PERSONAL DATA PROTECTION
I. Basic provisions
- The controller of personal data pursuant to Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is Ing. Tereza Benešová Company ID No: 88168638 based in Sokolská 1793/50, Praha 2, 120 00 (hereinafter “administrator”).
- Administrator's contact information is: address: Sokolská 1793/50, Praha 2, 120 00, email address: firstname.lastname@example.org, phone number: +420 607 687 647
- Personal data means all information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a particular identifier, such as name, identification number, locator data, network identifier or one or more special elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.
- The administrator didn't appoint a trustee for the protection of personal data.
II. Sources and categories of personal data processed
- The administrator processes the personal data that you have provided to him or the personal information that the administrator has received by the fulfillment of your order.
- The administrator processes your identification and contact details of the data necessary for the performance of the contract.
III. Legal reason and purpose of processing personal data
- Legal reason for the processing of personal data is
- performance of the contract between you and the administrator Article 6 par. 1 b) GDPR,
- legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) under art. 6 par. 1 f) GDPR,
- your consent to the processing for the purpose of providing direct marketing (in particular for sending commercial messages and newsletters) pursuant to art. 6 par. 1 a) GDPR in conjunction with § 7 par. 2 of Act No. 480/2004 Coll., on some information society services in the event that there was no order of goods or services.
- The purpose of processing personal data is
- the execution of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the Administrator; when ordering personal data are required for successful execution of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without providing personal data, it is not possible to conclude the contract or to fulfil it by the administrator,
- sending commercial communications and other marketing activities.
- The administrator does not have automatic individual decision-making within the meaning of article 22 GDPR. You have given your explicit consent with such processing of your personal data.
IV. Data retention period
- The administrator keeps personal information
- for as long as is necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and the enforcement of claims from these contractual relations (for a period of 15 years from the end of the contractual relationship).
- as long as the consent to the processing of personal data for marketing purposes is revoked, not more than 5 years if personal data are processed by consent.
- After the personal data retention period expires, the administrator deletes the personal information.
V. Recipients of personal data (sub-contractors of the administrator)
- Recipients of personal data are persons
- involved in the supply of goods / services/ implementation of payments under the contract,
- providing e-shop services and other services in connection with the operation of the e-shop,
- providing marketing services.
- The administrator does not intend to transfer personal data to a third country (non-EU country) or international organization. Recipients of personal data in third countries are mailing / cloud service provides.
VI. Your rights
- Under the conditions set out in GDPR, you have
- right of access to your personal data under art. 15 GDPR,
- right to repair personal data pursuant to art. 16 GDPR, where applicable, limitation of processing in accordance with article. 18 GDPR.
- right to erasure of personal data pursuant to art. 17 GDPR.
- right to object to the processing under art. 21 GDPR and
- right to data portability under art. 20 GDPR.
- right to revoke consent to the processing in writing or electronically to the administrator's address or email referred to in art. III to these conditions.
- You also have the right to lodge a complaint with the Office for Personal Data protection in the event that you believe that your right to the protection of personal data has been infringed.
VII. Personal information security terms
- The administrator declares that he has taken all appropriate technical and organisational measures to secure personal data.
- The administrator has adopted technical measures to secure data repositories and personal data stores in paper form. In particular, using of antivirus programs, secure backups, secure passwords, etc.
- The administrator declares that personal data can only be accessed by authorized persons.
VIII. Final provisions
- The administrator is authorized to change these terms. The new version of the privacy terms will be published on its website and he can also send you a new version of these terms and conditions to your email address provided by you to the administrator.