1. Responsible persons
Personal data controller:
##GDPR_FIRM, CRN: 03327761, with registered office Hlučínská 96/1, Bolatice 747 23
Contacts for exercising your rights: Telephone: ##GDPR_TELEPHONE, E-mail: email@example.com
(hereinafter also referred to as "we"; "us"; "our" or "us")
2. Basic terms
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, effective from 25 May 2018.
Personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") means any information about an identified or identifiable natural person (i.e. the data subject = you).
Special personal data:
Special personal data means data concerning racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership; the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person and data concerning the health or sex life or sexual orientation of a natural person.
Data subject = You:
Data subject means an identified or identifiable natural person, where an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Controller shall be the Controller within the meaning of Art. 4(7) of the GDPR and means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data. We act as the Controller in relation to your personal data.
The processor shall be the following within the meaning of Art. 4(8) of the GDPR, a natural or legal person, public authority, agency or other body that processes personal data for the Controller.
Supervisory authority in the Czech Republic means the Office for Personal Data Protection (hereinafter referred to as the "OPDP").
Risky processing means processing that is likely to pose a risk to the rights and freedoms of data subjects, the processing is not occasional or involves the processing of special personal data or personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.
Automated individual decision-making, including profiling:
Automated individual decision-making, including profiling, generally means any form of decision based on automated processing of personal data, i.e. without human intervention, based, inter alia, on the evaluation of certain personal aspects relating to the data subject, in particular for the purpose of analysing or estimating, or analysing or predicting aspects relating to his or her work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
3. Categories of subjects, the personal data processed, purpose, legal basis and duration of processing
We process personal data for a clearly defined purpose:
of data subjects
|Purpose of processing|
and personal data processed
|Our customers||The execution and implementation of contracts concluded with customers||The legal basis is the performance of the contract.|
Identification data (first name, last name), contact data (delivery or residential address, e-mail, telephone), accounting data (credit card number, bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects).
|For this purpose, personal data may be processed for the duration of the contractual relationship and the warranty period.|
|Exercise of contractual claims after termination of the contract||The legal basis is our legitimate interest in the right to recover receivables, damages and other claims that may have arisen during the course of our contractual relationship.|
Identification data (first name, last name), contact data (delivery or residential address, e-mail, telephone), accounting data (bank account number), order history, IP address, cookies and registration data for the account through which you log in, and data from the complaint form (product identification, product defects) are necessary after termination of the contract for the processing of complaints, the recovery of claims and other contractual obligations under the contracts concluded between us and these data subjects.
|For this purpose, personal data may be processed for a period of four years after the termination of the contractual relationship, and, in the case of legal proceedings, for the entire duration of the proceedings.|
|Fulfilling our accounting and tax obligations||The legal basis is the fulfilment of a legal obligation imposed on us by legislation such as the Accountancy Act or the Value Added Tax Act.|
Identification data (name, surname), contact data (delivery address or permanent address, e-mail, telephone), accounting data (bank account number and other information on tax documents).
|For this purpose, personal data may be processed for up to 10 years from the end of the tax year in which the transaction was provided to the customer.|
|Dissemination of commercial communications in the form of professional information and reports, marketing materials, offers of our goods or services||The legal basis is our legitimate interest in providing and offering you similar services or goods that meet your needs, based on our common business relationship.|
The processing of customer identification and contact personal data is carried out for the purpose of disseminating commercial communications.
|For this purpose, personal data may be processed for the duration of the contractual relationship.|
|Visitors to the website||Statistics before data anonymization, displaying ads for our services or goods||The legal basis is our legitimate interest in a) improving our services and focusing on what you are really interested in; b) offering you similar services or goods that match your needs, based on your access to our website.|
Identification data (first name, last name), contact data (address, e-mail, telephone), IP address and cookies.
|For this purpose, personal data may be processed for a period of 6 months.|
|Sending a response to a website visitor's query||The legal basis is the performance of the contract or your consent|
Identification data (first name, surname), contact data (address, e-mail, telephone), IP address and cookies, a request made via the form.
|For this purpose, the personal data may be processed until the enquiry from the contact form has been processed, but no longer than 30 days or the duration of your consent to processing.|
|Newsletter Subscribers||Regular sending of commercial communications by e-mail||The legal basis is the consent you gave us when you registered for the newsletter.|
Identification data (name and surname), contact data (e-mail).
|For this purpose, personal data may be processed until the consent is withdrawn.|
4. Duration of processing personal data
We only retain personal data for as long as is necessary for the purpose of processing - see table above. After this period, personal data may be kept only for the purposes of the National Statistical Service, for scientific purposes and for archiving purposes.
5. Recipients of personal data and transfer of personal data outside the European Union
In justified cases, we may also transfer your personal data to other entities ("recipients").
Personal data may be transferred to these recipients:
- Processors who process your personal data according to our instructions, in particular in the area of contact with the public, electronic data management or bookkeeping;
- public authorities and other entities if required by an applicable law;
- other entities if there is an unexpected event in which disclosure is necessary to protect life, health, property or another public interest or it is necessary to protect our rights, property or safety.
Most browsers are set to accept cookies. However, you have the option to set your browser to block cookies or to inform you when cookies are sent. However, some services or features will not work properly without cookies.
Our website uses "first party" cookies, i.e. cookies used only by our website (hereinafter referred to as first party cookies) and "third party" cookies (i.e. cookies originating from third party websites).We use first party cookies to store user preferences and data needed during your visit to the website (e.g. the contents of your shopping cart).We use third party cookies to track user trends and behaviour patterns, target advertising with the help of third party web statistics providers. Third-party cookies used to track trends and patterns of behaviour are only used by our website and web statistics provider and are not shared with any other third party.
7. Personal data processing principles
We process your personal data in accordance with applicable law, in particular the GDPR.
Consent of the data subject
We process personal data only in the manner and to the extent that you have given us consent for, if consent is necessary for the processing.
Minimization and limitation of personal data processing
We only process personal data to the extent necessary to achieve the purpose of processing and for no longer than necessary to achieve the purpose of processing.
Accuracy of personal data processed
We process personal data with an emphasis on accuracy, using the measures available. And we process updated personal data using reasonable means.
Through this Policy and the contact person, you have the opportunity to learn about the way we process your personal data, as well as its scope and content.
We process personal data only to the extent necessary to fulfil the stated purpose and in accordance with that purpose.
We process personal data in a manner that ensures it has appropriate security, including its protection by appropriate technical or organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.
8. Automated, individual decision-making and profiling
The processing of personal data does not involve automated, individual decision-making, not even on the basis of profiling.
9. Your rights as a data subject
Right of access to personal data
You have the right to request we give you access to personal data concerning you. In particular, you have the right to obtain confirmation from us as to whether or not the personal data concerning you are being processed by us, as well as to be provided with further information about the data processed and the manner of processing within the meaning of the relevant provisions of the GDPR (purpose of processing, categories of personal data, recipients, intended storage period, existence of your right to request rectification, erasure, restriction of processing or right to object, source of personal data and the right to lodge a complaint). If you request it, we will provide you with a copy of the personal data we process about you free of charge. In the case of a repeat request, we may charge a reasonable fee for providing a copy, corresponding to the administrative costs of processing.
To access your personal information, please use your user account or the contacts listed in this policy.
Right to withdraw consent to the processing of personal data where the processing is based on consent
You have the right to withdraw consent to the processing of personal data processed by us on the basis of this consent at any time.
You may withdraw consent by using your user account or the contacts listed in this Policy.
Right to rectification, restriction or deletion
If you find that the personal data we hold about you is inaccurate, you can request that we correct the data without undue delay. If it is reasonable, in the particular circumstances of the case, you may also request that we supplement the data we hold about you.
You can request correction, restriction of processing or deletion of data through your user account or the contacts listed in this Policy.
Right to erasure of personal data
You have the right to request that we erase the personal data we process concerning you without undue delay in the following cases:
- If you withdraw your consent to the processing of your personal data and there is no other legitimate reason, on our part, for processing it that overrides your right to erasure;
- if you object to the processing of personal data (see below);
- Your personal data is no longer needed for the purposes for which we collected or otherwise processed it;
- personal data has been unlawfully processed by us;
- personal data has been collected by us in connection with the offer of company information services to a person under the age of 18;
- the personal data must be erased in order to comply with a legal obligation under European Union law or Czech law that applies to us.
You can request deletion in these cases by using your user account or the contacts listed in this Policy.
The right to request the erasure of personal data is not given in a situation where the processing is necessary
- For the exercise of the right to freedom of expression and information;
- to meet our legal obligations;
- for reasons of public interest in the field of public health;
- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, where the erasure of the data is likely to prevent or seriously jeopardize the achievement of the purposes of that processing;
- for the establishment, exercise or defence of legal claims.
You can find out if there are reasons why you cannot exercise your right to erasure by contacting your user account or the contacts listed in this Policy.
Right to restrict the processing of personal data
You have the right to have us restrict the processing of your personal data where:
- You contest the accuracy of the personal data. In this case, the restriction applies for the time necessary to verify the accuracy of the personal data.
- The processing is unlawful and you refuse the erasure of your personal data and instead request a restriction on its use.
- We no longer need your personal data for the purposes for which we processed it, but you require it for the establishment, exercise or defence of legal claims;
- You object to the processing (see below). In this case, the restriction applies for a period of time until it is verified that the legitimate reasons on our side outweigh your legitimate reasons.
At the time of restriction of processing of personal data, we may only process your personal data (except for storage) with your consent or for the establishment, exercise or defence of our legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest pertaining to the Union or a Member State. As stated above, you can request a restriction on processing through your user account or the contacts listed in this Policy.
Right to object to processing
You have the right to object to the processing of your personal data in the following cases:
- Where personal data is processed for a reason where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or for the purposes of our legitimate interests and you object to the processing, we may not further process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of our legal claims.
- If personal data is processed for direct marketing purposes and you object to the processing, we will no longer process the personal data for these purposes.
- If your personal data is processed for scientific or historical research purposes or for statistical purposes, we will not process it further unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You may submit an objection through your user account or the contacts listed in this Policy.
Right to data portability
If we process your personal data on the basis of your consent or because it is necessary for the performance of a contract concluded between us, you have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, if the personal data is processed by us in this way. You have the right to transfer this data to another data controller or to request that we provide this data directly to another data controller, if technically feasible. You can obtain your personal data through your user account or the contacts listed in this policy.
Theright not to be subject to any decision based solely on automated processing, including profiling
We do not use personal data for automated decision-making.
Right to be informed of a breach of your personal data
If a breach of our security is likely to result in a high risk to your rights and freedoms, we will notify you of the breach without undue delay. If appropriate technical or organizational measures have been applied to the processing of your personal data, for example, to ensure that it is incomprehensible to an unauthorized person, or if we have taken additional measures to ensure that a high risk does not manifest itself, we do not have to transmit information about the breach to you.
Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates the obligations set out in the GDPR, you have the right to lodge a complaint with a supervisory authority. The supervisory authority in the Czech Republic is the Office for Personal Data Protection.