PERSONAL DATA PROCESSING POLICY
Personal Data Processing Policy relate to the processing of personal data, which is based on the consent of data subjects for sending commercial communications and for other direct marketing activities by the online trader.
- ADMINISTRATOR IDENTITY AND CONTACT DETAILS
1.1. The personal data administrator is KITStore s.r.o. with its Registered Office at Průmyslová 566/5, Malešice, 108 00 Prague 10, Identification Number: 04716256, entered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 252186 (hereinafter referred to as the Administrator).
1.2. The Administrator contact details are as follows: Correspondence address: Revoluční 655/1, 110 00 Prague 1; E-mail address: firstname.lastname@example.org; Telephone: +420 273 130 934.
1.3. The Administrator did not appoint Data Protection Officer.
- LEGAL REASON FOR PROCESSING PERSONAL DATA
The legal reason for processing your personal data is your consent given to the Administrator within the meaning of Article 6 (1) Letter a) of Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the Regulation).
- REASON FOR PROCESSING PERSONAL DATA
3.1. The reason for processing your personal data is for the Administrator to send you commercial communications and other marketing information.
3.2. Another reason is for the Administrator internal requirements, particularly relating to monitoring the client satisfaction, optimisation and increasing the quality of products and services provided.
3.3. The Administrator does not take automatic individual decisions within the meaning of Article 22 of the Regulation.
- DURATION FOR STORING PERSONAL DATA
Personal data will be processed for the time strictly required to ensure reciprocal rights and responsibilities arising from the Purchase Contract, namely always at least for the Purchase Contract duration, and then for as long as the Administrator must or is authorised to store those data under the Personal Data Protection Act and other generally binding legislation; the same applies if the Purchase Contract is not concluded, but no later than until the revocation of your consent to the processing of personal data (for this processing reason).
- OTHER RECIPIENTS OF PERSONAL DATA
5.1. Your consent is granted to the companies named below that operate the e-shop system and servers for the Administrator, namely Evici Webdesign s.r.o. (data is encrypted and stored on development servers in offices in Ostrava and at Linode, LLC) and Linode, LLC (servers are located in London and Frankfurt).
5.2. Your personal data will be forwarded to other entities or otherwise mediated only if it is essential in the performance of the Purchase Contract, on the basis of a legitimate interest, or if you have given your prior consent.
5.3. Furthermore, we forward personal data
- In order to pay for the Order online (by payment card, fast bank transfer key) to the payment service provider (ComGate Payments, a.s.).
- In order to deliver the goods to the contracted carrier companies (PPL, Česká pošta, Uloženka).
- Your e-mail address and information about the purchased goods to Heureka.cz portal in order to find out your satisfaction with the purchase after each purchase.
- Your e-mail address, first name and surname to SmartSelling a.s., IČ: 29210372, through which we send our e-mails, in order to send commercial communications.
- Evici Webdesign s.r.o., our external provider, has access to your personal data in order to develop and manage elvin.cz e-shop and its purchasing process. This company has its data encrypted and stored on development servers in its offices in Ostrava and at Linode, LLC, which operates servers located in London and Frankfurt.
- If required to investigate the illegal use of our services or for legal proceedings, the data may be passed on to criminal investigation authorities, lawyers, courts for enforcing or concluding any contract with you.
5.4. All of these service providers are contractually required to process your personal data in accordance with the Personal Data Protection Act and current legislation.
5.2. The Administrator does not intend to transfer your personal data to a third country (to a country outside the EU) or to any international organisation.
- DATA SUBJECT RIGHTS
6.1. Under the conditions set out in the Regulation, you have the right to request the Administrator for access to your personal data, the right to correct or delete your personal data, or to restrict their processing, the right to object to the processing of your personal data, and the right to portability of your personal data.
6.2. You have the right to revoke the consent to the processing of your personal data given to the Administrator at any time. However, this does not affect the legitimacy of processing your personal data prior to such consent withdrawal. You are able to revoke your consent to the processing of personal data in the following ways: by telephone, e-mail or in writing.
6.3. If you believe that the processing of your personal data has violated or violates the Regulation, you have, inter alia, the right to lodge a complaint with the Office for Personal Data Protection.
6.4. You do not have to provide personal data. The provision of your personal data is not legislative or contractual requirement, nor is it a requirement that is essential to conclude a Purchase Contract.
You have the right to object to the processing of your personal data at any time for direct marketing activities, which includes profiling, if the profiling relates to such direct marketing. If you object to the processing of your personal data for direct marketing, then your personal data will no longer be processed.
- TERMS FOR SAFEGUARDING PERSONAL DATA
7.1 The Administrator declares that all appropriate technical and organisational measures to safeguard the personal data had been taken.
7.2. The Administrator had taken technical measures to safeguard data banks and the personal data files in hard copy format.
7.3. Administrator declares that only persons authorised by the Administrator have access to the personal data.
- FINAL PROVISIONS
8.1. By sending your order by using the online Order Form, you confirm that you read and fully accepted the personal data protection terms.
8.2. You agree to these terms by ticking off your consent via the online form. By ticking off the consent, you read and fully accepted the personal data protection terms.
8.3. The Administrator reserves the right to change these terms. New version of the personal data protection will be published on the Administrator’s website.
- DATE WHEN IN FORCE
These Personal Data Protection Policy comes into force on 24 May 2018.