- Basic provisions
Pursuant to Section 4 Article 7 of General Data Protection Regulation (EU) 2016/679 („GDPR“) the Data Controller is LANIGA s.r.o. IČO:06763286 DIČ:CZ06763286 with its registered seat U Řeky 694, Ostrava – Hrabová, 720 00 („Data Controller“).
- Data Controller contact details
address: Korunní 637/67, Ostrava, 709 00, Czech Republic
- Personal data is defined as any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
- Data Controller mandated a trustee for protection of personal data.
Sources and categories of personal data processing
- Data Controller processes personal data provided by you and/ or personal data acquired while fulfilling your order.
- Data Controller processes your identification and contact information and information necessary for performance of a contract.
III. Legal grounds and purpose of personal data processing
- Legal grounds to process personal data are
- Performance of a contract between you and Data Controller pursuant to Section 6 Article 1 b) GDPR,
- Data Controller´s legitimate interest in providing direct marketing (in particular in sending commercial communications and newsletters) pursuant to Section 6 Article 1) GDPR,
- Your consent to personal data processing for purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Section 6 Article 1 a) GDPR in conjunction with Article 7 par. 2 of law no. 480/2004 Coll., of certain information company services, in the event of there being no order of goods or services.
- Purpose of personal data processing is
- Implementation of your order and exercising of rights and duties arising from contractual relationship between you and Data Controller; during and order personal data are required to successfully complete the order (name and address, place of residence, phone number, e-mail or other contact information), provision of personal data is necessary for conclusion and performance of the contract, without provision of personal data a contract cannot be concluded or performed by Data Controller,
- Sending commercial communications and performing other marketing activities.
- Data Controller does not perform automated individual decision-making pursuant to Article 22 of GDPR. You have provided explicit consent with such processing.
- Data retention period
- Data Controller retains personal data
- for time period necessary for performance of rights and duties arising from contractual relationship between you and Data Controller and exercising rights arising from the contractual relationship (for a time period of 10 years from termination of contractual relationship).
- for a time period before consent with processing of personal data for marketing purposes is revoked, no longer than 10 years if personal data is being processed based on consent.
- After expiry of the time period for data retention personal data are discarded by Data Controller.
Pursuant to data protection law you have a right to:
– revoke your consent anytime
– demand that Data Controller discards your personal data
– demand information about which specific personal data are being processed
Your voluntary consent with processing of personal data can be revoked anytime by sending your demand to email@example.com or via post by sending your demand to U Řeky 694, Ostrava – Hrabová, 720 00.
- Sub-processors (Data Processor´s subcontractors)
- Sub-processors are subjects which
- take part in delivery of goods / services / processing of payments based on contract (Czech postal service, Geis),
- provide service of e-shop administration and other services connected to administration of e-shop,
- provide marketing services.
- Data Controller does not intent to transfer personal data to third country (outside of EU).
- Your rights
- Under conditions set in GDPR you have
- a right to access your personal data pursuant to Article 15 of GDPR,
- a right for protection of your personal data pursuant to Article 16 of GDPR, or limitation of personal data processing pursuant to Article 18 of GDPR,
- a right to discard your personal data pursuant to Article 17 of GDPR,
- a right to object against personal data processing pursuant to Article 21 of GDPR,
- a right to data portability pursuant to Article 20 of GDPR,
- a right to revoke your consent with personal data processing in writing or electronically by sending it to the addresses stated in Article III. of these conditions.
- You have a right to submit a complaint to Bureau of personal data protection in case you suspect your right to personal data protection has been infringed.
VII. Conditions of security of personal data
- Data Controller stipulates he has adopted all appropriate technical and organisational measures to secure personal data.
- Data Controller has adopted all technical measures to secure data storage and storage of personal data in physical form, namely…
- Controller stipulates that only trustees mandated by Data Controller have access to personal data.
VIII. Final provisions.
- By submitting an order by internet order form you confirm you are acquainted with conditions of personal data protection and you accept them fully.
- You agree to these conditions by checking your agreement in internet form. By checking your agreement, you confirm you are acquainted with personal data protection conditions and you accept them fully.
- Data Controller is entitled to change these conditions. New version of the conditions will be published on Data Controller´s web page and it will also be sent to the e-mail address you provided.
These conditions are effective as of 25th of May 2018.