Personal data processing principles

Issued by the online shop for the sale of goods www.gaen.cz through the company SPM MANUFAKTURA s.r.o., ID No.: 10898115, with registered office at Nad Pomníkem 467/9, Hlubočepy, 152 00 Prague 5, registered in the Commercial Register kept at the Municipal Court in Prague, file No. C 350381, which is also the data controller (hereinafter also referred to as "we" or "controller").  

 

The purpose of this document will be to inform you of all information concerning the processing of your Personal Data. We encourage you to read this Personal Data Processing Policy. If you have any further questions about the processing of your Personal Data, please contact us at info@gaen.cz. 

 

We process your Personal Data for statutory reasons, for the performance of a contract or on the basis of our legitimate interest. If the processing of Personal Data is not for any of these three reasons, then we will seek your consent.  

 

For convenience and ease of reference, the following are terms that are frequently repeated in this Policy.

 

E-shop 

internetový obchod provozovaný správcem, dostupný na www.gaen.cz 

GDPR 

Nařízení Evropského parlamentu a rady (EU) 2016/679; 

Obchodní sdělení 

zpravidla e-mailová zpráva nebo sms odesílaná Uživateli za účelem propagace obdobných výrobků a služeb;  

Objednávka 

dokončená transakce zákazníkem stisknutím příslušného tlačítka „Dokončit objednávku s povinností platby” s úmyslem zákazníka uzavřít kupní smlouvu; 

Osobní údaje 

jakékoliv informace o Uživateli, na základě kterých ho lze přímo či nepřímo identifikovat; 

Uživatel 

fyzická osoba, k níž se vztahují Osobní údaje, nejčastěji půjde o zákazníka nebo o potenciálního zákazníka, případně uživatele našich webových stránek, označován také jako „Vy“; 

Zpracovatel 

vykonává činnosti zpracování Osobních údajů na základě smlouvy nebo jiného pověření pro správce; 

Zpracování Osobních údajů 

je jakákoliv operace nebo soubor operací s Osobními údaji nebo soubory Osobních údajů, která je prováděna pomocí či bez pomoci automatizovaných postupů, jako je shromáždění, zaznamenání, uspořádání, strukturování, uložení, přizpůsobení nebo pozměnění, vyhledání, nahlédnutí, použití, zpřístupnění přenosem, šíření nebo jakékoliv jiné zpřístupnění, seřazení či zkombinování, omezení, výmaz nebo zničení; 

Zvláštní kategorie Osobních údajů 

takové Osobní údaje, které vypovídají o rasovém či etnickém původu, politických názorech, náboženském vyznání či filozofickém přesvědčení, členství v odborech, zdravotním stavu či o sexuálním životě nebo sexuální orientaci fyzické osoby. Za zvláštní kategorii údajů jsou považovány i genetické a biometrické údaje, pokud jsou zpracovávány za účelem jedinečné identifikace fyzické osoby. 

 

    1. WHAT PERSONAL DATA WE PROCESS, HOW WE OBTAIN IT, FOR WHAT PURPOSE AND FOR HOW LONG WE KEEP IT

      We process the following Personal Data about you:  

      Name and surname;  
      Contact details (in particular email, telephone number, address);  
      billing data and bank details (data necessary for bookkeeping and making payments for goods);
      a note on the Order;
      information that you provide to us in the course of communication with us (in particular, this will include your questions and answers to your questions, communication with you); 
      IP address;  

      We do not process Special Categories of Personal Data.  

      HOW WE PROCESS PERSONAL DATA

General to the time of Processing of personal data. We process your personal data to the extent necessary for the entire duration of the purchase contract and for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and us and the possible exercise of claims arising from these contractual relationships (e.g. exercising rights arising from defects in the goods in the context of a claim, exercising the warranty on the goods, etc.).  

  1. FOR WHAT PURPOSE WE PROCESS PERSONAL DATA

    E-shop website. We also process information about when you visit and view our website. This information may include, for example, your IP address, the date and time you accessed our website, information about your internet browser, operating system or your language settings. We may collect this data using cookies or other tracking technologies. 

    Performance of the contractual relationship. The lawful reason for Processing Personal Data is the performance of the Purchase Contract or the proper execution of the Order and related obligations. 

Improving the provision of our services, promotion of goods. We may process Personal Data from publicly available sources, our contractors and combine it with Personal Data voluntarily provided to us. We take steps to ensure that third parties are legally entitled to provide this information to us. For example, this will include demographic information, IP addresses and cookies. This is to improve the provision of our services and the promotion of our goods.   

To communicate with customer support or other enquiries. If you have contacted us by email, called us, then we process your personal data for the purpose of dealing with the enquiry.  

Business communication (newsletter). We may send commercial communications based on our legitimate interest to promote our goods and services to customers until they unsubscribe themselves from receiving commercial communications. This makes it easy to click through any commercial communication we send by email. You can object to the processing of your personal data on the basis of our legitimate interests at any time (see the section on your rights for more details).   

Payment by card. If you provide us with your credit card details, we do not have access to your full details. We only know that you are paying by card and the card details are processed by the recipients of these details who process the payment for us. 

SUMMARY OF THE REASONS AND PURPOSES FOR PROCESSING YOUR PERSONAL DATA

We understand that it is sometimes difficult for you to wade through the amount of text dealing with how, why we process your Personal Data and where we obtain it. In order to provide you with a quick and clear overview of the basics of how we process your Personal Data, we have summarised everything in this overview table: 

 

Which Personal Data is involved  

Purpose of processing Personal Data  

Lawful Reason for Processing Personal Data

Processing time

name, surname, email, telephone number, delivery address and information about the goods ordered 

Order processing, customer support 

Performance of the contract

For the duration of the customer's contractual relationship with us

billing details, bank details and information about the goods ordered 

Bookkeeping 

Performance of the contract and fulfilment of the legal obligation

Tax documents for up to 10 years (accounting records for 5 years), invoice for 3 years from the end of the tax year, tax documents for 10 years

name, surname, e-mail, telephone number of the customer, details of the concluded purchase contract, necessary payment details  

Handling complaints or claims 

Fulfilling a legal obligation

For the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination

Customer's name, surname, email and phone number, address

Direct marketing (especially sending newsletters to customers)

Legitimate interest in the promotion of similar services

2 years from the last active viewing of the newsletter, unless you unsubscribe earlier

IP address

 

Routine website traffic analysis, securing our website, detecting server errors and preventing fraud and server attacks

Legitimate interest

The specific retention period for cookies varies according to the specific type of cookie

 

 

  1. WHAT MEASURES HAVE WE TAKEN TO PROTECT YOUR PERSONAL DATA?

    Technical measures. We have adopted and undertake to maintain appropriate technical measures, taking into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing of Personal Data, as well as the differently probable and differently serious risks to Users, in all areas where Personal Data is processed (in particular, website operation, E-shop operation, employee agenda, customer communication). The technical measures taken include: 

    regular backup of the User's data;  
    updating of anti-virus software systems;  

    Organizational measures. We have adopted and undertake to maintain the following measures: 

  1. our employees who have access to Personal Data are bound by confidentiality obligations; and 
    our employees are familiar with the rules for working safely on work equipment, including the principle of protecting Personal Data. 
    WHEN DO WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?

    Your Personal Data may be transferred to our business partners (Processors) or other third parties where required by law. 

Processors. We only use verified Processors with whom we have a written contract and who provide us with at least the same guarantees as we provide to you. These are only Processors who are from the European Union, or to countries that have been declared and recognized as safe, or to countries with which we have standard contractual clauses in accordance with Article 46 of the GDPR, and who provide your Personal Data with a comparable level of protection as if the GDPR and Czech law were applied. All of these Processors are bound by confidentiality obligations and may not use the Personal Data you provide for any purpose other than that for which we have disclosed it in accordance with this Policy.  

Legal Obligations. We may disclose Personal Data to third parties outside of Processors if required to do so by law or in response to lawful requests by public authorities or a court order in litigation. 

WHAT RIGHTS DO YOU HAVE?

How can you contact us? By email to info@gaen.cz, or to our registered office address. 

 

When will your enquiry be dealt with? We will reply to you within one month at the latest. If providing the information would jeopardise the privacy of others, or would be disproportionate to the risks or costs of providing it, we may not be able to comply. We may need to verify your identity in order to deal with your request. In the event of a repeat request, the Controller may charge a reasonable fee for a copy of the Personal Information. 

 

Right of access  

  • We will confirm whether we are processing your Personal Data. 
    You have the right to be informed about the purposes of the processing, the categories of Personal Data, the recipients to whom it is disclosed, the duration of the processing. 
    You have the right to know whether any right has already been exercised. 
    It is also a prerequisite that the rights and freedoms of other persons and a copy of the Personal Data will not be adversely affected. 

 

Right to repair  

  • He has the right to request the rectification of inaccurate personal data. 
    You can correct certain data in your user profile. 

Right to erasure 

  • If there is no other reason to further process the data, we will delete or anonymise the data you have requested. 

Right to restriction of processing 

  • If you believe that we are processing data incorrectly. Whether it is the reasons for the processing or the extent of the processing, please let us know. 

Right to notification of rectification, erasure or restriction of processing 

  • If you contact us with a request, we will inform you of the outcome. Sometimes we may not be able to comply (e.g. the email address you wrote to us from is no longer working). 

Right to portability  

  • We will provide your data that you have provided to us in a structured and machine-readable format to another controller at your request. 

Right to object 

  • If we process your data for legitimate interest (e.g. sending a newsletter to Users). 
    It is up to us to prove our legitimate interest. If your objection is justified, we will stop processing Personal Data. 

Right to withdraw consent 

  • Processing for marketing and commercial purposes may be revoked at any time. 

Automated individual decision-making including profiling 

  • Don't want to be decided by computer? We respect your right, so we do not carry out profiling. We provide an online service, your Personal Data may be processed automatically. 
  1. CONCLUSION 

    This Personal Data Processing Policy may only be amended in writing. Users will be informed of this via our website. 

     

    If you have any questions about our Personal Data Processing Policy, please contact us at info@gaen.cz.   

     

    If you are dissatisfied, you may at any time file a complaint or complaint with the Office for Personal Data Protection, located at Pplk. Sochora 727/27, 170 00 Prague 7 - Holešovice (more information at https://www.uoou.cz/) 

     

    This Personal Data Protection Policy is effective from 15 May 2023.