Privacy Policy

RUNESTONE HANDLUNG s.r.o. ("we", "our", or "us"), registered at Soukenická 877/9, Moravská Ostrava, 702 00 Ostrava, Czech Republic, is committed to protecting and respecting your privacy.

This Privacy Policy explains what personal data we collect when you visit our website or use our services, how we use it, with whom we share it, and what rights you have regarding your data. It applies to all personal information processed by us in connection with your use of our website and services.

By using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website.

We may collect and process the following categories of personal data:

• Contact Information — name, email address, phone number, and company name provided through contact or inquiry forms.
• Communication Data — messages, emails, and other correspondence you send to us.
• Technical Data — IP address, browser type and version, operating system, referral source, and pages visited, collected automatically when you access our website.
• Usage Data — information about how you interact with our website, including time spent on pages and navigation paths.
• Cookie Data — data stored in cookies and similar tracking technologies as described in our Cookie section below.

We do not collect sensitive personal data such as health information, racial or ethnic origin, or financial account details unless explicitly required for a specific service and with your clear consent.

We use collected personal data for the following purposes:

• To respond to your inquiries and provide the services you have requested.
• To communicate with you about projects, proposals, and ongoing work.
• To improve and optimise our website and service offerings.
• To monitor website performance and analyse usage patterns.
• To comply with applicable legal obligations under Czech and EU law.
• To protect against fraud, unauthorised access, and other unlawful activities.

We process your personal data based on the following legal grounds: your consent, the performance of a contract or pre-contractual measures, compliance with a legal obligation, or our legitimate interests where these are not overridden by your rights.

Our website uses cookies — small text files stored on your device — to distinguish you from other users, improve your experience, and analyse website traffic.

We use the following types of cookies:

• Strictly Necessary Cookies — essential for the website to function properly. These cannot be disabled.
• Analytical Cookies — help us understand how visitors use our website, allowing us to improve its structure and content.
• Preference Cookies — remember your choices and settings to provide a personalised experience.

You can control and manage cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website. Your cookie preferences are stored locally and can be changed at any time by clearing your browser data.

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following limited circumstances:

• Service Providers — trusted third-party vendors who assist us in operating our website and providing services (e.g. hosting, analytics), subject to strict confidentiality obligations.
• Legal Requirements — when required to do so by law, court order, or governmental authority.
• Business Transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• With Your Consent — in any other situation, only with your explicit prior consent.

Any third parties with whom we share data are required to comply with applicable data protection legislation and to maintain appropriate security measures.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

Contact and communication data is generally retained for up to 3 years after our last interaction, unless a longer retention period is required by law. Technical and usage data derived from website analytics is typically retained in aggregated, anonymised form.

When personal data is no longer required, we securely delete or anonymise it in accordance with our internal data management procedures.

We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction.

These measures include encrypted data transmission (TLS/SSL), access controls, and regular security reviews. However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access — to obtain confirmation as to whether we process your personal data and to receive a copy of it.
• Right to Rectification — to request correction of inaccurate or incomplete personal data.
• Right to Erasure — to request deletion of your personal data under certain conditions.
• Right to Restriction — to request that we limit the processing of your data in certain circumstances.
• Right to Data Portability — to receive your personal data in a structured, machine-readable format.
• Right to Object — to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent — where processing is based on consent, to withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at info@runestonehandlung.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (uoou.cz) if you believe your rights have been violated.

Our website may contain links to third-party websites that are not operated or controlled by us. This Privacy Policy does not apply to those websites. We have no responsibility for the content or privacy practices of any third-party sites and encourage you to review their respective privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.