The operator of the e-shop Michal Klaška on the website www.kayu.cz ID 03440541 Nedvědice No. ev. 17, 592 62 Nedvědice processes the personal data provided by the Buyer for the purpose of performance and additional confirmation of the Terms and Conditions, for the purpose of processing the electronic order, execution of the delivery, settlement of payments and necessary communication between the contracting parties for the period required by special legislation.
1.The controller of the personal data pursuant to Section 5(a)(1) of the Act. o) of Act no. 18/2018 On the Protection of Personal Data, as amended (hereinafter referred to as the “Act”) is Michal Klaška, ID No. 03440541, with registered office in Nedvědice No. ev. 17, 592 62 Nedvědice (hereinafter referred to as the “Administrator”);
2. The contact details of the administrator are: e-mail: firstname.lastname@example.org, tel.: + 420 607 771 342;
3. Personal data means all information identifying a natural or legal person.
Sources of personal data processed
1. The administrator processes personal data provided by the buyer with his consent and obtained by the administrator on the basis of the performance of the Purchase Agreement and the processing of the electronic order in the online store www.kayu.cz ;
2. The Controller processes only the identification and contact data of the Buyer necessary for the performance of the Purchase Contract;
3. The Controller processes personal data for the purpose of delivery, settlement of payments and for the necessary communication between the contracting parties for the period required under specific legislation. Personal data will not be disclosed and will not be transferred to other countries.
Purpose of processing personal data
The controller processes the personal data of the buyer for the following reasons:
1. 1 lit. a) Act no. 18/2018 on data protection;
2. For the purpose of processing the buyer’s electronic order (name, address, e-mail, telephone number);
3. For the purpose of fulfilling the rights and obligations arising from the contractual relationship between the Purchaser and the Administrator;
4. The provision of personal data is a necessary requirement for the performance of the purchase contract. No contract can be concluded without the provision of personal data.
Retention period of personal data
1. The Controller keeps personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the Buyer and the Controller and for 3 years after the termination of the contractual relationship;
2. After the expiry of the retention period, the Controller is obliged to delete the data.
Recipients and processors of personal data
The third party that receives the Buyer’s personal data are the Controller’s subcontractors. The services of these subcontractors are necessarily related to the successful performance of the purchase contract and the electronic order between the administrator and the buyer.
The administrator’s subcontractors are:
- Webnode AG (e-shop system);
- Czech Post, s.p. (delivery service);
- Zásilkovna s.r.o. (delivery service);
- Czech Post, s.p. (delivery service);
- DHL International GmbH(delivery service);
- Google LLC (web analytics and other services)
- ECOMAIL.CZ, s.r.o. (email marketing)
- Invoiceroid (invoicing)
- Zakeke (online product configuration)
The User acknowledges that some of his/her personal data is stored in Google LLC data centres. The operator uses G Suite and Google Cloud Platform services, the operation of which complies with European data protection standards.
Under the terms of the Act, the buyer has the right to:
1. To access your personal data;
2. To correct personal data;
3. To delete personal data;
4. Object to processing;
5. On data portability;
6. Withdraw consent to the processing of personal data in writing or electronically at the following e-mail address: email@example.com;
7. File a complaint with the Office for Personal Data Protection if he/she believes that his/her right to personal data protection has been violated.
Security of personal data
1. The Controller declares that it has taken all appropriate technical and organisational measures necessary to secure the Buyer’s personal data;
2. The controller has taken technical measures to secure the data storage of personal data, in particular password-protection of computer access, use of antivirus software and regular maintenance of computers.
1. By submitting an electronic order on the website www.kayu.cz, the buyer confirms that he/she has been informed of the terms and conditions of personal data protection and that he/she accepts them in their entirety;
2. The buyer agrees to these rules by checking the box in the order;
3. The Administrator is entitled to change these Rules at any time. The new version of the Rules must be published on its website.
These Rules come into force on 1. 1. 2020