PRINCIPLES OF PERSONAL DATA PROTECTION dated 1 March 2019 (hereinafter referred to as the “Principles”)
Being aware of the importance of protecting the privacy and privacy of our clients and others, our company complies with European Union law when collecting, storing and processing personal data, and the purpose of this Policy is to meet information an obligation vis-à-vis all data subjects (data subject) arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), as amended (“GDPR”), we disclose the following Privacy Policy:
1. TERMS
1.1. The User is an identified natural person and is thus in the position of a personal data subject (hereinafter referred to as the “Subject”).
1.2. The Provider is the Administrator of personal data towards the User (hereinafter referred to as the “Administrator”).
2. PERSONAL DATA PROCESSED
2 .1. The Administrator processes personal data obtained directly from the User and which are necessary for the fulfillment of the contractual relationship between the subject and the Administrator. The administrator processes the personal data for the duration of the contractual relationship and for the time necessary for records and archiving.
2.2. Purpose of processing personal data obtained from the User: personal data processed by the Administrator for the purposes of the contract. Further, with the consent of the Administrator, it processes personal data for marketing purposes or for communication with Users; in this case, the provision of personal data is not a legal or contractual requirement.
3. PERSONAL DATA PROCESSING
3.1. In some cases, the Controller is entitled to use the services of external companies that process personal data provided to the Controller. For this purpose, it is entitled in particular to conclude a processing contract with another entity.
3.2. The Administrator is entitled, based on his legitimate interest, to process User’s personal data for the purposes of direct marketing, as direct marketing is a legitimate interest of the Administrator in the sense of GDPR. You may object to this processing (see Section 5.2.6).
3.3. The User acknowledges that he is not obliged to provide any data about himself or to give his consent to their processing.
3.4. Users’ personal data will not be disclosed to third parties in the form of a publicly accessible list.
3.5. Personal data will not be transferred to third countries or international organizations.
4. PERSON IN RESPECT OF PERSONAL DATA PROTECTION
4.1. The controller did not appoint a person in charge of data protection. If necessary, it is possible to contact the Administrator via the email address solta@shop4experience.cz.
5. RIGHTS OF BODIES
5.1. The Entity is entitled to exercise the following rights against the Administrator to the extent and under the conditions set out in Chapter III of the GDPR.
5.2. The rights of the Entity are as follows:
5.2.1 Right of access to personal data: You have the right to obtain confirmation from the Administrator if it is processing personal data concerning you. If your personal data is processed, you have the right to access this data. This will include, for example, information on the purposes of processing, categories of personal data and information on the source of personal data. You also have the right to request a copy of the processed personal data.
5.2.2 Right of Correction: You have the right to have the Administrator correct any inaccurate personal data concerning you that is processed by the Administrator without undue delay.
5.2.3 Right of erasure: If any of the reasons defined by the GDPR occur (eg personal data will no longer be needed for the purposes for which it was collected or otherwise processed, or your consent will be revoked), you have the right to have the Administrator without undue delay deleted personal information concerning you. However, this right shall not be exercised indefinitely. Thus, deletion will not occur, for example, if the data are processed under a legal obligation arising from the legislation.
5.2.4 Right to Restrict Processing: You have the right for the Administrator to restrict processing in the cases defined by the GDPR. This is the case, for example, where you deny the accuracy of your personal information and the limitation will continue as long as the Administrator checks the accuracy of your personal information.
5.2.5 Right to data portability: In some cases defined by the GDPR (eg if processing is based on your consent), you have the right to have your Personal Data provided to you in a structured, commonly used and machine readable format, and the right to transfer this data to another controller. You also have the right, if it is technically feasible, for the Administrator to provide this information directly to another controller, if technically feasible.
5.2.6 Right to object: You have the right to object at any time to the processing of personal data concerning you, for reasons specific to your particular situation, if the personal data are processed based on a public service or public authority exercise, or the legitimate interests of the Administrator or a third party, including profiling based on these provisions. You have the right to dispute processing for direct marketing purposes.
5.2.7 Right not to be subject to automated individual decision making, including profiling: You have the right not to be subject to any decision based solely on automated processing, including profiling, which has legal effects or affects you in a similar way. However, this right does not apply in all cases, eg if a decision is necessary to conclude or perform a contract between you and the Administrator.
6. GRANT OF CONSENT AND RIGHT TO WITHDRAW IT AT ANY TIME
6.1. Consent to the processing of personal data is granted to the Provider as the controller of personal data.
6.2. In cases where the processing of your personal data is based on your consent, you may revoke that consent at any time.
6.3. If you provide any personal data and agree to its processing, you do so voluntarily. The withdrawal of consent, but also its granting, is thus your free choice, and the Administrator is not authorized to force you to do so or to penalize you in any way. However, the withdrawal of consent does not affect the lawfulness of the processing prior to its withdrawal (ie its withdrawal has no retroactive effect).
6.4. You can withdraw your consent to the processing of Personal Data via solta@shop4experience.cz.
7. COMPLAINTS
7.1. You have the right at any time to file a complaint regarding the processing of your personal data with our Data Protection Officer according to the information specified in paragraph 4.
7.2. You also have the right to lodge a complaint regarding the processing of your personal data with the Supervisory Authority, in particular in the Member State of usual residence or work, which is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
8. PROVISION OF PERSONAL DATA BY THE DATA SUBJECT
8.1. In cases where the provision of your personal data by you is a legal requirement, you are obliged to provide such personal data. The same situation arises if it is your responsibility to provide personal data under a contract. If the provision of personal data is obligatory and it is not provided by you, the consequences stated in the relevant legal regulation or in the relevant legislation may apply. contract.
9. BUSINESS COMMUNICATION
9.1. If you expressly agree that the Provider may use your email address for the purpose of sending commercial communications, commercial communications will be sent to you. However, you will be entitled to withdraw your consent at any time via solta@shop4experience.cz.
Translated from original: Privacy policy in Czech language.