Last updated: 01 January 2016
1. DATA PROCESSING SCOPE AND PURPOSE
1.1. Contractual relationship
The Administrator collects and processes personal data provided by its customers when they purchase goods through its online shop. The processing of personal data is necessary for the conclusion and fulfilment of the contract. If the customer does not agree to provide his/her personal data, the contract cannot be concluded. For the purpose of conducting the contractual relationship, the customer’s personal data is processed by means of online registration (name and surname, address, identification number or tax identification number), his/her contact details (email or phone number), and information related to the subject of the contract (identification of the goods, payment method including payment details such as the customer’s bank account number and bank identification information). The Administrator is also entitled to process this data for the protection of its rights in case of any potential dispute with the customer. The aforesaid data will be processed and stored for the duration of the contractual relationship, or even longer if required by law or necessary for the protection of the Administrator’s rights.
1.2. Marketing activities
Per section 7, paragraph 3 of Act No. 480/2004 Coll., on Certain Information Services Society Services, the Administrator may use the electronic contact details (email and phone number) to disseminate commercial communications concerning product or service offers like those already provided to customers. Per section 5, paragraph 5 of the Act, the Administrator may process the name, surname, and address of the customer to offer goods and services. In both cases, the personal data will be processed and stored for the duration of the contractual relationship unless the customer revokes his/her consent.
In all other cases, the Administrator processes the personal data of its customers or potential customers with their consent only. It typically happens if the Administrator collects and processes additional data received during their mutual contractual relationship (such as customer purchasing habits, preferences, and logs including IP address or cookies used for identifying such preferences) in order to offer of goods and services directly. The processing of personal data is voluntary and bears no impact on the contractual relationship regardless of whether consent is given or not. If consent is given, it is valid for the time necessary to process the data, unless and until the customer revokes it.
1.3. Maintenance of online shop and website
2. METHOD OF PROCESSING
2.1. The Administrator processes personal data under Article 1 above by means of online registration or by concluding a contractual relationship through its online shop. Therefore, personal data is automatically processed in electronic form. If necessary, personal data may be processed manually in paper form, e.g., through a paper order. Personal data is stored in the Administrator’s information system and can be backed-up on back-up server/data carriers if necessary.
2.2. The Administrator has adopted all necessary security measures to prevent any unlawful or accidental access to personal data, its alteration, destruction or loss, unauthorized transmission, or other unauthorized processing or abuse.
2.3. As pertains to automated processing, the Administrator has adopted security measures that allow access to the automated processing systems to authorized persons only. These persons shall have access only to information corresponding to their authorization and on the basis of the specific user authorizations established exclusively for these persons. The Administrator shall keep electronic records that allow for the identification and verification of when, by whom, and for what reasons personal data was accessed or otherwise processed.
3. TRANSFER AND ACCESS TO PERSONAL DATA
3.1. Personal data is collected and processed solely by the Administrator and is not currently transferred to any data processors or other third parties unless required by law. The Administrator may, however, transfer personal data necessary for the delivery of ordered goods to parties responsible for such delivery (i.e., Czech Post, s.p., Politických vězňů 909/4, 225 99, Praha 1, ID No. 471 14 983 or PPL CZ s.r.o., K Borovému 99, Jažlovice, 251 01, Říčany, ID No 251 94 798).
3.2. Personal data will be available only to the employees of the Administrator who are bound by confidentiality as regards personal data as well as valid security measures. Employees are entitled to process personal data only per the explicit instructions of the Administrator. The confidentiality obligation of employees continues after the termination of the employment relationship.
4. LINKS TO OTHER SITES
5. SOCIAL MEDIA WIDGETS
6. CHILD PRIVACY
6.1. The website, online shop, and related marketing services may only be accessed by customers or potential customers who are 18 years of age or older. The Administrator does not knowingly collect personally identifiable data from persons under 18. If the customer or potential customer is a parent or guardian and is aware that his/her child has provided the Administrator with his/her personal data, the Administrator should be informed of this. If the Administrator discovers that a person under 18 has provided it with personal data, the Administrator will immediately delete such information from its servers.
7. RIGHT TO INFORMATION
7.1. The data subject has right to request information from the Administrator on the processing of his/her personal data by contacting the Administrator by email at firstname.lastname@example.org or by phone at +420 778 065 388.
7.2. The information provided shall include the following:
7.2.1. the purpose of processing of his/her personal data,7.2.2. specific personal data fields (or personal data categories) subject to processing, including all available information on their source,
7.2.3. the character of automatic processing in relation to its use for decision-making if resulting in acts or decisions affecting his/her rights and legitimate interests,
7.2.4. the recipients or categories of recipients to whom his/her personal data are transferred or accessible.
7.3. For the provision of such information, the Administrator is entitled to reasonable reimbursement not exceeding the costs necessary for the providing the information.
8. RIGHT TO CORRECTION
8.1. If the data subject believes the Administrator is processing his/her personal data contrary to law or to his/her private or personal life, in particular if his/her personal data is inaccurate regarding the purpose of processing, the data subject may:
8.1.1. Ask the Administrator for an explanation.
8.1.2. Demand rectification, i.e., blocking, correction, completion, or liquidation of his/her personal data.
8.2. If the demand is deemed justifiable, the Administrator is obliged to rectify the improper state of affairs without delay. If the Administrator does not comply with the demand, the data subject is entitled to contact the Czech Data Protection Authority directly.
10. CONTACT US