- Accordingly, it develops the General Regulation and strengthens the rights of people affected by processing in both cases: having (receiving) information on what their data are being processed and why, and requiring compliance with the rules, including remedy of the condition. The GDPR systematically put emphasis on the enforcement of the rights of people and the obligations of administrators (responsible for processing).
1 Introductory Provisions
- Company name: Top Crystal Trade s.r.o.
- Head office or place of business: Příkop 838/6, 602 00 Brno, Czech Republic
- Identification number: 04896602
- Web app: www.top-crystal.com
- The Operator operates the above-mentioned Web App. As a part of Web App, Personal Data referred in the section 3.2 for the purpose/purposes referred in the section 3.3, are processed by the Operator
- Administrator is the person who manages, deletes, forgets, edits, transfers and secures deleting of data from all backups.
Name: Ing. Petr Kaštyl, E-mail: firstname.lastname@example.org
- Operator as Personal Data administrator hereby informs about means and extent of Personal Data processing, including the extent of the rights of the Entity (as defined below) related to its Personal Data processing.
2 Related Documents
Including related documents.
3 Personal Data Protection and Information on the Processing
An Entity is a natural person to whom personal data relate (hereinafter as “Entity”). The Entity is not a legal person. Related data to a legal person are not personal data.
3.2 Personal Data Include
Personal data include:
- Name and surname
- Postal physical address of the user (not legal entity)
- Phone number
- Information on purchase (goods, price, amount, basket content)
- IP address of computer and computer network
- After the Entity logs in to the system, we record information about its visit of a website and browsing the Web App content.
- Information about the use of sites by logged in users (URL, time on site, and so on)
- Business ID of business legal person and Tax ID of business legal person.
3.3 Purpose of Personal Data Processing
Personal data of entities are used for these purposes (services):
- Commercial activities, unless the Entity does not provide Personal Data, is not possible to conclude an agreement with the Operator and/or provide with resulting services. Personal Data is necessary in this context for providing a particular service or product by the Operator. In order to comply with legal obligations to archive accounting documents under the Act No. 563/1991 Coll., on accounting as amended, Personal Data (except for e-mail address and phone number), will be processed further and archived for the period of 5 years from the beginning of the year following after the year in which an agreement was concluded between the Operator and the Entity.
- Application for a user account in order to conclude an agreement for the duration of the contractual relationship.
- Improving the quality of our services and the Web App content (e.g. editing design of Web App) until revocation
- Commercial Notifications – sending offers for goods or services, and messages leading to sales until the Entity is unsubscribed from commercial notifications.
- For sending information on changes of your registration account, information on activities related to your activity (e.g. response to your comment, information on price change of followed goods…) for the duration of the contractual relationship.
- Contest – we require the address to deliver a possible physical winning, phone number (for carrier or notification) and e-mail (message on winning or other winnings) for the duration of 12 months.
- Contests, marketing discounts and offers – we require the address to deliver a possible physical winning, phone number (for carrier or notification) and e-mail (message on winning or other winnings) for the duration of 12 months.
- Remarketing – inclusion in a remarketing audience, the processor of Cookies is a third party, usually Google, Sklik, Facebook. Remarketing is used to display the advertising notification to site visitors.
Who are the Processors that are used by the Administrator to process Personal Data and third-party companies.
- Internal records of data in accounting software PREMIER (PREMIER systém, a.s., Saturnova 1/1197, 104 00 Praha, Business ID: 25820516) and software POHODA (STORMWARE s.r.o., Za prachárnou 4962/45, 586 01 Jihlava, Business ID: 25313142) for the above-mentioned purposes. Personal Data are entered by the Entities in the Web App that is operated on the platform OpenCart with head office OpenCart Limited, Suite 19, 30-38 Dock Street. Leeds LS101JF, West Yorkshire, United Kingdom, and the Web App is technically administrated by the company NEXT VISION s.r.o., with head office Bj. Krawce 1377, 565 01 Choceň, Business ID: 03519881.
- Google LLC („Google company“) with headquarters in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for data: Cookies for the purpose of Remarketing that allows to reach the Entity, who visited the Web App in the past. Ads can display to them when browsing other websites in Google content network. Remarketing. The Operator uses the G Suite and Google Cloud Platform services, which is in accordance with the European standards for personal data protection.
- Facebook Inc., Menlo Park, California, USA for data: storing Cookies to customize, analyze ads and create more secure environment. More information on https://www.facebook.com/policies
- General Logistics Systems Czech Republic s.r.o., Průmyslová 5619/1, 586 01 Jihlava, Business ID: 26087961, for the purposes: providing postal physical address of the user, phone number and e-mail address for delivery of ordered goods. The amount of the insured shipment and the amount of cash on delivery if the user concluded the purchase agreement with cash on delivery method.
3.5 Acceptance / consent to personal data processing
Acceptance / consent to personal data processing is demonstrated by the Entities with these methods:
- Active consent (by clicking on): News “Subscribe”
- Consent is demonstrated by providing and sending Personal Data (i.e. by clicking on the relevant button). On the site is information on Personal Data processing. Consent results from the context and process. The Entity is aware that the processing of Personal Data by the Operator begins after the filled registration form is sent.
- Logging in with registration data
- The Operator has all necessary things (consents) for EU citizens to prove (when actively agreed with commercial notification, etc.).
Unless the Entity does not provide Personal Data, it is not possible to provide the services by the Operator referred in the section 3.3. Regarding this, Personal Data is necessary in this context to provide a specific service or product by the Operator.
3.6 Non-personal Data
For clarity we refer non-personal data that we record, i.e. is not required to be accepted by the Entity.
- Cookies necessary for the operation of the Web App
- Anonymous site visits (e.g. URL, browser, geolocation, operation system of the visitor)
3.7 Rights and Obligations
- The Operator will make maximum efforts to avoid unauthorized Personal Data processing. All Personal Data is stored in secure, locked spaces and all electronic data is secured by access passwords.
- The Entity is required to provide the Operator only with true and accurate Personal Data.
- The Entity has right to revoke anytime its consent to process provided Personal Data to the e-mail address of the Administrator. However, revocation of consent to process Personal Data is not possible in the extent and for the purposes to comply with legal obligations of the Operator. Revocation of consent is without prejudice to the legality of processing based on the consent given prior to its revocation. Revocation of consent is also without prejudice to the processing of Personal Data that are processed by the Administrator under legal basis other than consent (i.e. processing is mainly necessary for the performance of the contract, legal obligations or for other reasons referred in the applicable legislation).
The Entity is entitled to:
- access Personal Data;
- require correctness of provided Personal Data;
- require deleting of provided Personal Data;
- limit the processing of Personal Data;
- submit a complaint at the Personal Data Protection Authority
If the Entity considers that the Operator carries out processing its Personal Data contrary to the protection of its private and personal life, or contrary to the relevant legislation, mainly if the Personal Data is not correct regarding the purpose of its processing, the Entity can:
- require the Operator to explain this by sending an e-mail to the e-mail address of the Administrator
- object to the processing and require to eliminate such condition (e.g. by blocking, correcting, completing or deleting of personal data) by sending an e-mail to the e-mail address of the Administrator. The Operator will promptly decide on the objection and inform the Entity. If the Operator does not comply with the objection, the Entity is entitled to refer directly to the Personal Data Protection Authority. This provision is without prejudice to the right of the Entity to directly refer its complaint to the Personal Data Protection Authority.
- If the Entity requests information on the extent or means of processing of its Personal Data, the Operator is required to provide this information without delay, not later than one month after the Operator received the request on the address of the Administrator.
- If the Entity exercises the right to access Personal Data in electronic form, the Operator will also provide with information in electronic form, unless the Entity requests other form of providing information.
- The Operator is entitled to charge a reasonable administrative fee in case of repeated and unfounded request to provide physical copy of processed Personal Data.
4 Final Provisions
- All legal relationships arising from the processing of Personal Data are governed by the legislation of the Czech Republic, regardless of where access has been made. The relevant Czech courts are competent to resolve any disputes arising in connection with the protection of privacy between the Entity and the Operator.
- In relation to this Web App, Personal Data may be transferred across international borders to places where servers supporting Websites are located.
- The Entities who provide their Personal Data in order to conclude a contract with the Operator or provide their consent to the processing of Personal Data through a registration form, they do so voluntarily, on their behalf and the Operator does not manage their activities in any way.