I. Privacy of Personal Data
1.1 By entering personal data, the user acknowledges that he/she understands the terms of the data protection, agrees to their wording and accepts them in their entirety.
1.2 The Provider is the Personal Data Administrator under Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereinafter referred to as the “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, especially the GDPR.
1.3 Personal information is any information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity elements of this individual.
1.4 When ordering, personal data required for successful order execution (name and address, contact) are required. The purpose of processing personal data is to execute the user’s order and to exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal information is also to send business communications and conduct other marketing activities. The legal basis for the processing of personal data is the fulfillment of the contract pursuant to Article 6 (1) (b) GDPR, fulfillment of the legal obligation of the administrator pursuant to Article 6 (1) (c) GDPR and the legitimate interest of the Provider pursuant to Article 6 (1) (f) GDPR. The Provider’s legitimate interest is the processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors, especially mailing service providers (personal data are stored in third countries) and web hosting providers, to perform the license agreement. Subcontractors are screened for the safe processing of personal data. Provider and web hosting subcontractor have entered into a personal data processing agreement under which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter and hence bears direct responsibility to the user for any leakage or breach of personal data.
1.6 The Provider shall store the user’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and the enforcement of claims under these contractual relationships (for 15 years from the termination of the contractual relationship). After it expires, data will be deleted.
1.7 The User has the right to request from the Provider access to his/her personal data pursuant to Article 15 of GDPR, correction of personal data pursuant to Article 16 of the GDPR or, where applicable, restriction of processing under Article 18 GDPR. The user has the right to erasure of personal data pursuant to Article 17 (1) (a) and (c) to (f) of the GDPR. Furthermore, the user has the right to object to processing under Article 21 of the GDPR and the right to data portability under Article 20 GDPR.
1.8 The User has the right to file a complaint with the Personal Data Protection Office if he/she considers that his/her right to the protection of personal data has been violated.
1.9 The user is under no obligation to provide personal information. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is not possible to conclude the contract or to fulfill it by the provider.
1.10 The Provider does not engage in automated individual decision-making within the meaning of Article 22 GDPR.
1.11 Applicants for the use of the Provider’s services by completing the contact form:
agree to the use of his/her personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market surveys and direct offers by the Provider and third parties, but not more than once a week, and at the same time
declare that the sending of information according to point 1.11.1 does not constitute unsolicited advertising within the meaning of Act No. 40/1995 Coll. as amended, as the user expressly consents to the sending of information according to point 1.11.1 in conjunction with § 7 of Act No. 480/2004 Coll.
Consent pursuant to this paragraph may be revoked by the user at any time in writing at mefi@mefi.cz
1.12 The Provider uses so-called cookies in its presentation for the improvement of service quality, personalization of offers, collection of anonymous data and for analytical purposes. By using the website, the User agrees to the use of this technology.
II. Rights and Obligations between Administrator and Processor (Processing Agreement)
2.1 The Provider is in relation to the personal data of the User’s clients a processor pursuant to Article 28 GDPR. The User is the administrator of this data.
2.2 These Terms and Conditions govern the mutual rights and obligations in the processing of personal data to which the Provider has gained access in connection with the fulfillment of the license agreement concluded in the form of acceptance of the General Terms and Conditions on www.mefi.cz (the “License Agreement”) concluded with the User on the date of establishment of the user account.
2.3 The Provider undertakes for the User to process personal data to the extent and for the purposes set out in Articles 2.4 – 2.7 of these Terms and Conditions. Processing means will be automated. The Provider will collect, store on information media, retain, block and destroy personal data in the processing. The Provider is not authorized to process personal data in violation of or beyond the limits set by these terms.
2.4 The Provider undertakes for the user to process personal data to the following extent:
common personal data,
special categories of data under Article 9 of the GDPR, which the User obtained in connection with its own business activities.
2.5 The Provider undertakes for the user to process personal data in order to process inquiries and requests from clients obtained from the contact form.
2.6 Personal data may only be processed at the workplace of the Provider or its subcontractors under Article 2.8 of these Conditions, within the territory of the European Union.
2.7 The Provider undertakes for the User to process the personal data of the User’s clients, all for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and to enforce claims from these contractual relations (for 15 years from the termination of the contractual relationship).
2.8 The User grants permission to engage a subcontractor as a further processor under Article 28 (2) of the GDPR, which is the application hosting provider. In addition, the User grants the Provider a general authorization to engage another personal data processor in the processing, however the Provider must inform the User in writing of any intended changes regarding the engagement of additional processors or their replacement and give the User the opportunity to object to these changes. The Provider must impose on its subcontractors in the position of personal data processors the same personal data protection obligations as set out in these terms.
2.9 The Provider undertakes that the processing of personal data will be ensured in particular as follows:
Personal data is processed in accordance with legal regulations and on the basis of the User’s instructions, i.e. for the performance of all activities necessary for the provision of the web platform.
The Provider undertakes to provide technically and organizationally the protection of the processed personal data so that unauthorized or accidental access to the data, its modification, destruction or loss, unauthorized transmissions, any other unauthorized processing as well as other misuse cannot occur and to ensure that all personal data processor obligations resulting from legal regulations are secured personally and organizationally continuously throughout the processing of data.
The technical and organizational measures adopted correspond to the level of risk. The Provider ensures through them the continued confidentiality, integrity, availability and resilience of processing systems and services, and timely restores the availability of and access to personal data in the event of physical or technical incidents.
The Provider hereby declares that the personal data protection is subject to the Provider’s internal security regulations.
Personal data shall be accessible only to authorized persons of the Provider and subcontractors pursuant to Article 2.8 of these Conditions, for whom the Provider shall stipulate the conditions and extent of data processing and each such person will access personal data under his/her unique identifier.
Authorized persons of the Provider who process personal data under these conditions are required to maintain confidentiality about personal data and security measures whose disclosure would compromise their security. The Provider shall ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation for both the Provider and authorized persons will continue after the termination of employment or other relationship with the Provider.
The Provider will assist the User, through appropriate technical and organizational measures, if possible, to meet the User’s obligation to respond to requests for the exercise of data subject rights stipulated in the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 GDPR, taking into account the nature of the processing and the information available to the Provider.
Upon termination of the provision of services associated with the processing under Article 2.7 of these Conditions, the Provider is obliged to delete all personal data or to return it to the User, unless it is obliged to store personal data under a special law.
The Provider will provide the User with all the information necessary to demonstrate that the obligations under this agreement and the GDPR have been met, and will allow audits, including inspections, conducted by the User or another auditor assigned by the User.
2.10 The User undertakes to promptly report any facts known to him/her that could adversely affect the proper and timely fulfillment of the obligations arising from these Conditions and to provide the Provider with the cooperation necessary to fulfill these conditions.
III. Final Provisions
3.1 These Terms shall expire upon the expiry of the period specified in Articles 1.6 and 2.7 of these Conditions.
3.2 The User agrees to these terms by ticking the consent via the online form. By ticking the consent, the user expresses that he/she has read these terms, agrees with them and accepts them in their entirety.
3.3 The Provider is entitled to change these terms. The Provider is obliged without undue delay to publish a new version of the terms on its website, or will send the new version to the User at his/her email address.
3.4 Provider Contact Details in matters relating to these conditions: +420 257 215 478, mefi@mefi.cz.
3.5 Relationships not expressly governed by these terms and conditions shall be governed by the GDPR and the legal order of the Czech Republic, in particular by Act No. 89/2012 Coll., the Civil Code, as amended.
These Terms become effective on February 10, 2026.