Privacy Policy

Terms of Personal Data Protection

1. Basic Provisions

1. The controller of personal data pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) shall be Col de Bonte s.r.o., Company Identification Number 29413184 with its registered office at Široká 124/15, Josefov, 110 00 Prague 1 (hereinafter referred to as the “Controller”).
2. The contact details of the Controller are as follows:

Address: Široká 124/15, Josefov, 110 00 Prague 1, Czech Republic

E-mail address: vladan.hajek@coldebonte.com

1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular, by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that particular natural person.
2. The Controller has not appointed a data protection officer.

1. Sources and Categories of Personal Data Processed
2. The Controller processes the personal data you have provided to them or the personal data that the Controller has obtained on the basis of the fulfilment of your order.
3. The Controller processes your identification and contact data and the data necessary for the performance of the contract.

III. Legal Reason and Purpose of Processing of Personal Data

1. The legal reason for the processing of personal data can be as follows:

• Performance of the contract concluded between you and the Controller according to Article 6 (1) (b) of GDPR,
• The legitimate interest of the Controller in the provision of direct marketing (especially for sending commercial messages and newsletters) pursuant to Article 6 (1) (f) of GDPR,
• Your consent to the processing for the purposes of providing direct marketing (in particular for sending commercial messages and newsletters) pursuant to Article 6 (1) (a) of GDPR in connection with Article 7 (2) of Act No. 480/2004 Coll., on certain information society services, if no goods or services have been ordered.

2. The purpose of the processing of personal data can be as follows:

• Processing of your order and exercising the rights and obligations arising from the contractual relationship between you and the Controller; when ordering, personal data are required, which are necessary for the successful execution of the order (name and address, contact data); provision of personal information is an essential requirement for concluding and fulfilling the contract; without providing personal data it is not possible to conclude the contract or Controller cannot fulfil it,
• Sending of business messages and doing other marketing activities.

3. The Controller shall not make any automatic individual decision within the meaning of Article 22 of the GDPR. You have given your express consent to such processing.
4. Data Retention Period
5. The Controller shall store personal data:

• For the time necessary to exercise the rights and obligations arising from the contractual relationship concluded between you and the Controller and to assert claims under the contractual relationships (for a period of 15 years from the termination of the contractual relationship),
• Until the consent to the processing of personal data for marketing purposes is revoked; for a maximum of two years, if personal data are processed on the basis of the consent.

2. After the expiry of the personal data retention period, the Controller shall delete the personal data.
3. Recipients of Personal Data (Subcontractors of the Controller)
4. The recipients of personal data are persons

• Involved in the delivery of goods/services/execution of payments based on a contract,
• Providing e-shop operation services and other services related to the e-shop operation,
• Providing marketing services.

2. The Controller does not intend to transfer personal data to a third country (a non-EU country) or an international organisation.
3. The operated services, providing the following marketing and support services:

• Google analytics - record cookies and web usage,
• Google Adwords - record cookies and web usage,
• Google Purchases - review request, record e-mail address if you agree to it while making an order,
• Facebook - records cookies, web usage, purchase conversions,
• Heureka - records purchase conversions and e-mail address for the “Verified by customers” service,
• Zboží.cz - records purchase conversions and e-mail address,
• Sklik - records cookies, web usage, purchase conversions,

You can find more information below in the section “Statement on the use of cookies”.

1. Your Rights

1. Under the conditions set out in the GDPR, you have the following rights:

• Right of access to personal data pursuant to Article 15 of the GDPR,
• Right to correct your personal data pursuant to Article 16 of the GDPR, or restrict the processing pursuant to Article 18 of the GDPR,
• Right to delete personal data pursuant to Article 17 of the GDPR,
• Right to object to the processing pursuant to Article 21 of the GDPR,
• Right to data portability according to Article 20 of the GDPR,
• Right to withdraw the consent to the personal data processing in writing or electronically to the address or e-mail of the Controller specified in Article III of these terms. You can revoke your consent at any time in your customer account.

1. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

VII. Terms of Personal Data Security

1. The Controller declares that they have taken all appropriate technical and organisational measures to secure personal data.
2. The Controller has taken technical measures to secure data repositories and personal data repositories in paper form, in particular, that they have secure/encrypted web access, encryption of customers’ passwords in the database, regular system updates, regular system backups.
3. The Controller declares that only persons authorised by them can access personal data.

VIII. Final Provisions

1. By sending the order from the online order form, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.
2. You agree to these terms by checking your consent via the online form. By checking the consent, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.
3. The Controller is entitled to change these terms. The latest version of the terms and conditions shall be published on their website. At the same time, the newest version of the terms and conditions shall be sent to you to the e-mail address you provided to the Controller.

 

These conditions took effect on May 25^th, 2018.