I. General provisions
KORONA CZ s.r.o., ID No.: 01682024, with registered office at Obora 20, 267 23 Lochovice, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 209920, handles personal data exclusively in accordance with the applicable legislation. It guarantees compliance with Act No. 101/2000 Coll., on the Protection of Personal Data and on Amendments to Certain Acts, and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR"). The Company, as data controller (hereinafter: "Controller"), is the operator of the online shop www.korona.cz/ekorona with contact details:
Address: Obora 20, 267 23 Lochovice
Phone: +420 602 158 138
Personal data generally means any information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as: name, identification number, location data, network identifier or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
II. Personal data processed
The controller processes personal data provided to it by the data subject (i.e. the data provider, hereinafter referred to as: "customer") or personal data obtained as a result of the fulfilment of an order. These personal data are secured against misuse and are necessary for the successful execution of the order and their provision is a necessary requirement for the conclusion and performance of the contract. Without the provision of the personal data, the contract cannot be concluded or performed by the controller. The controller processes the following personal data: name and surname, billing and delivery address, email address, telephone number.
The website of the controller uses small text files - cookies - which are stored on the customer's computer or mobile device. Cookies are used to enable the website to function effectively and provide information about the behaviour of visitors to the website.
III. Lawful basis and purpose for processing personal data
The lawful basis for processing personal data is:
performance of the contract between the customer and the controller pursuant to Article 6(1)(b) GDPR;
the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications) pursuant to Article 6(1)(f) GDPR;
The customer's consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in the absence of an order for goods or services.
The purpose of the processing of personal data is:
processing the customer's order and exercising the rights and obligations arising from the contractual relationship between the customer and the controller;
identification of the customer as a buyer, implementation of necessary accounting operations and correct delivery of goods;
sending commercial communications and carrying out other marketing activities.
There is no automatic individual decision-making by the controller within the meaning of Article 22 GDPR.
IV. Data retention period
The controller retains personal data:
for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from this contractual relationship (for 15 years from the end of the contractual relationship);
for as long as the consent to the processing of personal data for marketing purposes is withdrawn. For a maximum of 5 years if the personal data is processed on the basis of the legitimate interest of the controller or for a maximum of 15 years if the personal data is processed on the basis of consent.
After the expiry of the retention period, the controller shall delete the personal data.
V. Processors of personal data
The processing of personal data is carried out by the controller. To a limited extent, the controller may share the processed personal data with processors who assist the controller with the processing, for example: delivery of goods (Geis Parcel CZ s.r.o., Geis CZ s.r.o., DPD CZ s.r.o.), provision of web hosting (igloonet, s.r.o.), open source software (WordPress) or marketing services (Facebook Ireland Ltd.).
VI. Rights of natural persons
Under the GDPR, providers of personal data have the following rights:
The right to access their personal data according to Article 15 of the GDPR;
the right to rectification of personal data pursuant to Article 16 GDPR or restriction of processing pursuant to Article 18 GDPR;
the right to erasure of personal data pursuant to Article 17 GDPR;
the right to object to processing under Article 21 GDPR;
the right to data portability pursuant to Article 20 GDPR;
the right to withdraw consent to processing in writing or electronically to the address or email of the controller specified in Article I.
In addition, the data provider has the right to lodge a complaint with the Data Protection Authority if it considers that its right to data protection has been infringed.
VII. Conditions for the security of personal data
The controller declares that:
has taken all appropriate technical and organisational measures to safeguard personal data;
has taken technical measures to secure data storage and storage of personal data in paper form;
only persons authorised by the Data Controller have access to the personal data.
VIII. Final provisions