PRIVACY POLICY
We recognize that our customers, visitors, users, and others who visit our website (collectively referred to as “Users”) value their privacy. This document therefore contains important information regarding the rules we follow when processing personal data.
All processing of personal data by us always takes place in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 4. 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“).
Notice: In the event of any discrepancies between the Czech and foreign language versions of this Privacy Policy, the Czech version shall prevail. These policies in different language versions are available here: https://originprague.com/en/privacy-policy/.
BASIC INFORMATION
Identification and contact details of the Provider:
| name: | CONGRUENT Building s.r.o. |
|---|---|
| ID No.: | 17985315 |
| registered office: | Londýnské náměstí 881/6, Štýřice, 639 00 Brno |
| contact email: | nikola.miklik@salirione.com |
| contact phone: | 722960677 |
(hereinafter also referred to as the “Provider”)
Data Protection Officer:
The Provider has not appointed a data protection officer, as it is not an obligatory person pursuant to Art. 37 of the GDPR.
Transfer of personal data to a third country or an international organization:
The Provider does not transfer personal data to third countries or international organizations within the meaning of Art. 44 et seq. of the GDPR.
Automated individual decision-making and profiling:
The Provider does not perform profiling or automated individual decision-making.
Supervisory Authority:
The supervisory authority at the location of the Provider’s registered office is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, email: posta@uoou.cz, tel.: 234 665 125.
Status of the Provider:
The Provider acts both in the position of a personal data controller and in the position of a personal data processor.
THE PROVIDER AS A PERSONAL DATA CONTROLLER
The Provider acts in the position of a personal data controller in relation to the personal data of the following persons: customers.
What personal data does the Provider process, for what purpose, and on what legal basis?
Website visit. The Provider processes data obtained from natural persons by visiting the Provider’s website. When visiting the website, the Provider collects and processes the following types of personal data that are stored: first name, last name, Contact details: email address, phone number. Furthermore, the Provider processes the following data: cookies, IP address, device type. This data is necessary to display the website correctly. In addition, they may be used as needed to maintain the secure operation of the website and for other purposes described in this Privacy Policy. The Provider processes this personal data based on its legitimate interest or the User’s consent. Information about cookies is provided below.
In the event that the User is a customer of the Provider, the Provider may, for reasons of legitimate interest, send commercial communications – newsletters to their email address. In other cases, newsletters can only be sent based on consent. Subscription to newsletters can be canceled at any time.
If the Provider intends to process personal data other than those specified in this article, or for other purposes, it may do so only on the basis of validly granted consent to the processing of personal data. Consent to the processing of personal data must be granted on a separate document.
Information on the processing of personal data of the Provider’s employees is provided in a separate internal regulation.
Sensitive personal data
The Provider, as a personal data controller, does not process personal data of Users that belong to special categories of personal data according to Art. 9 of the GDPR.
For how long does the Provider process personal data?
Personal data are processed only for the period for which there is a legal reason for their storage; thereafter, the data are deleted without delay.
Personal data processed for the fulfillment of obligations arising from special legal regulations are processed by the Provider for the period specified by the relevant legal regulations. This includes, for example, statutory data retention or documentation obligations. These are primarily obligations regarding data retention arising from civil, commercial, or tax regulations. If the obligation to retain data expires, the personal data will be deleted without delay.
Other personal data are processed for: the duration of the contractual relationship with the user
THE PROVIDER AS A PERSONAL DATA PROCESSOR
The Provider acts as a personal data processor for other controllers.
The controller of this personal data is obliged to comply with all personal data protection rules set by the GDPR and other legal regulations governing this issue. The Provider bears no responsibility for the violation of personal data protection rules by the controller of this personal data.
What personal data does the Provider process in the position of a personal data processor and what is the purpose of the processing?
The Provider processes the following personal data: Identification data: first name, last name, Contact details: email address, phone number, Technical data from the website: cookies, IP address, device type (in case of consent).
The purpose of processing is: to improve the quality of our services and communication, for sending informational or marketing communications if the data subject has granted consent, and for website traffic analytics purposes.
In the event that the Provider becomes a processor of personal data belonging to special categories of data, the User is responsible for the legality of obtaining such data and handling it according to the GDPR and national legislation. The Provider reserves the right to remove such personal data from its servers upon discovering non-compliance with the conditions for processing special categories of personal data. Before deleting the personal data, the Provider will contact the User with a request for rectification.
For how long does the Provider process personal data?
The Provider processes personal data for the duration of the contractual relationship with the User. After the termination of the contractual relationship, all data are deleted within 30 days of the termination of the contractual relationship. Users are entitled to request data deletion at any time during the duration of the contractual relationship. Upon receiving a User’s request for data deletion, the Provider shall delete all data without undue delay.
RECIPIENTS OF PERSONAL DATA
The Provider does not transfer personal data to any other controllers.
The Provider does not transfer personal data to any personal data processors.
DATA SECURITY METHODS
To secure User data against unauthorized or accidental access, the Provider uses reasonable and appropriate technical and organizational measures.
The Provider ensures that if servers are located in a data center operated by a third party, similar technical and organizational measures are also implemented by that third party.
All data are located only on servers situated in the European Union or in countries ensuring personal data protection in a manner equivalent to the protection provided by the legal regulations of the Czech Republic.
The Provider uses the following procedures for data security: Technical measures include the use of: secure connection (HTTPS), firewalls and regularly updated antivirus software, data encryption during transmission and storage of sensitive information, and secure access credentials to internal systems. Organizational measures include: access to personal data is restricted to authorized persons only, employees are instructed on data protection principles, and access is logged and regularly checked. ..
USER RIGHTS
Every User has:
- the right of access to personal data: The User has the right to obtain confirmation from the Provider as to whether or not personal data concerning them are being processed, and if they are, the right to access those personal data and the following information: a) the purpose of the processing; b) the categories of personal data concerned; c) the recipients to whom the personal data have been or will be disclosed; d) the planned period for which the personal data will be stored; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing, or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) any available information about the source of the personal data, if not obtained from the Users; h) the fact that automated decision-making, including profiling, occurs. The User also has the right to obtain a copy of the processed personal data.
- the right to rectification of personal data: The User has the right to have the Provider rectify inaccurate personal data concerning them without undue delay, or to supplement incomplete personal data.
- the right to erasure of personal data: The User has the right to have the Provider erase personal data concerning them without undue delay if: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the User withdraws the consent on which the processing was based and there is no other legal ground for the processing; c) the User objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been processed unlawfully; e) the personal data must be erased for compliance with a legal obligation under Union or Member State law; f) the personal data were collected in connection with the offer of information society services. However, the right to erasure does not apply if the processing is necessary for compliance with legal obligations, for the establishment, exercise, or defense of legal claims, and in other cases specified in the GDPR.
- the right to restriction of processing: The User has the right to have the Provider restrict processing in any of the following cases: a) the User contests the accuracy of the personal data, for a period enabling the Provider to verify the accuracy of the personal data; b) the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead; c) the Provider no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise, or defense of legal claims; d) the User has objected to processing, pending the verification of whether the legitimate grounds of the Provider override those of the data subject.
- the right to object to processing: The User has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is processed for the reason of legitimate interest. In such a case, the Provider shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests or rights of the Users, or for the establishment, exercise, or defense of legal claims.
- the right to data portability: The User has the right to receive the personal data concerning them which they have provided to the Provider, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller if: a) the processing is based on consent and b) the processing is carried out by automated means. In exercising their right to data portability, the User has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- the right to lodge a complaint with a supervisory authority: If the User believes that the Provider is not processing their personal data in a lawful manner, they have the right to lodge a complaint with a supervisory authority. The contact details of the supervisory authority are provided above.
- the right to information regarding rectification or erasure of personal data or restriction of processing: The Provider is obliged to notify each recipient to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. If the User requests it, the Provider shall inform them about these recipients.
- the right to be informed in the event of a personal data breach: When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Provider shall communicate the personal data breach to the User without undue delay.
- the right to withdraw consent to the processing of personal data: In the event that the processing of some personal data is based on consent, the User has the right to withdraw their consent to the processing of personal data in writing at any time by sending a notice of withdrawal to the email address: nikola.miklik@salirione.com.
COOKIES
The Provider uses cookies, which are small text files that identify the user of the Provider’s website and record their user activities.
The text in a cookie file often consists of a series of numbers and letters that uniquely identify the User’s computer but do not provide any specific personal data about the User. A cookie file usually contains the name of the domain from which it was sent, information about its age, and an alphanumeric identifier.
The Provider’s website automatically identifies the User’s IP address. All this information is recorded in an activity file by the server, which allows for subsequent data processing. The Provider also records the request from the browser and the time of the request, the status, and the amount of data transferred within this request. It also collects information about the browser used and the computer’s operating system and their versions. Furthermore, it records the websites from which you reached the Provider’s website. Your computer’s IP address is stored only for the duration of the website use and thereafter for the necessary period. After this time, the IP address is deleted or anonymized by shortening.
Types of cookies and similar technologies
Technical cookies and similar technologies: Due to its legitimate interest, the Provider uses technically necessary cookies that are required for the operation of the website and to ensure its functionality. These may be persistent or session cookies. A persistent cookie remains on the hard drive even after the browser is closed. Persistent cookies may be used by the browser on subsequent visits to the Provider’s website. Persistent cookies can be removed. Session cookies are temporary and are deleted as soon as the browser is closed. The Provider uses this data to operate the website, in particular to identify and resolve errors, to determine website usage, and to make adjustments or improvements. These are purposes for which the Provider has a legitimate interest in processing data according to Art. 6(1)(f) of the GDPR.
The User can set their browser to block these cookies. The Provider notes that in such a case, some parts of the website will not function.
In the same way and for the same reasons, the Provider uses WebStorage as listed in the table below.
With the User’s permission, the Provider uses additional cookies:
Analytical cookies and similar technologies: These cookies help the Provider analyze how Users use the website. They may be used, for example, to measure and improve website performance. These cookies allow, for instance, to determine how a User arrived at the website, whether directly, via a search engine, or through a link on a social network. Furthermore, the Provider learns how long Users stay on the page and which links they click on.
These cookies are set on the User’s device only if they grant consent during their first visit to the website (according to Art. 6(1)(a) of the GDPR). Analytical cookies can be rejected at any time; simply make a change in the Detailed Cookie Settings.
In the same way and for the same reasons, the Provider uses WebStorage as listed in the table below.
Advertising cookies and similar technologies: Advertising cookies allow for the display of advertising based on the User’s preferences. They may be used, for example, for the Provider to create a profile of the User’s interests so that relevant advertisements can be shown to the User.
These cookies are set on the User’s device only if they grant consent during their first visit to the website (according to Art. 6(1)(a) of the GDPR). Advertising cookies can be rejected at any time; simply make a change in the Detailed Cookie Settings. If the User does not express consent, they will not be the recipient of content and advertisements tailored to their interests.
In the same way and for the same reasons, the Provider uses WebStorage as listed in the table below.
or other cookies / similar technologies, if listed in the table below.
To obtain and manage User consent, the Provider uses the CookiesLišta.cz platform from Cookies lišta, s.r.o., ID: 17418640, Příčná 1892/4, Prague 1, 110 00 Prague. The platform collects device information, browser information, anonymized IP address, date and time of visit, URL requests, website path, and geographic location. This allows for informing the User about the Provider’s web environment and obtaining, managing, and documenting their consent. The legal basis for data processing is Art. 6(1)(c) of the GDPR, as the Provider is legally obliged to provide proof of consent in accordance with Art. 7(1) of the GDPR. Data will be deleted as soon as they are no longer needed for logging and there are no legal retention requirements. Further information on the topic of personal data protection at the platform provider can be found at: https://www.cookieslista.cz.
Third-party cookies may also be placed on the Provider’s website. The Provider uses the following cookies:
| Processor | Cookie designation | Personal data | Purpose of processing | Legal ground | Processing period |
|---|---|---|---|---|---|
| Technical cookies / similar technologies | |||||
| CONGRUENT Building s.r.o. | dcb_dsv | no | Cookie consent version. | legitimate interest | local storage / 365 days |
| CONGRUENT Building s.r.o. | dcb_config | no | Cookie consent configuration. | legitimate interest | local storage / 365 days |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | cookiePreferences | no | Registers user cookie preferences. | user consent | 2 years |
| Analytical cookies / similar technologies | |||||
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga | no | Main cookie used to distinguish unique users. | user consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _ga_* | no | Used to maintain the state of the current session (instead of *, there is a unique container ID). | user consent | 2 years |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gid | no | Used to distinguish users for daily statistics purposes. | user consent | 24 hours |
| Google LLC – 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | _gat | no | Used to limit the number of requests to Google servers. | user consent | 1 minute |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | _clck | no | Stores the Clarity user ID and preferences unique to the site, assigned to the same user ID. | user consent | 365 days |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | _clsk | no | Connects multiple page views by a user into a single Clarity session recording. | user consent | 1 day |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | CLID | no | Identifies when Clarity first recorded this user on any site using Clarity. | user consent | end of session (browser) |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | ANONCHK | no | Indicates whether the MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and therefore it is always set to 0. | user consent | end of session (browser) |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | MR | no | Indicates whether the MUID should be refreshed. | user consent | 7 days |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | MUID | no | Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. | user consent | 365 days |
| Microsoft Corporation – 1 Microsoft Way, Redmond, WA 98052, USA | SM | no | Used in synchronizing the MUID across Microsoft domains. | user consent | end of session (browser) |
Browser cookie settings
Most web browsers accept cookies automatically. However, it is possible to use controls that allow for their blocking or removal.
Instructions for blocking or removing cookies in browsers can generally be found in the privacy policy or help documentation of the respective browsers.
FINAL PROVISIONS
The Provider will update this Privacy Policy in the event of any changes. The current version of the Privacy Policy will always be available on the Provider’s website. If a material change occurs in this Privacy Policy regarding the methods of handling personal data, the Provider shall inform the User by visibly publishing a relevant notice before implementing these changes.
Last modified on 29. 05. 2026