Processing and Protection of Personal Data by Able.cz s.r.o.

1. General Information

This document contains comprehensive information concerning the processing and protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”), in connection with Act No. 110/2019 Coll., as processed by the company Able.cz s.r.o., ID No.: 242 78 815, with its registered office at Vlněna 526/5, Trnitá, 602 00 Brno, within the scope of its activities.

2. Data Controller

Able.cz s.r.o.

Company ID No.: 242 78 815

Registered office: Vlněna 526/5, Trnitá, 602 00 Brno

Company registered in the Commercial Register maintained by the Regional Court in Brno,
File No.: C 85424

Contact email address: hello@able.cz

Company website: www.able.cz

(hereinafter also reffered to as „Able“)

3. Scope of Processed Personal Data

In the course of its activities, which primarily include the provision of consulting and IT services related to the systematic management and development of clients’/customers’ brands in the online environment (brand management), as well as the design, development, and administration of software and web applications, Able processes personal data obtained from its clients/customers (where they are natural persons) or from contact persons of clients/customers in connection with Able’s activities, or personal data from individuals who are clients/customers of Able’s clients/customers.

In specific cases, Able processes in particular the following personal data:

- identification and contact details of clients/customers and their contact persons (where they are natural persons), and, where applicable, personal data of individuals who are clients/customers of Able’s clients/customers;

- data relating to the services ordered by the client, or to the services and software/web applications provided by Able;

- data from mutual communication (whether conducted in person, in writing, by telephone, or otherwise) between Able and the contact persons of customers/clients;

- payment data (e.g., information on amounts paid or due, account numbers, etc.).

4. Purpose and Legitimate Interest in the Processing of Personal Data

Able processes personal data of clients/customers, their contact persons, and, where applicable, personal data of individuals who are clients/customers of Able’s clients/customers for the purposes, on the legal grounds, and based on the legitimate interests of Able specified below in Sections 4.1 to 4.4 of this document.

4.1. Conclusion and Performance of a Service Agreement

In the event of a service agreement being concluded between Able and a client/customer, Able processes, in accordance with Article 6(1)(b) of the GDPR, personal data necessary for the proper performance of that agreement. For this reason, Able primarily processes:

- data concerning the services ordered by the client, or concerning services and software/web applications provided by Able;

- data from mutual communication (whether conducted in person, in writing, by telephone, or otherwise) between Able and the contact persons of customers/clients;

- payment data (e.g., information on amounts paid or due, account numbers, etc.).

Able processes personal data for this purpose for the duration of the contractual relationship between Able and the client. After this period, personal data may continue to be retained for reasons based on legitimate interest, as described in Section 4.2 of this document.

4.2. Legitimate Interest

Processing of personal data based on legitimate interest under Article 13(1)(d) of the GDPR in conjunction with Article 6(1)(f) of the GDPR is carried out by Able in the following cases:

a) The processing is carried out for the purpose of protecting Able’s property, including the establishment, exercise, and defence of Able’s rights and legal claims. For these reasons, Able retains personal data contained in contractual documentation as well as in mutual communication. Personal data are retained for this purpose for a period of 10 years.

b) The processing is carried out for the purpose of potential communication with Able’s clients in the event of unforeseen circumstances. For this reason, personal data are retained for a period of 4 years after the termination of the contractual relationship or from the time of the last mutual communication in other cases.

4.3. Fulfilment of Legal Obligations

Processing of personal data is carried out in accordance with Article 6(1)(c) of the GDPR for the purpose of complying with obligations arising from generally binding legal regulations, particularly in relation to archiving, accounting, and the fulfilment of tax obligations. For this reason, Able primarily processes:

- data regarding the services ordered by the client, or concerning the services and software/web applications provided by Able;

- payment data (e.g., information on amounts paid or due, account numbers, etc.).

Personal data are retained for this purpose for the period specified directly in the relevant generally binding legal regulations. These include, but are not limited to, Act No. 563/1991 Coll. (as amended, §31), Act No. 235/2004 Coll. (as amended, §35), Act No. 280/2009 Coll. (as amended, §148), and Act No. 586/1992 Coll.

4.4. Consent

If the client grants Able consent to process personal data in accordance with Article 6(1)(a) of the GDPR, such processing is carried out solely for the purpose for which the consent was granted. The client may withdraw their consent to processing at any time; such withdrawal does not affect the lawfulness of processing based on another legal ground. The client may withdraw consent in writing at the address provided in Section 2 of this document or via email at hello@able.cz.

Where consent to personal data processing has been granted, Able retains the data for a period of 7 years (unless otherwise specified within the granted consent) or until the moment the consent is withdrawn.

5. Transfer of Personal Data to Third Parties

V In certain cases, Able transfers personal data to third parties. This mainly occurs in situations where the provision or subcontracting of IT services is required, and personal data are transferred by Able to the selected supplier/subcontractor in order to ensure the complete and proper performance of the agreed services under the service agreement concluded with the client/customer.

Furthermore, personal data managed by Able may be transferred to entities providing accounting or legal services to Able.

When processing personal data, Able also uses tools for the automated processing of personal data focused on customer relationship management (CRM), which are provided to Able by third parties.

Able also transfers personal data to tax authorities and public administration bodies where this obligation is imposed by law, and only to the extent and for the period strictly necessary.

Able has no intention of transferring personal data to any third country or international organization.

6. Rights Related to the Processing of Personal Data

6.1. Right of Access to Personal Data

In accordance with Article 15 of the GDPR, the data subject has the right to obtain confirmation as to whether personal data concerning them are being processed. If so, they have the right to access such data, to obtain the information detailed in Article 15 of the GDPR, to receive a copy of the processed personal data, and to be informed about the manner in which such data are processed.

6.2. Right to Rectification of Personal Data

In accordance with Article 16 of the GDPR, the data subject has the right to have Able correct, without undue delay, any inaccurate personal data concerning them. The data subject also has the right to have incomplete personal data completed, including by providing an additional statement.

6.3. Right to Erasure of Personal Data (“Right to Be Forgotten”)

In accordance with Article 17 of the GDPR, the data subject has the right to be forgotten, that is, the right to have Able erase, without undue delay, personal data concerning them that Able processes, for any of the reasons set out in Article 17 of the GDPR.

6.4. Right to Restriction of Processing

The data subject has the right to have Able restrict the processing of their personal data in the cases specified in Article 18 of the GDPR.

6.5. Right to Data Portability

The data subject has the right to obtain their personal data from Able and to transmit those data to another controller under the conditions set out in Article 20 of the GDPR.

6.6. Right to Object

In accordance with Article 21 of the GDPR, the data subject has the right to object where personal data are processed by Able on the basis of a legitimate interest. If such an objection is found to be relevant and justified, Able will cease processing the personal data concerned.

6.7. Right to Information Regarding Automated Decision-Making, Including Profiling

In accordance with Article 22 of the GDPR, data subjects are not subject to any decision based solely on automated processing by Able, including profiling, that would have legal effects on them or similarly significantly affect them.

6.8. Right to Lodge a Complaint with a Supervisory Authority

If the data subject considers the processing of their personal data by Able to be unlawful, they are entitled to lodge a complaint with the Office for Personal Data Protection.

6.9. Right to Security of Processing and Notification of Personal Data Breaches

Able has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk in accordance with Article 32 of the GDPR, in order to safeguard the processing of personal data of data providers. The company also maintains records of processing activities for which it is responsible, in accordance with Article 30 of the GDPR. Furthermore, if a personal data breach were to occur, the controller will, in accordance with Article 34 of the GDPR, notify the data subject of the breach without undue delay.

7. Additional Information

In case of any uncertainties regarding the processing of personal data by Able, or if exercising any of the rights set out in Section 6 of this document, it is possible to contact Able in writing at the address provided in Section 2 of this document, or via email at hello@able.cz.

This document is effective as of 1 September 2025.