1. Basic provisions
1.1. The personal data administrator according to Section 4 Art. 7 based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as „GDPR”) is Rudolf Kämpf s.r.o., Identification no.: 40526941, headquartered at U porcelánky 143, Loučky, 357 34 Nové Sedlo (hereinafter referred to as “Administrator”).
1.2. The administrator´s contact address is: U porcelánky 143, Loučky, 357 34 Nové Sedlo, email: firstname.lastname@example.org , phone: +420 352 320 220.
1.3. 'Personal data’ means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4. The administrator has not appointed any Data Protection Officer..
2. Sources and categories of processed personal data
2.1. The administrator shall process the personal data you have provided to him / or the personal data that the controller has received on the basis of the fulfilment of your order.
2.2. The administrator shall process your identification and contact data and the data necessary for the performance of the contract.
3. Legal justification and purpose of the personal data processing
3.1. The legal justification of the personal data processing is as follows:
- the performance of the contract between you and the administrator referred to in Article 6 (1) (b) of the GDPR.
- the legitimate interest of the administrator in providing direct marketing (in particular for the sending of business messages and newsletters) pursuant to Article 6 (1) (f) of the GDPR.
- your consent to processing for the purpose of providing direct marketing (in particular for the sending of business messages and newsletters) pursuant to Article 6 (1) (a) of the GDPR, read in conjunction with Paragraph 7 (2) of Act No. 480 / 2004 Coll., concerning certain information society services in the absence of ordering goods or services.
3.2. The purpose of the personal data processing is as follows:
- processing of your order and exercise of rights and obligations arising from the contractual relationship between you and the controller; in order to order a successful completion of the order (name and address, contact), the supply of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data, the contract cannot be concluded or executed by the controller.
- sending business messages and making other marketing activities.
3.3. There is / There is no / There is automatic individual decision-making within the meaning of Article 22 GDPR. You have given your explicit consent to such processing
4. The period of personal data processing
4.1. The administrator shall keep the personal data
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and the application of the rights conferred by those contractual relations (for a period of 10 years from the termination of the contractual relationship).
- for the period before the consent to the processing of personal data for marketing purposes has been revoked, for a period not exceeding five years, provided that personal data are processed on the basis of consent.
4.2. After the period of retention of personal data, the administrator shall delete personal data.
5. Recipients of personal data (administrator´s subsuppliers)
5.1. Recipients of personal data are persons
- participating in the supply of goods / services / execution of payments under the contract.
- providing services in the eshop operation – web hosting (SiteGround) and other services in relation to the eshop operation.
- providing marketing services.
5.2. The administrator intends to transfer personal data to a third country (non-EU country - Wordfence - WAF) or an international organisation. Recipients of personal data in third countries are web applications security services providers,
6. Your rights
6.1. Based on the conditions set in GDPR you have
- the right of access to personal data in accordance with Article 15 GDPR.
- the right to rectify personal data in accordance with Article 16 GDPR and, where appropriate, restrictions on processing as referred to in Article. 18 GDPR.
- the right to erasure of personal data in accordance with Article 17 GDPR.
- the right to object to the processing referred to in Article 21 GDPR.
- the right to data portability as referred to in Article 20 GDPR.
- the right to withdraw consent to processing in writing or by electronic means to the address or e-mail of the controller referred to in Article III of the following conditions
6.2. You also have the right to lodge a complaint with the Personal Data Protection Office if you consider that your right to the protection of personal data has been infringed.
7. Conditions for the protection of personal data
7.1. The administrator declares that he has taken all appropriate technical and organisational measures to safeguard personal data..
7.2. The administrator has taken technical measures to secure data repositories and storage of personal data in paper form, in particular encryption of web presentations, web-security by WAF, selection of proper web hosting with Firewall protection.
7.3. The administrator declares that only the persons he authorized have access to personal data.
8. Final provisions
8.1. By sending an order from an online ordering form, you confirm that you are familiar with the terms and conditions of the protection of personal data and that it is accepted in its entirety.
8.2. You agree with these terms by ticking the consent via an Internet form. By ticking your consent, you confirm that you are familiar with the terms of protection of personal data and that you accept them in full..
8.3. The administrator shall be entitled to amend those conditions. The new version of the terms of protection of personal data will be published on its website and at the same time it will send you a new version of these terms to your e-mail address provided to the administrator..
These terms and conditions shall take effect on May 25, 2018.