I. Basic provisions
- As per Article 4, point 7 of Regulation (EU) no. 2016/679 of the European Parliament and of the Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”), the Personal Data Controller is: BARRACUDA CZ s.r.o., Identification Number 26242303, registered office Bělohorská 197/126, 169 00 Prague 6 - Břevnov (hereinafter referred to as the “Controller”).
- The Controller’s contact details are as follows:
address: Ing. Libor Vyhlídal, BARRACUDA CZ s.r.o., Bělohorská 197/126, 169 00 Prague 6 - Břevnov
e-mail: info@promotextile.cz
telephone: +420 573 382 009
- Personal data is understood to mean all information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, particularly via a reference to a specific identifier, for example name, identification number, location data, network identifier or one or more specific elements of this natural person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
- The Controller has not appointed a Data Protection Officer.
II. Sources and categories of the processed personal data
- The Controller processes the personal data which you have provided to them, or the personal data which the Controller obtained on the basis of the fulfilment of your order.
- The Controller processes your identification and contact details, and the information necessary for the fulfilment of the Contract.
- The Controller processes your e-mails and text messages, if you contact them via the contact form.
III. Legal reason for and purpose of the personal data processing
- The legal reason for the personal data processing is the
- fulfilment of the Contract between you and the Controller as per Article 6, paragraph 1, section b) of the GDPR,
- the Controller’s legitimate interest in the provision of direct marketing (in particular for the sending of commercial messages and newsletters) as per Article 6, paragraph 1, section f) of the GDPR,
- your consent to the processing for the purposes of the provision of direct marketing (in particular for the sending of commercial messages and newsletters) as per Article 6, paragraph 1, section a) of the GDPR, in connection with § 7, paragraph 2 of Act no. 480/2004 Coll., on Certain Information Society Services, if no goods or services were ordered.
- The purpose of the personal data processing is
- the execution of your order, and the exercise of the rights and obligations arising from the contractual relationship between you and the Controller. During the course of the order, personal data is required, which is necessary for its successful execution (name and address, contact details). The provision of personal data is a requirement for the conclusion and fulfilment of the Contract. Without the provision of the personal data, the Contract cannot be concluded or fulfilled by the Controller,
- sending commercial messages, and the performance of other marketing activities,
- answering queries sent via the contact form.
- The Controller does not engage in automatic individual decision-making within the meaning of Article 22 of the GDPR.
IV. Data storage period
- The Controller stores personal data
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the Controller, and the exercise of claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
- for the period until the revocation of the consent to the personal data processing for marketing purposes, being no longer than 5 years, if the personal data is processed on the basis of consent.
- for a period of no more than 1 year in the case of messages sent via the contact form.
- After the expiry of the personal data storage period, the Controller shall delete the personal data.
V. Personal data recipients (Controller’s subcontractors)
- Personal data recipients are persons
- participating in the delivery of services/execution of payments on the basis of the Contract,
- providing operational services for the online shop, and other services connected with the operation of the online shop,
- providing marketing services.
- The Controller does not intend to transfer the personal data to a third country (outside the EU), or an international organisation.
VI. Your rights
- Under the conditions set forth in the GDPR, you have
- the right to access your personal data as per Article 15 of the GDPR,
- the right to the correction of the personal data as per Article 16 of the GDPR, or restriction of processing as per Article 18 of the GDPR,
- the right to the deletion of the personal data as per Article 17 of the GDPR,
- the right to raise an objection against the processing as per Article 21 of the GDPR and
- the right to data portability as per Article 20 of the GDPR.
- the right to revoke your consent to the processing, in writing or electronically, using the Controller’s postal or e-mail address stated in Article III of these Conditions.
- You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been breached.
VII. Personal Data Security Conditions
- The Controller declares that they have implemented all appropriate technical and organisational measures to secure the personal data.
- The Controller has implemented technical measures to secure data repositories and repositories of personal data in document form, in particular, regular system updates, communication encryption (use of the HTTPS protocol) and password encryption.
- The Controller declares that only persons authorised by them have access to the personal data.
VIII. Final provisions
- By sending an order from the online order form, you confirm that you are familiar with the Personal Data Protection Conditions, and that you accept them in full.
- You agree with these Conditions by ticking the consent field in the online form. By ticking the consent field, you confirm that you are familiar with the Personal Data Protection Conditions, and that you accept them in full.
- The Controller is entitled to amend these Conditions. They shall publish the new version of the Personal Data Protection Conditions on their website, and at the same time send the new version of these Conditions to the e-mail address you provided to the Controller.
These Conditions come into effect on 01/04/2019.