1. Definitions
1.1 For the purposes of this Privacy Policy, the following terms shall have the following meanings:
1.1.1 "GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in on the processing of personal data and on the free movement of such data;
1.1.2 "Civil Code" - Act No. 89/2012 Coll., the Civil Code, as amended;
1.1.3 "Shop" - the online shop available at https://www.corpuslingerie.com/, which displays goods for sale to the Buyer;
1.1.4 "Rules" - these data protection rules governing the protection of personal data in the use of Shop and the sale of Goods;
1.1.5 "Contract" - the purchase contract within the meaning of Section 2079 et seq. of the Civil Code, which shall be concluded on ordering the Goods;
1.1.6 - "Controller" - in accordance with Article 4 point 7 GDPR - ID: 07878834, registered office: Mojžíšova 1969/4, 612 00 Brno, email: zakovaalzbeta@gmail.com;
1.1.7 "Subject" - an identified or identifiable natural person within the meaning of the GDPR whose personal data are processed by the Administrator (visitor and user of the Shop);
1.1.8 "Information Society Act" - Act No. 480/2004 Coll., on certain information services society, as amended;
1.1.9 "Act on the Protection of Personal Data" - Act No. 101/2000 Coll., on the Protection of Personal Data, as amended as amended; and
1.1.10 "Goods" - goods (movable items) displayed through the Store for sale.
2. Introductory provisions
2.1 The Rules inform about the manner and scope of processing of personal data carried out by the Administrator and about the rights Subjects whose personal data are processed.
2.2 The Controller only processes accurate personal data that it has obtained in accordance with the GDPR, and such personal data is collected and processed by the Controller solely in accordance with the Rules in accordance with the GDPR and the The Controller shall process the personal data of Subjects in a lawful and transparent manner. in a transparent and transparent manner, subject to the condition of minimisation of personal data to the extent necessary in relation to the purpose, for which they are processed.
3. Sources and categories of personal data
3.1 The Controller exclusively processes personal data obtained from Subjects through the Shop, namely:
3.1.1 by placing an order for Goods through the interface of the Shop;
3.1.2 by filling in the email request box of the Controller's newsletter (commercial communications); or
3.1.3 by participating in a competition or other marketing event run by the Administrator.
3.2 The Controller processes the following personal data of Subjects:
3.2.1 name;
3.2.2 surname;
3.2.3 telephone number;
3.2.4 email address;
3.2.5 residential address; and
3.2.6 gender.
4. Lawful grounds and purposes of processing
4.1 The controller processes personal data for the following purposes:
4.1.1 performance of a contractual relationship - for this purpose, the Controller requires (i) name, (ii) surname, (iii) telephone number, residential address and (iv) email address;
4.1.2 statistical purposes - to determine website traffic (anonymous), to monitor the number of page views of the Shop, time spent in the Shop, type of facilities of the Subject for the purpose of improving Administrator's services;
4.1.3 sending commercial communications and offering the Administrator's products and services (newsletter) - for this purpose The Administrator requires an e-mail address;
4.1.4 legitimate interest of the Controller - processing to the extent necessary to ensure effective defence of the Controller, registration of the Controller, improvement of the Controller's services, direct marketing of the Controller (in relation to customers Controller's customers) and the justified protection of the Controller's interests (protection against fraud and attacks on technical solutions Commerce); and 4.1.5 compliance with legal obligations - in particular for tax and accounting purposes and the provision of information to public authorities (bodies).
5. Data retention period (retention period)
5.1 The Controller shall retain personal data processed for the purposes of Articles 4.1.1 and 4.1.2 of the Rules for a period of ten (10) years from the execution (completion) of the last part of the contractual relationship, unless a longer period is required by law retention.
5.2 The controller shall retain personal data processed for the purposes of Article 4.1.3 of the Rules for as long as the consent is withdrawn or the subscription to the newsletter (commercial communications) is unsubscribed.
5.3 The controller shall retain personal data processed for the purposes of Article 4.1.4 of the Rules for a period of four (4) years from the expiry of the warranty period for the Goods, which, in the event of a dispute (judicial or extra-judicial), shall apply mutatis mutandis extended.
5.4 The Controller shall retain personal data processed for the purposes of Article 4.1.5 of the Rules for a period of thirty (30) years from the time of their acquisition.
5.5 At the end of the retention period (retention period), the Controller shall destroy the personal data.
6. Processors
6.1 The following processors process personal data for the Controller:
6.1.2 operators of services enabling the operation and functioning of the Shop;
6.1.2 the operator of cloud storage - Google Cloud (https://cloud.google.com/security/gdpr/)
6.1.3 operator of the email service - Google Mail (https://cloud.google.com/security/gdpr/)
6.2 Personal data will not be transferred to third countries outside the EU or to international organisations.
7. Security of personal data
7.1 The controller declares that it has taken all the necessary technical, organisational and security measures to adequately secure the personal data with regard to its confidentiality, integrity and availability.
7.2 Only persons authorised by the Data Controller have access to personal data.
8. Commercial communications (newsletter)
8.1 The Controller is entitled to send newsletters and other commercial communications related to the Shop and the Goods to the e-mail address of the Subject who has purchased the Goods from the Controller. The sending of commercial communications is governed by Section 7(3) of the Information Society Act. The Subject may refuse to receive further commercial communications at any time - for example by clicking on the unsubscribe link in the commercial communication.
9. Rights of Subjects
9.1 Each Subject has the following rights:
9.1.1 the right to access their personal data (Article 15 GDPR);
9.1.2 the right to rectification of personal data (Article 16 GDPR);
9.1.3 the right to erasure of personal data (Article 17 GDPR);
9.1.4 the right to restrict the processing of personal data (Art. 18 GDPR);
9.1.5 the right to data portability (Art. 20 GDPR); and
9.1.6 the right to object to the processing of personal data (Article 21 GDPR).
9.2 In the case of a request for erasure of personal data, the request will only be granted if the interest Controller's interest does not outweigh the interest of the Subject.
9.3 The Subject has the right to withdraw his or her consent (if this is a lawful ground for processing) at any time with the processing of their personal data in writing or electronically to the address or email of the Controller.
9.4 In the event of reasonable doubt about the Controller's compliance with its obligations to process personal data properly, the Subject may lodge a complaint with the Data Protection Authority. Alternatively, he or she may also contact competent court.
10. Cookies
10.1 The Controller uses cookies to collect data about the behaviour of visitors to the Shop in order to improve the Controller's services. At the same time, it is possible to browse the Shop pages in a mode where the behaviour of the visitor is not monitored. This mode can be activated by adjusting the web browser settings accordingly or by sending an objection pursuant to Article 21 of the GDPR to the Administrator's email. If cookies necessary for the proper operation of the Shop are blocked, the functionality of the Shop may be disrupted.
10.2 Cookies for the targeting of marketing messages are processed on the basis of the Subject's consent, which is represented by the settings of his/her web browser. The Subject grants consent for the period of time specified in below for each cookie and can be revoked at any time by changing the settings of the internet browser.
10.3 For the purpose of displaying relevant marketing messages and linking to social networking services for Controller, the following processors process cookies:
10.3.1 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of Google Analytics. The cookies collected are subsequently processed by Google Inc. in accordance with the privacy policy available at https://www.google.com/intl/cs/policies/privacy/#nosharing.
10.3.2 Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, as operator of the Facebook Pixel service. The cookies collected are subsequently processed by Facebook Inc. in accordance with the privacy policy available at https://www.facebook.com/fulldatausepolicy.
10.4 The Administrator uses the following cookies on the Shop pages:
10.4.1 Temporary cookies - these are temporary files that allow the monitoring of the Subjects' activity on the Shop website and are deleted when the internet browser window is closed. 10.4.2 Persistent cookies - these are permanent files that allow the identification of the Subject when browsing the Shop website and thus improve the Subject's user experience. These files can be deleted at any time in the browser settings.
11. Final provisions
11.1 By using the interface of the Shop and/or placing an order, the Subject confirms that he/she has duly read the Rules and has no objections to them.
12.2 The Rules may be subject to unilateral changes by the Administrator. There will always be the current version of the Rules. The Administrator will inform Subjects of any changes to the Rules by e-mail.
The Rules will take effect on 20.4.2019.
