- CCF s.r.o., Company ID 26890771, with its registered office at Santražiny 575, 760 01 Zlín, incorporated in the Companies Register held by the Regional Court in Brno, file C 42765 (hereinafter: the “Data Controller”) is the Data Controller pursuant to sec. 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR")..
- Contact details of the Data Controller are as follows:
- address: Santražiny 575, 760 01 Zlín
- e-mail: firstname.lastname@example.org
- tel.: +420 571 623 624
- Under the personal data we shall understand any information relating to an identified or identifiable natural person; an identifiable natural person is the natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific features of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Data Controller has not appointed the Data Protection Officer.
II. SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA
- The Data Controller processes the personal data that you have provided to him or the personal data that the Data Controller has obtained on the basis of fulfilment of your order:
- name and surname
- e-mail address
- postal address
- The Data Controller processes your identification and contact data and the data necessary for fulfilment of the contract.
III. LEGAL REASON AND PURPOSE OF PERSONAL DATA PROCESSING
- The legal reason for personal data processing is as follows:
- performance of the contract between you and the Data Controller pursuant to Art. 6 (12) (b) GDPR,
- fulfilment of the legal obligation of the Data Controller pursuant to Art. 6 (1) (c) GDPR,
- legitimate interest of the Data Controller in providing the direct marketing (in particular for distributing commercial messages and newsletters) pursuant to Art. 6 (1) (f) GDPR,
- Purpose for personal data processing is as follows:
- settlement of your order and exercising the rights and obligations arising from the contractual relationship between you and the Data Controller; when ordering, personal data are required, which are necessary for successful settlement of the order (name and address, contact), provision of personal data is the necessary prerequisite for executing and fulfilling the contract, without providing personal data it is not possible to execute the contract or perform it by the Data Controller,
- fulfilment of legal obligations towards the state,
- distributing business messages and exercising other marketing activities.
- The Data Controller performs automated individual decision-making within the meaning of GDPR Art. 22. You have given your explicit consent to such processing.
IV.DATA RETENTION PERIOD
- The Data Controller shall store the personal data
- for the time period necessary for exercising the rights and obligations arising from the contractual relationship between you and the Data Controller and for raising the claims under these contractual relationships (for the period of 15 years from termination of the contractual relationship).
- After expiry of the retention period of the personal data, the Data Controller shall delete the personal data.
V. PERSONAL DATA RECIPIENTS (DATA CONTROLLER SUBCONTRACTORS)
- Recipients of the personal data are persons
- involved in delivery of goods/services/execution of payments, based on the contract,
- providing e-shop operation services (Shoptet) and other services connected with e-shop operation,
- providing marketing services.
- The Data Controller intends to transfer personal data to a third country (a non-EU country) or to an international organization. Recipients of personal data in third countries are the mailing/cloud service providers.
VI. PERSONAL DATA PROCESSORS
- Personal data processing is performed by the Data Controller, but the following processors can also process personal data for him:
- Mailchimp service provider,
- and/or another provider of processing software, services and applications, which is currently not used by the Data Controller.
VI. YOUR RIGHTs
- Under the conditions set out in GDPR you have
- right of access to personal data of the data subject pursuant to Art. 15 GDPR,
- right to rectification of personal data pursuant to Art. 16 GDPR and/or restriction of processing pursuant to Art. 18 GDPR,
- right to erasure personal data (right to be forgotten) pursuant to Art. 17 GDPR,
- right to object to data processing pursuant to Art. 21 GDPR,
- right to data portability pursuant to Art. 20 GDPR, and
- right to withdraw the consent with processing in writing or electronically to the address or e-mail of the Data Controller shown in Article III hereof.
- You have also the right to file a complaint with the Office for Personal Data Protection, if you are convinced that your right to personal data protection has been violated, or to address the court.
VII. TERMS AND CONDITIONS OF PERSONAL DATA SECURITY
- The Data Controller declares that he has taken all appropriate technical and organizational measures to secure the personal data.
- The Data Controller has taken the technical measures to secure the data repositories and personal data repositories in the documentary form.
- The Data controller declares that only persons authorized by him have access to personal data.
VIII. FINAL PROVISIONS
These terms and conditions become effective on 25.05.2018.