The terms and conditions of the e-shop fall under the legal conditions of the Czech Republic. Everything was freely translated so that everyone was aware of these conditions for this country.
Principles of personal data processing
1. Introductory provisions
1. Veronika Tomášiková, ID: 05523532, Lovčičky 91, postal code: 683 54, Otnice, registered office Kozí 26/4, postal code: 60200 Brno, contact: Veronika Tomášiková, contact e-mail address: email@example.com (Hereinafter also referred to as the "Administrator"), with respect to the need for compliance with obligations in the field of privacy, arising in particular from the Act no. 101/2000 Coll., On protection of personal data and amending certain laws, as amended, and Regulation European Parliament and Council Regulation (EU) no. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (general Regulation on the protection of personal data) sets out the principles for the processing of personal data .
2. This document provides information manager which personal data and for what purpose, processes, and what rights and responsibilities belong to individuals whose personal data are processed.
3. This document may be revised as necessary and updated.
4. The controller processes personal data manually and automatically, keeps records of all activities that involve the processing of personal data.
Manager is the first personal data because it determines the purpose and means of data processing; Personal data processed by itself or that relies on the services of other persons, ie. processors.
2nd Personal data is any information relating to an identified or identifiable natural person ( 'data subject'); an identifiable natural person is an individual who can be identified directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of individuals.
3. Treatment of personal data is any operation or set of operations with personal data or personal data files, which is carried out whether or not by automatic means, such as gathering, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, , disclosure by transmission, dissemination or otherwise making available any, alignment or combination, restriction, erasure or destruction.
4. The processor of personal data can be any natural or legal person or other entity that processes personal data for the company as manager of personal data.
3. Basic principles of treatment
1. When personal data processing manager
2.Processing personal data relating to data subjects correctly, legally and transparently,
3.Colletcting personal information only for specific, explicit and legitimate purposes and not process it in a way that is incompatible with those purposes.
4.Processing only such personal data that are adequate, relevant and limited to the extent necessary in relation to the purpose for which they are processed
5.Processing only such personal data that are accurate and updated, if necessary; company for this purpose shall take all reasonable steps to ensure that personal data that are inaccurate with regard to the purposes for which they are processed, they are immediately deleted or corrected
6.Stores personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed.
7.Processing personal information in a manner that ensures adequate security of personal data, including their protection through appropriate technical and organizational measures against unauthorized or unlawful processing and against accidental loss, destruction or damage.
1.Adminstrator responsible for observing all the principles mentioned above and be able to demonstrate compliance with these principles.
2.Administrator is entitled to process personal data only on the basis of any legal reasons the processing of the legislation. Only if it is not given to any other legal ground for the processing, the administrator must obtain the consent of the data subject.
4.Processing personal data
1. In connection with its activities, the controller processes the following personal information.
2.Once the basic identification and address information
1. Name and surname,
2.date of birth,
3.bydliště or contact address,
6.log in name and password for customer account e-shop (online store).
1. If the data subject is by proxy, the administrator also handles the identification and address data of a representative.
2. In cases where the customer or the administrator communicates a legal entity, the company processes the following personal data attributable to the legal entity, and the name and surname of the person who is a legal person; with this person further process personal data concerning the contact phone number and contact email addresses, function or job title.
3.Further controller processes
1. customer number
2.data of purchased goods and / or services subscribed (order date, the date of delivery of goods, type, specification and quantity of goods or services, price)
3.data of communication between the company and the customer (written or electronic communications, records of telephone conversations ...)
4.data to log on to the customer account.
5.data of payment discipline,
7.data about sending news.
1.Administrator performed continuously updating the processed personal data, especially if the administrator finds inaccuracy of any of the processed personal data or company receives information from the data subject to change any of the personal data processed.
5.Sale goods and services
1.Per order execution and performance of contracts for the sale of goods or services administrator handles the identification and address information (see Section 4.2) and the customer or his representative. If a contract is concluded by electronic mail or phone, the CCM processes also figure on the electronic address and telephone number of the customer. If there is a communication company and customer related to the process of concluding the contract or the performance thereof, processes manager also personal data contained in this communication.Also to this end, the controller processes data relating to the subject matter of the contract and the manner of conclusion of the contract, namely information relating to goods or services ordered, the date of the order and delivery of goods and prices.
2.If there is a contract via e-shop (online store) during which registration is required (foundation customer account) handles the administrator to verify customer identity information regarding your login, password and data login.
3.Legal grounds for processing personal data under this Article is a necessity for the conclusion and execution of the contract. Data subject's consent for this processing is required. This personal information manager receives from customers, other gains during the business relationship. If the customer refused some of the personal data controllers to communicate or disagrees with their processing for that purpose, the administrator would have to refuse to sell goods or provide services.
4.Personal data under this Article controller processes the time necessary to achieve that purpose. If the customer in connection with the purchase of goods or services to the controller fulfills all its obligations (including payment) after the expiration of the warranty administrator terminates processing of personal data for this purpose, unless these principles stated otherwise.
5. If the customer provides personal information manager, but not a contract administrator completion of the processing of personal data after three (3) calendar months from the date of termination of the contract negotiations.
6.Processing personal data relating to customer account will be by the administrator terminated after two (2) years from the last customer login. In this case, the legal grounds for processing personal data is necessary for the purposes of legitimate interests of the controller, which is to allow the customer to make the order, without having to set up a new customer account.
6.Knowledge disputes or other proceedings
1. In the case where the customer or other person initiate contentious or other proceedings to which the participant manager, administrator processes personal data relating to the identification and contact of the goods or services provided, the outstanding amount, as well as other information relating to this proceeding which is available to the administrator.
2.Legal grounds for processing personal data under this Article is a necessity for the purposes of the legitimate interests of the controller, which is protection of property and / or reputation manager. Data subject's consent for this processing is required. This personal information manager receives from customers, the people who initiated the appropriate proceedings, the authority or person, where proceedings are public registers or other publicly available sources.
3. Personal data under this Article controller processes into the trial, respectively. termination of related rights and obligations, their fulfillment is necessary to process the personal data.
6.Fullfilment legal obligations
1.Administrator further processes personal data for the purpose of fulfilling the obligations imposed by legislation. For the reasons required by the Accounting Act and other legislation, particularly in the area of tax administration manager for a specified period of time keeps documents (electronic or paper) containing personal data, particularly invoices and documents from which it is apparent legal justification for issuing invoices (ie. Especially orders and contracts) containing identification and address customer data, data relating to goods sold and services rendered, billed price.
2.Legal grounds for processing personal data under this Article is a necessity to meet the legal obligations of the controller. Data subject's consent for this processing is required. This personal information manager receives from customers or from the course of the business relationship.
3.Personal data under this Article controller processes the period stipulated by law.
2. The transmission of personal data to third parties
3. A method of processing and access to personal data
4. Rights of the data subject
1. If the manager gets the customer in accordance with Article 5 of these principles e-mail address in connection with the sale of goods or provision of services, the administrator is authorized to process e-mail address and identifying information for the purposes of sending commercial communications manager relating to similar goods or services.
2.Assuptiom opportunity for dissemination of commercial communications pursuant to Article 9.1 It is that the customer has a clear and distinct possibility in a simple way, free or account manager to refuse to consent to such use of his email addresses and sending at eachmessage when initially refused such use.
3.Legal grounds for processing personal data pursuant to Article 1.9 the necessity for the purposes of the legitimate interests of the controller, which is the implementation of marketing. Data subject's consent for this processing is required. Administrator is authorized to process personal data until the customer manager advises that already with the processing disagrees.
4.Disseminate commercial communications without meeting the conditions under Articles 1.9 and 2.9 administrator is authorized only upon obtaining consent. In this case, the legal grounds for processing personal data for this purpose agreement, which may be withdrawn at any time. Administrator is authorized to process personal data for these purposes until the data subject withdraws his consent, for a maximum period of five (5) years from the date of this consent. Failure to provide such consent or revocation does not affect the possibility of the purchase of goods or services.
5. If the administrator receives from the customer or another user's website administrator consent to placing cookies on his computer, the company is entitled under this agreement to place this person computer text files for re-sending information about the behavior of users to the website administrator. Before providing consent under this Article shall be the person providing consent advised that this consent may be withdrawn at any time.
6.Legal grounds for processing personal data pursuant to Article 5.9 the data subject's consent. Failure to provide such consent or revocation does not affect the possibility of the purchase of goods or services. These personal data processing company for the duration of the consent.
1. The controller transmits personal data to another entity (eg. A court or tax authority) if it imposes a law or is necessary to satisfy the obligations imposed by law or enforceable decision of the competent authority.
2. The administrator of the performance of their duties from the contracts or in the case of protecting its legitimate interests may benefit from professional and specialized service of others. If these suppliers processing personal data submitted by the company, have the status of processing personal data and process the personal data only within the guidelines of the administrator and may not be used otherwise. This is particularly the activities of IT service providers, including data storage, creation and functioning online business, accounting, marketing and service delivery. At the request of the data subject shall inform the administrator as to whether and which were the subject of his personal data provided and other related information.
3. Each vendor such as administrators carefully selects each concluded an agreement on the processing of personal data, which are set out obligations for the protection and security of personal data, including the obligation to maintain confidentiality.
4. The administrator is authorized to transfer personal data only to those persons providing adequate guarantees by introducing appropriate technical and organizational measures so that the processing complies with all legal requirements and to ensure the protection of the rights of data subjects.
5. This use of personal data the company does not need the consent of the data subject, as it would otherwise not be able to meet its administrative obligations under the contract, respectively. this provision occurs its necessity for the legitimate interests of the controller.
6. The administrator does not intend to transfer personal data to countries outside the European Union.
1. Personal data is processed by the information system administrator, the security against loss of personal data and against access by unauthorized persons is regularly reviewed. Access to the system is limited by the set of managerial roles. Security of supply of personal data in electronic form to third parties is ensured through access to the information system administrator password protected secure. The information system is standard, the contractor provides the usual guarantees of security, functionality and security is regularly tested and maintained by an external supplier with whom the company has concluded a contract for the processing of personal data.
2.Administrator performs the processing of personal data, in particular the following technical and organizational measures:
1.locking up area manager, where personal data are processed,
2.locking up personal data in printed form into a locker.
3.procesing personal data by authorized personnel only;
4.trainedresponsible people, how they handle personal data.
1. Each action that includes any use of personal data is recorded in the information system administrator, including details of the person who carried out this operation.
2.Administrator personal data processed continuously updated, particularly in relation to the changes that notify customers or the company finds from customers of other persons or other publicly available sources.
3. If the administrator has achieved the purpose of processing personal data and any another reason for not processing these personal data erased without possibility of renewal.
4.Přístup to personal data in companies are only people who have not necessarily required to achieve the purpose for which personal data are processed
1.Subjekt data is in relation to the protection of personal data, the following rights:
1.na access to his personal information, which includes in particular the right to obtain from the controller to confirm whether its processes personal data, information about the purposes of the processing of personal data recipients to whom personal data have been or will be disclosed, the planned processing time, the existence of rights request from the controller rectification or erasure of personal data concerning the data subject or limiting their processing or to object to this treatment,
2.na inaccurate personal data; the data subject has the same obligation to notify changes to their personal data and to demonstrate that such a change occurred. It is also obliged to cooperate, if discovered that personal data relating to him being processed, they are not accurate,
3.legal for deletion of personal data relating to him, if the administrator establishes legitimate grounds for the processing of personal data
4.na restriction of personal data processing pending resolution initiative, if accuracy is disputed personal data, reasons for their treatment or if an objection against their processing,
5.legal notification rectification, erasure or restriction of processing of personal data, unless this proves impossible or involves a disproportionate effort.
6.na transferability of data in a structured, conventional and machine-readable format, and to request the transfer of such data to another administrator.
7.rise object to the processing of personal data due to the legitimate interest of the controller (eg. On sending commercial messages); if it does not prove the existence of a serious legitimate basis for processing, which outweighs the interests or the rights and freedoms of the data subject, the controller processes on the basis of objections terminated without delay.
8.anytime withdraw consent to the processing of personal data, if the administrator handles its approval; citing this agreement will not affect the lawfulness of the processing based on consent granted prior to withdrawal,
9.turn with stimulus or complaint to the Office for the Protection of Personal data (www.uoou.cz).
1.These principles are effective from 1.6. 2019