Privacy

Privacy Policy

Data protection is particularly important to us. Using our website is generally possible without providing any personal data. However, if a data subject wishes to use specific services of our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address, or phone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the applicable national data protection regulations. With this privacy policy, we aim to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed about their rights through this privacy policy.

As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions may have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative methods, for example, by telephone.

1. Definitions
Our privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public, our customers, and business partners. To ensure this, we will first explain the terms used.

We use, among others, the following terms in this privacy policy:

a) Personal Data
Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data Subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for processing.

c) Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or Responsible for Processing
The controller or responsible for processing is the natural or legal person, authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller may be designated or specified according to criteria of Union or Member State law.

h) Processor
The processor is a natural or legal person, authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, authority, agency, or other body to which personal data are disclosed, whether a third party or not. Authorities that may receive personal data in the context of a particular inquiry under Union or Member State law are not considered recipients.

j) Third Party
A third party is a natural or legal person, authority, agency, or body other than the data subject, controller, processor, or persons authorized to process personal data under the direct authority of the controller or processor.

k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller
The controller within the meaning of the GDPR, other applicable data protection laws in the member states of the European Union, and other data protection-related regulations is:

Universal Group Prague, s.r.o.
Václavské náměstí 1306/55
Nové Město (Prague 1), 110 00 Prague
Czech Republic

Managing Directors: Dieter Sommer, Dmitriy Litovkin

Phone: +49 (0)151 / 449 521 84
WhatsApp: +49 (0)151 / 449 521 84
Email: info@universal-montage.de

3. Collection of General Data and Information
Our website collects a series of general data and information with each access to the website by a data subject or automated system. These general data and information are stored in the server log files. Collected data may include: (1) browser types and versions used, (2) operating system of the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) subpages accessed via the system, (5) date and time of access, (6) IP address, (7) Internet service provider of the accessing system, and (8) other similar data and information used for defense against attacks on our IT systems.

We do not draw conclusions about the data subject from these general data and information. These are needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertising, (3) ensure the permanent functionality of our IT systems and technology of the website, and (4) provide law enforcement authorities with necessary information in case of a cyberattack. These anonymized data are evaluated statistically to enhance data protection and security within our company and are stored separately from personal data provided by the data subject.

4. Contact Possibility via the Website
Our website contains information, due to legal requirements, that enables quick electronic contact with our company as well as immediate communication, including a general email address. If a data subject contacts the controller via email or a contact form, the transmitted personal data are automatically stored. Such voluntarily provided personal data are used for processing or contacting the data subject. There is no transfer of personal data to third parties.

5. Routine Deletion and Blocking of Personal Data
The controller processes and stores personal data only for the period required to achieve the storage purpose or as provided by the GDPR or other legislation. If the storage purpose ceases or the legally prescribed storage period expires, the personal data are routinely blocked or deleted according to legal requirements.

a) Right to Confirmation
Every data subject has the right granted by the European legislator to request confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right, they may contact any employee of the controller at any time.

b) Right of Access
Every data subject whose personal data are processed has the right granted by the European legislator to obtain free information at any time from the controller about the personal data stored about them and to receive a copy of this information. Furthermore, the data subject has the right to obtain information about: - the purposes of the processing - the categories of personal data being processed - the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations - where possible, the intended period for which the personal data will be stored or, if not possible, the criteria used to determine this period - the existence of the right to request rectification or deletion of personal data or restriction of processing by the controller or to object to such processing - the right to lodge a complaint with a supervisory authority - if the personal data were not collected from the data subject: all available information about their origin - the existence of automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR, and — at least in these cases — meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject. Furthermore, the data subject has the right to know whether personal data have been transmitted to a third country or an international organization. If so, the data subject has the right to information about the appropriate safeguards. To exercise this right, the data subject may contact any employee of the controller at any time.

c) Right to Rectification
Every data subject has the right granted by the European legislator to request immediate correction of inaccurate personal data concerning them. The data subject also has the right to request completion of incomplete personal data, taking into account the purposes of processing, including by providing a supplementary statement. To exercise this right, the data subject may contact any employee of the controller at any time.

d) Right to Erasure ("Right to be Forgotten")
Every data subject has the right granted by the European legislator to request the controller to delete personal data concerning them immediately if one of the following reasons applies and the processing is not necessary: - the personal data are no longer necessary for the purposes they were collected or otherwise processed - the data subject withdraws consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal ground for processing - the data subject objects under Art. 21(1) GDPR and there are no overriding legitimate grounds - the data were unlawfully processed - erasure is required to comply with a legal obligation under EU or Member State law - personal data were collected in relation to offered information society services under Art. 8(1) GDPR. To exercise this right, the data subject may contact any employee of the controller at any time, and we will comply without delay. If the data were made public, we will take reasonable measures, considering available technology and implementation costs, to inform other controllers processing these data about the erasure request. Our employee will handle this on a case-by-case basis.

e) Right to Restriction of Processing
Every data subject has the right granted by the European legislator to request restriction of processing when one of the following applies: - the accuracy of the personal data is disputed by the data subject, for a period allowing the controller to verify accuracy - processing is unlawful, and the data subject opposes erasure and requests restriction instead - the controller no longer needs the data for processing, but the data subject requires them to establish, exercise, or defend legal claims - the data subject has objected under Art. 21(1) GDPR and it is not yet determined whether the controller’s legitimate grounds override the data subject’s rights. To exercise this right, the data subject may contact any employee of the controller at any time.

f) Right to Data Portability
Every data subject has the right granted by the European legislator to receive personal data they provided to a controller in a structured, commonly used, and machine-readable format and transmit them to another controller without hindrance, provided the processing is based on consent (Art. 6(1)(a) or Art. 9(2)(a)) or contract (Art. 6(1)(b)) and automated. The data subject also has the right to request direct transmission from one controller to another where technically feasible and not impairing others’ rights and freedoms.

g) Right to Object
Every data subject has the right granted by the European legislator to object at any time for reasons related to their particular situation to the processing of personal data concerning them based on Art. 6(1)(e) or (f), including profiling. If an objection is made, we will stop processing unless compelling legitimate grounds exist or processing serves legal claims. For direct marketing, the data subject can object at any time, including profiling related to marketing. For scientific, historical, or statistical processing under Art. 89(1) GDPR, the data subject may object unless processing is necessary for public interest tasks.

h) Automated Decision-Making Including Profiling
Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, unless: (1) necessary for contract conclusion or performance, (2) permitted by law with safeguards, or (3) based on explicit consent. In such cases, we take measures to protect rights, including human intervention, expressing their viewpoint, and contesting the decision. To exercise this right, the data subject may contact any employee of the controller at any time.

i) Right to Withdraw Consent
Every data subject has the right to withdraw consent to the processing of personal data at any time. To exercise this right, the data subject may contact any employee of the controller at any time.

Art. 6(1)(a) GDPR serves as the legal basis for processing requiring consent for a specific purpose. Processing necessary for contract performance is based on Art. 6(1)(b), for legal obligations on Art. 6(1)(c), to protect vital interests on Art. 6(1)(d), and for legitimate interests on Art. 6(1)(f) if not overridden by rights of the data subject.

If processing is based on Art. 6(1)(f) GDPR, our legitimate interest is the operation of our business in favor of our employees and shareholders.

The storage period is determined by statutory retention periods. After expiration, data are routinely deleted unless needed for contract fulfillment or initiation.

Providing personal data may be legally required (e.g., tax regulations) or contractually necessary (e.g., contract partner information). Failure to provide data may prevent contract conclusion. Data subjects should contact an employee before providing data to clarify legal or contractual necessity and consequences.

As a responsible company, we do not engage in automated decision-making or profiling.

We’ll Get Back to You Quickly!

Are you planning the assembly, disassembly, or inspection of your heavy-duty racking system? Our team is available nationwide and internationally – fast, reliable, and according to DIN standards.
Just give us a call or send us an email – we’ll provide you with a transparent, customized offer.