I. Basic Provisions
- Based on Article 4, Paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), the appointed administrator of personal data is Jaroslav Bartos, VAT CZ9403253596 with registered offices Vlci Habrina 29, 53341 Lazne Bohdanec, Czech Republic. (hereinafter “Administrator”).
- The Administrator’s contact details are:
Address: Vlci Habrina 29, 53341 Lazne Bohdanec, Czech Republic
E-mail: [email protected]
Phone: +420 704 064 368
- Personal data shall be defined as all information pertaining to an identified or identifiable individual, natural person. An identifiable individual is an individual, who can be directly or indirectly identified, especially by a link to a certain identifier, such as name, identification number, location data, network identifier, or one (or more) characteristic features of physical, physiological, genetical, psychical, economic, cultural or social identity of such individual.
- The Administrator appointed a Data Protection Officer. You can contact him via e-mail [email protected] with suggestions and submissions regarding your account and personal data.
II. Sources and categories of processed personal data
- The administrator processes personal data provided by you (hereinafter: ‘user’), or personal data, which the Administrator received based on a user’s order fulfillment.
- The administrator processes the user’s identification and contact details, plus any information required for fulfillment of the contract.
III. The legal reason, extent, and purpose of personal data processing
- Legal reasons for processing of personal data:
- Performance of the contract between the user and the Administrator according to Article 6, Paragraph 1 (b) of GDPR
- Legitimate interest of the Administrator to provide direct marketing (especially for sending e-mail notifications and newsletters) according to Article 6, Paragraph 1 (f) of GDPR
- Obtaining the user’s consent to process personal data for the purpose of providing direct marketing (especially sending e-mail notifications and newsletters) according to Article 6, Paragraph 1 (a) of the GDPR in connection with Section 7 (2) of Act No. 480/2004 Coll. on certain Information Society Services and on Amendments to some Acts – in case there was no order of goods and/or services insofar as.
- The purpose of data processing is:
- Fulfilling a user’s order and exercising rights and obligations arising from a contractual relationship between the user and the Administrator. During the checkout process, personal information is requested from the user to successfully fulfill the order (name, address and contact details). Supplying the personal information is a requirement necessary to enter into and to perform under a contract. Without providing personal information, it’s not possible to enter into an agreement or to fulfill it.
- Sending e-mail notifications and newsletters, and performing other marketing activities
- Using other services and websites provided by Administator.
- There is no automatic individual decision making performed by the Administrator within the meaning of Article 22 of GDPR. The user has provided expressed consent to such processing of data.
IV. Data retention time
- The Administrator keeps personal data:
- For the time necessary to exercise rights and obligations arising from a contractual relationship between the user and the Administrator, and assertion of claims arising from these contractual relationships (for 15 years from the termination or expiration of the contractual relationship)
- Until the consent to process personal data for marketing purposes is revoked, maximum up to 15 years, if the personal data is kept based on consent
- After the data retention period is over, the Administrator will delete the personal data.
V. Persons with access to personal data (Administrator’s subcontractors, agents)
- Persons with access to personal data are individuals:
- Participating in goods delivery / service provisioning / payments processing based on the contract
- Managing the e-shop and other services related to running the e-shop
- Managing marketing services
- The Administrator has no intention to share the users’ personal data in a country outside of the European Union or with an international organization.
- Services providing marketing and supporting services
- Google Analytics – stores cookies and web usage statistics
- Google AdWords – stores cookies and web usage statistics
- Facebook – stores cookies and web usage statistics
- Hotjar – stores cookies and web usage recordings
VI. User rights
- Based on the terms and conditions stated in GDPR, the user has:
- The right to access their personal data under Article 15 of GDPR
- The right to edit personal data under Article 16 of GDPR,
- Or to restrict the processing under Article 18 of GDPR
- The right to delete personal data under Article 17 of the GDPR
- The right to object to personal data processing under Article 21 of the GDPR
- The right to data transfer under Article 20 of the GDPR
- The right to withdraw consent to the processing of personal data. A user’s consent can be withdrawn electronically or physically – by sending an e-mail or a letter to the Administrator as written in Section I of these terms. The user can revoke their consent at any time in their user account.
- The user also has the right to file a complaint with the Personal Data Protection Office if the user believes that their privacy has been violated.
VII. Conditions of personal data security
- The Administrator declares that all suitable technical and organizational measures to secure personal data have been taken.
- The Administrator took technical measures to secure data storage and any storage containing personal data stored as a list, especially a secured/encrypted web access, customer password encryption in the database, regular security updates and regular system backups.
- The administrator declares that only authorized personnel has access to personal data.
VIII. Final Provisions
- By placing an order using the online order form, the user confirms, that they are familiar with the terms of personal data protection and that the user accepts them in full.
- The user agrees to these terms and conditions by ticking the appropriate box in the online order form. By ticking the box, the user confirms that they are familiar with the terms and conditions of personal data protection and that the user accepts them in full.
- The Administrator is entitled to change these terms and conditions at any time. A new version of terms and conditions will be published online at least 7 days prior to entry into force.
These terms and conditions enter into force starting May 25th, 2020.