I.

Basic provision

  • The controller of personal data pursuant to Article 4 point 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is company retaillogic. s.r.o., IČ: 07999321 with its registered office at Kojetínská 3881/84, 767 01 Kroměříž, kept at the Regional Court in Brno, Section C, File 112961 (hereinafter referred to as the “Administrator”).
  • The contact details of the administrator are

address: Kojetínská 3881/84, 767 01 Kroměříž
email: office@retaillogic.cz
phone number: +420 775 863 797

  • Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • The administrator did not appoint a data protection officer.

II.

Sources and categories of personal data processed

  • The administrator processes the personal data that you have provided to him or the personal data that the administrator has obtained on the basis of the fulfillment of your order.
  • The administrator processes your identification and contact data and the data necessary for the performance of the contract.
  • The administrator processes personal data that you have provided to him or personal data that the administrator has obtained on the basis of registration on the e-shop.
  • The administrator processes the personal data you have provided to him or the personal data that the administrator has obtained on the basis of registration for news and marketing messages.
  • Personal data means:
    • Identification data - personal data used for your unambiguous and unmistakable identification (eg name, surname, title, date of birth, residential address, identity card, login data to our e-shop, ie login and password);
    • Contact details - details enabling you to be contacted (eg telephone number, e-mail address, contact address);
    • Details of purchases and our business cooperation (eg purchase history, payment details, bank details, payment card, etc.);
    • Voice recording (if the call is recorded at our company's customer center);
  • Network identifiers in connection with the use of web services and applications - when using our websites, applications or e-shop, we use various technologies to identify and store your browser and device (cookies and similar technologies), we collect device data (eg IP address or other unique identifiers of your device, hardware model, operating system version, mobile network data, server protocols, internet protocol address, date and time of your request), location data (IP address, GPS system, WI access points -FI or mobile network transmitter).
    • Data on the use of your legal rights and records of their exercise against our company;
    • Other data, the processing of which by our company is required by the legislation of the Czech Republic or the European Union.

III.

Legal reason and purpose of personal data processing

  • Your administrator processes your personal data for these purposes:
  • settlement of your order and exercise of rights and obligations arising from the contractual relationship between you and the administrator. The legal reason is the fulfillment of the contract. This purpose and the legal reason for processing also apply to the preparation of the contract or the negotiation of the terms of the contract, even if it is not subsequently agreed;
  • sending business messages and doing other marketing activities, based on these legal reasons:
    • for the administrator's legitimate interest in providing direct marketing (especially for sending business messages and newsletters), to the administrator's former customers via e-mail, provided that the other conditions of Section 7 (3) of Act No. 480/2004 Coll., on certain information society services are met. You can opt out of receiving additional marketing emails at any time;
    • Your consent to processing for the purposes of providing direct marketing (especially for sending business messages and newsletters) if the goods or services have not yet been ordered; or in the case of direct marketing by means other than e-mail. You can revoke your consent at any time;
      • fulfillment of other legal obligations (eg the Act on Accounting, the Tax Code, the Labor Code, the Act on VAT, the Act on the File and Archiving Service, the Act on Consumer Protection);
      • Enforcement or defense of the administrator's legal claims. The legal reason for processing is the legitimate interest of our company.
      • The provision of personal data is a necessary requirement for the conclusion and performance of the contract (execution of the order) and all related legal obligations. Without the provision of personal data, it is not possible to conclude the contract or fulfill it by the administrator.
      • There shall be no automatic individual decision by the administrator within the meaning of Article 22 of the GDPR.

      IV.

      Data retention period

      • The controller shall store personal data
        • for the period for which your consent was given or until its revocation, if personal data are processed on the basis of the consent,
        • for the period stipulated by the legal regulation of the Czech Republic, if personal data are processed on the basis of a legal obligation,
        • for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to assert claims from these contractual relationships (until the expiry of the limitation period of 10 years from the termination of the contractual relationship).
      • After the expiry of the retention period of personal data, the controller shall delete the personal data.

      V.

      Recipients of personal data (subcontractors of the controller)

      • The recipients of personal data are
        • persons involved in the delivery of goods / services (eg carriers) and in the execution of payments on the basis of a contract - these persons themselves become administrators of your personal data,
        • persons providing IT services to the administrator in connection with the operation of the e-shop,
        • persons providing marketing services to the administrator,
        • persons providing services to the administrator to protect his rights and interests (lawyer, insurance company, etc.),
        • other persons may be, if required by the legislation of the Czech Republic.
      • The controller does not intend to transfer personal data to a third country (to a non-EU country) or to an international organization.

      VI.

      Your rights

      • In cases where the processing of personal data is based on a legitimate interest of the controller, you have these special rights:
        • the right to object to direct marketing pursuant to Article 21 (2) of the GDPR
        • the right to object to other processing operations based on a legitimate interest pursuant to Article 21 (1) of the GDPR
      • Under the conditions set out in the GDPR you have
        • the right to access your personal data pursuant to Article 15 of the GDPR,
        • the right to information and explanations,
        • the right to correct or supplement personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR,
        • the right to delete personal data pursuant to Article 17 of the GDPR,
        • the right to data portability according to Article 20 of the GDPR,
        • the right to revoke the consent to processing in writing or electronically to the address or email of the administrator specified in Article I of these conditions.
      • You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

      VII.

      Terms of personal data security

      • The controller declares that he has taken all appropriate technical and organizational measures to secure personal data.
      • The controller has taken technical measures to secure data repositories and personal data repositories in paper form, in particular locks, passwords, data encryption and data backup.
      • The controller declares that only persons authorized by him have access to personal data.

      VIII.

      Final Provisions

      • By sending an order from the online order form, you confirm that you are familiar with the conditions of personal data protection.
      • You confirm your acquaintance with these conditions by checking the consent via the online form.
      • The administrator is entitled to change these conditions by a unilateral declaration. They will publish a new version of the terms of personal data protection on their website.

      The conditions are valid from 19 January 2020.