Privacy Policy
In accordance with Regulation (EU) 2016/679 ("GDPR"), Capital System, s.r.o. ("Company" or "Controller") provides the following information regarding the processing of your personal data. The purpose of this document is to inform you of our privacy policy and explain how your personal information is managed when using the services of the website colorway.com ("Website").
1. Identity and Contact Details of the Controller
2. Contact Details of the Data Protection Officer (DPO)
The Company has appointed a Data Protection Officer who can be contacted at the following email address: igor.yasnov@colorway.com.
3. Purposes and Legal Basis for Processing
- Necessary legal and contractual purposes. Processing is necessary for compliance with the Controller's legal obligations or for the performance of specific requests by the data subject. Your personal data may be processed without your consent in cases where it is necessary to fulfill obligations arising from laws, regulations, codes, or procedures approved by governmental authorities. Data is also processed to ensure Website navigation, namely:
- providing services requested by the user, including collection, storage, and processing of data for service operation and subsequent technical management;
- interaction with governmental authorities to fulfill legal obligations or special procedures.
- Protection of legitimate rights. Data will be processed whenever necessary to establish, exercise, or defend the legal claims of the Controller or other companies under the control of Capital System, s.r.o.
- Legitimate interest of the Controller. The Controller may process data without your consent:
- in the process of mergers, disposals, or transfers of business units to conduct due diligence procedures. Data is processed in the most aggregated and anonymous form possible;
- for aggregated and anonymous analysis of service usage, identification of user habits, and improvement of service quality.
4. Recipients of Personal Data
The Controller may transfer data to third parties: police, armed forces, and governmental authorities for compliance with EU laws. Prior consent for such transfer is not required by law. We guarantee that only the necessary minimum of data is transferred. Within the company, data is accessible only to authorized personnel who have received strict instructions. We confirm that your data will not be publicly distributed, except in cases provided by law.
5. Transfer of Data Outside the EU
Your data may be transferred to companies within the Capital System, s.r.o. group outside the European Union. In such cases, the Controller takes all necessary contractual measures to ensure an adequate level of protection, including the use of Standard Contractual Clauses (SCC) in the current version approved by the European Commission. Processing of data in such databases is strictly limited to the purposes for which the data was collected.
6. Data Retention Period
Data is retained for a period not exceeding the time necessary to fulfill the purposes for which it was collected, or in accordance with the periods established by applicable legislation.
7. Rights of Data Subjects
As a data subject, you have the following rights:
- Right of access: the right to confirm the existence of your data in the Company's archives, obtain it in an intelligible form, learn the source and logic of its processing, as well as the list of persons who have access to it.
- Right to rectification and erasure: the right to update and correct data, request deletion of excessive or unlawfully processed data ("right to be forgotten").
- Right to restriction and portability: subject to the conditions established by GDPR, the right to restrict data processing or obtain it for transfer to another controller.
- Right to lodge a complaint: you have the right to contact the data protection supervisory authority if you believe your rights have been violated.
You may exercise your rights through the "Contacts" section or by writing to the DPO at: igor.yasnov@colorway.com.