Terms of protection and processing of personal data (GDPR)

Personal data manager

The personal data administrator processes personal data in accordance with the valid and effective legislation of the Czech Republic and the European Union, in particular on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as "GDPR") and Act No. 110/2019 Coll., on the processing of personal data, as amended (hereinafter referred to as the "Act on Personal Data Processing" ).

The administrator of personal data within the meaning of Article 4 point 7) GDPR is:

  • Petr Kahanek,
  • ID: 09800409,
  • registered office Čeladná 569, 739 12 Čeladná, Czech Republic,

registered in the trade register, competent authority according to §71 paragraph 2 of the Trade Act: Municipal Office Frýdlant nad Ostravicí (hereinafter referred to as the "Administrator")

Administrator contact details

The administrator can be contacted via the contact details below:

  • address: Čeladná 569, 739 12 Čeladná, Czech Republic
  • phone: +420 603 283 813,
  • e-mail: petr.kahanek@post.cz

Commissioner for the protection of personal data

The administrator has not appointed a personal data protection officer.

Personal data and categories of processed personal data

Personal data means all information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example name, identification number, location data, network identifier, or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identities.

The administrator processes the following personal data:

- Identification data : in particular, it will be your first and last name, or name (company name), personal identification number and tax identification number if you are an entrepreneur.

- Contact information : in particular, this will be the delivery and billing address, email address, phone number, or contact information on social networks or other applications used for communication.

- Data on your orders : in particular, it will be data on the number of orders placed, data on ordered goods and services, data on the chosen delivery method, data on the type of payment method used, data on the account number in the case of payment by bank transfer, data on the return of goods , complaints or other rights asserted by you in connection with the ordered goods or services.

- Data about your behavior on the Administrator's website : in particular, this will be data about the way you move around the website, data about the links you click on, data about the device from which you view the website, including the IP address and technical parameters of this device, data about the web browser used, its version and language settings and data obtained through cookies.

- Other data : The Administrator may also process other personal data that is directly related to the fulfillment of the contract concluded between you and the Administrator (order processing).

The administrator mainly processes personal data provided by you. The administrator can also process data obtained in a different way than from you. The Administrator usually obtains this data in connection with the fulfillment of the contract (order processing). After that, the Administrator may also obtain some data as part of automated data processing, usually this will be data about your behavior on the Administrator's website, which the Administrator can collect in connection with your visit to the Administrator's website. Your IP address, data about your web browser and time data should be considered as such data.

Cookies

The administrator uses cookies on his website. Cookies are small text files that are stored in your browser or in the memory of your device when you visit the website. Data obtained through cookies is processed automatically by the Administrator. Some cookies are necessary for the website to function, others modify or adapt the content of the website to your specific preferences. The administrator uses the following categories of cookies:

- Technical cookies : They are necessary files without which the website cannot function properly. Consent is not required to use them.

- Functional cookies : Used to remember your preferences on the website (e.g. language).

- Analytical and performance cookies : They enable the collection of analytical data regarding the website, in particular for the purpose of detecting traffic and the use of various functions.

- Cookies for targeted advertising and marketing : They enable the display of targeted advertising following the detection of your preferences according to your previous activities.

- Cookies for social media : They enable connection with your profile on social networks, typically through content sharing.

- Third-party cookies: What third-party cookies the Administrator uses can be found.

The purpose of personal data processing

The administrator processes personal data for the following purposes:

- Realization of the contractual relationship with the data subject (i.e. with you): The administrator processes personal data in particular in connection with orders placed. In order for the order to be processed and delivered properly, the provision of some personal data is absolutely necessary (identification and contact data), without the provision of this personal data the order cannot be placed (a contract will not be concluded).

- Marketing activity : Based on the consent granted, the Administrator sends commercial messages (newsletters) via email to registered persons, without providing an email address it is not possible to send commercial messages. The administrator can also process personal data in connection with personalized advertising and other marketing activities.

- Customer care : In the case of communication with customers or future customers, personal data may be processed, e.g. in connection with answering questions or solving customer requests, identification and contact data are processed.

- Evaluation of goods and services by customers : After placing an order, the Administrator may ask you to give an evaluation of the Administrator and the goods, in the event of an evaluation, personal data will be processed. Assessment is voluntary.

- Monitoring of user activity, optimization and improvement of website content using cookies

- Fulfillment of obligations arising from binding legal regulations

- The application and exercise of rights and the exercise of legal claims

Legal basis for processing personal data

The processing of personal data by the Administrator always takes place on the basis of one of the reasons according to Article 6 of the GDPR. The administrator processes personal data based on the following reasons (conditions):

- granting your consent to the processing of personal data for one or more specific purposes in the sense of Article 6 paragraph 1 letter a) GDPR (in particular, it will be about consent to sending commercial communications),

- the processing of personal data is necessary for the fulfillment of the contract between you and the Administrator in the sense of Article 6 paragraph 1 letter b) GDPR,

- processing is necessary for the fulfillment of a legal obligation that applies to the Controller in the sense of Article 6 paragraph 1 letter c) GDPR (e.g. tax purposes),

- processing is necessary for the purposes of the legitimate interests of the relevant administrator or a third party in the sense of 6 paragraph 1 letter f) GDPR (in particular, it will be about data processing in connection with improving the functions, content and security of the website as well as the products and services offered, as well as in connection with direct marketing, or the exercise of the claims and legitimate interests of the Administrator).

Personal data storage period

The administrator keeps your personal data for the period for which there is a reason to keep them, in particular the administrator keeps your personal data for the period required by valid and effective legal regulations. The Administrator also stores your personal data for the entire duration of the contractual relationship between you and the Administrator, as well as for the time necessary to exercise and exercise the rights and obligations arising from such a contractual relationship, as well as for the time necessary to assert claims from these contractual relationships.

In the case of granting consent to the processing of personal data for marketing purposes, especially for the purpose of sending business communications, the Administrator stores personal data for the period until this consent is revoked, but no longer than for a period of five years from the granting of this consent. Consent to the sending of commercial communications can be revoked at any time, via a link in the email containing the commercial communications, or in writing or electronically via the contact details listed above.

Security of personal data

With regard to the nature, scope and purposes of personal data processing, the administrator has taken adequate technical and organizational measures to secure personal data in order to ensure that personal data is processed in accordance with the GDPR. In particular, the administrator has adopted such measures to ensure proper security of personal data against unauthorized or illegal processing and against accidental loss, destruction or damage.

Categories of recipients of personal data

The recipient of personal data is any entity to which personal data is communicated by the Administrator. As a rule, the recipient will also be in the role of personal data administrator. However, the recipient is not an entity that processes personal data for the purpose of inspection, supervision and regulation related to the exercise of public authority.

The administrator transfers your personal data to recipients of personal data in the following cases:

- Realization of payments - payment card : In case of payment by payment card, the Administrator does not store the data about the payment card. In this case, the payment data is transferred directly to the company managing the payment system.

- Delivery of goods : The administrator will provide the contractual carrier with data related to the delivery of the ordered goods, in particular the name of the person to whom the ordered goods are to be delivered, their delivery address and telephone contact.

- Delivery of goods that are made by the contractual partner only after they have been ordered : In some cases, the ordered goods may only be made following the order received, typically these are cases where photographs are ordered that are made by the contractual partner for the Administrator. In order to ensure the fastest possible delivery, in some cases the contractual partner ensures the delivery of the ordered goods to the carrier. In such a case, data related to the delivery of the goods, in particular the name of the person to whom the ordered goods are to be delivered, their delivery address and telephone contact, are transferred to the contractual partner and subsequently to the carrier.

- Complaints : In connection with faster handling of complaints, the Administrator can handle complaints through a contractual partner. In order to assess the legitimacy of the complaint and the subsequent solution (e.g. sending new goods), the contractual partner may be provided with the necessary personal data.

- Commercial communications, advertising and marketing services : The administrator may use the services of a third party in connection with sending commercial communications, providing personalized advertising or other marketing services. The sending of commercial messages, the use of personalized advertising, as well as other marketing tools, is conditional on your consent, which you can revoke.

- Evaluation of products or services : In cases where you consent to the sending of a satisfaction questionnaire (purchase evaluation) by a third party, your data may be provided to this third party for the purpose of sending the questionnaire. In this case, the Administrator will provide a third party with your email address and information about the purchased goods.

In some cases, the administrator may also transfer personal data to third countries or an international organization. The administrator ensures that the GDPR rules for the transfer of personal data to a third country or an international organization are observed when transferring personal data.

Personal data processors

Processor means a natural or legal person, public authority, agency or any other entity that processes personal data for the controller in accordance with its instructions. The processing of personal data is carried out by the Administrator himself, however, in some cases, personal data may also be processed for the Administrator by other processors, which in particular are:

- Providers of cloud services and mailing services;

- Providers of marketing tools and software.

Your rights in connection with the protection of your personal data

As a data subject you have:

  • The right to access your personal data : In particular, under the conditions set out in Article 15 of the GDPR and in Article 28 of the Act on the Processing of Personal Data, you have the right to obtain information from the Administrator on whether and how it processes your personal data, what personal data it is and for what purpose this data is processed, as well as other relevant information regarding the processing of your personal data by the Administrator.
  • Right to correct personal data : Under the conditions set out in Article 16 of the GDPR, you have the right to have the Administrator correct inaccurate personal data concerning you without undue delay. Taking into account the purposes of personal data processing, you also have the right to supplement incomplete personal data, including by providing an additional statement.
  • Right to erasure of personal data ("right to be forgotten"): Under the conditions set out in Article 17 of the GDPR, you have the right to request that the Administrator delete personal data concerning you without undue delay. This will be the case, for example, when:
    • you revoke your consent on the basis of which personal data were processed and at the same time there will be no other reason for their processing,
    • Your personal data will no longer be required for the purposes for which they were collected or otherwise processed,
    • you object to the processing of personal data (see below),
    • and also in the event that personal data was processed by the Administrator in violation of generally binding regulations.
  • The right to revoke your consent to the processing of personal data : You can revoke your consent to the processing of personal data for the processing of which your consent is necessary. If at the same time there is no other reason for the processing of this data (e.g. due to the Administrator's legitimate interest), the Administrator will delete this data. Revocation of consent does not affect the legality of personal data processing based on consent before its revocation.
  • The right to restrict the processing of personal data under the conditions set out in Article 18 of the GDPR.
  • The right to portability of personal data : Under the conditions set out in Article 20 of the GDPR, you have the right to obtain personal data that concern you and that have been provided by you to the Administrator. This data will be provided by the Administrator in a structured, commonly used and machine-readable format. You can subsequently transfer the data provided in this way to another administrator or, if technically possible, you can request that the administrators transfer it to each other.
  • The right to object to the processing of personal data concerning you: For the reasons and under the conditions set out in Article 21 of the GDPR, you have the right to object to the processing of personal data based on the Administrator's legitimate interest. If you object to the processing of personal data for direct marketing purposes, your personal data will no longer be processed for these purposes.
  • The right not to be the subject of any decision based solely on automated processing, including profiling , which has legal effects for him or significantly affects him in a similar way within the meaning of Article 22 of the GDPR.
  • The right to file a complaint if you believe that the processing of your personal data by the Controller has violated the GDPR or other generally binding legal regulations: In accordance with Article 77 of the GDPR and the relevant provisions of the Personal Data Processing Act, you have the right to file a complaint with the supervisory authority , which is the Office for the Protection of Personal Data, with headquarters in Plk. Sochora 27, 170 00 Prague 7. You can also find more detailed information on filing a complaint on the website of this office: https://www.uoou.cz/

You can exercise all your rights with the Administrator in writing or electronically via the contact details listed above.

Validity and effectiveness

These Terms of protection and processing of personal data are valid and effective from December 9, 2022.