Principles of personal data processing
Personal data processing principles
Issued by the online shop for the sale of goods www.gaen.cz through the company SPM MANUFAKTURA s.r.o., ID No.: 10898115, with registered office at Křížová 2598/4, Smíchov, 150 00 Prague 5, registered in the Commercial Register kept at the Municipal Court in Prague, file No. C 350381, which is also the data controller (hereinafter also referred to as "we" or "controller").
The purpose of this document will be to inform you of all information concerning the processing of your Personal Data. We encourage you to read this Personal Data Processing Policy. If you have any further questions about the processing of your Personal Data, please contact us at info@gaen.cz.
We process your Personal Data for statutory reasons, for the performance of a contract or on the basis of our legitimate interest. If the processing of Personal Data is not for any of these three reasons, then we will seek your consent.
For convenience and ease of reference, the following are terms that are frequently repeated in this Policy.
E-shop |
internetový obchod provozovaný správcem, dostupný na www.gaen.cz |
GDPR |
Nařízení Evropského parlamentu a rady (EU) 2016/679; |
Obchodní sdělení |
zpravidla e-mailová zpráva nebo sms odesílaná Uživateli za účelem propagace obdobných výrobků a služeb; |
Objednávka |
dokončená transakce zákazníkem stisknutím příslušného tlačítka „Dokončit objednávku s povinností platby” s úmyslem zákazníka uzavřít kupní smlouvu; |
Osobní údaje |
jakékoliv informace o Uživateli, na základě kterých ho lze přímo či nepřímo identifikovat; |
Uživatel |
fyzická osoba, k níž se vztahují Osobní údaje, nejčastěji půjde o zákazníka nebo o potenciálního zákazníka, případně uživatele našich webových stránek, označován také jako „Vy“; |
Zpracovatel |
vykonává činnosti zpracování Osobních údajů na základě smlouvy nebo jiného pověření pro správce; |
Zpracování Osobních údajů |
je jakákoliv operace nebo soubor operací s Osobními údaji nebo soubory Osobních údajů, která je prováděna pomocí či bez pomoci automatizovaných postupů, jako je shromáždění, zaznamenání, uspořádání, strukturování, uložení, přizpůsobení nebo pozměnění, vyhledání, nahlédnutí, použití, zpřístupnění přenosem, šíření nebo jakékoliv jiné zpřístupnění, seřazení či zkombinování, omezení, výmaz nebo zničení; |
Zvláštní kategorie Osobních údajů |
takové Osobní údaje, které vypovídají o rasovém či etnickém původu, politických názorech, náboženském vyznání či filozofickém přesvědčení, členství v odborech, zdravotním stavu či o sexuálním životě nebo sexuální orientaci fyzické osoby. Za zvláštní kategorii údajů jsou považovány i genetické a biometrické údaje, pokud jsou zpracovávány za účelem jedinečné identifikace fyzické osoby. |
-
-
WHAT PERSONAL DATA WE PROCESS, HOW WE OBTAIN IT, FOR WHAT PURPOSE AND FOR HOW LONG WE KEEP IT
We process the following Personal Data about you:
Name and surname;
Contact details (in particular email, telephone number, address);
billing data and bank details (data necessary for bookkeeping and making payments for goods);
a note on the Order;
information that you provide to us in the course of communication with us (in particular, this will include your questions and answers to your questions, communication with you);
IP address;We do not process Special Categories of Personal Data.
HOW WE PROCESS PERSONAL DATA
-
General to the time of Processing of personal data. We process your personal data to the extent necessary for the entire duration of the purchase contract and for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and us and the possible exercise of claims arising from these contractual relationships (e.g. exercising rights arising from defects in the goods in the context of a claim, exercising the warranty on the goods, etc.).
-
FOR WHAT PURPOSE WE PROCESS PERSONAL DATA
E-shop website. We also process information about when you visit and view our website. This information may include, for example, your IP address, the date and time you accessed our website, information about your internet browser, operating system or your language settings. We may collect this data using cookies or other tracking technologies.
Performance of the contractual relationship. The lawful reason for Processing Personal Data is the performance of the Purchase Contract or the proper execution of the Order and related obligations.
Improving the provision of our services, promotion of goods. We may process Personal Data from publicly available sources, our contractors and combine it with Personal Data voluntarily provided to us. We take steps to ensure that third parties are legally entitled to provide this information to us. For example, this will include demographic information, IP addresses and cookies. This is to improve the provision of our services and the promotion of our goods.
To communicate with customer support or other enquiries. If you have contacted us by email, called us, then we process your personal data for the purpose of dealing with the enquiry.
Business communication (newsletter). We may send commercial communications based on our legitimate interest to promote our goods and services to customers until they unsubscribe themselves from receiving commercial communications. This makes it easy to click through any commercial communication we send by email. You can object to the processing of your personal data on the basis of our legitimate interests at any time (see the section on your rights for more details).
Payment by card. If you provide us with your credit card details, we do not have access to your full details. We only know that you are paying by card and the card details are processed by the recipients of these details who process the payment for us.
SUMMARY OF THE REASONS AND PURPOSES FOR PROCESSING YOUR PERSONAL DATA
We understand that it is sometimes difficult for you to wade through the amount of text dealing with how, why we process your Personal Data and where we obtain it. In order to provide you with a quick and clear overview of the basics of how we process your Personal Data, we have summarised everything in this overview table:
Which Personal Data is involved |
Purpose of processing Personal Data |
Lawful Reason for Processing Personal Data |
Processing time |
name, surname, email, telephone number, delivery address and information about the goods ordered |
Order processing, customer support |
Performance of the contract |
For the duration of the customer's contractual relationship with us |
billing details, bank details and information about the goods ordered |
Bookkeeping |
Performance of the contract and fulfilment of the legal obligation |
Tax documents for up to 10 years (accounting records for 5 years), invoice for 3 years from the end of the tax year, tax documents for 10 years |
name, surname, e-mail, telephone number of the customer, details of the concluded purchase contract, necessary payment details |
Handling complaints or claims |
Fulfilling a legal obligation |
For the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination |
Customer's name, surname, email and phone number, address |
Direct marketing (especially sending newsletters to customers) |
Legitimate interest in the promotion of similar services |
2 years from the last active viewing of the newsletter, unless you unsubscribe earlier |
IP address
|
Routine website traffic analysis, securing our website, detecting server errors and preventing fraud and server attacks |
Legitimate interest |
The specific retention period for cookies varies according to the specific type of cookie |
-
WHAT MEASURES HAVE WE TAKEN TO PROTECT YOUR PERSONAL DATA?
Technical measures. We have adopted and undertake to maintain appropriate technical measures, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing of Personal Data, as well as the differently probable and differently serious risks to Users, in all areas where Personal Data is processed (in particular, website operation, E-shop operation, employee agenda, customer communication). The technical measures taken include:
regular backup of the User's data;
updating of anti-virus software systems;Organizational measures. We have adopted and undertake to maintain the following measures:
-
our employees who have access to Personal Data are bound by confidentiality obligations; and
our employees are familiar with the rules for working safely on work equipment, including the principle of protecting Personal Data.
WHEN DO WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?Your Personal Data may be transferred to our business partners (Processors) or other third parties where required by law.
Processors. We only use verified Processors with whom we have a written contract and who provide us with at least the same guarantees as we provide to you. These are only Processors who are from the European Union, or to countries that have been declared and recognized as safe, or to countries with which we have standard contractual clauses in accordance with Article 46 of the GDPR, and who provide your Personal Data with a comparable level of protection as if the GDPR and Czech law were applied. All of these Processors are bound by confidentiality obligations and may not use the Personal Data you provide for any purpose other than that for which we have disclosed it in accordance with this Policy.
Legal Obligations. We may disclose Personal Data to third parties outside of Processors if required to do so by law or in response to lawful requests by public authorities or a court order in litigation.
WHAT RIGHTS DO YOU HAVE?
How can you contact us? By email to info@gaen.cz, or to our registered office address.
When will your enquiry be dealt with? We will reply to you within one month at the latest. If providing the information would jeopardise the privacy of others, or would be disproportionate to the risks or costs of providing it, we may not be able to comply. We may need to verify your identity in order to deal with your request. In the event of a repeat request, the Controller may charge a reasonable fee for a copy of the Personal Information.
Right of access |
|
Right to repair |
|
Right to erasure |
|
Right to restriction of processing |
|
Right to notification of rectification, erasure or restriction of processing |
|
Right to portability |
|
Right to object |
|
Right to withdraw consent |
|
Automated individual decision-making including profiling |
|
-
CONCLUSION
This Personal Data Processing Policy may only be amended in writing. Users will be informed of this via our website.
If you have any questions about our Personal Data Processing Policy, please contact us at info@gaen.cz.
If you are dissatisfied, you may at any time file a complaint or complaint with the Office for Personal Data Protection, located at Pplk. Sochora 727/27, 170 00 Prague 7 - Holešovice (more information at https://www.uoou.cz/)
This Personal Data Protection Policy is effective from 15 May 2023.