Regulations on General Data Protection
- The Controller of personal data pursuant to Article 4, Paragraph 7 from Regulations (EU) 2016/679 of the European Parliament and from the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) is EFE Group s.r.o. ID 282 45 091 with its registered office at Smrčinská 3270/14, Prague 5 – Smíchov, 150 00, Czech Republic. (hereinafter “the Controller”).
- The contact details of the Controller are
Address: Smrčinská 3270/14, Prague 5 – Smíchov, 150 00, Czech Republic
Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, network identifier or one or more specific elements of a physical, physiological, genetic, psychological, economic, cultural or social nature to prove identity of that natural person.
Sources and Categories of Personal Data Processed
- The Controller processes personal data that you have provided to them or personal data that the Controller has obtained by completing your order.
- The Controller shall process your identification and contact details and necessary data for fulfilment of the contract.
Lawfulness and Purpose of the Processing of Personal Data
- The lawful reason for processing personal data is:
- for fulfilment of the contract between you and the Controller pursuant to Article 6 (1b) GDPR,
- a legitimate interest of the Controller in the provision of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1f) GDPR,
- your consent has been provided to processing data for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1a) GDPR in conjunction with § 7 paragraph 2 of Act No. 480/2004 Coll., on company information services in cases of the absence of ordering goods or services.
- The purpose of processing personal data is:
- to complete the processing of your order and to exercise the rights and obligations arising from the contractual relationship between you and the Controller; when ordering, personal data are required for the successful processing of the order (name and address, contact), the provision of personal data is a necessary requirement for the closure and fulfilment of the contract, without the provision of personal data, it is not possible to close the contract or be fulfilled by the Controller,
- for sending commercial communications and other marketing activities.
- No individual decision can be made automatically by the Controller within the meaning of Article 22 GDPR. You must provide your explicit consent for such processing.
Data Storage Period
- The Controller shall keep personal data:
- for a period of time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller and to enforce any claims made during these contractual relationships (for 15 years post termination of the contractual relationship).
- for as long as the consent to the processing of personal data for marketing purposes is still valid, or until it is revoked, or for a maximum of 15 years, if personal data are processed on the grounds of consent.
- Upon expiry of the personal data storage period, the Controller shall erase all personal data.
Personal Data Recipients (sub-contractors of the administrator)
- Recipients of personal data are persons:
- involved in the delivery of goods/services/implementation of payments under contract,
- provision of the operation and other services in connection with the operation of the e-shop,
- providing marketing services.
- The Controller intends to transfer personal data to a third country (non-EU country) or an international organisation. Recipients of personal data in third countries are providers of mailing services/cloud services.
- Under the conditions set out in the GDPR, you:
- have the right to access your personal data pursuant to Article 15 GDPR,
- the right to rectification of personal data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR.
- the right to erasure of personal data pursuant to Article 17 GDPR.
- the right to object to data processing pursuant to Article 21 GDPR and
- the right to data portability pursuant to Article 20 GDPR.
- the right to revoke consent to data processing in writing or electronically to the address or email of the Controller referred to in Article III of these regulations.
- You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been infringed.
Data Protection Security Terms
- The Controller declares that they have taken all appropriate technical and organisational measures to secure personal data.
- The Controller has taken technical measures to secure the data and storage of personal data documentation, in particular via the use of strong passwords with the use of anti-virus programs.
- The Controller declares that all personal data shall only be accessible by the persons authorised by them.
These terms shall become effective as of the 25.5.2018.