- The Controller of the personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is JABLONEX s. r. o. IČ 05340519 with its registered office at Průmyslová 907, 468 22 Železný Brod (hereinafter: "Controller").
- The contact details of the Controller are
Address: JABLONEX s. r. o., business premises Příčná 350, 468 22 Železný Brod, The Czech Republic
Phone No: +420 774 431 432, e-mail: firstname.lastname@example.org, web: shop.jablonex.com
- Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as their name, identification number, location data, network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has not appointed a Data Protection Officer
II Sources and Categories of Personal Data to be processed
- The Controller processes the personal data you have provided the Controller with or the personal data the Controller has collected on the basis of the processing your order.
- The Controller processes your personal identification and contact data and the data necessary for the fulfilment of the contract.
III Legitimate purposes and reasons of processing Personal Data
- The Legitimate Reason of processing personal data shall be
- the fulfilment of a contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR,
- the Controller's rightful interest in providing direct marketing (in particular sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR,
- your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll, on certain services performed by an information company in case there is no order for goods or service
- The Purpose of the Data Processing shall be
- processing your order and exercising the rights and responsibilities arising from the contractual relation between you and the Controller; upon ordering personal data is required for successful processing of the order (name and address, contact), providing personal data is a precondition for the conclusion and execution of a contract, it is not possible to conclude or execute a contract without providing personal data,
- sending commercial communications and other marketing activities.
- automated individual decision is made by the Controller within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.
Retention period of Personal Data
- The Controller retains Personal Data
- The Personal Data are kept no longer than necessary to execute all the rights and duties relevant and limited to what is necessary for the purposes of the contractual relation between you and the Controller and the exercise of claims under these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
- until the consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 3 years if the personal data is processed on the basis of consent.
- After the expiry of the retention period, the Controller shall delete the Personal Data.
Recipients of Personal Data (subcontractors of the Controller)
- The Recipients of Personal Data are persons
- involved in the delivery of goods / services / making payments pursuant to the contract,
- providing e-shop operations and other services in connection with running the e-shop,
- providing marketing services
- The Controller does not have any intention to transfer Personal Data to a third country (non-EU country) or an international organization
- Subject to the conditions set out in the GDPR, you have
- The right to rectification of Personal Data pursuant to Article 16 GDPR, or restriction of processing pursuant to Article 18 GDPR.
- The right to erasure of Personal Data pursuant to Article 17 GDPR.
- The right to object to processing pursuant to Article 21 GDPR; and
- The right to data portability pursuant to Article 20 GDPR.
- The right to withdraw consent to processing in writing or electronically to the address or email of the controller set out in Article III of these terms and conditions.
- You further have the right to initiate a complaint with the Office for Personal Data Protection if you believe that your right to Personal Data protection has been violated.
Conditions of Personal Data security
- The Controller declares that they have implemented all appropriate technical and organisational measures to ensure the security of Personal Data.
- The Controller has implemented technical measures for the security of data storage and storage of Personal Data in paper form, in particular the use of anti-virus programs, secure access passwords, etc.
- The Controller declares that only authorised persons have access to the Personal Data.
These conditions shall take effect as of 1 September 2022