What is GDPR?
GDPR are new rules for the protection of your personal data, effective from 25.05.2018.
The General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46 / EC (GDPR). This Regulation is directly binding on all EU Countries. The GDPR specifications are further elaborated in Act no. 18/2018 Z. z. on the Protection of Personal Data and on the Amendment to Certain Acts ("ZOOU").
Who processes your personal information?
The data are processed by ZUPPA design s.r.o., tel .: +421 907 151 038, e-mail: firstname.lastname@example.org, which is an operator within the meaning of § 5 let. o) ZOOU (hereinafter referred to as the "controller"). Due to the nature of the activities performed by the controller in the processing of personal data, the controller was not obliged to determine and did not specify the Data Protection Officer (DPO) under Section 44 of the ZOOU.
On behalf of the controller the personal data are further processed by processors which are the subcontractors of the operator, in particular: the company providing the e-shop platform, courier companies, accountancy company, payment gateway companies, operator bank, social networks, etc. The operator has concluded separate contracts for the processing of personal data with the processors.
Both the controller and processors are required to comply with GDPR and ZOOU when processing personal data.
What personal data do we process?
We need to process your name, surname, address, phone number, e-mail address, and your possible order notes for the purpose of ordering your order, making payment and delivering to you.
In addition, when processing your order, we process your IBAN (if it is not a business account), your IP address, your opinions, reviews, comments, discussion posts, feedback, ordered items, photos and videos sent to you, and cookies.
Why do we process your personal information?
Because it is essential to fit your order, i.e. to meet the purchase agreement you enter into with our company. Without that, it simply can not. We process your personal data because it allows us and orders us from the ZOOU. Your consent to the processing of personal data is not required in this case.
In addition, we process your personal data because we have so called " legitimate interest", which is in particular the realization of direct marketing, settlement of possible claims, monitoring of basic analytics, etc. In this case, your consent to the processing of personal data is not required.
How long do we process your personal information?
We primarily process the data for the time it takes to process your order and meet the purchase agreement. However, processing of personal data is also archived, and we are therefore obliged to archive your personal data as long as the individual laws require it. After these deadlines, your personal information will be erased.
What rights do you have with the processing of your personal data?
Personal information that is binding to your person is only yours and therefore you have the full discretion to decide how the operator and mediators should deal with them. So you have:
- the right to access your personal data under Section 21 of the ZOOU - that is, in particular, the right to know whether and what personal data you are processing
- the right to repair personal data pursuant to § 22 ZOOU,
- the right to delete personal data pursuant to § 23 ZOOU,
- the right to restrict the processing of personal data under Section 24 of the ZOOU,
- the right to transfer personal data to another operator under § 26 ZOOU,
- the right to object to the processing of personal data pursuant to § 27 of the ZOOU,
- the right to revoke your consent to the processing of personal data at any time (if consent is required) pursuant to § 14 par. 3 ZOOU,
- the right to file a claim for the personal data protection proceedings before the Office for the Protection of Personal Data under Section 100 of the ZOOU.
When processing your personal data, no decision will be made solely on the automated processing of personal data (§28 of the ZOOU) nor on profiling, the controller does not intend to provide personal data to a third country, to an international organization or to third parties, with the possible exception of some intermediaries.
How are your personal information secured against being misused?
The controller has taken reasonable technical and organizational measures to secure your personal data, which is more fully described in the internal documentation of the controller. All personal data in electronic form is stored in databases and systems accessible only to persons who need to immediately handle personal data for the purposes specified in these rules, and only to the extent necessary. Access to this personal data is password protected. All employees an co-workers of the controller are legally or contractually bound of confidentiality in relation to your personal data. In the case of processing your personal data by processors, individual processors are also contractually bound to take appropriate technical and organizational measures to protect your personal data.
By confirming your acceptance of the Personal data protection policy (GDPR), you acknowledge that you are aware of the this policy. The controller reserves the right to change these principles, as you will be informed in advance.
Personal data protection policy (GDPR), www.zuppashop.com, version 1.0, effective from 25.5.2018, all rights reserved
© Law Office PAČINDA AK s.r.o.