Privacy Policy
I.
General
1. The Data Controller under article 4(7), Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ('GDPR') is Lukáš Pětioký, CRN 67475078 with registered office at Žižkova 151, 530 06 Pardubice VI - Svítkov (the 'Data Controller').
2. The contact details of the Data Controller are:
Adress: Žižkova 151, 530 06 Pardubice VI - Svítkov
E-mail: info@petioky.cz
Phone: 731 463 710
3. 'Personal Data' shall mean any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier – such as a name, an identification number, location data or an online identifier – or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The Data Controller has not appointed a Data Protection Officer.
II.
Sources and categories of personal data processed
1. The Data Controller shall process any personal data that you have provided and/or data that the Data Controller has received on the basis of the performance of a contract agreement / order.
2. The Data Controller shall process your identification and contact details as well as data necessary for the performance of the contract agreement.
III.
Lawful reason and purpose for processing personal data
1. The lawful reasons for processing personal data shall be as follows:
- performance of the contract agreement made by you and the Data Controller under Article 6(1)(b) of GDPR
- negotiations to conclude an employment relationship in the context of vacancy procedures
- the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR
- your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the absence of an order for goods or services
2. The purpose of processing personal data shall be as follows:
- processing your order and exercising the rights and obligations arising from the contractual relationship between you and the Data Controller; when placing an order, personal information is required that is necessary for the successful processing of the order, i.e. your name, address and contact details; providing personal data is a requirement for the conclusion/performance of the contract agreement – without providing personal data it is not possible to conclude/perform the contract agreement by the Data Controller
- sending commercial communications and other marketing activities
- the purposes contained in the Data Subject's consent
3. There is no automatic individual decision-making by the Data Controller within the meaning of Article 22 of GDPR.
IV.
Data retention period
1. The Data Controller shall store personal data as follows:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Data Controller and to apply claims under that contractual relationship; the period shall be 15 years from the ending of the contractual relationship)
- for as long as the consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 10 years if the personal data is processed on the basis of consent
- for the duration of the consent or until the consent is revoked
2. After the expiry of the data retention period, the Data Controller will erase the personal data.
V.
Recipients of personal data (Data Controller's sub-contractors)
1. Recipients of personal data shall involve the following persons:
- persons involved in the delivery of services / execution of payments under a service contract
- persons involved in the operation of the website, e-shop and other services in connection with the operation of the website and e-shop
- persons processing the human resources agenda
- persons providing marketing services
2. The Data Controller does not intend to transfer personal data to a third country (non-EU country) or an international organisation.
VI.
Rights of the Data Subject
1. Under the conditions set out in GDPR, you shall have:
- the right of access to your data under Article 15 of GDPR
- the right to have your data amended under Article 16 of GDPR and/or to restrict the processing under Article 18 of GDPR
- the right to have your data erased under Article 17 of GDPR
- the right to object to the processing under Article 21 of GDPR
- the right to data portability under Article 20 of GDPR
- the right to withdraw your consent to the processing, which shall be made by mailing/emailing your request to the Data Controller's addresses specified in Article I of this Privacy Policy
2. You shall also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
VII.
Personal Data Security Terms and Conditions
1. The Data Controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
2. The Data Controller has taken technical measures to secure data storage and storage of personal data in paper form, in particular technical security in the form of computer storage, regular system updates, secure passwords, antivirus softwares and regular system backups.
3. The Data Controller declares that only persons authorised by it have access to personal data.
VIII.
Cookies
1. In accordance with the provisions of Section 89, Paragraph 3 of Act No. 127/2005 Coll., On Electronic Communications, as amended, we hereby inform you that in order to improve the services provided to you, our website uses so-called Cookies for its activities. Cookies are small text files that are sent from the administrator's server to your browser and are sent back to the administrator's server when you visit the website again. In this way, the Cookies allow the administrator to recognize your browser, remember information about your previous activity on the website, and adapt the content of the website to your needs.
2. The Data Controller uses the following types of Cookies:
- Essential Cookies, which enable the safe and correct operation of the website and the full performance of its basic functions
- Functional Cookies - used exclusively for data transmission and communication over an electronic network
- Performance Cookies - servers for statistical purposes only. They allow you to track aggregate information about site traffic and the use of various features
3. You can delete Cookies using your browser settings. This can also be set so that Cookies are not automatically saved. However, if you block, disable or otherwise reject certain Cookies, the website may not display properly or you may not be able to use certain features of the website.
IX.
Final provisions
1. By submitting an order from the online order form, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
2. You agree to these terms and conditions by ticking the consent box via the online order form. By checking the consent box, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
3. The Data Controller is entitled to amend this Privacy Policy. The Data Controller shall publish any new version of the Privacy Policy on its website.
4. Relationships not expressly regulated by this Privacy Policy shall be governed by GDPR and the system of law of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.
These terms and conditions will take effect on 1 January 2024.