Conditions of the protection of personal data
I. Main provisions
- The personal data controller, in accordance with Article 4, point (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as ‘GDPR‘), is Cymedica CZ, a.s., company registration number: 27419941, based in Hořovice, Pod Nádražím 308 (hereinafter referred to as ‘controller‘).
- Contact details of the controller are the following:
Address: Hořovice, Pod Nádražím 308
Phone: +420 800 137 269
- Personal data shall mean any information relating to an identified or identifiable natural person: an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
- No data protection officer has been designated by the controller.
II. Sources and categories of personal data undergoing processing
- The controller shall process personal data provided by you, or the personal data obtained on the basis of the fulfilment of your order
- The controller shall process your identification and contact data as well as the data necessary for the performance of the contract.
III. Legal reasons for and purposes of the personal data processing
- The legal reason for personal data processing is
- the performance of a contract between you and the controller in accordance with Article 6, paragraph (1), point (b) of GDPR,
- legitimate interest of the controller in providing direct marketing (particularly when sending commercial communications and newsletters) in accordance with Article 6, paragraph (1), point (f) of GDPR,
- your consent with data processing for the purposes of providing direct marketing (particularly when sending commercial communications and newsletters) according to Article 6, paragraph (1), point (a) of GDPR in conjunction with Section 7, paragraph (2) of Act No. 480/2004 Coll. on certain information society services in case the goods or services were not ordered.
- The purpose of personal data processing is
- the execution of your order and the execution of the rights and obligations arising from the contractual relationship between you and the controller; personal data required in the ordering procedure are necessary for successful completion of the order (name and address, contact details), providing personal data is an essential requirement in conclusion and during performance of the contract, a contract cannot be concluded nor fulfilled by the controller unless personal data have been provided,
- the sending of commercial communications and performing other marketing activities.
- No automated individual decisions are made by the controller within the meaning of Article 22 of GDPR. You have given your explicit consent to such processing.
IV. Period of data retention
- A controller shall retain personal data
- for as long as it is strictly necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller (for a 15 year period starting from the termination of the contractual relationship).
- for a period prior to the withdrawal of the consent to the processing of personal data for marketing purposes, where personal data are processed on the basis of consent (but not longer than 15 years)
- Upon expiry of the retention period, the personal data shall be erased by the controller.
V. Recipients of personal data (controller´s subcontractors)
- The recipients of personal data are persons
- involved in the delivery of goods and/or services and the execution of payments on the basis of a contract,
- providing the company services and further services related to company operation,
- providing marketing services.
- The controller does not intend to transfer personal data to a third country (non-EU countries) or an international organization.
- Operated services, providing marketing and support services:
- Google Analytics – records cookies and website usage
- Google Adwords – records cookies and website usage
- Sklik – records cookies and website usage
VI. Your rights
- Under the conditions laid down in GDPR you have the right to
- access to your personal data according to Article 15 of GDPR,
- rectification of your personal data according to Article 16 of GDPR, or to restriction of the data processing according to Article 18 of GDPR,
- erasure of personal data according to Article 17 of GDPR,
- object to data processing according to Article 21 of GDPR,
- data portability according to Article 20 of GDPR,
- withdraw consent to the processing of data in writing or by electronic means to the address or e-mail address of the controller referred to in Article III of these conditions. You can withdraw your consent at any time through this email: firstname.lastname@example.org
- You also have the right to lodge a complaint with the Office for Personal Data Protection in the event that you consider your right for personal data protection has been violated.
VII. Conditions for the protection of personal data
- The controller has declared that he/she has taken all technical and organizational measures for ensuring the security of personal data processing.
- The controller has taken technical measures to secure data storage products and the storage of personal data in paper form, in particular the secured / encrypted website access, customer password encryption in the database, regular actualisations of the system, regular backup of the system.
- The controller declares that only persons authorized by him/her have access to personal data.
VIII. Final provisions
- By sending an order using the online order form, you confirm that you are aware of the conditions of the personal data protection and that you accept the conditions in full.
- You agree with these conditions by ticking an online tickbox. Giving consent by a clear affirmative action, you confirm that you have become acquainted with the conditions of the protection of personal data and that you accept them in full.
- The controller shall be authorised to change these conditions. He/she shall publish a new version of the conditions of personal data protection on their websites and at the same time they shall send you a new version of these conditions to your e-mail address you have provided to them.
These condition become effective from 25.5.2018.