Zásady ochrany osobních údajů
PRIVACY POLICY
The administrator of personal data collected via the portal is the Operator , hereinafter referred to as the "Administrator" and who is also the Operator. Whenever the GDPR is mentioned in the privacy policy, the Operator understands it as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
Purposes of data processing and the scope of data subject to processing
- Providing personal data in the process of order fulfillment via the portal is voluntary, however, refusal to provide them or providing false data will result in the inability to complete the order.
- The customer also provides personal data for the needs of the payment system operator, who may process them in order to complete the transaction. The method of processing personal data by such external entities is regulated by their regulations and privacy policies, which the Customer should read.
- The Customer's personal data provided as part of the portal may be processed in order to:
-
- order fulfillment (Article 6(1)(b) of the GDPR),
- Marketing (Article 6(1)(a) of the GDPR if the Customer has consented to it or pursuant to Article 6(1)(f) of the GDPR, i.e. on the basis of the Administrator's legitimate interest, and for statistical purposes or protection against possible claims, in on the basis mentioned above.
-
- The data will not be processed in an automated manner in the form of profiling.
- The entities to which the Administrator may provide the Customer's personal data are: payment system operators selected by the Customer in the order fulfillment process, entities providing legal or accounting services to the Operator, state or local government institutions operating on the basis of mandatory provisions of law.
- Personal data may be stored for no longer than 6 years from the date of the transaction, unless the mandatory provisions of law require them to be stored for a longer period of time .
Rights of the individual whose personal data is processed
- The data subject has the right to access their personal data and the right to rectify, delete, limit processing, the right to transfer data, the right to raise objections, the right to withdraw consent at any time without affecting the lawfulness of the processing that has been made on the basis of consent before its withdrawal.
- In order to exercise the rights, please contact the Administrator in the manner indicated in the "contact" tab.
- In the event that the person whose personal data is processed has doubts as to the lawfulness and grounds for processing, he is entitled to submit a complaint to the competent authority dealing with the protection of personal data.
Final Provisions
- The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.
- In matters not covered by this Privacy Policy, the provisions of the Regulations, as well as the provisions of the GDPR, shall apply accordingly.