Privacy Policy
Last updated: February 2026
We value your trust and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our Website or communicate with us. This policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation – GDPR) and applicable Czech data protection legislation.
1. Data Controller
The controller of your personal data is:
| Company | UNAR s.r.o. |
| Registered office | Slavkov pod Hostýnem 195, 768 61 Bystřice pod Hostýnem, Czech Republic |
| IČO (Company ID) | 29192510 |
| DIČ (VAT ID) | CZ29192510 |
| unar@unar-prohotel.com | |
| Phone | +420 608 600 144 |
2. What Personal Data We Collect
We collect and process different categories of personal data depending on how you interact with our Website:
2.1 Data You Provide Voluntarily
When you submit an inquiry form, request a catalogue, or contact us by email or phone, we may collect:
- Name and surname
- Company or hotel name
- Email address
- Phone number
- Delivery/project address (if relevant to your inquiry)
- Content of your message or inquiry
- Project specifications and requirements
2.2 Data Collected Automatically
When you visit our Website, the following data may be collected automatically through cookies and similar technologies:
- IP address
- Browser type and version
- Operating system and device information
- Pages visited, time spent, and navigation patterns
- Referring website (the page from which you arrived)
- Date and time of access
- Language and region preferences
For detailed information about cookies used on this Website, please refer to our Cookie Policy.
2.3 Data from Third-Party Sources
In some cases, we may receive your contact information from business partners, trade fair organisers, or industry platforms where you have expressed interest in hotel furnishing products. In such cases, we process your data based on our legitimate interest in B2B business development, and you are always free to opt out.
3. Purposes and Legal Basis for Processing
We process your personal data for the following purposes:
| Purpose | Description | Legal Basis (GDPR) |
|---|---|---|
| Responding to inquiries | Processing your product inquiries, providing quotes, and answering your questions | Pre-contractual measures at your request (Art. 6(1)(b)) |
| Contract fulfilment | Managing orders, coordinating delivery, and handling complaints in the context of a commercial relationship | Performance of a contract (Art. 6(1)(b)) |
| Business communication | Sending newsletters, product updates, new project showcases, and trade fair invitations to existing business contacts | Legitimate interest (Art. 6(1)(f)) or Consent (Art. 6(1)(a)) |
| Website analytics | Analysing website usage to improve content, functionality, and user experience | Consent (Art. 6(1)(a)) for non-essential cookies; Legitimate interest (Art. 6(1)(f)) for essential analytics |
| Legal compliance | Retaining data as required by tax, accounting, and commercial legislation | Legal obligation (Art. 6(1)(c)) |
| Protecting our rights | Establishing, exercising, or defending legal claims | Legitimate interest (Art. 6(1)(f)) |
Where processing is based on legitimate interest, we have carried out a balancing test and concluded that our business interests do not override your fundamental rights and freedoms. You have the right to object to such processing at any time.
4. Who Has Access to Your Data
We do not sell, rent, or trade your personal data. We may share your personal data with the following categories of recipients, who act as data processors or independent controllers:
| Recipient Category | Purpose | Safeguards |
|---|---|---|
| Shopify Inc. | Website hosting and platform services | Shopify DPA, SCCs |
| Google LLC | Website analytics (Google Analytics) and advertising (Google Ads) | EU-U.S. Data Privacy Framework, SCCs |
| Meta Platforms Inc. | Advertising and remarketing (Meta/Facebook Pixel) | EU-U.S. Data Privacy Framework, SCCs |
| Email marketing provider | Sending newsletters and product updates (e.g., Klaviyo, Mailchimp) | DPA, SCCs where applicable |
| Delivery and logistics partners | Fulfilment and delivery of orders (when a commercial contract is established) | Contractual data protection clauses |
| Professional advisors | Legal, accounting, and tax services as required by law | Legal professional privilege / statutory obligations |
All third-party service providers are contractually bound to protect your personal data and process it only in accordance with our instructions and applicable data protection legislation.
5. International Data Transfers
Some of our service providers are based outside the European Economic Area (EEA), primarily in the United States and Canada. Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including:
- Adequacy decisions by the European Commission (e.g., EU-U.S. Data Privacy Framework)
- Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR
- Data Processing Agreements (DPAs) with each processor that include binding data protection commitments
You may request a copy of the relevant safeguards by contacting us at unar@unar-prohotel.com.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Inquiry data (no contract established) | Up to 3 years from the last communication |
| Contractual and order data | For the duration of the contract + statutory limitation period (typically 3–10 years under Czech law) |
| Tax and accounting records | 10 years as required by Czech accounting and tax legislation |
| Newsletter subscriber data | Until you unsubscribe or withdraw consent, then deleted within 30 days |
| Website analytics data | Up to 26 months (as configured in Google Analytics) or shorter |
When the retention period expires and there is no legal basis for further processing, your personal data will be securely deleted or anonymised.
7. Data Security
We take the security of your personal data seriously. We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption for all data transmitted through the Website
- Access controls limiting data access to authorised personnel only
- Secure hosting on the Shopify platform, which maintains PCI DSS Level 1 compliance and SOC 2 Type II certification
- Contractual data protection obligations binding all third-party processors
- Regular review of security practices and data processing activities
While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to minimising risks and responding promptly to any security incidents.
8. Your Rights Under GDPR
As a data subject, you have the following rights in relation to your personal data:
| Right | Description |
|---|---|
| Right of access (Art. 15) | You may request confirmation of whether we process your personal data and, if so, access to it along with details about the processing. |
| Right to rectification (Art. 16) | You may request correction of inaccurate personal data or completion of incomplete data. |
| Right to erasure (Art. 17) | You may request deletion of your personal data (“right to be forgotten”) where there is no compelling reason for continued processing. |
| Right to restriction (Art. 18) | You may request limitation of processing in certain circumstances, e.g., while we verify the accuracy of your data. |
| Right to data portability (Art. 20) | You may request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller. |
| Right to object (Art. 21) | You may object to processing based on legitimate interest, including profiling, and you may object at any time to processing for direct marketing purposes. |
| Right to withdraw consent (Art. 7(3)) | Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. |
| Right to lodge a complaint (Art. 77) | You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. |
How to exercise your rights: You may contact us at unar@unar-prohotel.com or by post to the address listed above. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request. If your request is complex or we receive a high volume of requests, we may extend the response period by an additional 60 days, in which case we will notify you.
Supervisory authority: You have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, www.uoou.cz, or with the supervisory authority in your country of habitual residence within the EU/EEA.
9. Marketing Communications
If you are an existing business contact or have expressed interest in our products, we may send you commercial communications about our products, services, project references, and trade fair participation. You can easily unsubscribe at any time by clicking the unsubscribe link in any email, or by contacting us at unar@unar-prohotel.com.
We will never sell or share your contact details with third parties for their own marketing purposes.
10. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to ensure proper functionality, analyse website traffic, and deliver relevant content. Non-essential cookies are only placed with your prior consent, which you can manage through the cookie consent banner displayed on our Website.
For comprehensive information about the specific cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
11. Children’s Privacy
This Website is intended for business professionals and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such data promptly.
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, as defined in Article 22 of the GDPR.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or operational needs. Any material changes will be indicated by updating the “Last updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.
14. Contact
If you have any questions about this Privacy Policy, about how we handle your personal data, or if you wish to exercise any of your rights, please contact us:
UNAR s.r.o.
Slavkov pod Hostýnem 195, 768 61 Bystřice pod Hostýnem, Czech Republic
Email: unar@unar-prohotel.com
Phone: +420 608 600 144
Website: www.unar-prohotel.com