The entrepreneur, Tereza Typoltová, ID No. 62599348, with a registered office at Ondříčkova 1774/28, 130 00, Prague 3 - Vinohrady (hereinafter referred to as the “controller”), as the controller of personal data, hereby hereby informs its customers (hereinafter referred to as "data subjects") about the manner and extent of processing of their personal data by the controller, including the scope of data subjects' rights related to the processing of their personal data by the controller.
1. What personal data does the administrator process about you?
The controller processes in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC personal data (hereinafter referred to as the "Regulation") and in accordance with the relevant national legislation on personal data protection:
- Address and identification data (name, surname, date of birth, social security number, address, permanent or other residence, nationality, type and number of identity card, state or authority issuing it and its period of validity, nationality, citizenship), status, family members = spouse + children, phone number, email address, photo, bank account number);
The controller processes personal data only in accordance with the purposes set out below and to the extent and for the time necessary to fulfill these stated purposes.
2. For what purposes and under what legal titles does the controller process your personal data?
- Delivery of ordered goods / sale
- The processing of personal data is necessary for the negotiation or conclusion of a contract to which the data subject is a party and for the subsequent performance of such a contract.
- When placing an order, the controller collects and processes the personal data of the data subject to the extent defined above. The communication of such personal data by the data subject is a basic prerequisite for the conclusion or amendment of the purchase contract, where the provision of personal data serves primarily for unambiguous and unmistakable identification of the data subject or for his contact.
- In addition, the controller may process personal data of the data subject in connection with the sale of goods and services to the extent resulting from a specific contract (e.g., personalization of the data subject's profile data if necessary) or from the law (compliance with legal tax obligations).
- Protection of administrator rights in case of a dispute with a customer
- The above-mentioned scope of personal data may also be processed by the controller in order to protect their rights in the event of a dispute with the customer.
- Customer identification
- The processing of personal data to the extent defined above is necessary to fulfill the legal obligation of the administrator when paying in cash above the limit set by Act No. 253/2008 Coll., on certain measures against money laundering and terrorist financing, as amended.
- Protection of persons and property in the administrator's premises
- The processing of personal data is necessary for the purposes of the controller's legitimate interests in ensuring the protection of persons and property.
- The controller collects and processes the personal data of the data subject within the scope of a permanent record of the movement of persons in the public space by means of video surveillance systems located at the registered office or business premises of the company.
3. Who will have access to your personal data?
In addition to the controller and its employees, personal data may also be processed by the controller's partners to ensure the purposes detailed above. External partners who can process your personal data as controller are carefully selected by the controller who entrusts personal data only to those who provide sufficient guarantees to ensure appropriate technical and organizational precautions to prevent, in particular, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access.
Other entities that may have access to your personal data at present or in the future::
- persons who provide the technical operation of a service to the controller or technology managers the controller uses for these services;
- persons to whom the controler provides data for the analysis and measurement of sales activities;
- business partners involved in the organization of the controller's social and marketing activities;
- law offices for the recovery of the trustee's claims;
The controller is also obliged to transfer some of your personal data on the basis of valid legal regulations, e.g., state administrative authorities, courts, law enforcement authorities in connection with possible administrative, criminal and civil proceedings.
- In what time frame do we process your personal data?
- Your personal data are processed by the controller for the duration of the contractual relationship and for the time necessary to ensure mutual rights and obligations under the contract.
- In the case of fulfillment of legal obligations, the controller processes personal data for a period set by the relevant legal regulations.
- When processing personal data through CCTV systems, CCTV records are stored for a maximum of 7 calendar days. In the event that your personal data are captured on a camera record that is necessary to use to deal with an infringement or other security incident, your personal data and the record will be processed until the record is forwarded to the law enforcement authorities.
- V případě, že správce zpracovává osobní údaje na základě Vašeho souhlasu, osobní údaje budou zpracovávány po dobu uvedenou v souhlasu, tj. po dobu 5 let od doby udělení Vašeho souhlasu, nebo do doby, dokud jej neodvoláte.
4. What rights do you have in relation to the processing of personal data by the controller?
As a data subject, you have the following rights in relation to your personal data:
- Right to revoke your consent to the processing of personal data at any time (if the processing is based on consent);
- Right of access to personal data (the right to request information whether or not the personal data concerning you are processed by the controller and, if so, you have the right to access this personal data and other information pursuant to Article 15 of the Regulation) ;
- Right to transfer data (right to obtain personal data concerning you in a structured, commonly used and machine-readable format, and the right to transfer this data to another controller; and the right to have personal data transferred directly by one controller to the other (if technically feasible);
- Right of rectification (right to require the controller to correct inaccurate personal data concerning you without undue delay);
- Right to limit processing (right to require the controller to limit processing, inter alia, if the controller verifies the accuracy of the data due to exercise of the right of rectification; or if the controller would process personal data unlawfully but do not want to delete it) ;
- Right of erasure (the right to require the controller to delete your personal data without undue delay, inter alia, if the personal data are no longer needed for the purposes for which they were collected or you have withdrawn the consent under which the controller's personal data were processed and another legal title for processing, or if the controller would process personal data unlawfully);
- Right of opposition;;
- Right to contact the Office for Personal Data Protection with its own initiative.
5. How can you contact the controller?
If you have any questions regarding the processing of your personal data or exercising the above rights, you can contact the administrator in writing or in person at the company headquarters.