1. DATA CONTROLLER’S IDENTITY AND CONTACT DATA
- 1.1. The Data Controller of your personal data pursuant to Art. 4 (7) of the Regulation of the European Parliament and the Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR") is the company:
Company: GARED, s.r.o. Headquarters: Družstevní 278 517 01 Solnice Czech Republic Europe TAX NO.: 288 19 446 VAT: CZ28819446
(hereinafter the „Controller“).
- 1.2. The Controller’s contact details are as follows:
Address: Družstevní 278, Solnice, 517 01 Email: email@example.com Phone: +420 494 596 110
- 1.3. The Controller has not appointed any Data Protection Officer.
- 1.4. Personal Data shall mean any information on an identified or identifiable natural person; an identifiable natural person shall mean a natural person that may be directly or indirectly identified, in particular with reference to a certain identifier, such as name, identification number, location data, network identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- 1.5. The Controller processes the Personal Data provided by you, or the Personal Data which the Controller obtained on the basis of fulfilment of your purchase order.
2. PURPOSE OF PERSONAL DATA PROCESSING
- 2.1. The legitimate reason for personal data processing is
- Performance of an agreement between you and the Data Controller pursuant to Art. 6 (1), letter b) of the GDPR,
- Data Controller’s legitimate interest in the provision of direct marketing (in particular for the sending of business messages and newsletters) pursuant to Art. 6 (1), letter f) of the GDPR,
- Your consent to processing for the purposes of provision of direct marketing (in particular for the sending of business messages and newsletters) pursuant to Art. 6 (1), letter (a) of the GDPR in combination with Sect. 7 (2) of the Act No. 480/2004 Sb., on certain services of the information company when no order was placed for goods or services.
- 2.2. The purpose of personal data processing is
- Handling of your purchase order and exercise of the rights and obligations resulting from the legal relationship between you and the Controller; personal data are required with the purchase order which are necessary for successful handling of the purchase order (name and address, contact details); provision of the personal data is an essential requirement to enter into and fulfil the agreement; the agreement may not be entered into and/or fulfilled by the Controller when the personal data are not provided,
- Keeping your account at our e-shop
- Sending of business messages and making other marketing activities
- 2.3. On the side of the Controller, no automated individual decision-making takes place within the meaning of Art. 22 of the GDPR. You have given your explicit consent to such processing.
- 2.4. When contact forms are used (in Contact Data of web sites, Product Inquiry), the data obtained from this form will be used exclusively for the purpose of replying to your inquiry and will subsequently be deleted. They will not be used for the sending of any business messages, unless you have given your consent to that.
3. PERSONAL DATA STORAGE PERIOD
- 3.1. The Controller stores the personal data
- For the period necessary to exercise the rights and obligations resulting from the contractual relationship between you and the Controller, and to enforce the claims under such contractual relations (for a period of 15 years after termination of the contractual relationship).
- For the period until revocation of the consent to the processing of the personal data for marketing purposes; no more than 5 years if the personal data are processed on the basis of a consent.
- 3.2. After expiration of the personal data storage period, the Controller shall delete the personal data.
- 4.1. The Controller collects the following cookies files on its web sites:
Type Name Purpose Expiration Statistical _ga Registers the unique identification number which is used for the generating of statistical data on how the user uses the website Session Statistical _gat Used by the Google Analytics system to control the speed of input of inquiries Session Statistical _gid Registers the unique identification number which is used for the generating of statistical data on how the user uses the website Session Necessary CookieConsent Stores the consent to cookies processing 3 years Necessary Sid Maintains the user status when requirements for sites are made 29 days Google maps NID Google maps key 6 months Statistical _utma Collects the data on where the user is from, which equipment was used, which link was clicked on (Google Analytics) 2 years Statistical _utmb Registers the time stamp Session Statistical _utmz Collects the data on where the user is from, which equipment was used, which link was clicked on (Google Analytics) 6 months PHPSESSID PHPSESSID Maintains the user status when requirements for sites are made Session
5. RIGHTS OF DATA SUBJECTS
- 5.1. Under the terms and conditions specified in the Regulation, you are entitled to request from the Controller the access to your personal data, the right to correction or deletion of your personal data, and/or the restriction of your personal data processing, the right to object your personal data processing, and the right to portability of your personal data.
- 5.2. You are entitled to withdraw at any time the consent to the processing of your personal data given to the Controller. However, the legitimacy of your personal data processing having taken place before such withdrawal of the consent is not hereby affected. You may withdraw your consent to personal data processing by sending an email to firstname.lastname@example.org.
- 5.3. If you believe that the Regulation was or is violated by the processing of your personal data, you are entitled, among others, to lodge a complaint at the supervisory authority.
- 5.4. You are not obligated to provide the personal data. Provision of your personal data is not a statutory and/or contractual obligation and is not a requirement essential to enter into an agreement, either.
6. TERMS AND CONDITIONS OF PERSONAL DATA SAFEGUARDING
- 6.1. The Controller declares to have adopted all the suitable technical and organizational measures to safeguard the personal data.
- 6.2. The Controller adopted the technical measures to safeguard the data warehouses and personal data warehouses in paper form and electronically, in particular antivirus, passwords, encryption, back-ups, etc., https encryption of the web.
- 6.3. The Controller declares that only the persons authorized by the Controller have access to the personal data.
7. FINAL PROVISIONS
- 7.1. By sending the purchase order from the internet purchase order form, you confirm to have studied the terms and conditions of personal data protection and to accept them in full.
- 7.2. You consent to these terms and conditions by checking off the consent via the internet form. By checking off the consent, you confirm to have studied the terms and conditions of personal data protection and to accept them in full.
- 7.3. The Controller is entitled to change these terms and conditions. The Controller will publish the new version of the terms and conditions of personal data protection on its internet sites and, at the same time, will send you the new version of these terms and conditions to your email address which you have provided to the Controller.
These Terms and Conditions become effective on 23rd May 2022
GARED s.r.o., TAX NO.: 288 19 446