I. Basic provisions
- Under Article 4(7) of the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR"), the Data Controller is Štěpán Trojánek, reg.No. 88719499, VAT No. CZ8610121927, company seat: Milady Horákové 546/50, 170 00 Praha 7, Czech Republic (hereinafter referred to as the "Controller").
- Contact information of the Controller:
address: Štěpán Trojánek, Milady Horákové 546/50, 170 00 Praha 7, Czech Republic
telephone number: +420 211 221 829 (in service during business hours of the physical store Pod 7 kilo)
- 'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller did not appoint any Data Protection Officer.
II. Sources and categories of processed personal data
- The Controller processes the personal data you have provided or the data he obtained when executing your order.
- The Controller processes your identification and contact information required for the performance of a sales contract.
III. Legal reason and purpose of processing personal data
- The legal reason for processing personal data is
- the performance of a contract between you and the Controller under Article 6(1) (b) of the GDPR.
- The purpose of processing personal data is
- the execution of your order and the exercise of rights and obligations arising out of the contractual relationship between you and the Controller. When placing an order, the buyer is obligated to provide personal data (such as name and address) necessary for successfully completing the order. Providing personal data is a requirement for entering into a sales contract and its performance; without providing personal data, the conclusion of a contract or its performance by the Controller is rendered impossible.
- The Controller does not perform any automated individual decision-making, as referred to in Article 22 of the GDPR.
IV. Data retention period
- The Controller retains the data
- for the period necessary for the execution of rights and obligations arising out of the contractual relationship between you and the Controller, as well as for pursuing claims and entitlements arising out of these contractual relationships (for the period of 15 years).
- After the expiry of the data retention period, the Controller will erase the personal data.
V. Recipients of personal data (the Controller's subcontractors)
- The recipients of personal data are the Controller’s subcontractors
- participating in the delivery of goods or services/ carrying out transactions based on the contract,
- providing the service of managing our e-shop and other services relating to e-shop management,
- providing accounting services,
- providing affiliate marketing services,
- providing mailing and cloud services.
- The recipients of personal data in third countries (countries outside the EU) are the providers of mailing and cloud services.
VI. Your rights
- In accordance with the conditions laid down in the GDPR, you are entitled to
- the right of access to your personal data under Article 15 of the GDPR,
- the right to obtain the rectification of personal data under Article 16 of the GDPR, or the right to restriction of processing under Article 18 of the GDPR,
- the right to erasure under Article 17 of the GDPR,
- the right to object to data processing under Article 21,
- the right to data portability under Article 20 of the GDPR,
- the right to withdraw your consent to data processing in a written or electronic form mailed to the address or e-mail of the Controller (listed in Article III of this Policy).
- You are further entitled to the right to file a complaint with the national Data Protection Authority if you believe your right to data protection has been violated.
VII. Data protection conditions
- The Controller claims to have adopted all suitable technical and organizational measures to protect personal data.
- The Controller has taken technical measures to protect
- data clouds using passwords, anti-virus, and firewalls,
- storage sites of personal data in paper form with physical locks.
- The Controller claims that only authorized persons have access to personal data.
VIII. Final provisions
- The Controller has the right to change these Terms and Conditions. An updated version will be published on the Controller's website and then sent to the e-mail address you have provided to the Controller.
Effective as of May 25, 2018.