PRINCIPLES FOR THE PROTECTION OF PERSONAL AND OTHER PROCESSED DATA
On this page you will find a summary of how Cerva Bohemia s.r.o., 047 87 528, with its registered office at Aviatická 1092/8, Ruzyně, 161 00 Prague 6, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 298787, works with personal data, and the main principles of protection of your personal data and other processed data in accordance with the GDPR (see below) and Act No. 110/2019 Coll., on the processing of personal data (hereinafter referred to as the “PDPA”).
What is GDPR
GDPR, or General Data Protection Regulation, is the generic name for the Regulation (EU) 2016/679 of the European Parliament and of the Council from April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”, came into force on May 25, 2018 and is the legal framework for the protection of personal data in the European area with the aim of defending the rights of EU citizens against unauthorised handling of their data, including personal data.
Who processes your data
The controller of your personal data will be Cerva Bohemia s.r.o., ID No.: 047 87 528, with registered office at Aviatická 1092/8, Ruzyně, 161 00 Prague 6, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 298787 (hereinafter referred to as the “Administrator”). This data will be processed by the controller according to the terms and conditions set out below. The Administrator may be contacted by e-mail at firstname.lastname@example.org.
What personal data we process about you
We only process personal data that you provide us in connection with the use of our services (for example, subscribing to our newsletter or ordering goods) or in connection with the conclusion of a purchase contract in the case of the purchase of our goods. This includes the following data that you provide to us when you register for one of our services:
- email address
- name and surname, date of birth (if you provide it to us when ordering)
- contact and/or delivery address (for the purpose of delivery of the ordered goods)
- telephone number (for the purpose of delivering the ordered goods or informing you of the status of your order)
- payment details (credit card number) stored for your account (only when you make a purchase on our e-shop)
- other data that you voluntarily fill in yourself, for example in the contact form as well as data that we obtain from your use of our website:
- IP address
- cookies (in the case of online services); subject to the conditions set out below
- where applicable, other online identifiers (in particular, the incoming web page – information about which website you are accessing our website from, date and time of access, details of your browser and operating system)
Why we process your personal data
We process your personal data for the following reasons:
– to sell you goods and/or provide you with services that you have expressed an interest in (to enable you to order goods and/or services, to process your order, including its possible delivery to send you a newsletter);
– to enable us to record contracts for possible future use to defend the rights and obligations of the parties (protection of legal claims);
– to improve the quality of our services and, where appropriate, to add new services in which you express interest;
– to analyse and measure interest in our services and products;
– to analyse your preferences and display content that is of real interest to you;
– to give us an advantage in organising our marketing campaigns;
– to send you commercial communications in the form of newsletters. In the newsletters you will find invitations to events we organise, information about new products or special offers. We do not send them more often than once a month. However, you can easily unsubscribe directly by clicking the “unsubscribe” button in the newsletter or by emailing email@example.com;
– so that we can answer your questions sent via our contact forms.
Who has access to your data
Your personal data is safe with us. We only work with partners who are demonstrably trustworthy and who can guarantee the security of your personal data. None of our partners may use your personal data for purposes other than those described in this policy, nor may they provide it to anyone else.
Third parties who may have access to your personal information include:
- Persons to whom we provide data for the purpose of analyzing traffic to our websites;
- persons who provide technical operation of a service for us or operators of the technologies we use for our services;
- persons who ensure the security and integrity of our services and websites and who also test this security on a regular basis;
- payment gateway operators (payment card operators) in the case of online payments;
- shipping service providers who deliver your orders to you;
- the operators of technical solutions that enable us to show you only content and advertising that is relevant to you.
Under certain legal conditions, we are then obliged to transfer some of your personal data to, for example, the Police of the Czech Republic, or other law enforcement authorities, including specialised departments and other public authorities, on the basis of applicable legislation. In these cases, the legal basis for processing is the fulfilment of a legal obligation to which the Administrator is subject. The Administrator does not intend to transfer personal data to a third country (non-EU country) or an international organisation.
How long we process and store your data
We will only process your personal data for as long as necessary in relation to each individual processing purpose. Therefore, we will process your personal data for as long as you use our services (i.e. for the duration of the contractual relationship between us), and subsequently for as long as necessary to exercise the rights and obligations arising from the contractual relationship and to assert claims under those contractual relationships, i.e. until any claims are time-barred or any disputes have been resolved, but no longer than 10 years from the termination of the contractual relationship (taking into account the maximum statutory objective limitation period), unless another legal regulation requires the retention of contractual documentation for a longer period (the legal basis for the processing in this case is the legitimate interest of the Administrator).
Personal data processed on the basis of your consent, as the legal basis for their processing, will be archived for a period of 5 years, unless your consent to the processing of personal data is withdrawn by you. We are required by law to keep your billing data for 10 years. After the retention period has expired, the Administrator will delete the personal data.
Can we process your personal data without your consent?
Yes, we can process your personal data without your consent, but only for the following purposes:
– the provision of a service or product (performance of a contract between you and us);
– to comply with legal obligations imposed on us by generally binding legislation (e.g. we are obliged to store traffic and location data on the basis of Act No. 127/2005 Coll., on electronic communications); or
– processing that is necessary for the purposes of our legitimate interests (e.g. for direct marketing if you are already our customer; ensuring the security of our websites). The possibility and lawfulness of such processing follows directly from the GDPR and other applicable and effective legislation. Direct marketing means sending out our newsletters. However, you can unsubscribe from receiving them at any time in the above-mentioned manner.
For what legal reasons do we process your personal data?
We may process your personal data:
– on the basis of your consent (in particular processing for direct marketing purposes where there is no order for goods or services);
– on the basis of our legitimate interest (in particular processing for direct marketing purposes);
– for the performance of a contract between us, to the extent that the personal data is necessary for such performance;
– for the performance of obligations imposed on us by law.
Security of your personal data
Any personal data you provide to us is secured by standard procedures and technologies. We regularly review our system and apply security measures that, where possible, prevent unauthorised access to your personal data and which provide sufficient security in light of the current state of technology. In order to keep your personal data secure, access to this data is password protected and sensitive data is encrypted when transmitted between your browser and our website.
Withdrawal of consent to the processing of your personal data
You can withdraw your voluntary consent to the processing of your personal data at any time, free of charge, by sending an e-mail to: firstname.lastname@example.org. Withdrawal of consent does not always imply an obligation for the controller to destroy the personal data, as the withdrawal of consent is for a specific purpose for which the personal data are processed, and the controller may process the personal data for other purposes for which it uses a legal basis for processing other than the data subject’s consent. In other words, in case of withdrawal of consent, the controller is obliged to stop processing personal data for the purposes defined in the consent. If consent was the only legal ground for processing, the destruction of the personal data will usually follow. Thus, withdrawal of consent does not affect the processing of personal data that we process on a legal basis other than consent (i.e. in particular if the processing is necessary for the performance of a contract, legal obligation or for other reasons specified in applicable law).
Am I obliged to provide my personal data? What if I do not provide personal data?
You voluntarily provide us with your personal data as well as your consent to its processing. You are therefore not obliged to provide us with your personal data or consent to its processing. If you do not give us your consent to process your personal data, or subsequently withdraw it, we may not be able to continue to provide you with some of our services, or we may not be able to provide them to you to the full extent or quality.
Your rights in relation to data protection
In particular, you have the following rights in relation to your personal data:
– The right to withdraw your consent at any time;
– the right to correct or complete your personal data;
– the right to request restriction of processing;
– the right to object to or complain about processing in certain cases;
– the right to request data portability;
– the right of access to personal data;
– the right to contact the Data Protection Authority;
– the right to be informed of a personal data breach in certain cases;
– the right to erasure of personal data (the right to be “forgotten”) in certain cases; and
– other rights set out in the PDPA and the GDPR.
Declaration of the Administrator
The Administrator declares that the processing does not involve automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR.
The Administrator is entitled, on the basis of its legitimate interest, to send you commercial communications to your electronic address obtained in connection with the sale of a product or service, with information about similar goods, services or the controller’s business, even if you do not complete the purchase but provide us with your email address.
You may opt-out of receiving these commercial communications free of charge before completing your order through the web interface or also in response to any commercial communication you receive from the Administrator as described in this commercial communication.
You also have the possibility at any time to object to the processing of your personal data on the grounds of legitimate interest of the controller and personal data processed for direct marketing purposes. If you object, your personal data will no longer be processed for these purposes.
What are cookies and what types we use
Several types of cookies can be distinguished. The first type are so-called technical cookies, which are necessary for the functionality of the website and generally do not contain your personal data. In this case, the Administrator does not need to obtain your consent to process them. The other types of cookies are those that contain personal data or cookies on the basis of which personal data is collected. Your consent is required for their processing. Such cookies will usually be marketing cookies in particular. Consent to the processing of your personal data contained in cookies is expressed by ticking the box next to the individual purposes for which you have chosen to give us consent to process them.
Cookies containing your personal data will be deleted in connection with your right to erasure under the GDPR no later than 13 months after their last use.
How to contact us
If you have any questions about data protection or withdraw your consent to further processing of your personal data, please contact us by email at email@example.com.