Personal Data Protection Terms and Conditions
I. Basic Provisions
- The personal data controller pursuant to Art. 4 paragraph 7 of the Regulation of the European Parliament and Council (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is:
candycane s.r.o. ID No.: 06289754 Tax ID No.: CZ06289754 Registered office: Havlíčkovo nám. 189/2, 130 00 Prague 3 registered in the Commercial Register of the Municipal Court in Prague on 24 July 2017, Section C, file no. 279597 (hereinafter the “Controller”).
- Contact details of the Controller:
Address: Tiskařská 12, 10800 Praha 10 Email: firstname.lastname@example.org Telephone: 604 223 833 www: https://candycane.coffee
- Personal data means all information regarding an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, identification number, location data, online identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has not appointed a data protection officer.
II. Sources and Categories of Personal Data Processed
- The Controller processes personal data that you provided to it or that the Controller obtained in connection with the settlement of your order.
- The Controller processes your identification and contact details and other data necessary for the performance of the contract.
III. Lawful Reason and Purpose of Personal Data Processing
The lawful reason of personal data processing is:
- performance of the contract between you and the Controller in the sense of Art. 6 paragraph 1 b) of the GDPR;
- justified interest of the Controller in the provision of direct marketing services (in particular for the purpose of sending commercial messages and newsletters) pursuant to Art. 6 paragraph 1 f) of the GDPR;
- Your consent with the processing for the purposes of direct marketing (in particular for the purpose of sending commercial messages and newsletters) pursuant to Art. 6 paragraph 1 a) of the GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on Certain Services of Information Society, if the goods or services have not been ordered.
The purpose of personal data processing is:
- processing of your order and exercise of the rights and obligations arising from the contractual relationship between you and the Controller; upon placement of an order, personal data is required necessary for successful settlement of the order (name and address, contact details); the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without provision of personal data, the contract cannot be concluded or performed by the Controller;
- sending of commercial messages and carrying out of other marketing activities.
- The Controller does not perform automated individual decision-making in the sense of Art. 22 of the GDPR.
IV. Time of Keeping the Data
The Controller keeps personal data:
- for a time period necessary for the exercise of rights and obligations arising from the contractual relationship between you and the Controller and for raising claims under these contractual relationships (for a period of 15 years after the termination of the contractual relationship);
- until the withdrawal of the consent with personal data processing for marketing purposes, no longer than 15 years, if personal data is being processed on grounds of the consent.
- After the expiry of the time of keeping personal data, the Controller deletes the personal data.
V. Recipients of Personal Data (Subcontractors of the Controller)
The recipients of personal data are persons who
- participate in the delivery of the goods / services / realization of payments under an agreement;
- ensure services of the e-shop operation and other services related to the e-shop operation;
- ensure marketing services.
- The Controller intends to transfer personal data to a third country (outside the EU) or to an international organization. The recipients of personal data in third countries are providers of mailing services / cloud services.
VI. Your Rights
Za podmínek stanovených v GDPR máte
- right to access to your personal data in the sense of Art. 15 of the GDPR;
- right to correction of your personal data in the sense of Art. 16 of the GDPR or possibly the right to restriction of processing in the sense of Art. 18 of the GDPR;
- right to personal data deletion in the sense of Art. 17 of the GDPR;
- right to object against personal data processing in the sense of Art. 21 of the GDPR; and
- right to data transferability in the sense of Art. 20 of the GDPR;
- right to withdraw the consent with processing in writing or via email to the Controller’s postal or e-mail address stated in Section III of these Terms and Conditions.
- You are further entitled to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII. Conditions of Personal Data Securing
- The Controller declares that it has adopted all technical and organizational measures for personal data protection.
- The Controller has adopted technical measures to secure data storage space and storage space of personal data in documentary form.
- The Controller declares that only persons authorized by the Controller have access to personal data.
VIII. Final Provisions
- By sending an order from the internet order form, you confirm that you are acquainted with the terms and conditions of personal data protection and that you accept them in full.
- You can express your consent with these terms by marking your consent in the internet form. By marking your consent, you confirm that you are acquainted with the terms and conditions of personal data protection and that you accept them in full.
- The Controller is entitled to amend these Terms and Conditions. A new version of the Personal Data Protection Terms and Conditions shall be published on the Controller’s website and simultaneously sent to your e-mail address provided to the Controller.
These Terms and Conditions shall become effective as of 1 January 2020.