TERMS FOR PROTECTION OF PERSONAL DATA
I. KEY PROVISIONS
The controller of personal data according to Article 4(7) of European Parliament and Council (EU) Guideline No. 2016/679 on the protection of natural persons in relation to the processing of personal data and on the free movement of this data (hereinafter the “GDPR”) is Elanor spol. s r.o. Reg No. 15887219 with registered office at BB Centrum Brumlovka, Jemnická 1138/1 140 00 Prague 4 (hereinafter the "Controller").
The Controller’s contact data is:
Address: BB Centrum Brumlovka, Jemnická 1138/1 140 00 Prague 4
Telephone No.: +420 222 509 999
Personal data is considered to mean all information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be directly or indirectly identified, particularly by reference to a specific identifier, for instance name, identification number, location data, network identifier or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.
The Controller has not appointed a competent person for protection of personal data.
II. SOURCES AND CATEGORIES OF THE PROCESSED PERSONAL DATA
The Controller processes the personal data you provided to it or the personal data the Controller obtained on the basis of execution of your order. The Controller processes your identification and contact data and data essential for performance of the Contract.
III. LEGAL REASON AND PURPOSE FOR PROCESSING PERSONAL DATA
The customer’s personal data (if the customer is a natural person) is processed by the company, as the Controller, in compliance with European Parliament and Council (EU) Guideline 2016/679 dated 27 April 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of this data and on invalidation of Guideline 95/46/EU (hereinafter the “GDPR”).
The personal data is processed for legal reasons and for the reason that processing is essential for performance of the Contract concluded according to the business terms and is also essential for performance of legal duties applying to the Controller, particularly on the basis of legal regulations regulating tax records and accounting.
Personal data will not be provided to other recipients.
The personal data is always processed exclusively for the period essential to achieving the purpose for which it is being processed, particularly throughout the duration of a contractual relationship. After this period elapses, the Controller is only authorised to process the customer’s personal data (if the customer is a natural person) for legal reasons and for the purpose of protection of its justified interests during a potential legal dispute in relation to claims arising from the contractual relationship.
Provision of personal data is a requirement that must be specified in contracts concluded according to the business terms, and also a legal requirement. The customer is not required to provide its personal data, however if it does not do so a contract cannot be concluded nor can the company perform its legal duties.
No automated decisions, including profiling, will be made during the processing of personal data. The customer has the following rights in relation to the processed data: the right to access personal data according to Article 15 of the GDPR, the right to correct inaccurate data according to Article 16 of the GDPR, the right to deletion of personal data according to Article 17 of the GDPR, the right to restrict processing of personal data according to Article 18 of the GDPR, the right to the transferability of personal data according to Article 20 of the GDPR, the right to raise an objection against the processing of personal data according to Article 21 of the GDPR, the right to submit a complaint to the Office for Protection of Personal Data according to Article 77 of the GDPR, and the right to refuse to be the subject of any decision based exclusively on automated processing, including profiling, according to Article 22 of the GDPR.
The customer is entitled to contact the company in relation to execution of the abovementioned rights.
IV. DURATION OF STORAGE OF THE DATA
The Controller stores personal data for the period essential for execution of rights and duties arising from the contractual relationship between the customer and the Controller, and for application of claims arising from these contractual relationships (for a period of 15 years after termination of the contractual relationship), for the period until consent to the processing of personal data for the purpose of marketing is withdrawn, for a maximum of 15 years if the personal data is processed on the basis of consent. The Controller will delete the personal data after elapse of the period of storage.
V. TERMS OF ASSURANCE OF SECURITY OF THE PERSONAL DATA
The Controller declares that it has implemented all suitable technical and organisational measures to secure the personal data. The Controller has implemented technical measures to secure data repositories and repositories of personal data in physical form, particularly secured / coded access to the web, coding of customer passwords in the database, regular system updates and regular system backups. The Controller declares that only the authorised persons have access to the personal data.
VI. RECIPIENTS OF PERSONAL DATA (THE CONTROLLER’S SUB-CONTRACTORS)
The recipients of personal data are persons involved in delivery of goods / services / realisation of payments on the basis of a contract, assurance of services in relation to operation of the website and assurance of marketing services.
The Controller does not intend to transfer personal data to third countries (to countries outside the EU) or an international organisation. The operated services assure marketing and support services.
Google Analytics - records cookies and website use, conversion of viewing a website, conversion of shopping
VII. YOUR RIGHTS
Under the terms stipulated by the GDPR you are entitled to:
access to your personal data according to Article 15 of the GDPR,
correction of personal data according to Article 16 of the GDPR, possibly restriction of processing according to Article 18 of the GDPR,
the right to deletion of personal data according to Article 17 of the GDPR,
the right to raise an objection against processing according to Article 21 of the GDPR,
the right to the transferability of data according to Article 20 of the GDPR,
the right to withdraw consent to processing in writing or electronically to the Controller’s address or e-mail specified in Article I of these terms. You can withdraw your consent at any time in your own customer account.
You are also entitled to submit a complaint to the Office for Protection of Personal Data if you believe that your right to protection of personal data was violated.
VIII. FINAL PROVISIONS
By sending an order/inquiry from the website by using the form you confirm that you have been acquainted with the terms for protection of personal data and that you accept them in full.
You agree to these terms by ticking the consent box in the internet form. By ticking the consent box you confirm that you have been acquainted with the terms for protection of personal data and that you accept them in full.
The Controller is entitled to change these terms. It will publish the new version of the terms for protection of personal data on its website and simultaneously send you the new version of these terms to the e-mail address which you provided to the Controller.
REQUEST FOR DELETION OF PERSONAL DATA
These terms come into effect on 31 May 2019