I. Basic provisions
- Pavel Tošovský, PT model, identification number: 68231377 is the Personal Data Controller ( hereinafter referred to as „Controller“) according to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as „GDPR“)
- Contact details of the Controller are:
address: Pavel Tošovský, PT model, Boženy Němcové 205, 55203 Česká Skalice
- Personal data is any information that relates to an identified or identifiable natural person; an identifiable natural person is a natural person that can be directly or indirectly identified, especially with reference to a particular identifier such as a name, identification number, network identifier or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that particular natural person.
- The Controller has not appointed a Data Protection Officer.
II. Sources and categories of personal data
- The Controller processes the personal data which you have provided or the personal data obtained by the Controller when completing your order.
- The Controller processes your identification and contact data and data necessary to perform the agreement.
III. Lawful basis for processing personal data
- Lawful reason for processing personal data is
- Performing the agreement between you and the Controller according to Article 6 (1) (b) of GDPR
- Legitimate interest of the Controller to provide direct marketing (especially sending commercial messages and newsletters) according to article 6 (1) (f) of GDPR
- Your consent to personal data processing for the purpose of providing direct marketing (especially sending commercial messages and newsletters) according to Article 6 (1) (a) of GDPR in combination with section 7 subsection 2 of Act No. 480/2004 Coll. on certain Information Society Services if an order for goods or services has not been placed.
- The purpose of personal data processing is
- To complete your order and to perform rights and obligations based on contractual relationship between you and the Controller; when placing an order your personal data necessary for successful order completion (name, address, contact details) are required, it is necessary to provide your personal data so that the agreement can be concluded and performed, the agreement cannot be concluded or performed by the Controller without obtaining your personal data.
- To send commercial messages and to carry out further marketing activities.
- There is automated individual decision-making within the meaning of Article 22 of GDPR on the part of the Controller. You have provided your express consent to such processing.
IV. Data retention period
- The Controller stores personal data
- For a period of time necessary to perform rights and obligations based on contractual relationship between you and the Contractor and to set up claims resulting from these contractual relationships ( for 15 years after the end of contractual relationship)
- For a period of time until the consent to personal data processing for marketing purposes is withdrawn, for 15 years at maximum if personal data processing is based on consent.
- The Controller shall delete the personal data when the retention period has passed.
V. Personal data recipients (Controller´s subcontractors)
- Personal data recipients are persons
- Participating in goods delivery and payment realization on the basis of the agreement
- Providing services for operating an e-shop (Texpro s.r.o., identification number 48150959) and other services linked to operating an e-shop
- The Controller does not intend to give personal data to a third country (to a non-EU country ) or to an international organization.
VI. Your rights
- Under conditions stated in GDPR you have:
- The right to access your personal data according to Article 15 of GDPR
- The right to rectify your personal data according to Article 16 of GDPR or to restrict processing according to Article 18 of GDPR
- The right to erasure of personal data according to Article 17 of GDPR
- The right to object to the processing according to Article 21 of GDPR
- The right to data portability according to Article 20 of GDPR
- The right to withdraw consent to the processing in a written statement sent to the Controller´s address specified in Art. 1 of these conditions or by email sent to the Controller´s email address specified in Art. 1 of these conditions.
- You also have the right to file a complaint with The Office for Personal Data Protection if you think that your right to personal data protection has been breached.
VII. Personal data security
- The Controller states that all suitable technical and organizational measures have been taken to secure personal data.
- The Controller has taken technical measures to secure data storage and storage of data in paper form.
- The Controller states that personal data can only be accessed by persons designated by the Controller.
VIII. Final provisions
- You confirm that you are familiar with the conditions of personal data security and that you accept them in their entirety by sending your order from the internet order form.
- You agree with these conditions by ticking “I agree” in the internet form. If you tick “I agree” you confirm that you are familiar with the conditions of personal data security and that you accept them in their entirety.
- The Controller is entitled to change these conditions. A new version of conditions of personal data security will be published on the Controller´s website and the Controller will also send you the new version of these conditions to the email address you have provided.
These conditions come into force on 1.1.2019