the company Dárky k potisku
with its registered office at Belgická 4164/4, 796 04 Prostějov, Company ID: 72361140, registered with the competent authority pursuant to Section 71, Paragraph 2 of the Trade Licensing Act: Prostějov City Hall
for the sale of goods through the online store located at www.darkykpotisku.cz
The personal data controller is the company Vera Filipenska, with its registered office at Belgická 4164/4, 796 04 Prostějov, Company ID: 72361140, registered with the competent authority pursuant to Section 71, Paragraph 2 of the Trade Licensing Act: Prostějov City Hall, represented by Věra Filipenská (hereinafter referred to as the “administrator” or “we”).
For better clarity and orientation, the terms that are often repeated in these principles are listed below.
E-shop Online store operated by the administrator, available at www.darkykpotisku.cz;
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council;
Commercial communication usually an e-mail message or SMS sent for the purpose of promoting similar products and services,
Order a completed transaction by the customer with the intention of concluding a purchase contract for goods, by pressing the appropriate button "confirm order"
Order form a form intended for filling in the Buyer's Personal Data, including a list of selected goods, which serves to conclude a purchase contract
Personal data any information about the user on the basis of which the user can be directly or indirectly identified;
Data subject a natural person to whom the Personal Data relate, most often a customer or a potential customer, user, also referred to as "you";
The processor performs the activities of Processing personal data on the basis of a contract or other authorization for the controller;
Processing of personal data is any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sex life or sexual orientation of a natural person. Genetic and biometric data are also considered to be special categories of data if they are processed for the purpose of uniquely identifying a natural person;
I. Categories of personal data
We process Personal Data of customers and determine the purposes and means of the processing. We do not process special categories of personal data.
Categories of personal data: name, surname, e-mail, mobile phone, billing information, bank details, login to the user account, behavior in the user account, IP address, cookies.
Voluntarily provided personal data. Users voluntarily provide personal data to the administrator through the E-shop, namely, at the time of registration or Order on the E-shop, or in any other way (e.g. by e-mail, by phone), communicate with E-shop support, or in another similar way.
Publicly available personal data. The administrator may process Personal Data from publicly available sources and combine them with Personal Data that is voluntarily provided.
Websites. We also process information about when you visit and view our websites. This information may include, for example, IP address, date and time of access to our website, information about your Internet browser, operating system or your language settings. We can also see the history of your behavior on the website or in the E-shop, for example, which links on our website you visit and which goods are displayed to you. However, information about your behavior on the website is anonymized for your maximum privacy.
If you access our website from a mobile phone or similar device, or via an application, we may also process information about your mobile device (data about your mobile phone, any application failure records, etc.)
We may collect this data as part of a log or using cookies or other tracking technologies.
Social networks. The administrator has a profile on Facebook and Instagram. All information, communications or materials provided via social media platforms are also provided in accordance with the personal data processing policies of these platforms. Personal data protection is addressed separately within each of the mentioned platforms.
II. Purposes of processing
The administrator processes all of the above categories of personal data because they are necessary to fulfill the purposes listed below:
A. Contract performance and customer care
The legal basis for the Processing of Personal Data is the performance of the contract, or the proper processing of the Order, including communication with customer support.
B. User account
If you have a user account, we process your Personal Data that you provide to us in your user profile. Thanks to this, we can, for example, easily inform you when your Order will be delivered.
C. Newsletter (commercial communication)
Sending promotional emails or SMS to registered users and/or customers to promote similar products and services. We may send commercial communications to the contacts of our users or customers when, based on legitimate interest, we promote similar products and services through direct marketing, but only until the recipient objects. Outside the case of legitimate interest, we may also send commercial communications to those who have consented to the Processing of Personal Data for marketing and commercial purposes in advance.
For mailing, we use a third party with whom we have concluded a proper processing agreement.
D. Marketing competitions
In the event of a win in a marketing competition, the winner's image (photo, video) may be recorded in order to ensure transparency. We carry out this Processing of Personal Data on the basis of our legitimate interest, which consists in increasing the credibility of marketing competitions in the eyes of other competitors and in increasing the attractiveness of these competitions. You can object to this processing.
E. Cookies
Cookies are small files that temporarily store information in your browser and are commonly used to distinguish user behavior on the website, or may be used to better target advertising (so-called marketing cookies). Some processing of cookies may be considered Processing of personal data. More about the cookies we process can be found here. (insert link to the completed “Instructions and information about cookies”)
F. Payment cards:
We do not have data about your payment cards, only the secure payment gateway and the relevant banking institution have them.
G. Customer satisfaction assessment
We determine your satisfaction with your purchase via an e-mail questionnaire as part of the evaluation services in which our E-shop is involved. This will be sent to you shortly after you make a purchase from us, unless you express your disagreement. To send questionnaires, evaluate your feedback and analyze our market position, we use the Processor who operates the evaluation service; For these purposes, we may transfer information about the purchased goods and your e-mail address. This procedure is permitted on the basis of our legitimate interest in promoting similar products and services (pursuant to Article 6(1)(f) of the Regulation).
III. Planned processing period
We process your Personal Data to the extent necessary for the entire duration of the contract.
For the purposes of registration and management of a user account, all categories of personal data may be processed, for a maximum period of 2 years from the last active viewing of the user account/from the cancellation of the user account, unless the Data Subject requests cancellation of the account earlier.
The period for Processing Personal Data in the case of sending commercial communications is 2 years from the last active viewing of the commercial communication by the subscriber, unless the Data Subject unsubscribes from the subscription earlier.
Please note that we process a number of Personal Data for reasons for which we are legally obliged to do so. The exception is tax documents issued by the administrator. The administrator, in accordance with Section 35 of Act No. 235/2004 Coll., stores tax documents for a period of 10 years from the end of the tax period in which the performance took place.
IV. Technical, security and organizational measures
Technical and security measures. Taking into account the probability of risks and the ratio between the cost of possible measures and technical capabilities, we have implemented technical security and organizational measures - in all areas where Personal Data is processed (in particular, website operation, E-shop operation, employee agenda, customer communication). We meet the strict requirements of the GDPR.
We use a secure information system that provides Personal Data with security appropriate to the state of the art, costs, nature, scope and purposes of processing.
Organizational measures. All employees who have access to Personal Data are bound by confidentiality and must respect security principles. Access to all systems, including the information system, is personalized and protected by passwords that are created in various ways. The information system records logs so that we can control individual employees' access to individual databases. Employees are regularly trained.
V. Transfer of personal data to third parties
The controller transfers personal data only to the following entities:
Processors. We use only verified Processors with whom it has concluded a written contract and who provide us with at least the same guarantees as we provide you. These are only Processors who are from the EU or from safe countries according to the decision of the European Commission. All these partners are bound by the obligation of confidentiality and may not use the provided data for any purposes other than those for which the controller made it available to them.
Our Processors are carriers, developers or marketing specialists. We provide details about our Processors upon request.
Legal obligations. We may transfer personal data to third parties other than the Processor if required by law or in response to legal requirements of public authorities or at the request of a court in litigation.
VI. Rights of data subjects
You may request access to your Personal Data and request rectification, amendment, erasure or restriction of processing of your Personal Data where it is inaccurate or has been processed in breach of applicable data protection laws. The data subject has the right to data portability, to object to the processing of your Personal Data, to withdraw consent to the processing of your Personal Data and to not be subject to automated individual decision-making, including profiling (which the controller does not do).
Your rights regarding the Processing of Personal Data can be exercised by emailing info@darkykpotisku.cz.
We will endeavour to comply with your requests promptly. However, there may be circumstances in which we are unable to provide access (for example, if the requested information threatens the privacy of others or other legitimate rights, or where the costs of providing access would be disproportionate to the risks to the privacy of the individual in question). We may take reasonable steps to verify the user's identity before taking any action on the Data Subjects' rights.
A. Right of access to personal data
According to Article 15 of the GDPR, you will have the right to access Personal Data, which includes the right to obtain from the controller:
confirmation as to whether the personal data are being processed,
information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the Personal Data have been or will be disclosed, the planned duration of the processing, the existence of the right to request from the controller rectification or erasure of Personal Data concerning the Data Subject or restriction of their processing or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information on the source of the Personal Data, if not obtained from the Data Subject, the fact that automated decision-making, including profiling, is taking place, the appropriate safeguards for the transfer of data outside the EU,
provided that the rights and freedoms of other persons are not adversely affected, a copy of the Personal Data.
In the event of a repeated request, the controller shall be entitled to charge a reasonable fee for a copy of the Personal Data.
B. Right to rectification of inaccurate data
According to Article 16 of the GDPR, you have the right to have inaccurate Personal Data corrected. You are also obliged to notify changes to your Personal Data (e.g. user profile records). At the same time, you are obliged to provide cooperation if it is found that the Personal Data we process are inaccurate. We will carry out the correction without undue delay, always taking into account the given technical possibilities.
C. Right to erasure
According to Article 17 of the GDPR, you have the right to erase Personal Data concerning you, unless we demonstrate legitimate grounds for the Processing of such Personal Data. We have set up mechanisms to ensure automatic anonymization or erasure of Personal Data if they are no longer needed for the purpose for which they were processed.
D. Right to restriction of processing
According to Article 18 of the GDPR, you have the right to restrict processing until the complaint is resolved if you dispute the accuracy of the Personal Data, the reasons for their processing or if you object to their processing.
E. Right to rectification, erasure or restriction of processing
According to Article 19 of the GDPR, you have the right to obtain notification of rectification, erasure or restriction of processing of your personal data. If the rectification or erasure of your personal data occurs, we will inform the individual recipients, unless this proves impossible or involves disproportionate effort.
F. Right to data portability
According to Article 20 of the GDPR, you have the right to data portability of the data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and to request that such data be transmitted to another controller.
If you provide Personal Data in connection with our contractual obligations or on the basis of consent and the processing is carried out by automated means, you have the right to receive such data in a structured, commonly used and machine-readable format. If technically feasible, the data may also be transferred to the controller designated by you, provided that the person acting on behalf of the controller is duly designated and can be authorized.
If the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be met.
G. Right to object to the processing of personal data
According to Article 21 of the GDPR, you have the right to object to the processing of your personal data on the grounds of legitimate interest.
Unless we demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms, we will terminate the processing without undue delay based on the objection.
If the objection is lodged in the case of processing related to direct marketing, we will terminate the processing without undue delay.
H. Right to withdraw consent to the processing of personal data
Consent to the processing of personal data for marketing and commercial purposes can be withdrawn at any time. The withdrawal must be made in an explicit, intelligible and specific manner.
The processing of data from cookies can be prevented by setting your web browser.
I. Automated individual decision-making, including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, it states that we do not carry out automated decision-making without the influence of human judgment with legal effects for Data Subjects.
VII. Conclusion
These principles may only be changed in writing. Users will be informed about this via the controller's website.
In case of any questions regarding our Personal Data Processing Policy, please contact us in confidence via e-mail info@darkykpotisku.cz.
Personal Data Protection Policy dated 1.9.2022