The personal data controller within the meaning of Art. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) shall be EMP-Centauri s.r.o., Id. No.: 62620088, with its registered office at 5. května 690, 339 01, Klatovy, Czech Republic (hereinafter the “Controller”).
Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
II. Sources and categories of the personal data processed
The Controller processes personal data provided by you or collected by the Controller in the course of the performance of your purchase order.
The Controller processes your identification and contact details, other voluntarily provided data, details regarding purchase orders and the performance thereof, data on the use of Services and the login credentials.
III. Legal basis and purpose of personal data processing
The legal basis for personal data processing:
performance of a contract between you and the Controller pursuant to Art. 6 (1)(b) of the GDPR;
compliance with legal obligations pursuant to Art. 6 (1)(c) of the GDPR;
the Controller’s legitimate interest pursuant to Art. 6 (1)(f) of the GDPR, in particular, to engage in direct marketing (mostly consisting in sending commercial communications and newsletters), and to protect its rights;
your consent to processing for the purpose of direct marketing (consisting, in particular, in sending commercial communications and newsletters) pursuant to Art. 6 (1)(a) of the GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on certain services of information society, if no goods or services were ordered.
The purposes of personal data processing:
processing of your purchase order and the exercise of rights and fulfilment of obligations arising from the contractual relationship between you and the Controller, as well as the compliance with related legal requirements; placing an order requires filling in certain personal data necessary for a successful processing of the purchase order (name, address, contact details); the provision of personal data is a necessary precondition for the execution and performance of a contract; without providing the personal data, a contract cannot be executed or fulfilled by the Controller;
sending commercial communications and performance of other marketing activities;
keeping a User Account and using other Services provided by the Controller, including the support services.
The Controller does not use automated individual decision-making within the meaning of Article 22 of the GDPR.
IV. Data retention period
The Controller shall retain the personal data:
for the duration of the term of the contractual relationship and not longer than for 10 years following the termination of the contractual relationship if the personal data are processed on the basis of performance of a contract;
until the consent is revoked, however, not longer than for 10 years following granting of such consent if the personal data are processed on the basis of a consent;
otherwise for the period necessary for the fulfillment of the purpose of the processing, however, not longer than for 10 years.
The Controller shall delete the personal data upon expiry of the retention period.
V. Recipients of personal data (Controller’s subcontractors)
Recipients of personal data shall be the persons:
participating in the delivery of goods/services/processing of payments under a contract;
providing sales, e-shop, as well as other services in connection with the operation of sale of goods,
providing marketing services.
The Controller shall not transfer the personal data to third countries (to countries outside the EU, such as the USA) or to international organizations, except for the recipients specified herein. The recipients specified herein shall not make the personal data available any further; a copy of the personal data processed may be obtained from them.
The processing services used, including marketing and support tools:
Google Analytics – tracks cookies and web use
Google Adwords – tracks cookies and web use
VI. Your rights
Under the conditions stipulated by the GDPR you shall have:
the right of access to your personal data pursuant to Article 15 of the GDPR;
the right to rectification of personal data pursuant to Article 16 of the GDPR or to a restriction of processing pursuant to Article 18 of the GDPR;
the right to erasure of personal data pursuant to Article 17 of the GDPR;
the right to object, pursuant to Article 21 of the GDPR, to the processing on the legal basis of legitimate interests or for the purpose of direct marketing;
the right to data portability pursuant to Article 20 of the GDPR;
the right to withdraw consent to personal data processing at any time; it is possible to unsubscribe from receiving commercial communications, i.e. to withdraw consent with the related personal data processing through the link included in the communications.
Furthermore, if you believe that your right to personal data protection has been violated, you have the right to lodge a complaint with the Office for Personal Data Protection.
VII. The conditions of personal data security
The Controller represents that it has implemented all the appropriate technical and organizational measures for personal data protection.
The Controller has adopted technical measures to secure the data storages and storages of personal data in hard copy form, including, in particular, a secured/encrypted access to the internet, encryption of customers’ passwords in the database, regular updates of the system and regular backup of the system.
The Controller represents that only authorized persons of the Controller shall have access to the personal data.
For the purpose of improving the quality of the Services and facilitating their use, in particular for the purpose of analyzing traffic, user behavior, personalization of advertising and access to the social media functions, the Services utilize cookies. The cookies may be saved directly by the Controller, or they may be third-party cookies (see the recipients under paragraph V.3 hereof). These files may not directly contain personal data, however, in conjunction with other data, may gain the nature of personal data. By using the Service, you expressly consent to saving cookies on your device and their further utilization by the Controller. You may withdraw your consent at any time through the individual settings of your endpoint device (e.g. settings of your internet browser). In such a case you acknowledge that blocking or deleting cookies may influence the proper functioning of the Services.
IX. Final Provisions