I.
Basic Provisions
1. in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as “GDPR”), the controller of personal data as defined by Article 4(7) of said Regulation shall be Vlastimil Čurda, Trader Identification Number 07144318 (hereafter referred to as “Controller”).
2. The Controller’s contact information is as follows:
· Address: Na černém vrchu 5, 150 00, Praha 5
· E-mail: info@kikimorateam.com
3. Personal data is understood to mean all information on an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The controller did not designate a personal data protection officer.
II.
Sources and Categories of Processed Personal Data
1. The Controller processes personal data provided to them by you and/or personal data which they gained from the processing of your order.
2. The Controller processes your identification and contact information as well as data necessary to perform agreements between them and you.
III.
Legal Basis for and Purpose of Personal Data Processing
1. The legal basis for the processing of your personal data is
· The performance of agreements between you and the Controller in pursuance of Article 6(1b) of the GDPR.
· The legitimate interest of the Controller in providing direct marketing (particularly sending commercial communications and newsletters) in pursuance of Article 6(1f) of the GDPR.
· Your agreeing to the processing for the purposes of providing direct marketing (particularly sending commercial communications and newsletters) in pursuance of Article 6(1a) of the GDPR and Section 7(2) of Act No. 480/2004 Coll., on select services of an information company in cases where no order of product or service has been made.
2. The purpose of the processing of personal data is
· The fulfilment of your order and the exercising of the rights and duties arising under the contractual relationship between you and the Controller; ordering products requires you to provide personal data necessary for the successful fulfilment of the order (i.e., name, address, contact information); the acquisition of personal data is a necessary requirement for the conclusion and performance of an agreement; it is neither possible to conclude nor – on the part of the Controller – to perform the agreement without you providing your personal data.
· The sending of commercial communications and engaging in other marketing activities.
3. There shall be no automatic individual decision-making as defined in Article 22 of the GDPR on the part of the Controller.
IV.
Duration of Storage of Personal Data
1. The Controller shall store personal data
· For a duration necessary for the exercise of rights and duties arising under a contractual relationship between you and the Controller and for the assertion of claims under such contractual relationship (i.e., within 15 years of the cessation of the contractual relationship).
· Until the withdrawal of consent to personal data processing for the purposes of marketing, to a maximum duration of 15 years if the personal data processing in question is based on consent to such processing.
2. After the end of the duration of storage of personal data, the Controller shall erase the personal data in question.
V.
Recipients of Personal Data (Subcontractors of the Controller)
1. Recipients of personal data shall be:
· Those participating in the delivery of products / services / in the execution of payment arising under a contract.
· Those ensuring services in the operation of the e-shop and other services relating to the operation of the e-shop.
· Those ensuring marketing services.
2. The Controller does not intend to disclose personal data to a third country (i.e., a country without the EU) or to an international organisation.
VI.
Your Rights
1. Under the GDPR, you shall enjoy the right to:
· Access to your personal data in pursuance of Article 15 of the GDPR.
· Rectification of your personal data in pursuance of Article 16 of the GDPR, as well as the right to restriction of processing in pursuance of Article 18 of the GDPR.
· Erasure of your personal data in pursuance of Article 17 of the GDPR.
· Objection to processing in pursuance of Article 21 of the GDPR.
· Data portability in pursuance of Article 20 of the GDPR.
· Withdraw consent to processing in writing or electronically, delivered to the address or email address of the Controller, respectively, as provided in Article III hereof.
2. You shall further enjoy the right to lodge a complaint with the Office of Personal Data Protection if you consider that your right to personal data protection has been infringed.
VII.
Personal Data Security Measures
1. The Controller declares that they have put in place all appropriate technical and organisational measures necessary to ensure the security of personal data.
2. The Controller declares that only persons authorised by the Controller shall have access to personal data.
VIII.
Final Provisions
1. Placing the order within the Internet order placement form constitutes your confirmation that you are informed about the terms and conditions of personal data protection, as well as your consent to the fullest extent of said terms and conditions.
2. Marking the consent confirmation checkbox within the Internet customer registration form, on e-mail newsletter subscription, and/or in the order placement form constitutes your confirmation that you are informed about the terms and conditions of personal data protection, as well as your consent to the fullest extent of said terms and conditions.
3. The Controller shall be authorised to change these terms and conditions. Any new version of these personal data protection terms and conditions shall be published on their website and sent to the e-mail address you have provided to the Controller.
These terms and conditions shall enter into effect on December 16th, 2021.