Privacy Policy

Personal Data Protection

I. Basic Provisions

The controller of personal data according to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is entrepreneur Vitalii Boldovskyi, located at Frýdlantská 1312/19, 182 00, Prague 8 - Kobylisy, Identification Number: 19355432, a natural person registered in the trade register (hereinafter referred to as the "controller").

II. Personal Data and Their Processing

  1. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier, or one or more specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  2. Personal data of the client are collected in the case of:
    • registering an account in the online store to create and manage their personal account. Legal basis: necessary for the performance of an account management agreement (Art. 6(1)(b) GDPR);
    • placing an order in the online store purchase contract. Legal basis: necessary for the performance of a purchase contract (Art. 6(1)(b) GDPR);
    • subscribing to the newsletter (Newsletter)
  3. In case of account registration, the client provides:
    • first and last name
    • email address
    • postal code and place of residence
    • street, room
    • recipient details
    • country
    • phone number
  4. The controller processes your identification and contact details and data necessary for the fulfillment of the contract.
  5. When registering an account in the online store, the client sets an individual password for access. The client can change the password later.
  6. When ordering in the online store, the buyer provides the following information:
    • email address
    • recipient details
    • postal code and place of residence
    • country
    • street, room
    • first and last name
    • phone number
  7. In case of using postal services, the client provides a one-time email address.
  8. When using the website of the online store, additional information may be collected, in particular: the IP address assigned to the client's computer or external IP address of the internet provider, domain name, browser type, access time, type of operating system.
  9. Customers may also collect information about the links they enter or other activities in the online store.
  10. Some data provided by the customer may be processed as part of the functionality of the online store, such as name, surname, usage data.
  11. Personal data provided by the controller are given voluntarily in connection with sales contracts or service provision via the online store. If the requested information is not provided in the registration form, it is not possible to create a client account, and in case of an order without registration of a client account, it does not allow the client to send and complete the order.

III. Legal Reason and Purpose of Processing Personal Data

  1. The legal reason for processing personal data is:
    • performance of the contract between you and the controller under Art. 6(1)(b) GDPR,
    • fulfillment of the legal obligation of the controller under Art. 6(1)(c) GDPR.
  2. The purpose of processing personal data is:
    • to process your order and exercise the rights and obligations arising from the contractual relationship between you and the controller; personal data necessary for the successful processing of the order (name and address, contact) are required when placing an order, providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data, it is not possible to conclude the contract or fulfill it by the controller,
    • fulfilling legal obligations towards the state.

IV. Data Retention Period

  1. Customer's personal data is provided to service providers used by the controller in the online store. Personal data provided to service providers depend on the terms of the contract or in accordance with the controller's instructions. Concerning the purposes and methods of processing data (data processors) or independently determine the purposes and methods of their processing (administrators).
    • The controller uses service providers who process personal data only on request of the controller. These include hosting providers, marketing systems, internet marketing systems, marketing campaign analyses.
    • Administrators. The controller uses suppliers who not only follow instructions but also determine the purposes and methods of using personal information of their customers. They provide electronic payment services.
  2. Location. Service providers are mainly located in the Czech Republic and other countries of the European Economic Area.
  3. Customer's personal data is stored:
    • In case of consent to the processing of personal data, processed by the controller necessary for the performance of the contract. Unless otherwise specified, the limitation period is ten years. Consent to marketing offers is valid for 4 years or until cancellation.
  4. In the case of the online store, depending on the buyer's choice, personal data may be transferred to the following persons for delivery of the ordered goods:
    • courier companies
  5. Data may also be used to provide better customer service, statistical analysis, and customization of the online store in accordance with customer preferences and for the management of the online store.
  6. If the client subscribes to the newsletter to their email address, the controller sends emails containing commercial information for promotions and new products available in the online store.
  7. The controller provides personal data to authorized state authorities upon request, especially the public prosecutor's office, police, chairman of the Personal Data Protection Commission, chairman of the Office for the Protection of Economic Competition, and other authorized authorities.

V. Cookies and IP Address

  1. The online store uses so-called cookies. These are small text files written by the controller on the end device of the person visiting the online store, if the web browser allows it. Cookies usually contain the name of the domain from which they were received, the duration of their storage, and a unique number that identifies the file. Information collected using this type of file serves to best meet the customer's requirements. In this way, customers can obtain information about individual product preferences, and the use of cookies can meet their needs. Cookies also provide an opportunity to create general statistics about visits to products represented in the online store.
  2. The controller uses two types of cookies:
    • Short-term cookies - information from them is deleted once the pages are visited. The mechanism of these cookies does not allow the collection of personal data or confidential information from the client's computer.
    • Persistent cookies - are stored on the client's device and remain there until they expire or are deleted.
  3. The controller uses cookies to:
    • Authenticate the client in the online store and provide client session (after logging in), as a result of which the client does not have to re-enter their login name and password on each subpage of the online store.
    • Analyze and create anonymous statistics that help understand how the buyer uses the store site, which contributes to improving its structure and content.
  4. In the program, the controller uses external cookies to collect general and anonymous statistical data using analytical tools Google Analytics (external cookie controller: Google Inc. based in the USA);
  5. The cookie mechanism is completely safe for online shoppers. However, customers can limit or disable access to cookies for their computers in their browsers. If this option is used, it is possible to use the online store in addition to the functions that require cookies.
  6. Below is how you can change the settings of popular web browsers when using cookies:
    • Internet Explorer browser;
    • Microsoft EDGE browser;
    • Mozilla Firefox browser
    • Chrome browser
    • Safari browser
    • Opera browser
  7. The controller may collect IP addresses of customers.
  8. The online store contains links to other sites. The controller is not responsible for privacy practices that apply to them.

VI. Rights of Data Subjects

  1. Right to withdraw consent
    • The client has the right to withdraw consent from the controller.
    • Withdrawal of consent becomes effective immediately.
    • Withdrawal of consent does not affect the processing carried out by the controller in accordance with the law before its withdrawal.
    • Withdrawal of consent does not have negative consequences for the client, but it may prevent further use of services or functionality.
  2. Right to object to data processing
    • The client has the right to object at any time - for reasons related to a specific situation in the processing of personal data. If you withdraw your consent to the processing of personal data, they will be deleted or anonymized.
    • If the customer believes that the online store processes personal data contrary to personal data protection, the customer may ask to resolve the situation. They may also require the correction or deletion of their personal data.
    • If the customer's objection is justified and the controller does not have any other legal basis for processing personal data, the customer's personal data will be deleted.
  3. Right to delete personal data
    • The client has the right to request the deletion of all or some of their personal data.
    • The client has the right to request the deletion of personal data if:
      • personal data are no longer necessary for the purposes for which they were collected or processed;
      • objects to the use of personal data for marketing purposes
      • misuse of personal data
      • personal data must be deleted to comply with the legal obligations established by the EU
    • Despite the request to delete personal data in connection with the occurrence of objections or withdrawal of consent, the controller may retain certain personal data if the processing is necessary to determine, verify, or protect claims, as well as to fulfill legal obligations requiring processing in accordance with EU legal regulations or legal regulations of the member state in which the controller operates. This applies in particular to personal data, including: name, surname, email address, or additional address, order number, and data that are retained for the purpose of handling complaints and claims related to sales contracts or services.
  4. Right to restrict personal data
    • The client has the right to request a restriction on the processing of their personal data. Submitting a request taking into account the prevention of the use of certain functions or services whose use will include the processing of data to which the request applies. The controller will not send messages, including marketing.
    • The client has the right to request a restriction on the use of personal data in the following cases:
      • If you doubt the authenticity of personal data - then the controller restricts their use for the time necessary to verify the correctness of the data, but not longer than 7 days;
      • If data processing is unlawful, but instead of deletion, the client requires restricting the use of data.
      • If personal data are no longer required for the purposes for which they were collected or used, the customer is required to confirm or confirm these claims;
      • If the client objects to the use of their data, then the time period necessary to assess whether the protection of the interests and rights and freedoms of the client outweighs the interests of the manager in processing the personal data of the client is restricted.
  5. Right to access data
    • The client has the right to obtain from the dispatcher confirmation that it processes personal data, and if so,
    • seeks access to your personal information
    • a copy of your personal data is required
  6. Right to change data

    The client has the right to require the controller to immediately correct their personal data if the information about them is incorrect. Considering the purposes of processing, the client, whose data are relevant for correction, has the right to request the completion of incomplete personal data, even by submitting an additional application, sending a request to the email address.

  7. Right to data portability

    The client has the right to receive personal data provided to them and then send them to another personally selected data controller. The client also has the right to request that the controller send personal data directly to such a controller, if technically possible. In this case, the administrator will send the client's personal data as a CSV file, which is a widely used machine-readable format that allows the received data to be sent to another data controller.

  8. The client may submit complaints to the controller, requests, and questions regarding the processing of their personal data and the exercise of their rights.
  9. The client has the right to request from the controller to provide copies of standard contractual clauses by structuring the request accordingly.
  10. The client has the right to appeal to the chairman of the Office for Personal Data Protection in violation of their privacy rights or other rights.

VII. Services tailored to your preferences and interests (profiling)

  1. Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of the client and, in particular, to analyze or predict aspects of the impact of this person's work, situation, health, personal preferences, interests, behavior, location.
  2. The client's personal data may be processed automatically (profiling), which will not result in any legal consequences.
  3. Profiling personal data by the controller is designed to automatically and manually process customer data and evaluate certain information about customers, especially to analyze or predict personal preferences and interests.
  4. The controller uses its own cookie mechanisms to download information about customers' activities on the website of the online store.

VIII. Security Management — Password

  1. In the program, the controller provides customers with a secure and encrypted connection when submitting personal data and logging into the client's profile on the website. The controller uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted over the Internet.
  2. If a customer who has a store account has forgotten the password, the online store allows generating a new password. The controller does not send password notifications. The password is stored in an encrypted database, so it cannot be read. To create a new password, enter your email address in the form accessible through the "Remind password" link provided in the login form. The new password will be automatically sent to the email address you provided during registration or saved during the last change of the client account.
  3. The controller never sends correspondence, including emails, requesting login details, especially passwords to access the client's account.

IX. Final Provisions

  1. By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
  2. The controller is entitled to change these terms. A new version of the terms of personal data protection will be published on its website.
  3. Questions regarding personal data protection policies should be directed to: hennashop2023@gmail.com

Published on 21.05.2024