Principles of personal data processing
I. Basic provisions
1. The controller of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) is Bontex2 s.r.o., ID No.: 14285991, with registered office at Pod Turnovskou tratí 182/18, Prague 9, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 363403, represented by Bc. Martin Zima, Managing Director (hereinafter referred to as the “Administrator”).
2. Contact details of the Administrator are Bontex2 s.r.o., Pod Turnovskou tratí 182/18, Prague 9, 198 00, tel: 602 444 244, email: info@legendyuvas.cz.
3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a particular identifier, such as a name, an identification number, location data, a network identifier, or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
4. The controller has appointed a data protection officer. The contact details of the data protection officer are: Pavel Špiryt, email: info@legendyuvas.cz, Tel: 602 444 244.
II. Sources and categories of personal data processed
1. The controller processes personal data that you have provided to the controller or personal data that the controller has obtained as a result of fulfilling your order. If you order goods or services from the controller, the controller needs data from you that are marked as mandatory in the order process (this is mainly your name, residence or delivery address). If the controller does not have this information, it cannot deliver the goods correctly. In addition, for the purpose of selling goods or services, the controller needs your email address, to which it will send you an order confirmation, and a telephone number to deal with the order.
2. When you visit the Controller’s website www.legendyuvas.cz (the “Website” or “Online Shop”), the Controller may collect certain information about you, such as your IP address, the date and time you accessed the Website, information about your Internet browser, operating system, or language settings. It may also process information about your behaviour on its website, e.g. which links you visit on our website and which goods are displayed to you. However, for your maximum privacy, information about your behaviour on the website is anonymised and therefore cannot be attributed by the administrator to a specific user, i.e. a specific person.
3. If you access the controller’s website from a mobile phone or similar device, the controller may also process information about your mobile device (data about your mobile phone, etc.)
III. Cookies
1. The administrator automatically processes cookies, which are small text files that are created when you visit each web page. It is used as a standard tool to store information about how the administrator’s site is used.
2. The administrator uses the following cookies:
Technical cookies: to make the online shop work properly. These cookies are always active (their processing cannot be refused), as they are necessary for the actual functioning of the website.
Functional cookies: the use of these cookies is not necessary, but they make the visit to the online shop of the administrator much more pleasant and easier. The processing of these cookies can be refused.
Analytical cookies: they help to improve the online shop. Analytical cookies on the website of the administrator are collected by the Cookie Notice plugin, which then anonymises this data. After anonymisation, it is no longer personal data, because anonymised cookies cannot be assigned to a specific user or a specific person. The administrator only works with cookies in anonymised form. The processing of these cookies can be refused.
3. If you wish to influence which cookies are processed by the controller, please use one of the common internet browsers (e.g. Internet Explorer, Safari, Firefox, Chrome) with the anonymous browsing function enabled, which prevents the storage of data about the websites you visit, or you can disable the storage of cookies in your browser completely. However, if you also disable the processing of technical and functional cookies, you will prevent some functions that help you from working.
4. To refuse the processing of cookies (with the exception of technical cookies), please contact the Administrator at the email address set out in Article I, paragraph 2 of this Policy. Refusal to process functional and analytical cookies does not imply the inability to access the online shop of the controller, nor does it lead to the refusal of the services of the controller. However, refusal to process functional and analytical cookies may result in the Administrator’s online shop not functioning properly and some functions may be unavailable. The overall experience of browsing the online shop may therefore be impaired.
IV. Reason and purpose for processing personal data
1. The reason for the processing of personal data is
– the execution of an order and the performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR,
2. The purpose of the processing of personal data is
– the processing of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data are required that are necessary for the successful processing of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or its performance by the controller,
3. There is no automatic individual decision-making by the controller within the meaning of Article 22 of the GDPR.
V. Data retention period
1. The controller shall retain the personal data
– for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims under those contractual relationships
– for a period of 7 years
2. After the retention period has expired, the controller shall delete the personal data.
VI. Recipients of personal data (subcontractors of the controller)
1. Recipients of personal data are persons : Martin Zima, David Abraham, Radek Smíšek, Pavel Špiryt, Martina Vránová, Petra Šusterová
– involved in the delivery of goods / services / execution of payments on the basis of the contract,
– providing services for the operation of the online store and other services in connection with the operation of the online store,
2. The controller does not intend to transfer personal data to a third country (non-EU country) or an international organisation.
VII. Your rights
1. Under the conditions set out in the GDPR, you have
– the right to access your personal data pursuant to Article 15 of the GDPR,
– the right to rectification of personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR,
– the right to erasure of personal data pursuant to Article 18 of the GDPR. 17 of the GDPR,
– the right to object to processing pursuant to Article 21 of the GDPR,
– the right to data portability pursuant to Article 20 of the GDPR and
– the right to withdraw consent to processing in writing or electronically to the address or email of the controller referred to in Article I(4) of these terms and conditions.
2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VIII. Personal Data Security Policy
1. The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
2. The controller has taken technical measures to secure data storage and storage of personal data in paper form. The controller declares that only persons authorised by the controller have access to the personal data.
IX. Final provisions
1. By submitting an order from the online order form of the online shop, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
2. You agree to this policy by checking the consent box via the online form in the online store. By checking the consent box, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
3. The controller is entitled to change these terms. It will post the new version of the Privacy Policy on its website or send you a new version of the Privacy Policy at the email address you have provided to the controller.
This policy will take effect on November 1, 2020.
Prague, 1.11.2020
Bontex2 s.r.o.
Bc. Martin Zima, Managing Director
