Terms of personal data protection
I. Basic provision
1. The personal data controller referred to in article 4 Point 7 of European Parliament and Council Regulation (EU ) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: 'GDPR") is BrokInCZ service s.r.o. , IČ 06009743 with its registered office at Zárubova 507/2, Kamýk, 142 00 Prague 4. (hereinafter: "administrator").
2. Admin Contact information is
address: Zárubova 507/2, Kamýk, 142 00 Prague 4
3. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
4. The administrator has not appointed a trustee for the protection of personal data.
II. Sources and categories of personal data processed
1. The administrator processes the personal data that you have provided to him or the personal information that the administrator has received by the fulfillment of your order.
2. The administrator processes your identification and contact information and data necessary for the performance of the contract.III. Legal reason and purpose of personal data processing
III. Legal reason and purpose of processing personal data
1. Legal reason for the processing of personal data is
– Performance of the contract between you and the administrator under art. Article 6 1 (a) B ) GDPR,
– The legitimate interest of the Controller in the provision of direct marketing (especially for sending commercial messages and newsletters ) In accordance with article Article 6 1 (a) F ) GDPR,
– Your consent to the processing for the purpose of providing direct marketing (especially for sending commercial messages and newsletters ) In accordance with article Article 6 1 (a) A ) GDPR in conjunction with § 7 paragraph 1 2 of Act No. 480/2004 Coll., on some information society services in the event that there was no order of goods or services.
2. The purpose of processing personal data is
– The execution of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the Administrator; When ordering, personal data required to successfully process the order (name and address, contact ) , the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data, it is not possible to conclude the contract or to fulfill it by the administrator,
– Sending commercial communications and other marketing activities.
The controller does not have automatic individual decision-making within the meaning of article 87 (1). 22 GDPR.
IV. Retention Period
1. The administrator keeps personal information
- For as long as is necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and the enforcement of claims from these contractual relations (for 15 years from the end of the contractual relationship ) .
- Until the consent to the processing of personal data for marketing purposes is revoked, for a maximum period of 10 years, if personal data are processed by consent.
2. After the personal data retention period expires, the administrator deletes the personal information.
V. Recipients of personal data (subcontractors of the )
1. Recipients of personal data are persons
- Involved in the supply of goods, services and payment implementation under the contract,
- Providing e-shop services and other services in connection with the operation of the e-shop,
- providing marketing services.
- Providing accounting services
2. The administrator intends to transfer personal data to a third country (to a non-EU country ) or international organization. Recipients of personal data in third countries are mailing and cloud service providers.
VI. Your Rights
1. Under the conditions set out in GDPR, you
- Right of access to your personal data under art. 15 GDPR,
- Right to repair personal data pursuant to art. 16 GDPR, where applicable, limitation of processing in accordance with article. 18 GDPR.
- Right to erasure of personal data pursuant to art. 17 GDPR.
- The right to object to the processing under art. 21 GDPR and
- Right to data portability under art. 20 GDPR.
- The right to revoke consent to the processing in writing or electronically to the address or email administrator referred to in art. III to these conditions.
2. You also have the right to lodge a complaint with the Office for Personal Data protection in the event that you believe that your right to the protection of personal data has been infringed.
VII. Terms of security of personal data
1. The administrator declares that he has taken all appropriate technical and organisational measures to secure personal data.
2. The administrator has adopted technical measures to secure data repositories and personal data stores in paper form.
3. The administrator declares that personal data can only be accessed by authorized persons.
VIII. Final provisions
3. The administrator is authorized to change these terms. The new version of the privacy terms will be published on its website and also send you a new version of these terms and conditions with your email address provided to you by the administrator.
These conditions shall take effect from the date of 26.11.2018