I. Basic Provisions
- In Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (here in after "GDPR"), the controller, is Ondřej Diviš, company reg. no. 74653571, with its registered office at Bohouňovice II 51, Horní Kruty 281 63, Czech Rep. (hereinafter referred to as "Controller").
- Controller's contact information: Bohouňovice II 51, Horní Kruty, 28163, Czech Rep.; email: firstname.lastname@example.org; phone: +420 604 589 946
- Personal data is defined as any information relating to an identified or identifiable physical person; an identifiable physical person is a physical person who can be identified, directly or indirectly, in particular by reference to an identifier, such as name, identification number, location data, network identifier, or one or more specific physical, physiological, genetic, psychological, economic, cultural or identity of the individual.
- The Controller has not appointed a data protection officer.
II. Sources and categories of personal data processed
- The Controller processes the personal data you have provided or the personal data that the Controller has obtained through the placement of your order.
- The Controller processes your identification and contact details and data necessary for the performance of the contract.
III. Legal reason and purpose of personal data processing
- The legal reason for processing personal data is
- fulfillment of the legal obligation imposed on the Contorller pursuant to GDPR Article 6 (1) (a) for the purposes of the performance of legal obligation of the Controller,
- performance of the contract between you and the Controller pursuant to GDPR Article b) for the purpose of executing the purchase agreement between you and the Controller, including negotiation of such purchase agreement, processing of your order and exercise of rights and obligations arising from the contractual relationship between you and the Controller; When ordering onlypersonal data necessary for successful execution of the order (name and address, email, phone number) are required, the provision of personal data is a necessary requirement for the implementation and execution of purchase contract,
- the legitimate interest of the Controller in providing direct marketing under GDPR Article 6 (1) (a); f) for the purpose of sending business messages and newsletters,
- the legitimate interest of the controller in exercising its rights under GDPR Article 6 (1) (a); f) for the purpose of recording and recovering debts owed.
- Your consent to processing of personal data for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to GDPR Article 6 (1) (a) a) in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on Certain Information Society Services, in the absence of ordering goods or services.
- There is no automatic individual decision-making within the meaning of GDPR Article 22.
IV. Data retention period
- The Controller will store personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to exercise claims from these contractual relationships (for a period of 5 years from the termination of the contractual relationship, or until the limitation period of all claims under the purchase agreement).
- for the period forwhich consent to processing personal data for marketing purposes was granted,maximum of 5 years, if personal data are processed based on legal consent.
- After the personal data retention period has expired, the administrator deletes personal data.
V. Recipients of personal data (subcontractors of the controller)
- Recipients of personal data are persons
- involved in the delivery of goods / services / contract-based payments,
- providing e-shop services and other services related to e-shop operation,
- providing marketing services
- legal, tax and accounting advisors to the administrator
- The Controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.
VI. Your rights
- Under the terms of the GDPR you have
- the right to access your personal data under Article 15 of the GDPR;
- the right to rectification of personal data pursuant to Article 16 of the GDPR, or to limit processing pursuant to Article 18 of the GDPR.
- the right to erasure of personal data pursuant to Article 17 of the GDPR.
- the right to object to the processing pursuant to Art. 21 GDPR and
- the right to data portability under Article 20 GDPR.
- the right to withdraw consent to personal data processing
- You may exercise all of the above rights by using the form provided here, which you will send to the Controller's e-mail address: email@example.com or in writing to the administrator's registered office.
- You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data has been violated.
- Types of Cookies
- Relational (i.e., temporary) cookies allow us to link your individual activities while viewing this website. When you open your browser window, these files are activated and disabled when you close your browser window. Session cookies are temporary and all files are deleted when the browser is closed.
- Permanent cookies help us identify your computer if you visit our website again. Another advantage of persistent cookies is that they allow us to tailor our website to your needs.
- If cookies are enabled, the web browser setting can be considered as consent to the processing of personal data. Browser is a tool for mediating consent.
- Purpose of using Cookies
- The Controllerdeclares that, in view of the risks identified for the rights and freedoms of natural persons in the processing of personal data, he has taken all appropriate technical and organizational measures to safeguard personal data.
- The Controller has taken technical measures to secure the data repositories and personal data repositories in paper form.
- The Controller declares that only authorized personally have access to the personal data repositories.
IX. Final Provisions
- You agree to these terms by selecting the consent via the online form. By confirming your consent, you acknowledge that you are familiar with the terms of your privacy and that you accept it in its entirety.
These conditions come into effect on 21.6.2019.