1. General provisions
- The personal data administrator in accordance with article 4 paragraph 7 of European Parliament regulation The General Data Protection Regulation (EU) 2016/679 (“GDPR”) Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as „GDPR“) is Dagmar Jelínková, IN: 70379521, based in V Kolkovně 8, 110 00 Praha 1 (hereinafter referred to as „administrator“)
- Administrator contact details:
Address: V Kolkovně 8, 110 00 Praha 1
Email address: firstname.lastname@example.org
Telephone number: +420 604 466 748
- As specified in article 4 of the GDPR: ‘personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The administrator has not authorised any other person for the role of data protection officer (DPO).
2. Data processing purpose, resources, categories and recipients of processed personal data
- The administrator processes personal information provided by you personally or information which the administrator received based on delivering your order.
- The administrator processes your identification and contact details as well as further details needed for performance of the contract.
3. Lawful cause and purpose of personal data processing
- For the purposes of this regulation, the legal basis means:
- performance of a contract between you and the administrator in accordance with article 6 paragraph 1 letter b) GDPR (hereinafter referred to as „Performance of a contract”)
- legitimate interest of the administrator in order to provide direct marketing (especially in order to send occasional commercial communications and newsletters) in accordance with article 6 paragraph 1 letter f) GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter referred to as „Legitimate interest“)
- your consent to have your personal data processed for the purposes of direct marketing providing (especially in order to send occasional commercial communications and newsletters) in accordance with article 6 paragraph 1 letter a) GDPR the data subject has given consent to the processing of his or her personal data for one or more specific purposes; in connection with article 7 paragraph 2 law no. 480/2004 Coll. as amended on some services of information company in case of not performing either goods or services order (hereinafter referred to as „Consent“)
- For the purposes of this regulation, processing personal data means:
- Performing your order and performance of work and obligations arising from the contractual relationship between you and the administrator; when placing an order certain personal details are needed for a successful performance of such order (full name, address, contact details); providing the administrator with such details is a requirement needed for contracting and fulfilling a contract, without such details being provided a contract is not possible to be concluded or fulfilled from the administrator’s side
- occasional commercial communications and other various marketing activities dispatch
- The administrator does not hold any rights to carry out automated individual decision-making as specified in article 22 GDPR.
Administrator’s role overview:
|Legitimate interest||Purpose||Data||Data source||Personal data recipients (processors)|
|Performance of a contract||Handling of an order and replying to an enquiry received by an internet contact form or via e-mail||Customers’/Clients’ personal data (contact details, delivery address)||Communication via e-mail, internet contact form||Subcontractors (Czech Post, bank), cloud data repositories, paper documents|
|Performance of a contract||Book keeping/Accounting||Suppliers and buyers personal data (contact details, residence, sometimes even the birth dates)||Invocies||Paper documents|
|Legitimate interest||Providing direct marketing (especially in order to send occasional commercial communications and newsletters)||Customers’/Clients’ contact details||Order forms information||Mailing services, cloud data repositories, subcontractors|
|Legitimate interest||Common visitors rate analysis, revealing mistakes on the server and prevention of frauds and attacks on the server||Pseudonymization of identifiers of registered users such as User ID, IP address etc.||The user’s movement on the web, registration, creating anonymized users ID, displaying the website with a mistake in it||Google Analytics, webhosting services and if needed further analytical services|
|Consent||Advanced attendance analysis||Monitoring the users movements on the website and filling out forms||User’s movement on the website, mouse clicking, typing||Services for monitoring user’s movement on the website|
|Consent||Marketing and the website promotion||Email addresses, prospective customers’ names, IP addresses and other technical identifiers||Newsletter form||Webhosting company and services for sending out emails|
|Customer’s review publishing||Customer’s full name, their photography and email address||Communication via e-mail, internet contact form||Cloud data repositories, mailing services|
|Consent||Profiling in order to display the complete contents of the website and for the purposes of direct marketing (newsletters)||Displaying the websites of particular products which the customer is looking at||Links and product details clicking||Webhosting company|
4. Data storage period
- The administrator stores the personal data:
- for a time period necessary for performance of work and obligations arising from the contractual relationship between you and the administrator and for various claims arising from such contractual relationships (for the time period of 15 years once the contractual relationship has been terminated).
- for a time period until the consent to data processing for the purposes of marketing, these having been processed based on a previous consent, is revoked.
- Once the data storage period has elapsed, the administrator erases all the personal data.
5. Personal data recipients (administrator’s subcontractors)
- Personal data recipients mean:
- people involved in delivering the goods and payment executions based on the contract (e.g. bank)
- people maintaining the e-shop (web hosting) and other services connected with the e-shop’s operations
- people ensuring delivery services (Czech Post)
- The administrator has in their intention to transfer the personal data to a third country (a country outside the EU) or to an international company. Recipients of personal data in the third countries are mailing services, data repositories, files and analytical tools providers whose servers are located in those countries.
6. Your rights
- In accordance with the GDPR regulation you have every right to:
- Right of access by the data subject – article 15 GDPR,
- Right to rectification – article 16 GDPR or, if necessary, right to restriction of processing – article 18 GDPR,
- Right to erasure („Right to be forgotten“) – article 17 GDPR.
- Right to object – article 21 GDPR
- Right to data portability – article 20 GDPR
- The data subject shall have the right to withdraw their consent at any chosen time. They can do so in written form or electronically via the email address of the administrator as stated in the article 1 of this regulation.
- Furthermore you are also granted the right to lodge a complaint with The Office for Personal Data Protection in such a case you believe your right for personal data protections has been breached.
7. Conditions for personal data securing
- The administrator claims that they have accepted all appropriate technical and organizational measures in order to fully secure personal data.
- The administrator has accepted technical measures in order to safely secure data repositories and repositories of personal data in paper form, especially securing the electronic data repositories with a password, anti-virus software and securing the printed out order forms and invoices in a locked cabinet placed in a lockable room.
- The administrator claims that only themselves authorised people have access to personal data.
8. Final provisions
- By placing an order via the internet order form you confirm being informed about the personal data regulation and that you accept those in their full extent.
- You express your consent to those by ticking the appropriate box in the internet order form. By ticking this box you confirm being informed about the personal data regulation and that you accept those in their full extent.
- The administrator is entitled to change these provisions. The latest update of these provisions and general personal data regulation will be published on the administrator´s website and at the same time will be sent to you via the email address you have provided the administrator with.
9. Cookies information
In order to improve the quality of the services offered, personalise of the offer, collect anonymous data for analytical purposes in their presentation does the administrator use so-called cookies.
- Functional cookies – cookies absolutely needed for securing the internet and website’s running and maintenance. There is no consent required for functional cookies usage.
- Performance cookies – cookies used for anonymous tracking of the website visitors rate and its performance. There is no consent required for performance cookies usage.
- Marketing cookies – cookies belonging to this category may be used in order to monitor users’ activities on our websites. Because of this monitoring we can be up-to-date on what our customers like and to constantly improve or better aim our social networks advertising. A consent is required for marketing cookies usage.
These conditions come into effect as of 25th May 2018.