1. The Personal Data Manager referred to in Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such persons (GDPR) is RAPPA ID 15502236 with its registered office in Za Humny 1082 / 1b, 725 25 Ostrava - Polanka nad Odrou (hereinafter referred to as the "manager").
2. The contact information of the administrator is
address: Za Humny 1082, 725 25 Ostrava - Polanka nad Odrou, Czech Republic
e-mail: firstname.lastname@example.org, email@example.com
phone: +420 596 927 161 kl. 32, +420 596 927 161 kl. 40
3. Personal data means any information about an identified or identifiable natural person; identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, social identity of this individual.
4. The administrator did not propose a Data Protection Officer.
Sources and categories of processed personal data
1. The administrator handles the personal data you have provided to him or the personal data that the administrator has received on your order.
2. The administrator shall process the identification, contact details and data necessary for performance of the contract.
Legitimate reason and purpose of processing personal data
1. The legitimate reason for the processing of personal data is
• performance of the contract between you and the trustee under Article 6 (1) B) GDPR,
• the legitimate interest of the controller in providing direct marketing (in particular when sending business reports and newsletters) in accordance with Article 6 (1) F) GDPR,
• Your consent to processing to provide direct marketing (in particular for sending business messages and newsletters) pursuant to Section 6 (1) A) GDPR in conjunction with § 7, paragraph 2 of Act No. 480/2004 Coll. on certain information society services in the event of non-delivery of goods or services.
2. The purpose of processing personal data is
• securing the order and exercising the rights and obligations arising from the contractual relationship between you and the trustee; (personal name, address, contact), the provision of personal data is a prerequisite for the conclusion and fulfillment of the contract, without the provision of personal data it is not possible to conclude the contract or to fulfill it by the administrator,
• Sending business reports and performing other marketing activities.
3. No automatic decision-making process within the meaning of Article 22 of the GDPR shall be exercised by the trustee. You have given your explicit consent to this processing.
Retention time of data
1. The administrator keeps personal data
• for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the trustee and the claim of these contractual relationships (for 15 years from the termination of the contractual relationship).
• until consent to the processing of personal data for marketing purposes is refused for a maximum of 10 years if personal data are processed on the basis of consent.
2. After expiration of the retention period, the administrator deletes the personal data.
Recipients of personal data (subcontractors)
1. The recipients of personal data are persons
• contribute to the delivery of goods / services / contract payments,
• provision of e-commerce services (Magento, Railsformers, Heuréka, List) and other services related to the operation of the e-shop,
• marketing services (AdVisio).
2. An operator does not intend to transfer personal data to a third country (to a non-EU country) or an international organization.
1. You have GDPR terms
• the right to access your personal data under Article 15 of the GDPR,
• the right to rectification of personal data under Article 16 of the GDPR or the limitation of processing under Article 18 GDPR.
• the right to delete personal information under Article 17 of the GDPR.
• the right to object to processing under Article 21 of the GDPR and
• the right to data portability under Article 20 GDPR.
• the right to withdraw from written or electronic consent to the address or email of the administrator referred to in Article III of these Terms.
2. You also have the right to file a complaint with the Personal Data Protection Authority if you believe that your privacy has been violated.
1. The Administrator declares that he has taken all appropriate technical and organizational measures to protect personal data.
2. The administrator has taken technical measures to secure data warehouses and personal data repositories in paper form, in particular by encrypting, backing up and using an antivirus program
3. The Administrator declares that personal data may only be accessed by authorized persons.
These conditions will enter into force on 25 May 2018.