I. Basic provisions
- The personal data controller, as defined by Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), is czeXpress international s.r.o., registration number 773 300 207, having its registered office at Arnošta z Pardubic 2789 Pardubice, 53002 (the “controller”).
- The controller’s contact details are:
- address: czeXpress international s.r.o., Arnošta z Pardubic 2789 Pardubice, 53002
- email: firstname.lastname@example.org, telephone: +420 773 300 207
- Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The controller has not appointed a personal data protection officer.
II. Statutory reason for processing personal data
- The statutory reason for processing personal data is the performance of a contract between you and the controller in accordance with Article 6(1)(b) of the GDPR (“contractual performance”), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- The controller does not engage in automated individual decision-making as defined by Article 22 of the GDPR.
III. Purpose of processing, categories and sources of personal data
|Statutory reason||Purpose||Data||Data source|
|Contractual performance||Processing of purchase orders or the sending of replies to enquiries received via a contact form||Clients’ personal data (contact details)||Contact form, purchase order|
IV. Data retention period
- The controller retains personal data as follows
- If you make an enquiry, we manage the personal data contained in the form solely in order to reply to or process your enquiry (solely over the duration of contractual negotiations), such being for maximum of one year from receipt of your enquiry, unless you give consent for further processing.
- If you place a purchase order, we retain your personal data for the period necessary to exercise rights and comply with obligations deriving from the contractual relationship between you and the controller and to file any claims arising from such contractual relations (for a period of 15 years from the end of the contractual relationship).
- When the personal data retention period expires, the personal data controller will erase the data.
V. Recipients of personal data (the controller’s subcontractors)
- Recipients of personal data are entities:
- Providing services comprising the operation of a website/e-shop and other services related thereto.
- The data subject’s personal data may be disclosed, for purposes of due contractual performance, to a delivery service provider and to entities providing the controller with legal, accounting and IT services with a view to due compliance with obligations under legislation of general application. The controller does not intend to transmit the data subject’s personal data to a third country, to an international organisation or to entities other than the aforementioned third parties.
VI. Your rights
- Under the terms and conditions laid down in the GDPR, you have right
- of access to your personal data in accordance with Article 15 of the GDPR,
- to rectification of your personal data in accordance with Article 16 of the GDPR and to the restriction of processing in accordance with Article 18 of the GDPR,
- to erasure of your personal data in accordance with Article 17 of the GDPR,
- to object to processing in accordance with Article 21 of the GDPR, and
- to data portability in accordance with Article 20 of the GDPR.
- You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been infringed.
VII. Terms and conditions applicable to the security of personal data
- The controller declares that the controller has taken any and all appropriate technical and organisational measures to secure personal data.
- The controller has taken technical measures to secure data repositories and repositories for personal data recorded on paper, in particular by means of passwords, antivirus software, backup and locking.
- The controller declares that only controller-authorised persons have access to personal data.
VIII. Final provisions
- By sending a purchase order via the online order form or an enquiry via the online enquiry form, you confirm that you are aware of the terms and conditions applicable to the protection of personal data and that you accept them in full.
- The controller is entitled to amend these terms and conditions. Any new version of terms and conditions applicable to the protection of personal data will be published on the controller’s website.
These terms and conditions take effect on 25 May 2018.