PIf you are our customer (or website visitor), you entrust us with your personal data. This document is intended to acquaint you with the principles and rights that you have in connection with the GDPR (General Data Protection Regulation).


We are in the position of administrator in relation to your personal data, which means that we determine how personal data will be processed, for what purpose, for how long and we select any other processors who will help us with the processing.


HELITOM s.r.o.
Emlerova 216, 507 23 Libáň
Electronic address: This email address is being protected from spambots. You need JavaScript enabled to view it.


We declare that, as the controller of your personal data, we comply with all legal obligations required by applicable legislation, in particular the Personal Data Protection Act and the GDPR, and therefore that the personal data are:
a) processed fairly and lawfully and transparently in relation to the data subject ("legality, regularity and transparency");

b) collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes shall not be considered incompatible with the original purposes under Article 89 (1) ("purpose limitation");

c) proportionate, relevant and limited to the extent necessary in relation to the purpose for which they are processed ("data minimization");

d) accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy");

e) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed; personal data may be stored for a longer period if they are processed exclusively for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), provided that the appropriate technical and organizational measures required by this Regulation are implemented in order to guarantee the rights and freedoms of the data subject ("storage restrictions");

f) processed in a way that ensures adequate security of personal data, including their protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage ("integrity and confidentiality").


You can exercise your rights directly with the administrator, i.e. Helitom s. R. O.

In the case of your possible requests for the exercise of the rights below (pursuant to Articles 15 to 22 of the General Regulation), information on the measures taken must be provided without undue delay and in any case within one month of receipt of the request. The time limit may be extended by two months in exceptional cases, of which the data subject must be informed by the controller, including the reasons for the extension. Your request (e.g., to correct data) must include: your name, surname, address, date of birth and purpose of the request.

Below are your rights as a data subject:


Access to personal data means the authorization of the data subject on the basis of his active request to obtain information from the controller (confirmation) whether or not his personal data are processed and if they are processed, the data subject has the right to obtain this personal data and also has the right to obtain the following information : processing purposes, categories of personal data concerned, recipients or categories of recipients to whom the personal data have been or will be disclosed, planned period for which the personal data will be stored, existence of the right to request correction or deletion of personal data from the controller, right to object, right to complain at the supervisory authority, all available information on the source of the personal data, if not obtained from the data subject, the fact that automated decision-making, including profiling, takes place. If the controller does not process any data on a natural person, information is provided that the personal data of the interviewer are not subject to the processing of personal data by the controller.


The data subject has the right to correct inaccurate personal data concerning him. This right stems from the principle of accuracy. This does not mean the controller's obligation to actively search for inaccurate data (but nothing prevents him from doing so), nor does it mean the controller's obligation to, for example, request the data subject to update his data every year. If the data subject considers that the controller is processing his inaccurate data, he shall notify him. It is the controller's responsibility, if the data subject notifies him that he requests the correction of his personal data, to deal with his request.


1. The data subject shall have the right to have the controller restrict the processing in any of the following cases:
a) the data subject denies the accuracy of the personal data for the time necessary for the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject refuses to delete the personal data and requests instead that their use be restricted;
c) the controller no longer needs the personal data for processing purposes, but the data subject requests them for the determination, exercise or defense of legal claims;
d) the data subject has objected to the processing pursuant to Article 21 (1) until it is verified that the legitimate reasons of the controller outweigh the legitimate reasons of the data subject. ,

2. Where processing has been restricted pursuant to paragraph 1, such personal data may, with the exception of their storage, be processed only with the consent of the data subject or for the purpose of determining, enforcing or defending legal claims, reasons of overriding public interest of the Union or of a Member State.

3. A data subject who has achieved a processing restriction pursuant to paragraph 1 shall be notified in advance by the controller that the processing restriction will be lifted.


The right to portability is a completely new right of the data subject, the essence of which is the possibility to obtain, under certain conditions, personal data concerning him and provided to the controller in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without the original administrator prevented this. At the same time, the data subject shall, if he or she so requests, have the right to have his or her personal data transmitted in a structured, commonly used and machine-readable format to another controller, if technically feasible.

Common conditions for the application of the right to portability: § it must be processing based on the legal reason for consent or contract: § it must be processing based on the legal reason for consent or contract,
§ processing is performed automatically.
The exercise of the right of portability must not adversely affect the rights and freedoms of others.


The data subject has the right at any time to object to the processing of personal data which are processed on the basis of legal grounds, for reasons relating to his or her specific situation:
§ processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller,
§ zprocessing is necessary for the purposes of the legitimate interests of the relevant controller or third party.

The controller shall not further process personal data unless it demonstrates serious legitimate reasons for the processing which outweigh the interests or rights and freedoms of the data subject or for the determination, exercise or defense of legal claims.

Objections may also be raised against the processing of personal data for the purposes of direct marketing or profiling. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.


Each data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his habitual residence, place of employment or the place where the alleged breach occurred, if the data subject considers that the processing of his personal data infringes this Regulation. 2. The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress of the resolution of the complaint and of its outcome, as well as of the possibility of judicial protection.


This right ensures that the data subject will not be the subject of a decision based solely on automated processing, including profiling, which has legal effects for him or is significantly affected by him or her in a similar way. In other words, it is a matter of ensuring that legal effects are not decided by automated procedures without human intervention, with the possible exceptions. Automated decision-making is permissible where it is necessary for the conclusion or performance of a contract between the data subject and the controller, if it is permitted by EU or Member State law or if it is based on the explicit consent of the data subject.


The right to erasure (to be forgotten) is, in other words, an obligation expressed in the general regulation by the controller to destroy personal data if at least one condition is met:
§ personal data are no longer needed for the purposes for which they were collected or otherwise processed,
§ the data subject withdraws his consent and there is no other legal reason for processing,
§ the data subject objects to the processing and there are no overriding legitimate reasons for the processing,
§ opersonal data were processed illegally,
§ personal data must be deleted in order to fulfill a legal obligation,
§ personal data have been collected in connection with the offer of information society services pursuant to Article 8 (1) of the General Regulation.

The right of cancellation therefore applies only in the cases listed above. However, the right to erasure is not an absolute right that would give the data subject the possibility to request the erasure of personal data at any time and in any situation. It is not possible, for example, within the right to be forgotten to request the destruction of all personal data, e.g., upon termination of employment or provision of financial services, as the administrator is subject to obligations to further retain certain personal data.


We personally need your personal data in the range: name, surname, permanent address, e-mail and telephone to fulfill the contract for the goods or services that you order from us.

We personally need your personal data in the range: name, surname, permanent address, e-mail and telephone to fulfill the contract for the goods or services that you order from us.

If you are a customer, we urgently need your personal data (name, surname, permanent address and ID) in order to comply with the legal obligations for the issuance and registration of tax documents.


We protect personal data as much as possible using modern technologies that correspond to the level of technical development. We have taken and maintain currently known technical and organizational measures to prevent the misuse, damage or destruction of your personal data.


Our personal data is accessible to our employees and co-workers, who are both bound by confidentiality and trained in the security of personal data processing. We do not provide personal data to third parties, except for the provision of certain specific processing operations, which we cannot provide ourselves. We use the services and applications of processors who specialize in the given processing and are in accordance with the GDPR. They are providers of the following platforms and services: Google - Google Analytics


When browsing our website, we record your IP address, how long you stay on the page and from which page you come. We perceive the use of cookies to measure website traffic and customize the display of websites as our legitimate interest of the administrator, as we believe that thanks to this, we can offer you even better services. Advertising targeting cookies will only be processed with your consent. Our website can also be browsed in a mode that does not allow the collection of personal data. You can disable the use of cookies on your computer.


Google Analytics, a service provided by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Facebook Pixel Services, operated by Facebook Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA.


We would like to assure you that our employees and co-workers who will process your personal data are obliged to maintain the confidentiality of personal data and security measures, the disclosure of which would jeopardize the security of your personal data. Your personal data will not be disclosed to any other third party without your consent. These principles of personal data processing apply from 25 May 2018.