I.
Introduction
We process personal data only if we need it, and to the extent necessary for the stated purposes. At the same time, we make sure that the data available to us is accurate, appropriately protected and not used for any other purpose. We only process the data for as long as necessary. This document serves mainly to inform you about the details of the processing carried out by us and about your rights.
II.
Controller of personal data
The controller of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the "Regulation") is Tereza Korecká Vostradovská, ID: 87044455, with registered office in Rooseveltova 37, Praha 6, 16000, email: tereza.vostradovska@gmail.com, (hereinafter also referred to as "Controller" or "we").
II.
Personal data and their processing
In order to provide our services, we process personal data about you as our customer, to the maximum extent of the following:
- basic data: name and surrname, date of birth, ID, address of permanent residence
- contact details: delivery address, telephone and e-mail
- transaction data: account numbers, payment information
- behavioral data: e.g. logging into a customer account, order data, complaint data, data about your behavior on the website;
We obtain the above mentioned data from customer account registrations, number of visits on our website or from the conclusion of purchase contracts or from information provided by you. Furthermore, we can obtain the above mentioned data from publicly available sources, registers and records.
We are entitled to process this personal data manually and in an automated manner, ourselves or through third parties, and to use this data in accordance with applicable legal regulations for the purposes established and/or permitted by legal regulations.
III.
Cookies
As part of the online store, we use so-called cookies, i.e. short text files that are stored on your computer when you load the web pages of the online store and are used to improve the quality of services, personalize the offer, collect anonymous data and for analytical presentation purposes. Through the cookies, we can identify the way in which you work with the content of the website and thus personalize our communication with you. Consent to the placement of cookies is voluntary. You can block some or all cookies or delete those that have already been set. You can find detailed information about cookies and the possibility of blocking them in different types of web browsers at www.aboutcookies.org or on the websites of individual browsers. Please note, however, that if you block or delete cookies sent from our website that are strictly necessary or ensure functionality and performance, it may become impossible to use the website.
IV.
Legal reason and purpose of personal data processing
The legal reason for processing personal data is:
- performance of the contract between you and the controller according to Article 6, paragraph 1 letter b) Regulation,
- compliance of legal obligations according to Article 6 paragraph 1 letter c) Regulation,
- the controllor's legitimate interest in the provision of direct marketing according to Article 6 paragraph 1 letter f)
Regulation,
- your consent to the processing of personal data granted for the purpose of providing direct marketing according to
Article 6 paragraph 1 letter a) Regulation.
The purpose of personal data processing is
- fulfillment and execution of orders,
- sending commercial messages and performing other marketing activities,
- management and administration of customer accounts,
- handling complaints, debt collection and other obligations from contracts concluded between you and the controller,
- fulfillment of the controller's duties in the area of accounting, in the area of taxes and according to other legal regulations.
The controller collects and manages e-mail addresses of users obtained in connection with the sale of goods. The e-mail addresses obtained in this way, regardless of their nature, are considered as an electronic contact address, obtained in connection with the sale of goods, and the controller is entitled to use these for the purposes of disseminating commercial messages regarding their own similar goods.
In some cases, commercial communications are sent based on your consent, which you provide when registering for a customer account, for the purpose of managing and administrating customer accounts and sending commercial communications.
You have the option to refuse the sending of commercial communications to the e-mail address tereza.vostradovska@gmail.com or subsequently in every commercial communication. Refusal to send messages is completely free for you, with the exception of the costs of internet connection and data transmission.
V.
Technical and organizational measures
We maintain appropriate administrative, technical and physical measures to secure personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse or any other unlawful form of personal data processing. Personal data is stored in electronic form in a controlled and protected environment, and/or in printed form with maximum security against access by unauthorized persons.
VI.
Period of retention of personal data
The controller retents personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and the application of claims from these contractual relationships (for a period of 10 years from the termination of the contractual relationship),
- to fulfill legal obligations for a period of 10 years from the end of the tax period in which the transaction took place,
- for a period of 3 years from the granting of your consent to the processing of personal data, unless you withdraw this consent or if it is not extended.
We keep personal data only for the time necessary for the purpose of their processing. After this period, personal data may only be kept for the purposes of the state statistical service, for scientific purposes and for archival purposes.
After the archiving period has expired, personal data are disposed of by shredding (physical disposal) for personal data archived in writing and by erasure (digital disposal) for electronically archived personal data.
VII.
Recipients of personal data
In justified cases, we may transfer your personal data to other entities (hereinafter referred to as "recipients"). Personal data may be transferred to the following recipients:
- processors who process your personal data according to our instructions (especially carriers, program and software providers, other technology and support suppliers),
- operators of marketing tools who help us with website optimization and personalization of content,
- service providers in connection with the processing of shipments, including in particular their deliverers,
- persons ensuring the processing of accounting documents and bookkeeping
- public authorities and other entities, if required by applicable legislation (in particular, the financial administration, the Police of the Czech Republic and other authorities active in criminal proceedings, etc.),
- other subjects in the unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or safety.
We do not transfer your personal data to third countries, i.e. outside the scope of the Regulation.
Entities to whom your personal data are made available are contractually bound to comply with the obligations arising from the Regulation and from this Privacy Policy.
VIII.
Data subject rights
You have the right to request from us access to personal data relating to you under the conditions set out in Article 15 of the Regulation. By exercising this right, you will receive information whether your personal data is being processed, and if so, you have the right to provide copies of the processed personal data. We will provide you with an overview of processed personal data upon request.
You have the right to withdraw your consent to the processing of personal data at any time, which are processed by us on the basis of consent under the conditions set out in Article 7 of the Regulation. You also have the right to unsubscribe from sending commercial messages at any time.
You have the right to request the rectification, update or completion of incomplete personal data under the conditions set out in Article 16 of the Regulation.
You have the right for us to erasure your personal data at your request without undue delay under the terms of Article 17 of the Regulation, in particular if (i) the personal data are no longer necessary for the purposes for which they were retented or otherwise processed, (ii) if the personal data are processed unlawfully, (iii) if personal data must be deleted to comply with a legal obligation. However, the right to erasure does not apply if there is a statutory exception, in particular if the processing of personal data is necessary to fulfill a legal obligation, for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes or for the determination, exercise or defense of legal claims.
You have the right to restrict the processing of personal data according to Article 17 of the Regulation, especially if (i) you deny the accuracy of the personal data, for the time required for us to verify the accuracy of the personal data, (ii) the processing is unlawful and you request a restriction of the use of the personal data instead of their erasure, (iii) we no longer need the personal data for processing purposes, but the subject needs the data to determine, exercise or defend legal claims.
You have the right to object to the processing of personal data based on a legitimate interest, under the terms of Article 21 of the Regulation.
You have the right to request to data portability to another controller under the conditions set out in Article 20 of the Regulation, i.e. to transfer your personal data processed automatically to another controller in a structured, commonly used and machine-readable format.
You have the right not to be the subject of any decision based solely on automated processing, including profiling under the conditions set out in Article 22 of the Regulation.
You have the right to obtain information about a breach of the security of your personal data under the conditions set out in Article 34 of the Regulation.
If you believe that the processing of your personal data violates the obligations set out in the Regulation, you have the right to file a complaint with the supervisory authority under the conditions set out in Article 77 of the Regulation. The supervisory authority in the Czech Republic is the Czech Office for the Protection of Personal Data, adress: in Plk. Sochora 27, 170 00 Prague 7, website https://www.uoou.cz/.
IX.
Exercise of rights
You can exercise all of the above rights by email sent to the address tereza.vostradovska@gmail.com, or by correspondence to the controller's address.
We provide all communications and statements regarding the rights you have exercised free of charge. However, if the request is clearly unreasonable or inadequate , especially because it is repeated, we are entitled to charge a reasonable fee taking into account the administrative costs associated with providing the requested information.
In the event of repeated application of the request to provide copies of processed personal data, we reserve the right to charge a reasonable fee for administrative costs for this reason.
We will provide you with a statement and possibly information about the measures taken as soon as possible, but no later than one month from the delivery of the request. If necessary, we are entitled to extend the deadline by up to two months, taking into account the complexity and number of applications. We will inform you about any extension of the deadline.
In case of questions regarding the collection, processing and protection of personal data, you can contact us via email sent to the address: tereza.vostradovska@gmail.com or by correspondence at the address of us.
This Privacy Policy is effective from 1. 1. 2022.