2. Reason, scope and purpose of personal data processing
1. The controller of your personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Zuzana Mukumayi Filipová, IČ : 10928537, with its registered office at Na Honech 4921, Zlín, 76005 (hereinafter referred to as the "Administrator"). 2. Any questions regarding the processing of your personal data should be directed to the contact details of the administrator firstname.lastname@example.org. 3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 4. The administrator did not appoint a data protection officer. 5. The administrator processes your personal data that you have provided to him or personal data that the administrator has obtained on the basis that you have filled in orders or another relevant form. 6. The administrator processes your identification and contact data and data necessary for the performance of the contract, ie name, surname, email address, telephone number and, if necessary, ID number, VAT number, address of the registered office or place of business. 7. The legal reason for processing personal data is 8. performance of the contract between you and the administrator pursuant to Article 6 (1) (a) b) GDPR, 9. the legitimate interest of the administrator in the provision of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) f) GDPR, 10. Your consent to processing for the purposes of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1) (a) a) GDPR in conjunction with § 7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered. 11. The purpose of personal data processing is 12. a) settlement of your order and exercise of rights and obligations arising from the contractual relationship between you and the administrator; personal data are required for the successful completion of the order (name and address, contact), the provision of personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or perform it by the administrator, b ) sending business messages and doing other marketing activities. 13. There is no automatic individual decision by the administrator within the meaning of Article 22 of the GDPR. 14. The Administrator shall store your personal data: a) for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and to assert claims arising from these contractual relations (for a period of 15 years from the termination of the contractual relationship). b) until the consent to the processing of personal data for marketing purposes is revoked, a maximum of 5 years, if the personal data are processed on the basis of the consent. c) After the expiration of the personal data retention period, the administrator will delete your personal data. THAT MEANS
Personal data is information that identifies a specific individual. From the moment you fill in and send us an inquiry, order or other web form, we process your personal data. We only process the data you have provided to us. We will only use your data to process the request, fulfill the contract, fulfill legal obligations such as issuing invoices and sending newsletters.
3. Recipients of personal data (administrator’s subcontractors)
The recipients of personal data are persons 1. involved in the delivery of goods / services / execution of payments on the basis of a contract, 2. providing emailing services and other services in connection with the operation of the website, 3. providing accounting, tax and legal services 4. providing marketing services. The controller intends to transfer personal data to a third country (a non-EU country) or an international organization. Recipients of personal data in third countries are mailing / cloud service providers. THAT MEANS When providing services, we use certain subcontractors who may have access to your personal information that you provide to us. These companies are committed to maintaining the confidentiality of your data and to ensuring that personal data is not leaked or misused.
4. Your rights
1.Under the conditions set out in the GDPR, you have 2.the right of access to their personal data pursuant to Article 15 of the GDPR, 3.the right to correct personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR. 4.the right to delete personal data pursuant to Article 17 of the GDPR. 5.the right to object to processing under Article 21 of the GDPR a 6.the right to data portability according to Article 20 of the GDPR. 7.the right to withdraw the consent to processing in writing or electronically to email@example.com 8.You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated. 9.If you are interested in using our services by filling out the contact web form: 10.you agree to the use of your personal data for the purposes of electronic sending of commercial messages, advertising materials, direct sales, market research and direct product offers by the administrator and at the same time 11. you declare that you do not consider the sending of information according to the previous point as unsolicited advertising within the meaning of Act no. No. 40/1995 Coll., as amended, as the sending of information according to the previous point in connection with § 7 of Act no. No. 480/2004 Coll. you expressly agree. 12. You can revoke your consent pursuant to this paragraph at any time in writing to firstname.lastname@example.org, or unsubscribe from receiving commercial communications. 13. In order to increase user friendliness and analytics, the administrator uses so-called cookies for the operation of the website - text files that are stored on the website visitor's computer when visiting the website. These cookies do not fall within the scope of the GDPR. The website visitor can disable the storage of cookies in the browser settings. THAT MEANS During our cooperation, you can contact us at any time with a question about how we process your data. We have to keep the personal data that we use in contract documents, invoices according to the law and also archive them for a certain period of time, so we cannot delete them. On the contrary, your personal data used for sending newsletters can be deleted, at your request, resp. unsubscribe, which you will find in the footer of each newsletter.
5. Organizational and technical measures to secure personal data
The administrator undertakes that the processing of your personal data will be ensured in particular in the following way:
Your personal data is processed in accordance with legal regulations and for the performance of all activities necessary for the performance of services. technically and organizationally ensure the protection of processed personal data so that there is no unauthorized or accidental access to your personal data, their change, destruction or loss, unauthorized transfers, their other unauthorized processing, as well as other misuse and that they are personally and organizationally all personal data obligations arising from legal regulations are ensured at all times during the data processing. the technical and organizational measures taken correspond to the degree of risk. The administrator uses them to ensure the constant confidentiality, integrity, availability and resilience of processing systems and services, and to restore the availability of and access to personal data in a timely manner in the event of physical or technical incidents. only authorized persons of the controller and subcontractors will have access to personal data in accordance with these Rules, who will determine the conditions and scope of data processing with the controller. only authorized persons of the controller and subcontractors have access to personal data in accordance with these conditions, who have set the conditions and scope of data processing with the controller and who are obliged to maintain confidentiality of personal data and security measures, disclosure of which would jeopardize their security.
The Provider will adopt and maintain current security measures for the protection of personal data adequate to the nature and scope of your personal data.
6. Final provisions
1. By completing and submitting the order web form or other relevant form and checking the box I agree with the Rules, you confirm that you are familiar with the rules of personal data protection, that you agree with them and that you accept them in full. 2. The Administrator is entitled to change these Rules. The new version of the Rules will be published by the administrator on its website and at the same time the new version of these conditions will be sent to you by the e-mail address you provided to the administrator. 3. The original version of these Rules is in Czech (see here: http://zuzanamukumayi.com/zasady-ochrany-osobnich-udaju/). Czech version prevails in case of any differences.
These conditions take effect on 8.6.2021.