I. Basic provisions
1. The personal data administrator pursuant to Art. 4 (7) of Regulation (EU) no. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is ŘÍDÍCÍ SYSTÉMY spol. s r. o., ID no.: 14869713 with its registered office at Ještědská 90/117a, Liberec 8, 460 08, Czech Republic (hereinafter the “Administrator”).
2. The Administrator’s contact data are as follows:
Address: Jablonecká 648/8, Liberec, 460 01, Czech Republic
Email address: firstname.lastname@example.org
Telephone no.: +420 485 130 303
3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The Administrator has not appointed a data protection officer.
II. Sources and categories of processed personal data
1. The Administrator processes personal data provided by you or personal data received by the Administrator during the fulfilment of your order.
2. The Administrator also processes your identification and contact data and the data necessary for the performance of the agreement.
III. Statutory reason and purpose of processing of personal data
1. The statutory reason for the processing of personal data is:
- performance of an agreement between you and the Administrator pursuant to Art. 6, par. 1, subparagraph b) of the GDPR
- the Administrator’s legitimate interest to provide direct marketing (particularly to send business communications and newsletters) pursuant to Art. 6, par. 1, subparagraph f) of the GDPR
- your consent to the processing for purposes of providing direct marketing (particularly to send business communications and newsletters) pursuant to Art. 6, par. 1, subparagraph a) of the GDPR in connection with Section 7, par. 2 of Act no. 480/2004 Coll., on certain services of information societies, if there is no order of goods or service.
2. The purpose of processing personal data is:
- to process your order and exercise the rights and obligations arising from the contractual relationship between you and the Administrator; in the event of an order, personal data necessary for the successful processing of the order are required (name and address, contact); such provision of personal data is an essential requirement for the conclusion and performance of an agreement. An agreement cannot be concluded or performed by the Administrator without the provision of personal data
- to send business communications and performance of other marketing activities
3. The Administrator can use automated individual decision-making pursuant to Art. 22 of the GDPR. I have granted my consent to such processing.
IV. Data retention period
1. The Administrator keeps personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator, and for raising of claims arising from these contractual relationships (for 15 years since the end of the contractual relationship)
- for the period until your consent to the processing of personal data for marketing purposes is withdrawn, but no longer than for 15 years, if personal data are processed on the basis of consent
2. The Administrator shall delete personal data after expiration of the data retention period.
V. Recipients of personal data (Administrator’s subcontractors)
1. Recipients of personal data are the following persons:
- persons participating in the supply of goods/services/performance of payments according to the agreement
- persons providing e-shop operation services (Shoptet) and other services associated with operation of the e-shop
- persons providing marketing services
2. The Administrator does not intend to provide your personal data to a third country (outside the EU) or an international organization.
VI. Your rights
1. Under the conditions of the GDPR you have the right to:
- access to your personal data pursuant to Art. 15 of the GDPR
- correct your personal data pursuant to Art. 16 of the GDPR, or restrict processing pursuant to Art. 18 of the GDPR
- erasure of personal data pursuant to Art. 17 of the GDPR
- object against processing pursuant to Art. 21 of the GDPR
- data portability pursuant to Art. 20 of the GDPR
- withdraw your consent to processing with a written or electronic withdrawal sent to the Administrator’s address or email address provided in Art. III of these Terms and Conditions.
2. You are also entitled to lodge a complaint with the Office for Personal Data Protection if you believe that your right to protection of personal data was breached.
VII. Conditions of personal data security
1. The Administrator declares that he has adopted all suitable technical and organizational measures to secure personal data.
2. The Administrator has adopted technical measures to secure data storages and storages of personal data in paper form, particularly by passwords, antivirus software and backups.
3. The Administrator declares that only persons authorized by him have the access to personal data.
VIII. Final provisions