Privacy Policy 

This document contains information on how companies BRIGHT ON EDGE s.r.o., with registered office Příčná 1892/4 110/00, Prague, ID: 21607427, registered in the Trade Register kept at the Municipal Court in Prague under file number C 343635 and the association Czech Rave Culture z.s. with its registered office at Smetanovo náměstí 979/2, Moravská Ostrava, 702 00 Ostrava and registration number: 22445285 (hereinafter referred to as "Administrator" or "my"), processes personal data in connection with the operation of the website, the FORMS form and the e-shop supremeraves.com.

If you have any questions regarding the processing of your personal data, you can contact us using the following details:

• E-mail: support@supremeraves.com
• Delivery address:

  Czech Rave Culture z,s. , Smetanovo náměstí 979/2, Moravská Ostrava, 702 00 Ostrava

This document is prepared in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
• Act No. 110/2019 Coll., on the processing of personal data,
• Act No. 480/2004 Coll., on certain information society services (in particular for marketing purposes),
• Act No. 127/2005 Coll., on electronic communications (especially for cookies).

The Privacy Policy is intended primarily for customers, website users, business partners and other persons whose personal data we process.

Why we process personal data

The processing of personal data is necessary for us for the following reasons in particular:

• to provide our services and products and to process personal data of customers, clients, suppliers, business partners and others for this purpose;
• for effective human resource management;
• for the fulfilment of legal and contractual obligations;
• to protect our legitimate interests.

Purposes of the processing of personal data and legal bases

Below is an overview of the purposes for which we process personal data and the legal bases on which this processing is based:

Legitimate interests we pursue in processing personal data

In some cases, we process personal data on the basis of so-called legitimate interest pursuant to Article 6(1)(f) GDPR. In doing so, we always carefully assess whether our interests do not outweigh the rights and freedoms of data subjects. We provide specific examples below:

What personal data we process

We only process personal data that is necessary for the above purposes. Typically this includes:

• Identification data: name, surname, title;
• Contact details: e-mail, telephone number, delivery and billing address;
• Data on orders and contracts: information about the purchased goods or services, payment method, order history;
• Data on business partners: name of contact person, billing information of the company;
• Technical data: IP address, cookies, device and browser data (if you visit the site).
  

  Who we provide your personal data to

  We protect your personal data and only share it with trusted entities to the extent necessary. Only authorised employees or contractors who are bound by confidentiality and process data only on our instructions have access to the data.

  Your data may be disclosed to the following categories of recipients:

  • Processors - e.g. providers of IT services, cloud solutions, e-commerce platforms;
  • Accountants and tax advisors - for accounting and tax record keeping purposes;
  • Legal advisors - in case of legal disputes or consultations;
  • Carriers and courier services - for delivery of goods;
  • Marketing and event agencies - when we organise events or campaigns;
  • Public authorities - only if required by law (e.g. Police, courts, tax office).

  Before transferring data to third parties, we always verify that they meet the security and confidentiality requirements of the GDPR.

  ---

  Transfer of personal data to third countries

  As a standard practice, we do not transfer personal data outside the European Economic Area (EEA), i.e. outside the EU, Norway, Iceland and Liechtenstein.

  Should such a transfer occur (e.g. using tools such as Google, Meta, etc.), we will ensure that:

  • the recipient is located in a country with an adequate protection decision according to the European Commission, or
  • standard contractual clauses approved by the European Commission are in place, or
  • the transfer is based on an exception under Article 49 GDPR (e.g. explicit consent).

  How long we keep your personal data

  We only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected or as required by law. If no statutory period is specified, we determine the retention period in accordance with our internal rules and policies.

  Below is a summary of the usual retention periods by purpose:

  Purpose of processing	Preservation time
  Order processing (e-shop)	For the duration of the order and 2 years thereafter
  Complaints procedure	5 years from the settlement of the claim
  Taking and publishing photos from events	5 years or until consent is withdrawn
  Ticket sales for events	For the duration of the order and 2 years thereafter
  Asserting legal claims	For the duration of the claim and until it is time-barred
  Handling the rights of data subjects	For the duration of the claim and until the claim is time-barred
  Contractual relations with partners	For the duration of the contract and 10 years thereafter
  Manage your social media profiles	Until a post or profile is deleted, we delete messages every 2 years
  Marketing and PR (e.g. newsletter)	Pending withdrawal of consent or objection
  Accounting and tax purposes	10 years from the end of the accounting period
  Archiving and documentation management	According to the Filing and Shredding Regulations
  Statistical purposes	For the duration of the other processing purposes

  Remark: In some cases, we may retain personal data for longer if required to do so by law or in our legitimate interests (e.g. for legal defence purposes).

  How we obtain your personal data

  We primarily obtain your personal data directly from you in the following situations:

  • when placing an order on our e-shop,
  • when registering or concluding a contract,
  • when communicating with us (by e-mail, telephone, in person),
  • when attending events organised by us,
  • when interacting with our social media profiles,
  • by filling in the contact form on the website.

  In some cases, we may obtain your data indirectly, for example:

  • from your employer (e.g. when you enter into a contract with the company you represent),
  • from publicly available sources (e.g. commercial register, company website).

  The provision of personal data is voluntary in most cases, but in some cases may be necessary for the conclusion or performance of a contract. Failure to provide data may result in the inability to enter into a contract or provide a service.

  ---

  What are your rights as a data subject

  In accordance with the GDPR, you have the following rights as a data subject:

  • Right of access (Article 15 GDPR): you can request confirmation of whether we process personal data about you and obtain a copy of this data.
  • Right to repair (Article 16 GDPR): if the data is inaccurate or incomplete, you have the right to have it corrected or completed.
  • Right to erasure (Article 17 GDPR): in certain cases you can request the deletion of your data ("right to be forgotten").
  • Right to restriction of processing (Article 18 GDPR): you can request a restriction of processing, e.g. if you contest the accuracy of the data.
  • Right to data portability (Art. 20 GDPR): you have the right to receive your data in a structured format and transmit it to another controller.
  • Right to object (Article 21 GDPR): you can object to processing on the basis of legitimate interest or for direct marketing purposes at any time.
  • Right to withdraw consent: if the processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of the previous processing.

  If you believe that your rights have been violated, you have the right to file a complaint with Office for Personal Data Protection (www.uoou.cz) or go to court.

  Is automated decision-making occurring?

  No, we do not currently carry out any processing of personal data that would lead to automated individual decision-making with legal effects or a significant impact on the data subject pursuant to Article 22 of the GDPR.

  ---

  Cookies

  Our website uses cookies to improve the user experience, measure traffic and analyse visitor behaviour. Cookies can be:

  • technical (necessary) - provide the basic functions of the website,
  • analytical - help us improve the site based on anonymous statistics,
  • Marketing - used to personalise content and ads.

  If cookies allow the identification of the visitor, this is processing of personal data. In this case, the legal basis is your consentwhich you can revoke at any time.

  You can manage cookies through your browser settings. For details, please visit, for example, www.aboutcookies.org.

  ---

  Social networks

  Our company manages social media profiles (e.g. Facebook, Instagram, YouTube). When interacting with these profiles, personal data is processed, whereby:

  • the main data controller is the platform operator (e.g. Meta Platforms),
  • we are acting as co-counsel in the scope of content management and communication.

  We recommend that you familiarize yourself with the privacy policy of each platform. We have no control over how these platforms further process your data, including any transfer to third countries.

  ---

  Changes to the Privacy Policy

  Data protection is important to us and we regularly review it. We reserve the right to modify this policy at any time, particularly if there is a change in the law or our internal processes.

  We will inform you of significant changes via our website or by email.