This document provides information in connection with the new European legislation on the protection of personal data, the General Data Protection Regulation ("GDPR"), effective from 25 May 2018.
We provide information about what personal data we process about our customers, the specific purposes we use them, who we can transfer them to, and what you have in connection with the processing of your personal data.
1. Basic information
1.1. Trading Company Loktu She, Cooperative, with registered office 28 October 59/42, 460 07 Liberec 7, Company ID: 04712285, VAT No .: CZ04712285, registered in the Commercial Register of the Regional Court in Ústí nad Labem, Section Dr, Insert 1235 is a personal data administrator Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereafter "us" or "the Administrator").
1.2. The administrator protects all personal data of buyers and people interested in products and services who are natural persons (name, surname, address, telephone, e-mail, billing data) from misuse and processes them in accordance with current legislation.
1.3. The administrator did not appoint a Data Protection Officer.
2. Sources of personal data and categories of personal data
Where do we receive personal data and what data we process:
2.1. We process personal information you provide to us directly in order to order goods or services, create and use an account, or communicate with us. We also get personal data from you by monitoring your behavior on our website and on the online store www.loktushe.cz.
2.2. We process the identification and contact details and data necessary for the performance of the contract and for direct marketing purposes:
• identification data, which means, in particular, name and surname, username and password
• billing information, which means, in particular, the name, surname, address and address of delivery, payment data to comply with the statutory obligation to issue, record and preserve tax documents;
• contact details, which means personal information that allows us to contact you, in particular email address, telephone number, postal address;
• details of your orders, which include, in particular, the details of the goods and services you have ordered, the method of delivery and payment including the payment account number, claim details;
• information about your web site behavior, especially the goods and services you are viewing, the links you click on, the way we move around our site and screen shifts, as well as the details of the device from which you view our web site, such as the IP address and its derived location, device identification, its technical parameters as the operating system, its version, screen resolution, used browser and its version, as well as data obtained from cookies and similar technologies for identifying devices using analytical tools that generalize and anonymize the data ;
• Information about your reading behavior of the messages we are sending you, especially opening times, as well as details of the device on which you are reading the message, such as the IP address and derived location, the device identification, its technical parameters as the operating system, its version, screen resolution, browser and version used, and data obtained from cookies and related technologies;
• Derivative data, which means personal data derived from your settings, data about the goods and services you create with your order, information about your web site behavior, and data about your reading behavior of the messages we send to you; in particular, your data about your purchasing behavior and the relationship to different goods and services.
3. Legitimate reason and purpose of processing personal data
3.1. The legitimate reason for the processing of personal data is
• performance of the contract between you and the trustee under Article 6 (1) b) GDPR;
• the legitimate interest of the controller in providing direct marketing (in particular for sending business messages and newsletters) under Article 6 (1) f) GDPR;
• Your consent to processing for the purpose of providing direct marketing (in particular for sending business messages and newsletters) pursuant to Article 6 (1) a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on Certain Information Society Services in the Event of Non-Order of Goods or Services.
3.2. The purpose of processing personal data is
• arranging your order and exercising the rights and obligations arising from the contractual relationship between you and the trustee; personal data necessary for the successful execution of the order (name and address, contact), personal data provision is a necessary requirement for conclusion and performance of the contract, without personal data being made it is not possible to conclude the contract or to fulfill it by the administrator;
• sending business messages and doing other marketing activities.
3.3. There is no automatic, individual decision-making within the meaning of Article 22 of the GDPR.
4. Additional information for the purpose of processing your personal data
4.1. Performance of the contract
When registering, ordering and purchasing goods, we process the following personal data: name and surname, home address, identification number, tax identification number, e-mail address, telephone number and email address so that we can create accesses for a registered customer, fulfill your order and deliver the goods .
4.2. Accouting processing
For the purposes of accounting, we process the following personal data: name and surname, address, identification number, tax identification number, e-mail address, telephone number and e-mail address to comply with the statutory duty to issue and record tax documents. These data are kept at least for the duration of the purchase contract and the subsequent statutory filing period of 10 years after the expiration of this period.
4.3. Marketing - sending business messages, newsletters
Your personal information (e-mail and name), what you click on in e-mail and when you most often open it are used for direct marketing - sending business messages.
• If you buy goods for us, we process your personal data for marketing purposes on the basis of a legitimate interest in informing you about the news and offering you other similar products. The legitimate interest in sending you newsletters and processing your personal data is understood as a legitimate interest for a maximum of 2 years after the last performance of the purchase contract, after the last purchase.
• If you subscribe to a newsletter via the form, we will send a newsletter based on the legitimate interest of the administrator for 5 years.
In both cases, however, you can opt out of newsletters in each e-mail you receive. Unsubscribing will cause you to stop sending these marketing communications and erasing (forgetting) or anonymizing this information. This data is stored for a maximum of 2 years after the last email with a marketing message before the subscription has been unsubscribed.
5. The retention period of personal data
5.1. We keep your personal information:
• for the time necessary to exercise the rights and obligations arising out of the contractual relationship between you and the trustee and the enforcement of claims under these contractual relationships (for a period of 10 years) unless the law provides for a longer period for their preservation or we have not stated otherwise in specific cases;
• until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 5 years, if personal data are processed under consent.
5.2. At the end of the retention period, the administrator will erase personal information.
6. Processors / Recipients of Personal Data (Subcontractors of the Administrator)
Who processes your personal data and to whom we forward it
6.1. We process all of these personal data as an administrator. This means that we (the "Administrator") determine the above-defined purposes for which we collect your personal information, determine the processing resources and respond to its proper execution.
6.2. For the processing of personal data we also use the services of other processors who process personal data only according to our instructions and for the purposes described in Part 1.
6.3. Processors / Recipients of personal data are persons:
• contributing to the delivery of goods / services / making payments on the basis of a contract, service providers in connection with the processing of consignments, including their messengers;
• Providing e-shop services and other services in connection with the operation of an e-shop;
• cloud service providers and other technology and support vendors;
• providing marketing services;
• Marketing tool operators who help us optimize the site and personalize content and bids for you.
6.4. List of processors:
• Invala, v.o.s. IČ 28742893 - accounting firm;
• STORMWARE s.r.o., Company ID 25313142 - producer of software product Pohoda, accounting SW product;
• Česká pošta, s. IČ 047114983, a provider of parcel delivery services;
• Deposit s.r.o., Company ID 24299162, Service provider of parcel delivery services;
• ComGate Payments, a.s., Company ID: 27924505, operator of the ComGate payment system - card payment gateway;
• SMWorks s.r.o, Company ID 22801421, supplier of web site solutions and operation and online business;
• Stable.cz, s. R., ID 28741048, web host and domain provider, the landlord of the server on which the web and online shop are operated;
• SmartSelling a.s., Company ID: 29210372, Smartemailing Provider - Czech email marketing tool;
• Raynet s.r.o., Company ID: 26843820, CRM System Provider - Czech Business and Marketing Management Tool;
• Lukáš Jokl, ID 06466478, consultant and supplier of marketing services;
6.5. As an administrator, we may decide to use additional applications or processors in the future to facilitate and improve processing. In this case, we will ask the processor to choose at least the same security and processing requirements as he or she chooses.
8. Security and Privacy
8.1. As Administrator, we have adopted and maintain technical and organizational measures to protect personal data that prevent their misuse, damage or destruction. Personal data is stored and processed safely using all reasonable security systems and procedures customary for the processing of personal data.
8.2. Personal information is only accessible to the Administrator of the authorized person.
9. Transmission of data outside the European Union, European Economic Area
9.1. As part of the data transfer to the recipients listed in section 2, "Who processes your personal data and to whom we forward it", we may also transmit your data to third countries outside the European Economic Area, including countries that do not provide an adequate level of protection of personal data. We will only make such a transfer if the responsible recipient has undertaken to comply with the standard contractual clauses issued by the European Commission available at https://www.uoou.com/files/2010_87_EU.pdf or https://ec.europa.eu/info/law/law-topic/data-protection_en
10. Your rights in connection with the protection of personal data
You have a number of rights in relation to the protection of your personal data. If you wish to use any of these rights, please contact us by e-mail: firstname.lastname@example.org.
Right of access to personal data: You have the right to obtain from us (the "Administrator") a confirmation that the personal data concerning you are processed. If your personal data is processed, you have the right to access this information. This approach will include, for example, information on processing purposes, categories of personal data, and information on the source of personal data. You also have the right to request a copy of the processed personal data.
Right to Repair and Amendment: If you change anything or find your personal information outdated or incomplete, you have the right to add and change. You have the right to have the Administrator corrected or supplemented any inaccurate personal data that concern you and processed by the Administrator without undue delay.
Right to be forgotten: If any of the reasons set out in the GDPR (for example, personal data will no longer be necessary for the purposes for which they were collected or otherwise processed or your consent is withdrawn), you are entitled to The administrator has erased personal information that concerns you without undue delay. However, this right does not apply indefinitely. Deletion will not occur, for example, if the data are processed on the basis of a legal obligation under the law. This applies to cases where we are bound by a statutory obligation and, for example, we must record the tax documents issued after the statutory time limit. In this case, we will delete all such personal data that is not bound by any other law.
Right to Restrict Processing: In some cases defined by GDPR, you may, in addition to the right of cancellation, exercise the right to limit the processing of personal data. This right allows you, in certain cases, to require that your personal data be flagged and that these data are not subject to any further processing operations - in this case, however, not forever (as in the case of a right of cancellation) but for a limited period of time.
Right of portability: In some cases defined by the GDPR (eg if your processing is based on your consent), you are entitled to provide the Administrator with your personal data in a structured, commonly used and machine-readable format, and the right to pass on these data to another administrator. You also have the right that the Administrator should provide this information directly to another Administrator, if technically feasible.
Right to object: You have the right, for reasons relating to your particular situation, to object at any time to the processing of personal data relating to you when such personal data are processed on the basis of a task carried out in the public interest or in the exercise of public authority or legitimate interests of the Administrator or third parties, including profiling based on these provisions. If you raise an objection, the Administrator will not process personal data unless he / she can substantiate serious legitimate reasons for processing that outweigh the interests or rights and freedoms of the data subject or for the determination, exercise or defense of legal claims. You have the right to object to processing for direct marketing or profiling purposes. If you oppose processing for direct marketing purposes, personal data will no longer be processed for these purposes.
Automated individual decision-making, including profiling: You have the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal effects for you or is of significant consequence to you. However, this right does not apply in all cases, for example, if the decision is necessary for the conclusion or performance of a contract between you and the Administrator.
Right to file a complaint: By exercising the rights in the above manner, your right to file a complaint with the relevant supervisory authority under Article 77 of the GDPR is in no way affected. You may exercise this right in particular if you believe that we process your personal data improperly or in violation of generally binding legal regulations. You may file a complaint against our processing of personal data with the Personal Data Protection Office located at Pplk. Sochora 27, 170 00 Praha 7.
We will be glad if you first tell us about this suspicion, that we can do something about it and correct any mistakes.
11. Maintaining confidentiality
11.1. Please be assured that our employees and collaborators who process your personal information are required to maintain confidentiality about personal information and security measures whose disclosure would compromise the security of your personal information.
12. Other terms
12.3. In all matters relating to the processing of your personal data, whether it be a question, a law enforcement, complaints or anything else, you can contact our information service, tel .: 731 191 554, e-mail: email@example.com, Loktu She, cooperative, October 28, 59/42, 460 07 Liberec 7. We will resolve your request without undue delay, but within a maximum of one month. In exceptional cases, especially due to the complexity of your request, we are entitled to extend this period by another two months. We will, of course, inform you of any such extension and its justification.