I. Basic provisions
- Pursuant to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the: „GDPR”), the Controller of data shall be: Happy Materials s.r.o. at Říčanova 753/19, Praha 6 – Břevnov, 169 00, business identification number: 27204821, (hereinafter referred to as the „Controller“).
- Contact data of the Controller: Happy Materials s.r.o., Říčanova 753/19, 16900 Praha 6, Czech Republic, email: email@example.com, GSM: +420 233 355 246.
- Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller did not appoint any data protection officer.
II. Sources and categories of processed personal data
- The Controller processes data submitted to them and/or personal data received in connection with services provided to you and/or personal data gathered in the process of identifying web visitors via the respective seeky.cz service.
- The Controller processes your identification and contact data as well as data necessary for execution of contracts and provision of direct marketing.
III. Lawfulness and purpose of personal data processing
- Processing shall be lawful for the purposes of:
- Performance of your contract with the Controller pursuant to Article 6 (1)b) of GDPR,
- Legitimate interests pursued by the controller in respect to direct marketing services (especially regarding sales matter and newsletters) pursuant to Article 6 (1)f) of GDPR,
- Your consent to the processing of personal data for the purposes of direct marketing (especially regarding sales matter and newsletters) pursuant to Article 6 (1)a) OF THE GDPR and Section 7 (2) of Act No. 480/2004 Coll., on Selected services of information society in case of missing order of services or goods.
- The purpose of personal data processing shall be:
- Execution of your order and exercise of your rights and obligations arising from your contractual relationship with the Controller; an order requires personal data necessary for a successful execution of the order (name and address, contact details), provision of personal data is a necessary prerequisite for entering into and execution of the contract, a contract may not be entered into or executed by the Controller unless the contractor provided their personal data,
- Mailing of sales matter and performance of other marketing activities.
- Pursuant to Article 22 of the GDPR, the Controller shall make no decisions based solely on automated individual processing.
IV. Data keeping
- The Controller keeps the identification data:
- For the period necessary to exercise rights and obligations arising from your contractual relationship with the Controller and implementation of claims arising from such contractual relationship (for 15 years after termination of the contractual relationship).
- For the period until the consent with processing of personal data for marketing purposes will have been recalled; 5 years at the latest should personal data be kept based on consent.
- The Controller shall erase the data after expiration of the given data keeping period.
V. Recipients of personal data (suppliers of the Controller)
- Recipients of personal data are the following:
- Persons participating on delivery of goods/services/ payment services based on a contract,
- Providers of marketing services.
- The Controller intends to disclose personal data neither to any third country (countries outside the EU) nor to any international organisation. Recipients of personal data in third countries may be solely providers of marketing services/cloud services.
VI. Your rights
- Provisions of the GDPR guide your rights as follows:
- Right to of access to personal data pursuant to Article 15 of the GDPR,
- Right to rectification pursuant to Article 16 of the GDPR, or to restriction of data processing pursuant to Article 18 of the GDPR.
- Right to erasure of personal data pursuant to Article 17 of the GDPR.
- Right to object data processing pursuant to Article 21 of the GDPR.
- Right to data portability pursuant to Article 20 of the GDPR.
- Right to withdraw consent with data processing either in writing or by electronic means to the Controller’s address or email pursuant to Article III of these Conditions.
- Furthermore, you have the right to file a complaint to the Office for protection of personal data should you come to a conclusion that your right for protection of personal data had been violated.
VII. Protection of personal data
- The Controller hereby declares to have adopted all relevant technical and logistical measures to protect personal data.
- The Controller hereby declares to have adopted technical measures to protect data storages and storages of hard copies of personal data.
- The Controller hereby declares that no other but authorized personnel have access to personal data
VIII. Final provisions
These conditions become effective on 25th May 2018.