Personal Data Protection Terms

I. Basic Provisions

  1. The Data Controller under Article 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”) is LIKO-S,a.s., with the registered office at U Splavu 1419, 684 01 Slavkov u Brna, Company ID: 60734795 (hereinafter the “Controller”).
  2. The Controller’s contact data is

Registered office:          U Splavu 1419, 684 01 Slavkov u Brna

e-mail address:               interaktivnisteny@liko-s.cz

Telephone No.:               +420 727 973 132

  1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. The Controller has (not) appointed a data protection officer. Contact data of the officer are as follows:

II. Sources and Categories of Processed Personal Data

  1. The controller processes the personal data that you provided to them, or the personal data that the controller has acquired during performance of your order.
  2. The controller processes your identification and contact data and data necessary for performing the contract.

III. Lawful Reason and Purpose of Data Processing

  1. The lawful reason for the data processing is
  • Performance of a contract between you and the controller pursuant to Article 6 (1) (b) of GDPR;
  • A legitimate interest of the controller in providing direct marketing (in particular, sending commercial communication and newsletters) pursuant to Article 6 (1) (f) of GDPR;
  • Your consent to the data processing for the purpose of providing direct marketing (in particular, sending commercial communication and newsletters) pursuant to Article 6 (1) (a) of GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Sb., on certain information society services where no order of goods or service has been made.
  1. The purpose of the data processing is
  • settlement of your order and performance of rights and obligations resulting from the contractual relationship between you and the controller; when placing an order, you are required to provide your personal data that is necessary for the successful settlement of your order (first name and surname, contact); provisioning of personal data is a necessary prerequisite for making and performing the contract; the contract may not be concluded or performed by the controller without the data;
  • sending commercial communication and performing other marketing activities.
  1. The controller does / does not perform automated individual decision-making referred to in Article 22 of GDPR. You have granted your express consent to the data processing specified above.

IV. Data Storage Period

  1. The controller is to store the personal data
  • For the period that is necessary for execution of rights and obligations resulting from the contractual relationship between you and the controller and assertion of rights resulting from the relationships (for 15 years after termination of the contractual relationship).
  • For the period until the consent to the data processing for marketing purposes is withdrawn, no longer than for …. years, if the data is being processed with the consent.
  1. After lapse of the data storage period the controller is to erase the data.

V. Recipients of Personal Data (Controller’s Sub-contractors)

  1. Recipients of personal data are persons 
  • who participate in the delivery of goods/services/performance of payments under a contract;
  • who provide the services of operating the e-shop (Shoptet) and other services in relation to operating the e-shop;
  • who provide marketing services.
  1. The controller intends / does not intend to transfer the personal data to a third country (country outside the EU) or to an international organization. Recipients of personal data in third countries are providers of mailing services/cloud services.

VI. Your Rights

  1. In compliance with the terms of GDPR you have
  • the right of access to your personal data pursuant to Section 15 of GDPR;
  • the right to rectification of personal data pursuant to Article 16 of GDPR, or restriction of processing pursuant to Article 18 of GDPR;
  • the right to erasure of personal data pursuant to Section 17 of GDPR;
  • the right to object to processing pursuant to Article 21 of GDPR; and
  • the right to data portability pursuant to Section 20 of GDPR;
  • the right to withdraw your consent to processing in writing or electronically to the controller’s address of registered office or e-mail address stated in Article III above.
  1. Furthermore, you have a right to lodge a complaint with the Authority for the Personal Data Protection if you suppose that your right to personal data protection has been violated.

VII. Personal Data Securing Terms

  1. The controller declares that they have implemented any and all appropriate technical and organisational measures to secure the personal data.
  2. The controller has implemented the technical measures to secure the data storages and personal data storages in physical form, in particular ...
  3. The controller declares that the personal data may only be accessed by persons authorized by them.

VIII. Final Provisions

  1. By sending the order from the Internet order form you confirm that you have read the Personal Data Protection Terms and that you accept the same in the full extent.
  2. You express your consent to the terms by ticking the consent box in the Internet form. By ticking the consent box you confirm that you have read the Personal Data Protection Terms and that you accept the same in the full extent.
  3. The Terms may be amended by the controller from time to time. The new version of the Personal Data Protection Terms will be published on the controller’s website and at the same time will be sent to your e-mail address that you provided to the controller.

 

These Terms become effective on 5 April 2020.