- The Controller of personal data pursuant to art. 4 paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR“) is Tomáš Németh IČ 75778475 with its registered office Čechtín 32, 67507 Čechtín (hereinafter: “ Administrator“).
- The contact details of the administrator are:
Address: Čechtín 32, 67507, Čechtín
- Personal data means all information about an identified or identifiable natural person; An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, locator data, network identifier or one or more specific elements of a physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Sources and categories of personal data processed
- The administrator processes personal data that you have provided to him or personal data that the administrator has obtained by fulfilling your order.
- The controller processes your identification and contact details and the data necessary for the performance of the contract.
Legal reason and purpose of the processing of personal data
- The lawful reason for processing personal data is
- Contract between you and the controller pursuant to art. Article 6 (a) (1) b) GDPR,
- Legitimate interest of the Controller in the provision of direct marketing (in particular for sending commercial communications and newsletters) pursuant to art. Article 6 (a) (1) f) GDPR,
- Your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to art. Article 6 (a) (1) A) GDPR in conjunction with § 7 para. 2 of Act No. 480/2004 Coll., on certain information society services in case of absence of order of goods or services.
- The purpose of processing personal data is
- Processing of your order and exercising the rights and obligations arising from the contractual relationship between you and the Controller; When ordering, personal data are required for successful processing of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data, it is not possible to conclude the contract or By the controller,
- Sending commercial communications and other marketing activities.
- No automatic individual decision is taken by the controller within the meaning of art. 22 GDPR. You have provided your explicit consent with such processing.
Data retention Period
- The administrator retains personal data
- For the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the Controller and the claims of these contractual relationships (for a period of 15 years after termination of the contractual relationship).
- For as long as the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 10 years, if personal data are processed on the basis of consent.
- When the personal data retention period expires, the controller clears the personal data.
Personal Data Recipients (sub-contractors of the administrator)
- The recipients of personal data are persons
- Involved in the delivery of goods/services/payment execution under contract,
- Providing services for the operation of the e-shop and other services in connection with the operation of the e-shop,
- providing marketing services.
- The controller does not intend to transfer personal data to a third country (non-EU country) or an international organisation. Recipients of personal data in third countries are providers of mailing services/cloud services.
- Under the conditions set out in the GDPR,
- The right of access to their personal data pursuant to art. 15 GDPR,
- Right to rectify personal data pursuant to art. 16 GDPR, or restriction of processing pursuant to art. 18 GDPR.
- The right to erasure of personal data pursuant to art. 17 GDPR.
- The right to object to processing pursuant to art. 21 GDPR and
- The right to data portability pursuant to art. 20 GDPR.
- The right to revoke consent to processing in writing or electronically to the address or email of the controller referred to in art. III of these conditions.
- You also have the right to lodge a complaint with the Office for Personal Data protection if you believe that your right to the protection of personal data has been infringed.
Personal Information Security Terms
- The administrator declares that he has taken all appropriate technical and organisational measures to secure personal data.
- The controller has taken technical measures to secure the data storage and storage of personal data in paper form.
- The administrator declares that the personal data can only be accessed by authorised persons.
These terms shall become effective on the date of 09.2.2019.