Protection of personal data in accordance with the GDPR
Protection of personal data in accordance with the GDPR
The protection of personal data of the buyer, who is a natural person, is provided by Act No. 101/2000 Coll., On the protection of personal data, as amended.
The buyer agrees to the processing of the following personal data: name and surname, residential address, identification number, tax identification number, e-mail address, and telephone number (hereinafter collectively referred to as "personal data") and confirms that the personal data provided is accurate and that he has been informed that this is a voluntary disclosure of personal data and that he may withdraw his consent at any time in writing.
The buyer agrees to the processing of personal data by the seller, for the purposes of exercising the rights and obligations under the purchase agreement and for the purposes of maintaining a user account. Unless the buyer chooses another option, he agrees to the processing of personal data by the seller also for the purpose of sending information and business messages to the buyer.
The buyer acknowledges that he is obliged to state his personal data (during registration, in his user account, when ordering from the web interface of the store) correctly and truthfully and that he is obliged to inform the seller without undue delay about the change in his personal data.
The seller may authorize a third party to process the buyer's personal data as a processor. Apart from the persons transporting the goods, personal data will not be passed on to third parties by the seller without the prior consent of the buyer.
Personal data will be processed indefinitely.
PROCESSING OF PERSONAL DATA
Information on the processing of personal data
The purpose of this Policy is to provide information about what personal data both administrators process about individuals when selling goods through the e-shop, visiting related websites, as well as other contacts with customers or potential customers.
This Policy is effective from 25 May 2018 and is issued in accordance with Regulation (EU) 2016/679, on the protection of individuals with regard to the processing of personal data ("the Regulation" or "GDPR"). We pay due attention and care to personal data so that their processing always takes place in accordance with legal standards.
1. Identification data of the controller and the data protection officer
1.1. The administrator of personal data is the online shop of dřevěnédekorace1 Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID number 03200434, registered with the Trade Licensing Department of the Office of the Prague 13 City District, From which he processes personal data under the conditions listed below (hereinafter referred to as the "administrator")
1.2. The administrator's contact details are the address: Jana Ďurišová, Jaurisova 4, 140 00 Prague 4, Czech Republic, email: info@drevenedekorace1.cz, phone: +420 776 843 608.
1.3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a specific identifier, for example name, identification number, location data, network identifier. Personal data is therefore information that allows us to identify you. This is therefore information that can be assigned specifically to your person.
- Basic data, such as your name, surname, date of birth, billing and delivery address or login to the user account.
- A special category of personal data then consists of sensitive personal data. Sensitive data includes, for example, information about your health condition. We do not process such personal data. 1.4. The trustee did not appoint a trustee.
2. Processing of personal data for individual purposes:
2.1. The legal reason for processing personal data is:
performance of the contract between the customer and the administrator pursuant to Article 6 (1) (a) b) GDPR
the legitimate interest of the administrator in the provision of direct marketing (especially for sending commercial messages and newsletters = news) according to Art. f) GDPR
Your consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) a) GDPR in conjunction with § 7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered.
2.2. The purpose of personal data processing is:
- settlement of the customer's order and exercise of rights and obligations arising from the contractual relationship between the customer and the administrator; when ordering, personal data are required, which are necessary for successful execution of the order (name and address, contact), provision of personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or demand it from the administrator.
- sending business messages and doing other marketing activities.
2.3. There is no automatic individual decision by the administrator within the meaning of Article 22 of the GDPR.
2.4. In the case of your explicit consent to the transfer of personal data (e-mail address) for the purpose of independent evaluation of the purchase, we will forward the email address and information about the purchased goods to the Heureka.cz and Zboží.cz portal. Your satisfaction with the purchase is then determined through email questionnaires. Your personal data is not passed on to any third party for its own purposes when sending e-mail questionnaires. You can object to the sending of e-mail questionnaires at any time by rejecting other questionnaires using the link in the e-mail questionnaire. In case of your objection, we will not send you the questionnaire further. 3. The controller does not intend to transfer personal data to a third country (non-EU country) or to an international organization.
3. Individual reasons for processing personal data
3.1. Purchase of goods through the e-shop, delivery of goods, handling complaints
Dřevěnédekorace1 handles
3.1.1 for the purpose of purchasing goods through the e-shop and delivery of goods the following personal data of the customer: name, surname, telephone number, e-mail address, delivery address, billing address, data on purchased goods and data related to payment for goods payment in advance without cash on delivery service - account number, amount paid, date of crediting the payment to the Dřevěnédekorace1 account),
3.1.2 for the purpose of handling complaints in addition to the data specified in point 3.1.1. as well as data on the claimed goods and data provided by the customer when making a complaint.
3.1.3. The legal basis for the processing of personal data is, in the case of the purchase of goods through the e-shop, delivery of goods to the customer, Article 6 (1) (a). (b) Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) ("the GDPR Regulation") and in case of complaints Article 6 (2) 1 (a) c) GDPR Regulation.
3.1.4. The processing of personal data by the Dřevodekorace1 online store is necessary in the case of purchasing goods via the e-shop www.drevenedekorace1.cz, delivery of goods to the customer for the fulfillment of the contract for the purchase of goods and in the case of handling complaints
3.1.5. The recipients of personal data are the following persons:
- a courier or transport company (Česká pošta, Zásilkovna, DPD), which ensures the delivery of goods to the customer, as another administrator or processor,
- shop Dřevodekorace1 on the web interface www.drevenedekorace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
- company Thinline s.r.o Jeseniova 1196/52 Prague 3 Žižkova, IČ 26747359, DIČ CZ26747359
- external legal representation, other bodies in consumer proceedings, transport companies in connection with the handling of complaints as administrators or processors
- financial authorities, tax advisors and auditors as administrators or processors, in so far as this is necessary to fulfill the legal obligation of the Dřevěnédekorace1 online store.
3.1.6. Personal data is processed during the period of performance of the contract for the purchase of goods and during the warranty period for the delivered goods.
3.2. Registration and operation of the e-shop
3.2.1. The Dřevěnédekorace1 online store processes the following personal data for the purposes of registration and operation of the e-shop www.drevenedekorace1.cz: name, surname, telephone number, e-mail address, address and order history.
The legal basis for the processing of personal data is Article 6 (1) (a). b) GDPR Regulation. The processing of personal data by EW is necessary to ensure registration in the e-shop and the operation of the e-shop.
3.2.2. The recipients of personal data are the following processors:
company Thinline s.r.o Jeseniova 1196/52 Prague 3 Žižkova, IČ 26747359, DIČ CZ26747359
shop Dřevěnédekorace1 www.drevenedekoace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
3.2.3. Personal data are processed for the duration of registration in the e-shop www.drevenedekorace1.cz
3.3. Providing telephone and e-mail support to customers
3.3.1. The Dřevěnédekorace1 processes the following personal customer data for the purposes of providing telephone and e-mail support: name, surname, telephone number, e-mail address, address, order history.
The legal basis for the processing of personal data is Article 6 (1) (a). b) GDPR Regulation. The processing of personal data by the Dřevěnédorace1 online store is necessary to provide support.
3.3.2. The recipients of personal data are the following processors:
shop Dřevěnédekorace1 www.drevenedekorace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
3.3.3. Personal data is processed during the warranty period of the purchased goods.
3.4. Resolving customer complaints
3.4.1. The Dřevěnédekorace1 online store processes the following personal data for the purpose of resolving customer complaints: name, surname, data stated in the complaint and, depending on how the customer submitted the complaint, his address, telephone number or e-mail address.
The legal basis for the processing of personal data is Article 6 (1) (a). b) GDPR Regulation. The processing of personal data by EW is essential to resolving a customer complaint.
3.4.2. The recipients of personal data are the following processors:
shop Dřevěnédekorace1 www.drevenedekorace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
3.4.3. Personal data is processed during the period before the customer's complaint is resolved.
3.5. Enforcement of e-commerce claims
3.5.1. The Dřevěnédekorace1 online store processes the following data for the purposes of the Dřevěnédekorace1 store: data stated in contracts with customers and suppliers, data stated in complaints, data kept in accounting and other data necessary in connection with the possible assertion of claims or protection of interests of the Dřevěnédekorace1 store.
The purpose of the processing of such personal data is the legitimate interest of the controller and the legal basis for the processing is Article 6 (1) (a). f) GDPR Regulation. The processing of personal data by the Wooden Decoration1 online store is necessary for the purposes of the legitimate interests of the Wooden Decoration1 store. The legitimate interest of the Dřevěnédekorace1 trade is the protection of its property as well as the protection against unjustified claims against the Dřevěnédekorace1.
3.5.2. The recipients of personal data are the following persons:
courts, public authorities, lawyers, tax advisers and other professional advisers as trustees
shop Dřevěnédekorace1 www.drevenedekorace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
3.5.3. Personal data is processed during litigation and during the limitation period during which claims may be asserted against the Dřevěnédekorace1 shop or during which the trade may assert its own claims.
3.6. Fulfillment of legal obligations of the e-commerce Dřevěnédekorace1
3.6.1. Dřevěnédekorace1 processes personal data referred to in letter a) to m) in order to fulfill the legal obligations of the Dřevěnédekorace1 business.
The legal basis for the processing is Article 6 (1) (a). c) GDPR regulations (eg accounting law, value added tax law, income tax law, consumer protection law, archiving and filing service law). The processing of personal data of the Dřevodekroace1 online store is necessary to fulfill the legal obligations of this store.
3.6.2. The recipients of personal data are the following persons:
shop Dřevěnédekorace1 www.drevenedekorace1.cz, Jana Ďurišová with its registered office at Jaurisova 4, 140 00 Prague 4, ID 03200434
tax advisors, auditors, courts and public authorities as administrators.
3.6.3. Personal data is processed during the time required by applicable law.
4. Rights of the data subject
4.1. The data subject has the right to file a motion to initiate proceedings with the Office for Personal Data Protection of the Czech Republic if it considers that it is directly affected by its rights under the GDPR Regulation or by relevant legal regulations.
4.2. The data subject has the right to request from the controller:
access to personal data,
to correct personal data,
to delete personal data,
to limit the processing of personal data,
the right to the portability of personal data, and
the right to object to the processing of personal data.
4.3. The Data Subject may exercise these rights by contacting the Dřevěnédekorace1 shop
in writing by sending a letter to the address of the company's registered office stating the name and surname of the responsible person under the company's name,
electronically by sending an e-mail to the above e-mail address or by phone
5. Retention period of personal data
5.1. The administrator stores personal data
for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and asserting claims from these contractual relationships (for a period of 10 years from the termination of the contractual relationship, Czech law requires registration and archiving of invoices with all data for 5 years).
registered customers store personal data on the basis of their consent for the period of validity of their customer account or until the withdrawal of consent, which deletes the customer account. For a deleted account, personal data from orders are processed for a period of 10 years from the end of the contractual relationship.
for sending newsletters = news on the basis of separate consent, personal data are processed until the withdrawal of consent, the validity of the customer account or until the deletion of the customer account.
5.2. After the retention period of personal data, the administrator will delete the personal data.
6. Relevant legislation
6.1. The relevant legal regulation is primarily the GDPR Regulation, the applicable Personal Data Protection Act as amended and other applicable generally binding legal regulations.
7. Processing of personal data via social networks
7.1. The administrator has a profile of the online store www.drevenedekorace1.cz on Facebook. Any information, communication or material provided through the social media platform is provided at your own risk. The administrator cannot guard all users of social networks or even providers of these networks. The protection of personal data is addressed separately within each of the mentioned platforms.
7.2. If users disclose their personal data or personal data of children (with the consent of the legal representative), they do so by granting voluntary, unconditional consent of the personal data subject, at the time of providing this personal data to social network administrators.
8. Your rights
8.1. Under the conditions set out in the GDPR, you have
- the right to access your personal data - you have access to your personal data at any time via the web interface • the right to correct personal data according to Article 16 GDPR, or restrictions on processing according to Article 18 GDPR - you can correct personal data at any time via the web interface
- the right to delete personal data according to Article 17 GDPR - you can delete most of the data you entered at any time via the web interface, some data can not be deleted due to legal obligations (legal obligation to archive invoices for 5 years) provides an exception therefore delete only the customer's electronic account and customer records in the e-shop, not from invoices)
- the right to object to the processing under Article 21 of the GDPR
- the right to data portability according to Article 20 GDPR - invoicing and delivery addresses can be machine-transferred using an XML file
- the right not to be the subject of automated individual decision-making with legal or similar effects, including profiling - such processing does not take place in our country
- The right to notify correction, deletion or processing restrictions - you can do the correction and deletion yourself, so this right doesn't make much sense
- You can revoke the consent to the processing of personal data via the web interface, in writing or electronically to the address or email of the administrator info@drevenedekorace1.cz
- the right to file a complaint with the Office for Personal Data Protection in the event that you believe that your right to personal data protection has been violated
9. Conditions of personal data security
9.1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
9.2. The administrator has taken technical measures to secure data repositories and personal data repositories in paper form, especially the transmission of information on the e-shop using HTTPS, encryption of user account passwords, encryption and encryption of local disks and local computers, local encryption of our employees' access to e -mail communication, individual approaches of employees to the administration of the e-shop, password protection and encryption of the accounting program.
10. Final provisions
10.1. By submitting an order from the online order form, you confirm that you are familiar with the principles and conditions of personal data processing and that you accept them in full.
10.2. The administrator is entitled to change these conditions. They will publish a new version of the privacy policy on their website.