I. Basic provisions
- The personal data controller pursuant to Article 4 point 7 of Regulation of the European Parliament and Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereinafter "GDPR") is Jan Grác, ID: 63703408, Tax ID: CZ5908191685, with registered office at Grymovská 256/1a, 750 02 Přerov IV-Kozlovice, hereinafter referred to as "controller") with contact details:
+420 581 703 902.
- The controller did not designate a data protection officer.
II. Sources and categories of processed personal data
- The controller processes the following personal data: name and surname, residence address, delivery address, identification number, tax identification number, e-mail address, telephone number (hereinafter collectively referred to as "personal data").
- The controller processes the personal data you have provided or the personal data that the controller has obtained based on fulfillment of your order.
III. Legitimate reason and purpose of processing of personal data
- A legitimate reason for the processing of personal data is:
- Fulfillment of the contract between you and the controller pursuant to Article 6, para. 1 (b) GDPR,
- Legitimate interest of the controller to provide direct marketing (in particular, sending business messages and newsletters) pursuant to Article 6, para. 1 (f) GDPR,
- Your consent to processing for direct marketing purposes (in particular for sending business messages and newsletters) pursuant to Article 6, para. 1 (a) GDPR in conjunction with Section 7para. 2 of Act No. 480/2004 Coll., on certain information society services, in the event that goods or services have not been ordered.
- The purpose of the processing of personal data is:
- To fulfill your order and to exercise the rights and meet the obligations arising from the contractual relationship between you and the controller,
- To send business messages and to carry out other marketing activities.
- The controller makes no automated individual decisions within the meaning of Article 22 GDPR. You have given your explicit consent to such processing.
IV. Data retention period
- The controller keeps personal data:
- For the period necessary to exercise the rights and obligations arising out of the contractual relationship between you and the controller and the enforcement of the claims under these contractual relationships (for 15 years from the termination of the contractual relationship).
- Until consent to the processing of personal data for marketing purposes is revoked, for a maximum of 5 years, if personal data are processed under consent.
- At the end of the retention period, the controller will erase the personal data.
V. Recipients of personal data (controller’s subcontractors)
- The recipients of personal data are persons involved in the delivery of goods / services / payments (accountants), on contract basis, to provide e-shop and marketing services.
- The controller does not intend to pass personal data to a third country (to a non-EU country) or to an international organization. The recipients of personal data in third countries are providers of mailing services (MailChimp) / cloud services (Amazon).
VI. Conditions of safeguarding of personal data
- The controller declares that he has taken all appropriate technical and organizational measures to safeguard personal data.
- The controller has adopted technical measures to secure data repositories and personal data repositories both online and in paper form.
- The controller declares that personal data can be accessed solely by persons authorized by him.
VII. Final provisions
These terms will become effective on 25 May 2018.