PRIVACY POLICY

This Privacy Policy explains how BORTOLIN s.r.o. collects, uses, stores, discloses and otherwise processes personal data in connection with its website, business activities, communications, marketing activities, social media presence and any related services.

We are committed to processing personal data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (“GDPR”), and any applicable national implementing provisions.

1. Data Controller

BORTOLIN s.r.o.

Dukelská 511
56201 Ústí nad Orlicí
Czech Republic

VAT No.: 25277090

Email: info@bortolingroup.com

2. Scope of this Policy

This Privacy Policy applies to personal data processed through:

  • our website and any related webpages;
  • contact forms, email communications and requests for information;
  • commercial relations with customers, prospects, suppliers and business partners;
  • newsletter and direct marketing activities;
  • analytics, advertising, remarketing and audience measurement tools;
  • social media pages, messaging channels and integrations with third-party platforms;
  • embedded content, cookies, pixels, tags, SDKs and similar tracking technologies.

3. Categories of Personal Data We May Process

Depending on your interactions with us, we may process the following categories of personal data:

  • identification data, such as name, surname, company name and job title;
  • contact data, such as email address, telephone number, postal address and country;
  • business and contractual data, such as billing details, VAT data, order details, transaction information and correspondence;
  • communication data, including messages sent through forms, email or other channels;
  • technical and device data, such as IP address, browser type, operating system, language settings, device identifiers, approximate geolocation derived from IP, log files and timestamps;
  • website usage data, such as pages viewed, session duration, referring URLs, clicks, navigation paths and interactions with site elements;
  • marketing and preference data, such as subscription choices, consent preferences, campaign interactions and inferred interests;
  • social media data, such as profile information made available by social networks, public interactions, messages and audience insights;
  • advertising and profiling data, such as cookie identifiers, advertising IDs, custom audience data, conversion data and segmented or inferred interests;
  • any other information you voluntarily provide to us.

4. Sources of Personal Data

We may collect personal data:

  • directly from you when you contact us, fill in a form, subscribe, request a quotation, purchase our services, or otherwise interact with us;
  • automatically through cookies, pixels, tags, SDKs, server logs and analytics tools;
  • from publicly available sources, business directories, professional networking platforms or public social media profiles;
  • from third parties such as analytics providers, advertising partners, social media platforms, payment providers, CRM providers, hosting providers, communication tools and business partners;
  • from Google and similar providers where you interact with our ads, analytics tools, maps, videos, captcha services, sign-in services or other integrated technologies;
  • from Meta, LinkedIn, X, YouTube, TikTok or other social or advertising platforms if such services are used in connection with our website or marketing activities.

5. Purposes of Processing and Legal Bases

We may process personal data for the following purposes and on the following legal bases:

  • To respond to inquiries and provide requested information – legal basis: performance of pre-contractual steps, performance of a contract, or our legitimate interest in handling business communications.
  • To manage customer and supplier relationships – legal basis: performance of a contract and compliance with legal obligations.
  • To manage orders, invoicing, accounting and tax compliance – legal basis: compliance with legal obligations and performance of a contract.
  • To operate, maintain, secure and improve our website and services – legal basis: our legitimate interest in ensuring functionality, security, diagnostics and service quality.
  • To prevent fraud, abuse, unauthorized access and cyber threats – legal basis: our legitimate interest and, where applicable, compliance with legal obligations.
  • To analyze traffic, user behavior and website performance – legal basis: your consent where required for non-essential tracking technologies, otherwise our legitimate interest where permitted by law.
  • To send newsletters, promotional communications and commercial updates – legal basis: your consent where required, or our legitimate interest where soft opt-in or similar lawful conditions apply.
  • To personalize content, advertising and user experience – legal basis: your consent where required for profiling, advertising cookies and similar technologies.
  • To create custom audiences, remarketing segments and measure campaign effectiveness – legal basis: your consent where required and, where applicable, our legitimate interest in marketing optimization.
  • To establish, exercise or defend legal claims – legal basis: our legitimate interest.
  • To comply with requests from public authorities and applicable laws – legal basis: compliance with legal obligations.

6. Cookies, Pixels, Tags and Similar Technologies

Our website may use cookies, local storage, tracking pixels, tags, SDKs, web beacons and similar technologies.

These technologies may be used for the following categories of purposes:

  • Strictly necessary technologies – required for the website to function properly, for security, fraud prevention, session management and core technical operations.
  • Preferences technologies – used to remember language, region, cookie settings and similar preferences.
  • Analytics technologies – used to understand traffic, performance, user behavior and website usage.
  • Marketing and profiling technologies – used to measure campaigns, show personalized advertising, perform remarketing, build audience segments and connect activity across websites, platforms or devices where permitted.
  • Third-party embedded content technologies – used when pages integrate external services such as videos, maps, captcha tools, social media widgets or external forms.

Where required by applicable law, non-essential cookies and similar technologies will only be activated on the basis of your prior consent. You may withdraw or update your consent preferences at any time through the cookie settings tool made available on the website, where implemented, or through your browser settings, subject to the limitations of those tools.

7. Google Services

Where enabled on our website or in our digital infrastructure, we may use services provided by Google and affiliated entities, including for example:

  • Google Analytics or similar analytics tools;
  • Google Ads and conversion tracking;
  • Google remarketing and audience building;
  • Google Tag Manager;
  • Google Maps;
  • YouTube embeds;
  • Google reCAPTCHA or similar anti-abuse services;
  • Google Sign-In or authentication services, where applicable.

These services may collect or receive data such as IP address, cookie identifiers, browser information, device information, interaction events, traffic data, approximate location and other online identifiers. Google may act as an independent controller for certain processing activities, or as our processor/provider depending on the specific service and configuration.

If advertising, remarketing, consent mode, enhanced conversions, audience signals, or similar Google advertising features are implemented, personal data and behavioral signals may be used to measure ad performance, create aggregated or segmented audiences, and display ads that may be more relevant to users based on browsing behavior, inferred interests or prior interactions.

8. Social Media, Pixels and Third-Party Platforms

We may maintain a presence on social media platforms or use social media tools, plugins, pixels, SDKs or embedded content. Depending on the services actually used, these may include platforms such as:

  • Meta platforms, including Facebook and Instagram;
  • LinkedIn;
  • X;
  • YouTube;
  • TikTok;
  • WhatsApp or similar messaging tools;
  • other social media, advertising or communication platforms integrated into the website or our communications.

These tools may collect or receive information about your interaction with our website or content, including page visits, events, conversions, identifiers, browser data, cookie data, device data and activity signals. Where such tools are used for advertising, retargeting, lookalike audience creation, campaign measurement or engagement analysis, they may contribute to profiling activities.

When you visit our social media pages, both we and the relevant platform may process personal data. In some circumstances, we and the platform may act as joint controllers for aggregated page insights or similar analytics. The applicable platform privacy policies and terms also govern those processing activities.

9. Profiling and Automated Decision-Making

We may carry out profiling activities in relation to website usage, marketing preferences, commercial interactions and audience segmentation, especially where analytics, advertising, remarketing, CRM, lead management, social media or third-party marketing tools are used.

Profiling may include, for example:

  • analyzing browsing behavior, clicks, viewed pages, campaign responses or content interactions;
  • grouping users into audience segments, commercial categories or interest clusters;
  • measuring likelihood of engagement with particular content, services or campaigns;
  • tailoring communications, offers, advertising or website content based on inferred interests, activity history or business relevance.

Unless expressly stated otherwise in a specific context, we do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR. If such processing were to be implemented in the future, we will provide the additional information required by law, including the logic involved, the significance of the processing and the expected consequences for the data subject.

10. Recipients and Categories of Recipients

We may disclose personal data, strictly on a need-to-know basis and subject to appropriate safeguards, to:

  • our employees, authorized personnel and internal functions;
  • IT service providers, hosting providers, cloud service providers and website maintenance suppliers;
  • CRM, ERP, sales, communication and customer support providers;
  • marketing, analytics, advertising and tracking technology providers;
  • payment, invoicing, accounting, legal, tax and compliance advisors;
  • social media and digital advertising platforms;
  • public authorities, regulators, courts, law enforcement bodies or other third parties where required by law or necessary to protect our rights;
  • potential buyers, investors or corporate counterparties in the event of a merger, acquisition, reorganization, sale of assets or similar transaction, subject to confidentiality and applicable law.

11. International Data Transfers

Some of our providers or third-party platforms may process personal data outside the European Economic Area (“EEA”), including in countries that may not provide an equivalent level of data protection under local law.

Where personal data is transferred outside the EEA, we will seek to ensure that an appropriate transfer mechanism is in place, such as:

  • an adequacy decision adopted by the European Commission;
  • standard contractual clauses approved by the European Commission;
  • supplementary technical, contractual and organizational measures where required;
  • any other lawful transfer mechanism available under applicable data protection law.

12. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purpose of satisfying legal, accounting, tax, contractual, dispute resolution and record-keeping requirements.

Retention periods may vary depending on the category of data and the purpose of processing. In general:

  • contact requests and ordinary business communications are retained for the time necessary to handle the request and for a reasonable follow-up period;
  • customer, supplier and contractual data are retained for the duration of the relationship and thereafter for the period required by applicable accounting, tax and legal obligations;
  • marketing data is retained until consent is withdrawn, objection is made, or the data is no longer necessary for the relevant marketing purpose;
  • technical logs, analytics and security data are retained for a period proportionate to the relevant technical or security purpose;
  • data relevant to legal claims may be retained until the final resolution of the matter and the expiry of applicable limitation periods.

13. Data Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access or other unlawful forms of processing.

Such measures may include access controls, authentication procedures, backups, system monitoring, contractual safeguards with providers, internal authorization procedures and reasonable measures aimed at ensuring confidentiality, integrity and availability of data. However, no method of transmission over the internet or method of electronic storage is completely secure, and therefore absolute security cannot be guaranteed.

14. Mandatory or Optional Nature of Data Provision

The provision of certain personal data may be necessary to enter into a contract, receive a service, obtain a response to a request, comply with legal obligations or use certain website functions. Failure to provide such data may make it impossible for us to respond, perform a contract, comply with legal requirements or provide the relevant service or functionality.

Where the processing is based on consent, the provision of personal data is voluntary, and you may refuse or withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

15. Rights of Data Subjects

Subject to the conditions and limitations provided by applicable law, you may have the right to:

  • obtain confirmation as to whether or not we process your personal data;
  • access your personal data and receive a copy of it;
  • request rectification of inaccurate or incomplete personal data;
  • request erasure of personal data;
  • request restriction of processing;
  • receive personal data in a structured, commonly used and machine-readable format and transmit it to another controller where applicable;
  • object to processing based on legitimate interests, including objection to direct marketing and related profiling;
  • withdraw consent at any time, where processing is based on consent;
  • request human intervention, express your point of view and contest a decision in relation to automated decision-making where applicable under law;
  • lodge a complaint with a competent supervisory authority.

To exercise your rights, you may contact us at info@bortolingroup.com. We may request information necessary to verify your identity before processing your request.

16. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

For the Czech Republic, the supervisory authority is:

Office for Personal Data Protection (Úřad pro ochranu osobních údajů)

Pplk. Sochora 27
170 00 Praha 7
Czech Republic

Email: posta@uoou.gov.cz

Phone: +420 234 665 800

17. Third-Party Websites and External Services

Our website, communications or social media pages may contain links to third-party websites, platforms or services. We are not responsible for the privacy practices of such third parties. We encourage users to read the privacy notices of those third parties before providing personal data or interacting with their services.

18. Children’s Privacy

Our website and services are not directed to children, and we do not knowingly collect personal data from children in violation of applicable law. If you believe that a child has provided personal data to us unlawfully, please contact us so that we can take appropriate action.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, organizational or business developments. The updated version will be published on this page with the relevant effective date. We encourage users to review this Privacy Policy periodically.

20. Contact

For any questions about this Privacy Policy or about the processing of personal data, please contact:

BORTOLIN s.r.o.
Dukelská 511
56201 Ústí nad Orlicí
Czech Republic
VAT No.: 25277090
Email: info@bortolingroup.com

Effective date: March 18, 2026

Note: this document is a comprehensive privacy policy template. Before publication, it should be aligned with the actual technologies, cookies, providers, social media tools, advertising platforms, forms, CRM systems, newsletter systems and data flows effectively used by BORTOLIN s.r.o.