The Days of Moldavite are back! Celebrate with us and take advantage of a 10% discount on all products. Just enter the code "MOLDAVITEDAYS" in your cart. But be quick! ⏰The offer is for a limited time only⏰

Personal Data Protection Principles

 

I. Basic Provisions

1. The controller of personal data according to Article 4(7) of the European Parliament and Council Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: "GDPR") is Kristjan s.r.o., ID No. 26030446, located at Latrán 3, 381 01 Český Krumlov (hereinafter referred to as the "controller").

2. The controller's contact details are:

Adresa: Latrán 3,38101 Český Krumlov, Česká republika

Email: dode@seznam.cz, vltavin.moldavite@gmail.com

Phone: +420 734 818 599

3. Personal data means all information about an identified or identifiable natural person; an identifiable natural person is one who can be directly or indirectly identified, particularly by reference to an identifier such as name, identification number, location data, network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. The controller has not appointed / has appointed a data protection officer. The contact details of the officer are:

II. Sources and Categories of Processed Personal Data

1. The controller processes personal data you have provided or personal data obtained by the controller as a result of fulfilling your order.

2. The controller processes your identification and contact data and data necessary for the performance of the contract.

III. Legal Reason and Purpose for Processing Personal Data

1. The legitimate reason for processing personal data is:

  • performance of the contract between you and the controller according to Article 6(1)(b) GDPR,
  • the legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6(1)(f) GDPR,
  • your consent to processing for the purposes of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in connection with Section 7(2) of Act No. 480/2004 Coll., on certain services of the information society, if no order of goods or services has been made.

 2. The purpose of processing personal data is:

  • handling your order and performing rights and obligations arising from the contractual relationship between you and the controller; personal data required for a successful order process (name and address, contact) is mandatory, the provision of personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or perform it by the controller,
  • sending commercial communications and performing other marketing activities.

 3. From the controller's side, there is / is not automatic individual decision-making in the sense of Article 22 GDPR. You have given your express consent to such processing.

IV. Data Retention Period

1. The controller stores personal data:

  • for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and the assertion of claims from these contractual relationships (for 15 years after the end of the contractual relationship).
  • for the period until consent to the processing of personal data for marketing purposes is withdrawn, no longer than ... years, if personal data is processed based on consent.

 2. After the retention period expires, the controller will delete the personal data.

V. Recipients of Personal Data (Subcontractors of the Controller)

1. Recipients of personal data are persons:

  • involved in the delivery of goods / services / execution of payments based on the contract,
  • ensuring e-shop operation services (Shoptet) and other services related to e-shop operation,
  • providing marketing services.

 2. The controller does not intend / intends to transfer personal data to a third country (a country outside the EU) or an international organization. Recipients of personal data in third countries are providers of mailing / cloud services.

VI. Your Rights

1. Under the conditions set in the GDPR, you have:

  • the right to access your personal data according to Article 15 GDPR,
  • the right to correction of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR,
  • the right to erasure of personal data according to Article 17 GDPR,
  • the right to object to processing according to Article 21 GDPR, and
  • the right to data portability according to Article 20 GDPR,
  • the right to withdraw consent to processing in writing or electronically at the address or email of the controller specified in Article III of these conditions.

 2. Furthermore, you have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

VII. Conditions for the Security of Personal Data

1. The administrator declares that they have adopted all appropriate technical and organizational measures to secure personal data.

2.The administrator has adopted technical measures to secure data storage and repositories of personal data in paper form, especially ...

3. The administrator declares that only persons authorized by them have access to personal data.

VIII. Final Provisions

1. By submitting an order from the online order form, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.

2. You agree to these conditions by ticking the consent box via the online form. By ticking the consent, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.

3. The administrator is authorized to change these conditions. A new version of the personal data protection conditions will be published on their website and also sent to you via email, which you have provided to the administrator.

 

These conditions take effect from May 25, 2018.