ERPET Group a.s.
with its registered office at Spodní 7, Prague 5, 15900
identification number: 26138093
The company is registered in the Commercial Register kept by the Municipal Court in Prague, Section B, Insert 6285
1. Basic provisions
1.1 The administrator of personal data is the company ERPET Group a.s., with its registered office at Spodní 7, Prague 5, 15900, IČ: 26138093 (hereinafter referred to as the “Administrator”), which is also the operator of electronic commerce.
1.2 Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.3 The controller has not appointed a data protection officer.
2. Sources and categories of processed data
2.1 The Administrator processes personal data that you have provided to him or personal data that he has obtained on the basis of completing your order.
2.2 These are identification and contact details, necessary for the proper performance of the contract that you have concluded or intend to conclude with the Administrator. It is a purchase contract which is concluded at a distance, in accordance with Article 6 (1) (a). b) Regulation of the European Parliament and of the Council 2016/679 of 27.4. 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").
3. Legal reason and purpose of personal data processing
3.1 The controller has legal grounds for processing personal data. We consider the fulfillment of the contract between you and the administrator to be legal reasons, the administrator's legitimate interest in providing direct marketing, for the purpose of a targeted offer of products and services, pursuant to Art. f) GDPR, as well as consent to the processing of personal data for the purpose of direct marketing, which you provide to the Administrator in the event that the order of goods or services has not yet been ordered.
3.2 The purpose of processing personal data is to process the user's order and exercise the rights and obligations arising from the contractual relationship between you and the Administrator. The purpose of personal data processing is also the sending of business messages and other marketing activities.
3.3 There is no automatic individual decision-making by the Administrator within the meaning of Article 22 of the GDPR
4. Data retention period
4.1 The Administrator retains your personal data for the time necessary for the proper performance of the subject of the contract and for the exercise of claims arising from the contractual relationship between you and the Administrator (specifically for a period of 15 years from the termination of the contractual relationship).
4.2 If you give your consent to the sending of commercial communications, even if no goods or services have been purchased yet, the Administrator has the right to process the provided personal data until the consent is revoked, but for a maximum of 15 years.
4.3 After this period, the Administrator will delete the personal data.
5. Recipients of personal data
5.1 The recipient of personal data means the subcontractor of the Administrator who participates in the operation of the online store https://www.erpetcrystal.cz/
5.2. The administrator uses the services of Smartsupp.com s.r.o. headquarters Milady Horákové 13, 602 00 Brno IČO: 03668681 DIČ CZ03668681 - smartsupp service stores data in the Czech Republic and Germany. The administrator has entered into an agreement with Smartsupp on the processing of personal data. Smartsupp.com s.r.o. undertakes that personal data may be used only for the purposes of the proper functioning of the smartsup service, direct communication with the Administrator and for the statistical needs of the provider.
5.3. The controller transfers personal data to third countries.
6. Your rights
6.1 According to the conditions set out in the GDPR, you have the right to access your personal data pursuant to Article 15 of the GDPR, the right to correct personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR, the right to delete personal data pursuant to Article 17 of the GDPR , the right to object to the processing pursuant to Article 21 of the GDPR, the right to data portability pursuant to Article 20 of the GDPR and the right to revoke the consent to the processing in writing, to the address specified in Article 8.4 of these Conditions.
6.2 If you believe that the right to personal data protection has been violated, you have the right to file a complaint with the supervisory authority - the Office for Personal Data Protection.
7. Conditions of personal data security
7.1 The Administrator declares that it has taken the necessary technical and organizational measures to secure your personal data.
7.2 Access to personal data is password bound. Personal data is regularly backed up and communication security is ensured by encryption (SSL certificate).
7.3 Access to personal data is restricted to authorized persons of the Administrator and its subcontractors.
8. Final provisions
8.1 By sending the order, you confirm that you are familiar with the principles of personal data protection, agree with their wording and accept them in full.
8.2 By checking the consent, you give the Administrator your consent to these conditions, you confirm that the provided data is accurate and that it is a voluntary provision of personal data.
8.3 Contact details of the Administrator in matters relating to the following conditions: Staromestske namesti 27, Prague 1, 110 00, e-mail: firstname.lastname@example.org, telephone: +420 224 229 755.
These conditions are valid and effective as of May 24, 2018