Privacy policy

What information we collect

When submitting a contact form, only the information necessary for the successful processing of the form (name, surname and e-mail address) is required.

How we collect information

We will obtain some information directly from you (by filling out the contact form). Some information is recorded automatically (using cookies).

Information we get from you

We only collect data that you choose to provide us with or that is strictly necessary to process the form. If we ask you to provide personal data, you do not have to provide it to us. However, refusal to provide personal data may result in restriction of services or the inability to use the full functionality of the system.

Information we collect automatically

We automatically record various information about how you use, for example, by using cookies. This enables us to analyse, improve and secure This data is anonymous.

What we use your information for

The data provided will be used to process forms, etc. Personal data is also processed via an electronic database for actions necessary and closely related to the performance of the provider's obligations and the performance of the contract, as well as, where applicable, by third-party data processors responsible for their actions.

Use of personal data

Personal information we collect helps us to provide and improve our products and related services. It is also used for effective communication with you.

Sharing of personal data

The data is only available to the provider, and is only disclosed to third parties in situations related to distribution or payment, bookkeeping and the fulfillment of other legal obligations of the provider. The data will not be disclosed to any other person.

Anonymous information

Harpuna s.r.o. services use cookies to improve the quality of services, personalize the product offer, collect anonymous data and for analytical purposes. By using the website, you agree to the use of this technology.

General information

Personal data processor – Harpuna s.r.o. (data is encrypted and stored on servers at WEDOS Internet, a. s.)

Server operator WEDOS Internet, a. s. (servers are located in the Czech Republic).

Data security

The user and the provider mutually undertake to treat confidentially all documents and information that are expressly marked as confidential, whose confidentiality is required by law or that are not recognizably marked as intended for a third party.


We will update this information from time to time to better inform you about how we handle personal data.

Processing agreement

  1. The provider is a processor in relation to the personal data of its clients in accordance with Article 28 GDPR. The client is the controller of this data.
  2. The provider undertakes to process personal data for The user to the extent and for the purposes set out in sections 3–6 of this Agreement. The means of processing will be automated. The provider will collect, store, retain, block and dispose of personal data in the course of the processing. The provider will not be entitled to process personal data in contravention of or in excess of the scope set out in this Policy.
  3. The provider undertakes to process personal data for the user to the following extent:
    1. common personal data
    2. special categories of data according to Article 9 GDPR
  4. The provider undertakes to process personal data for the user for the purpose of providing the Asan platform in the form of a license agreement.
  5. Personal data may be processed only at the provider's or its suppliers' workplaces as specified in section 7 of these of this Policy, and only in the territory of the European Union.
  6. The provider undertakes to process the personal data of the user's clients for the user for the time necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and from the exercise of claims arising from these contractual relationships (for a period of 5 years from the termination of the contractual relationship).
  7. The user hereby grants permission with the involvement of a subcontractor as an additional processor pursuant to Article 28(2) of the GDPR, which is the hosting provider WEDOS Internet, a. s. The user also grants the provider a non-specific permission to involve an additional processor in the processing of personal data, however, the provider must inform the user in writing of any intended changes regarding the acceptance of additional processors or their replacement and provide the user with the opportunity to object to these changes. The provider must impose the same data protection obligations on its subcontractors as processors of personal data as set out in this Policy.
  8. The provider undertakes that the processing of personal data will be secured in particular as follows:
    1. Personal data is processed in accordance with legal regulations and on the basis of the user's instructions, i.e., for the performance of all activities necessary for the provision of the Asan online store platform in the form of a license agreement.
    2. The provider undertakes to technically and organizationally ensure the protection of the processed personal data so that unauthorized or accidental access to the data, its alteration, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse cannot occur, and that all obligations of the processor of personal data arising from legal regulations are ensured in terms of personnel and organization continuously during the processing of the data.
    3. The technical and organisational measures taken are appropriate to the level of risk involved. The provider will use the measures to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and processing services and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents.
    4. The provider hereby declares that the protection of personal data is subject to the provider's internal security regulations.
    5. Only authorized persons of the provider and subcontractors according to section 7 of this Policy, who will meet the conditions for data processing set by the provider, will have access to personal data, and each such person will access personal data under their unique identifier.
    6. Authorized persons of the provider who process personal data according to this Policy are obliged to maintain confidentiality of personal data and security measures, the disclosure of which would jeopardize their security. The provider will ensure that these persons are demonstrably bound by this obligation. The provider will ensure that this obligation of the provider and its authorized persons survives termination of the respective employment or other relationship with the provideri.
    7. The provider will assist the user through appropriate technical and organizational measures, where possible, to comply with the user's obligation to respond to requests to exercise data subjects’ rights under the GDPR; as well as in ensuring compliance with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.
    8. After the end of the provision of performance that is associated with the processing according to section 6 of this Policy, the provider is obliged to erase all personal data or return it to the user, unless it is obliged to store personal data under specific legal regulations.
    9. The Provider will provide the user with all the information necessary to prove that the obligations under this Policy and GDPR have been fulfilled and undertakes to allow audits, including inspections, carried out by the user or another auditor commissioned by the user.
  9. The user undertakes to promptly report all facts known to them that could adversely affect the proper and timely performance of the obligations arising from this Policy and to provide the provider with the cooperation necessary for the performance of this Policy.
placeholder image