Conditions of personal data protection
I.
Elementary provisions
1. In accordance with Article 4 (7) of Regulation 2016/679 (EU) of the European Parliament and Council on the protection of persons with regard to the processing of personal data and on the free movement of such data, (hereinafter referred to as “GDPR”), the personal data controller is
2. Czech Aerosol, a.s.
Velvěty 33
415 01 Rtyně nad Bílinou
Company ID: 49901869
Tax ID: CZ49901869
(hereinafter referred to as the “Controller“).
3. The Controllers contact data are
Address: Velvěty 33, 415 01 Rtyně nad Bílinou
E-mail: info@czechaerosol.cz
Phone: +420 417 813 511
4. Personal data means all information about an identified or identifiable individual; an identifiable individual is an individual who can be identified, either directly or indirectly, especially in relation to a certain identifier, e.g. name, identification number, location details, network identifier.
5. The Controller has not appointed a commissioner for personal data protection.
II.
Sources and categories of processed personal data
1. The Controller processes the personal data you have provided to it, or personal data the Controller acquired on the basis of completing your order.
2. The Controller processes your identification and contact data which is necessary to perform under the contract.
III.
Legal basis and purpose of personal data processing
1. The legal basis of personal data processing is
• performance of a contract concluded between you and the Controller according to Article 6 (1) b) of the GDPR,
2. The purpose of personal data processing is
• completion of your order and exercise of rights and duties resulting from the contractual relationship between you and the Controller; when you make an order, we require the personal data which is necessary to complete your order successfully (name, address and contact details), provision of personal data is a necessary requirement to conclude and perform a contract; it is not possible to conclude a contract or perform it on the Controller’s part without the provision of personal data, or it will be based on the explicit consent of the data subject.
3. There is no individual decision-making on the Controller’s part in accordance with Article 22 of the GDPR. You have given your express consent to such processing.
4. The Controller will take suitable measures to protect the rights and freedoms and lawful interests of data subjects.
IV.
Data storage period
1. The Controller stores personal data
• for the time necessary to exercise rights and duties resulting from a contractual relationship between you and the Controller and the claims resulting from such contractual relationships (for 3 years after the termination of the contractual relationship).
2. The Controller will delete the personal data after the data storage period expires.
V.
Personal data receivers (subcontractors of the Controller)
1. Receivers of personal data are persons who
• provide services of web pages administration (ALWAC, a.s.)
The Controller does not intend to disclose personal data to a third country (to a Non-EU country) or an international organisation.
VI.
Your rights
1. Under the conditions set out in the GDPR you have
• the right to access your personal data in accordance with Article 15 of the GDPR,
• the right to the correction of personal data in accordance with Article 16 of the GDPR, or to restriction of personal data processing in accordance with Article 18 of the GDPR.
• the right to the erasure of personal data in accordance with Article 17 of the GDPR.
• the right to object against processing in accordance with Article 21 of the GDPR.
• the right to data portability in accordance with Article 20 of the GDPR.
• the right to revoke your consent to processing by writing to or e-mailing the Controller’s address mentioned in Article III herein.
2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you feel that your rights to personal data protection have been violated.
VII.
Conditions of personal data security
1. The Controller declares that it has adopted all appropriate technical and organisational measures for personal data security.
2. The Controller has adopted technical measures to secure data storage devices and personal data storage devices in document form, in particular anti-virus and firewall.
3. The Controller declares that only the persons it has authorised and provably trained can access personal data.
VIII.
Final provisions
1. By sending your order via the internet order form you confirm that you have read the conditions of personal data protection and you accept them in their entirety.
2. You agree with these conditions by ticking the consent box on the internet form. By ticking the consent box you confirm that you have read the conditions of personal data protection and you accept them in their entirety.
3. The Controller has the right to change these conditions. It will publish a new version of the personal data protection conditions on its website and it will also send the new version of these conditions to the e-mail address you have provided to the Controller.
These conditions become effective on 25th May 2018.