Personal Data Protection Policy
Personal Data Protection Policy
The personal data controller as required under Art. 4, Item 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is Mgr. Filip Tomáš, Ph.D., ID 86603850, with registered offices at Na Plzeňce 2/1235, 150 00 Prague 5 (hereinafter referred to as: “Controller”).
Contact information of the Controller
Address: Horní náměstí 170/24, 746 01 Opava
Telephone: 222 360 991
Personal data is understood to be all information on an identified or identifiable natural person; an identifiable natural person is a person that may be directly or indirectly identified, especially by reference to a certain identifier, e.g. name, ID number, web identifier or one or more elements of the physical, physiological, genetic, mental, economic, cultural or social identity of such a natural person.
The Controller has not appointed a data protection officer.
Sources and Categories of Processed Personal Data
The Controller processes personal data provided by you and/or personal data which the Controller acquires through the fulfilment of your order.
The Controller processes your identification and contact information as required for the fulfilment of the agreement.
Legal Grounds and Purposes of Personal Data Processing
The legal grounds for personal data processing are:
the performance of the contract between you and the Controller according to Art. 6 (1) b) of the GDPR;
the legitimate interest of the Controller to provide direct marketing (in particular the sending of business notifications and newsletters) according to Art. 6 (1) f) of the GDPR;
your consent with the processing thereof for direct marketing purposes (in particular the sending of business notifications and newsletters) according to Art. 6 (1) a) of the GDPR in connection with Section 7 (2) of Act No. 480/2004 Coll., on Certain Information Society Services, in case goods or services were not ordered.
The purposes of personal data processing are:
the execution of your order and the exercising of rights and the fulfilment of obligations arising from the contractual relationship between you and the Controller; when placing an order, personal data (name, address, contact information) is required for the successful execution of the order, whereby the provision of the personal data is a mandatory requirement for the conclusion and performance of the agreement, without the provision of which the agreement cannot be concluded or performed on the part of the Controller;
the sending of business notifications and engagement in other marketing activities.
There is no automated individual decision making process on the part of the Controller within the sense of Art. 22 of the GDPR. You have given your express consent with such processing.
Data Retention Period
The Controller retains personal data:
for the time necessary to exercise rights and fulfil obligations arising from the contractual relationship between you and the Controller and for the assertion of claims from such a contractual relationship (for a period of 15 years after the termination of the contractual relationship);
for the period up to the withdrawal of consent to process personal data, but no longer than 10 years, insofar as personal data is processed on the basis of consent.
After the data retention period expires, the Controller will erase the data.
Recipients of Personal Data (Controller’s Subcontractors)
Recipients of personal data are persons:
participating in the delivery of goods / services and / or the realisation of payments under the agreement;
securing e-shop operation services (www.byznysweb.cz) and other services associated with the operation(s) of the e-shop;
securing marketing services.
The Controller does not intend to transfer the personal data to a third country (outside the EU) or to an international organisation.
Under the conditions stipulated by the GDPR you have the right to:
access your personal data according to Art. 15 of the GDPR;
rectification of personal data according to Art. 16 of the GDPR, or as the case may be, to limitation of processing according to Art. 18 of the GDPR;
erasure of personal data according to Art. 17 of the GDPR;
object against processing according to Art. 21 of the GDPR;
data portability according to Art. 20 of the GDPR;
withdraw consent to the processing of your personal data in writing or electronically at the Controller’s address or email referred to in Art. III hereof.
Furthermore, you have the right to file a complaint with the Office for Personal Data Protection should you believe that your rights to personal data protection have been violated.
Personal Data Protection Conditions
The Controller declares that they have adopted all appropriate technical and organisational measures to secure personal data.
The Controller declares that they have adopted technical measures to secure data storage and the storage of personal data in documentary form.
The Controller declares that personal data can only be accessed by persons authorised by the Controller.
By sending an order using the internet order form, you confirm you have been informed about our personal data protection policy and that you accept the conditions in their entirety.
You consent to the terms and conditions of this policy by checking the consent box on the internet form. By checking the consent box you confirm that you have been informed about our personal data protection policy and that you accept the conditions in their entirety.
The Controller is entitled to change the terms and conditions of this policy. The new version of the policy and the appropriate terms and conditions will be published on the Controller’s website and simultaneously sent to your e-mail address, as provided by you to the Controller.
This policy and the terms and conditions set out therein are effective as of 1. 8. 2018.