- The personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is Label design a.s. IČ 63999722, B 3580 registered at the Municipal Court in Prague with its registered office at Plzeňská 247/59, Košíře, 150 00 Prague 5 (hereinafter referred to as: "Administrator").
- The contact details of the controller are:
- Address: Sobínská 185, Chrášťany, 252 19
- Email: email@example.com
- Phone: +420 257 894 111
- Personal data refers to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- The Controller has not appointed a Data Protection Officer.
Sources and Categories of Processed Personal Data
- The Controller processes the personal data that you have provided to him / her or the personal data that the Administrator has obtained based on the fulfillment of your order.
- The Controller processes your identification and contact details and any data necessary for the fulfillment of the contract/your order.
Legal Purpose of Personal Data Processing
- The legal reasons for the processing of personal data are:
- the fulfillment of the contract/order between you and the Administrator pursuant to Art. 6 para. 1 point. b) GDPR,
- the legitimate interest of the Administrator in providing direct marketing (for sending commercial communications and newsletters) pursuant to Article 6 para. 1 point. f) GDPR,
- your consent to processing for the purpose of providing direct marketing (for sending commercial communications and newsletters) pursuant to Art. 6 para. 1 point. a) GDPR in conjunction with § 7 para. 2 of Act No. 480/2004 Coll., on certain information services if no goods or services have been ordered.
- The purpose of personal data processing is to:
- fulfill your order and exercising the rights and obligations arising from the contractual relationship between you and the Administrator; when ordering, personal data are required which are necessary for the successful fulfillment of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, without the provision of personal data it is not possible to conclude the contract or to fulfill it by the Administrator,
- send business messages and perform other marketing activities.
- The Administrator does not make automatic individual decisions within the meaning of Article 22 of the GDPR. You have given your explicit consent to such processing.
Data Retention Period
- The Controller stores personal data:
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Administrator and to exercise claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
- for the period until the consent to the processing of personal data for marketing purposes is withdrawn, up to a maximum of 10 years, if personal data are processed based on consent.
- Upon the expiration of the personal data retention period, the Controller shall erase the personal data.
Recipients of Personal Data (Subcontractors of the Controller)
- The recipients of personal data are persons:
- involved in the delivery of goods, services, or the execution of payments under the contract,
- participating in ensuring the provision of services,
- who provide marketing services.
- The Administrator does not intend to transfer personal data to a third country (to a non-EU country) or to any international organizations.
- Under the conditions set out in the GDPR, you have:
- the right to access your personal data pursuant to Article 15 of the GDPR,
- the right to rectify personal data pursuant to Article 16 of the GDPR, or to restrict processing pursuant to Article 18 of the GDPR.
- the right to erasure personal data pursuant to Article 17 of the GDPR.
- the right to object to processing pursuant to Art. 21 GDPR and
- the right to data portability pursuant to Art. 20 GDPR.
- the right to withdraw your consent to the processing of your personal data, in writing or electronically, to the address or email of the Administrator provided in Article III. of these Terms and Conditions.
- You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
- The Administrator declares that all appropriate technical and organizational measures to secure personal data have been taken.
- The Administrator has taken technical measures to secure the personal data repositories in electronic and paper form, in particular the use of anti-virus programs, secure the storage of backups, and secure access passwords, or follow ISO27001 certification.
- The Administrator declares that only persons authorized by the Administrator will have access to personal data.
- The Administrator is entitled to change these terms. Any new versions of the terms and conditions will be published on its website, or an updated version of these terms will be sent to the e-mail address you have provided to the Administrator.
These conditions are effective as of 25.5.2018.