Do what you do best and outsource the rest!

WELL PACK / Privacy Policy

Privacy Policy

Privacy Policy – Terms and Conditions of Personal Data Processing

(pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council – hereinafter “GDPR”)

Data Controller
WELL PACK s.r.o.
Company ID: 28214889
Registered office: Za Sedmidomky 15, 101 00 Prague 10, Czech Republic
Registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 17312
(hereinafter referred to as the “Controller”)

1. Introductory Provisions

These Privacy Policy – Terms and Conditions of Personal Data Processing (hereinafter the “Terms”) govern, in accordance with Article 28 of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”), the mutual rights and obligations in cases where the Controller processes personal data provided by end users of the website www.wellpack.org (hereinafter the “User”).

While using the Controller’s website, the User may be asked to provide personal data that may be used by the Controller to contact the User. This includes, but is not limited to:

Full name
Email address
Telephone number
The Controller is also able to identify the User’s IP address, from which the geographic location, browser type and version, operating system, and device information can be inferred. Furthermore, the Controller has access to statistical data such as:

Website pages visited by the User
Date and time of the User’s visit
Time spent on specific pages and related interactions
These personal data are used by the Controller to contact the User about services, service updates, or service terms. The information may also be used for market research purposes. The Controller does not collect information about third parties from Users, nor does it collect User information from third parties.

The Controller declares that it complies and will continue to comply with all applicable legislation and these Terms throughout the entire data processing period. Should the Controller have reason to doubt its future ability to comply, it must take immediate corrective action and inform the User without undue delay.

The Controller has not appointed a Data Protection Officer (DPO).

2. Rights and Obligations

The Controller is obligated to comply with these Terms during the processing of personal data.
The Controller must maintain confidentiality regarding all information received from the User, including personal data and related security measures. Persons authorized to process personal data must be bound by confidentiality obligations.
The Controller may engage additional data processors and must ensure they comply with these Terms. The Controller is fully responsible for such processors as if it had processed the data itself.
Once the purpose for processing has ceased or the storage period has expired, the Controller will cease processing and delete all personal data and copies thereof, except where retention is required by applicable law.
The legal basis for processing is the User’s consent to these Terms.

Recipients of personal data: Personal data may be disclosed to public authorities and other entities in accordance with legal obligations (e.g., tax authorities, courts, law enforcement, bailiffs).

Data retention period: Personal data will be processed for the duration of the User’s consent. Upon withdrawal, processing will comply with applicable law, in particular Act No. 499/2004 Coll. (on Archiving and File Services) and GDPR Regulation (EU) 2016/679.

3. User Rights

Right of access: The User may request confirmation of whether their data is being processed and, if so, obtain access to the data and information on the processing.
Right to rectification: The User may request correction of inaccurate personal data and completion of incomplete data.
Right to erasure: The User may request deletion of personal data if conditions for erasure are met.
Right to restriction: The User may request restriction of data processing under certain circumstances.
Right to object: The User may object to processing based on the Controller’s legitimate interests, tasks in public interest, or official authority.
Right to data portability: The User may receive personal data in a structured, commonly used and machine-readable format and transmit it to another controller, or request that the controllers transmit it between themselves (where technically feasible).
If the User is dissatisfied with how their data is being processed, they may file a complaint with the Controller or contact the Czech Data Protection Authority (Úřad pro ochranu osobních údajů).

4. Newsletters

The User may subscribe to newsletters. In doing so, the Controller may collect data including name, email address, and/or phone number. These data will be used exclusively for sending the Controller’s newsletters. The subscription is free of charge and can be cancelled at any time.

The Controller processes personal data for newsletter purposes only on the basis of the User’s subscription.

5. Security and Technical Measures

The Controller undertakes to implement technical, personnel, and other measures to prevent unauthorized or accidental access, alteration, destruction, or loss of personal data, unauthorized transmission, processing, or misuse.

The Controller shall take appropriate technical and organizational measures to ensure a level of security appropriate to the risks, taking into account the state of the art, nature, scope, context, and purposes of processing, as well as the likelihood and severity of risk to the rights and freedoms of natural persons.

Such measures include, but are not limited to:

pseudonymization and encryption of personal data,
ensuring ongoing confidentiality, integrity, availability, and resilience of systems,
the ability to restore availability and access in a timely manner in the event of physical or technical incidents,
regular testing, assessment, and evaluation of the effectiveness of security measures.
In particular, the Controller shall:

familiarize authorized persons with these Terms and ensure ongoing compliance,
ensure that only authorized persons may access automated processing systems,
prevent unauthorized access to data carriers (e.g., through physical locks),
ensure secure transfer of data to prevent unauthorized access.

6. Validity and Amendments

The Controller may update or replace these Terms at any time.

These Terms are effective as of 28.7.2025
Prague, dated 28.7.2025

WELL PACK s.r.o.