PERSONAL DATA PROCESSING AND PROTECTION PRINCIPLES
- Basic provisions
In connection with the implementation of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and in accordance with amended Act No 18/2018 on personal data protection and on amendment and supplement to certain acts, effective from 25 May 2018 (hereinafter also referred to as “GDPR”), the data administrator is ZIK, s.r.o., with registered office as Severná 49, 900 25 Chorvátsky Grob (hereinafter only the “Administrator”).
The Administrator’s contact details are:
address: ZIK, s.r.o., registered office at Severná 49, 900 25 Chorvátsky Grob
Telephone: +421 905 322 307
Personal data are information relating to an identified or identifiable natural person; who can be identified directly or indirectly, in particular by reference to a generally usable identifier or another identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical identity, physiological identity, genetic identity, mental identity, economic identity, cultural identity or social identity of that natural person.
The Administrator processes personal data on his own, without a processor.
- Sources and categories of processed personal data:
The Administrator processes personal data provided to him by you or personal data obtained by the Administrator based on the fulfilment of your purchase order. The Administrator processes your identification and contact data and data essential for the contract fulfilment.
- Legitimate purpose of personal data processing:
The legitimate purpose of personal data processing is:
- fulfilling the contract between you and the Administrator in accordance with Section 6 (1) (b) of GDPR;
- legitimate interest of the Administrator for direct marketing purposes (for sending business notifications and newsletters) in accordance with Art. 6 (1) (f) of GDPR;
your consent to processing for direct marketing purposes (for sending business notifications and newsletters) in accordance with Art. 6 (1)(a) of GDPR in connection with Section 7 (2) of Act No. 480/2004 on certain services of an information society if goods or services have not been ordered.
The purpose of personal data processing is the fulfilment of your purchase order and the exercise of rights and obligations arising out of the contractual relationship between you and the Administrator; the purchase order requires personal data that are essential to fulfil your purchase order successfully (name and address, contact details). The provision of your personal data is an essential requirement for the conclusion and fulfilment of the contract; a contract cannot be concluded or fulfilled by the Administrator without the personal data.
Personal data are processed for the following purposes:
- Purchase of goods through e-shop – received and issued purchase orders, invoices
- Supply of goods – delivery notes
- Informing about the contract implementation progress
- Informing about new stuff, events and direct marketing, in form of e-mail or delivering catalogues to customer’s address
- Complaint management
The Administrator makes automatic individual decisions in accordance with Art. 22 of GDPR. You expressly consented to such processing.
- Personal data retention period
The Administrator retains your personal data:
- for a period of time as may be necessary to exercise the rights and obligations arising out of the contractual relationship between you and the Administrator and to make claims based on these contractual relationships (for 15 years after termination of the contractual relationship).
- for a period of time until withdrawing your consent to processing your personal data for marketing purposes; no longer than 5 years if personal data are processed based on your consent.
After the expiry of the data retention period, the Administrator will delete your personal data.
- Personal data recipients (Administrator’s subcontractors)
The recipients of the personal data are persons:
- involved in supplying the goods/services or in making payments based on the contract;
- arranging services related to operation of an e-shop and other services associated with operation of an e-shop
- arranging marketing services
The Administrator does not intend to provide the personal data to third countries (outside the EU) or to an international organisation. Recipients of personal data in third countries are the providers of cloud services.
- Your rights
Under the GDPR conditions, you have the following rights:
- right to access to your personal data in accordance with Art. 15 of GDPR;
- right to rectification of personal data pursuant to Art. 16 of GDPR, or restriction of processing pursuant to Art. 18 of GDPR;
- right to deletion of personal data pursuant to Art. 17 of GDPR;
- right to object to processing pursuant to Art. 21 of GDPR and right to transfer of personal data pursuant to Art. 20 of GDPR;
- right to withdraw your consent with processing in writing or by electronic means to the Administrator’s address or email address specified in Art. III hereof.
Additionally, you have the right to lodge a complaint with a supervisory authority if you suppose that your right to personal data protection was breached.
- Personal Data Protection Conditions
The Administrator declares that he has adopted any and all technical and organisational measures to protect personal data.
The Administrator has adopted any and all technical measures to secure data storages and storages in writing.
The Administrator declares that the personal data can only be accessed by authorised persons.
- Final provisions
By sending a purchase order from the e-shop through an online order form you acknowledge that you have been acquainted with the personal data protection conditions and that you accept them in full.
You agree with these conditions by ticking your consent through the online form. By ticking the consent you confirm that you have been acquainted with the personal data protection conditions and that you accept them in full.
The Administrator is authorised to amend the conditions. The Administrator will publish any new version of the personal data protection conditions on his website and one version of these conditions will also be delivered to your e-mail address you provided to the Administrator.