • client inquiry;
    • http response code;
    • transferred groups of data;
    • data about browser and operating system of the computer the visitor used to visit the web page.
  3. Client account
    In the event of your registration as our client to the client zone in our website, where access is secured
    by username and password, you will obtain direct access to your personal data or data about your orders.
    By opening a client account, you acknowledge that we will process your personal data and information
    stored in your client account.
    Via the client zone we send our clients commercial messages in the form of newsletters associated with
    services already provided in order to exercise our legitimate interests in the form of limited direct
    marketing. We will try to inform you about current offers that you rate as interesting. You can always
    cancel the receipt of news at the address marketing@omega-optix.cz. If you give us your consent, we
    will also inform you about other news and also evaluate your user behavior in order for us to present
    content customized directly for you.
  4. Contact form
    If you contact us via the contact form on the website, we will process your personal data in the following
    scope: first name, last name, telephone number, and email address, exclusively for the purpose of
    responding to your inquiry, complaint, request, or claim only until such time as you question or request
    is resolved, unless the need arises to process your personal data for another purpose. This personal data
    is provided to us entirely voluntarily, as without knowing it we would not be capable of resolving your
    inquiry or request, and for this reason your consent is not necessary with this processing. Failure to
    provide your personal data would mean failure to achieve the purpose of processing from our side,
    namely the resolving of your request.
  5. Sending commercial messages
    If you are our client, as part of providing our products and services we will try to offer you our products
    in the form of limited direct marketing related to products and services already provided to you in order
    to serve our legitimate interests. On the basis of this legitimate interest we will process the following:
    first name, last name, company name, address, email address, and telephone number and data about
    your use of our services. The content of the offers may be personalized on the basis of your previous
    orders of products and services. You may receive offers from us electronically, in particular via email,
    by phone, via SMS message, or by mail or personal delivery from our sales representatives. You can
    always cancel your receipt of commercial messages or raise an objection to such processing.
    On the basis of your consent we process you identification and contact information for the purposes of
    sending discounts, via electronic means, and performance of our own marketing activities beyond the
    scope of our legitimate interest, which consists of processing for the purposes of evaluating your needs
    and sending more relevant offers, during which we may monitor your behavior, connect personal data
    gathered for different purposes, and use advanced analytical techniques. This consent is voluntary, it
    applies for an indefinite period, and can be revoked at any time, both by sending notice of revocation of
    consent in writing to the address above or electronically to the email address
    marketing@omega-optix.cz.
  6. Cookie files
    We use cookie files on our website for the purpose of improving the functioning of our website,
    evaluating user visits, and for the purpose of optimizing marketing activities. Cookie files are small text
    files stored locally by your browser on your computer or mobile device that help the website display
    correctly.
    Cookie files do not serve, nor can they serve, for personal identification of users of the website. Types
    of cookie files collected on our website:
    • Relational cookie – temporary files that remain stored in the device for the duration of your visit
    to the website;
    • Permanent cookie (login) – serves to keep the customer logged in. This cookie is stored until the
    user logs out.
    A list of the different types of cookie files that can be used on our website is as follows. Please note that
    if the information collected using cookie files consists of personal data, the provisions of these privacy
    principles apply.
    • Essential cookie files – these are necessary for the proper functioning of pages, and enable the
    navigation of the website and the use of its services and functions. Without these essential
    cookie files, the website would not function properly and certain services or functions could not
    be provided (e.g. relational cookies, load distribution, user ID, security cookies);
    • Preference cookie files – gather information about user choices and preferences and
    enable the Controller to remember the language preference or other local settings and adapt the
    website accordingly (e.g. language, place, mobile, reference pages, last visit and activity,
    recently watched video, flash cookie files, page history);
    • Tracking cookies for social media – used for tracking members (and non-members) of social
    networks for the purposes of analyzing market research and product development (e.g.
    Facebook, Twitter, etc.);
    • Analytical cookie files – gather information about the manner of using the website by the user
    and enable the Controller to improve its functioning. They show, for example, what is most
    frequently visited on the website, help detect any problems the users of the website have
    encountered, show whether the promotional activities of the Controller are effective, and allow
    the general pattern of use of the website to be determined, not the manner in which a specific
    person is using it (e.g. Analytics cookie files from Google);
    • Marketing cookie files – marketing cookie files are used for marketing purposes (advertising,
    market analysis, campaigns/promotions, fraud detection, etc.).
    Process for deleting cookie files
    You can delete cookies and the data they contain about your person at any time. The process of
    deleting cookie files in your browser can be found below:
    • Internet Explorer
    • Mozilla Firefox
    • Google Chrome
    • Opera
    • Safari
    • iPhone, iPad, and other Apple devices
    • Flash cookies (for all browsers)
    • Devices with Android
    Google Analytics and Google Adwords
    We use Google Analytics to analyze our website, which was developed and is operated by Google Inc.,
    with registered office Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
    Analysis using Google Analytics is conducted by transferring information about the use of the website
    created using aggregated cookie files to the Google server in the USA, where it is subjected to the
    relevant analysis. Due to the anonymization of IP addresses, which is set up on our website, the IP
    address is shortened prior to transferring the data to Google’s servers in the USA, which takes place in
    certain EU members states or the European Economic Area. Only in rare cases is the full IP address
    transferred to Google’s servers in the USA and shortened (anonymized) there. Google will not connect
    the transferred data, including shortened IP addresses, with any other data.
    The collection and analysis of cookie files via Google Analytics can be prevented by visitors to the
    website by changing the browser settings as shown above, which limits the future storage of data on
    visits to the website.
    As part of the Google Analytics service, we also use associated promotional functions provided by
    Google, such as lists of displays in the Google advertising network, expanded reporting of anonymous
    demographic data (e.g. age, gender, interests) or the display of advertising in content networks on the
    basis of products viewed (“remarketing”), including the Google AdWords service, which serves to
    personalize advertising and improve targeting of advertisements and “remarketing”. As a result, we can
    offer visitors to our websites the advertising content that will be of greatest interest to them.
  7. Customer service line
    Calls to our customer lines are recorded on the basis of our legitimate interests consisting of the
    protection of our legal actions and for the purpose of increasing the quality of our services, and in the
    event that a claim for refund or exchange is filed for our products via the customer lines, personal data
    is also processed for performing the contractual and lawful obligations of the Controller. We keep
    recordings from our customer care lines for a period of 1 year, or longer if necessary for fulfilling the
    purpose of processing and in accordance with legal regulations (in particular in cases of processing
    refunds). Personal data is processed via the customer care line in the following scope: first name, last
    name, telephone number, email address, customer number.
  8. Applicants for employment
    During recruitment, we process personal data voluntarily provided to us by the applicant for
    employment. For our recruitment purposes we require only the most necessary data, serving for
    evaluation of education, qualifications, and professional experience.
    The applicant for employment, by submitting his or her resume to the recruitment process, acknowledges
    that the personal data in his or her resume will be used for the purposes of the specific recruitment
    process and solely for the duration of such recruitment. After the recruitment process is completed, the
    personal data of unsuccessful applicants for employment will be deleted. The applicant may request to
    be removed from the recruitment process at any time, as well as the return or deletion of the personal
    data they have provided.

OTHER INFORMATION ABOUT PERSONAL DATA PROCESSING

The personal data of the Data Subject is processed manually by employees of the Company.
The personal data of Data Subjects are also processed by the following personal data processors:
• processors who provide the Controller with server, web, cloud, or IT services;
• business partners of the Controller;
• companies cooperating with the Controller, if necessary for administrative purposes and for
the purposes of providing technical services to clients;
• third parties who assist in the provision of services or information;
• auditors and other specialist advisors;
• police and other governmental or administrative authorities or third parties according to
special legislation and in accordance with such legislation.

INSTRUCTION ABOUT THE RIGHTS OF DATA SUBJECTS

We inform you about the basic principles and practices in accordance with the provisions of Article 13
et seq. of GDPR, on the basis of which we are handling your personal data.
Data Subjects are entitled to obtain from the Controller confirmation as to whether their personal
data is or is not being processed, and if it is processed, Data Subjects have the right to obtain access
to their personal data. Data Subject have the right to obtain their personal data from the Controller in
structured, commonly used, and machine readable format, and the right to transfer this data to another
Controller.
The Data Subject shall have the right to obtain from the Controller without undue delay the rectification
of inaccurate personal data concerning him or her, or taking into account the purposes of the
processing, the Data Subject shall have the right to have incomplete personal data completed, including
by means of providing a supplementary statement.
The Data Subject shall have the right to obtain from the Controller the erasure of personal data,
provided that the personal data is no longer necessary for the purpose of the processing, the Data Subject
has revoked consent to the processing of the data or has raised an objection to the processing of personal
data, and there is no justifiable and preferential reason for the processing, the personal data was
processed illegally, or the personal data must be deleted in order to meet the legal obligations of the
Controller.
The Data Subject shall have the right to obtain from the Controller restriction of processing, the
accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to
verify the accuracy of the personal data; the Controller no longer needs the personal data for the purposes
of the processing, but it is required by the Data Subject for the establishment, exercise, or defense of
legal claims; the Data Subject has objected to processing, or the processing is unlawful and the Data
Subject opposes the erasure of the personal data and requests the restriction of its use instead.
The Data Subject has the right at any time to revoke consent to the processing of personal data without
any penalties. The Data Subject may revoke such consent at any time using the above methods contact
for contacting the Controller. The withdrawal of consent shall not affect the lawfulness of processing
based on consent before its withdrawal.
The Data Subject has the right to lodge a complaint with the relevant supervisory authority, if the
Data Subject considers that the processing of personal data relating to him or her infringes applicable
regulations. The relevant supervisory authority in the Czech Republic is the Office for Personal Data
Protection.
The Data subject has to the right to lodge a complaint against the processing of personal data pertaining
to him or her if the processing is necessary for fulfilling a task carried out in the public interest or in the
exercise of official authority vested in the Controller, the processing is necessary for the purposes of the
legitimate interests of the Controller or a third party, for the purposes of direct marketing, or for the
purposes of academic or historical research or for statistical purposes.

SECURITY
We declare that the handling of personal data takes place in full compliance with applicable legal
regulations. The personal data of Data Subjects is protected via set technologies and organizational
measures.
All personal data in electronic form is stored in databases and systems to which persons have access
who have an immediate need to handle the personal data for the purposes stated in these rules, and only
to the extent necessary. Access to this personal data is protected by password and firewall.

APPLICABILITY
These principles of personal data protection are applicable from 25 May 2018.