Terms and Conditions and GDPR
FORTEMIX s.r.o., with its registered office at Kirilovova 812, 739 21 Paskov, Czech Republic, Company ID: 268 68 211, a limited liability company registered in the Commercial Register of the Regional Court in Ostrava under file no.
1.1 This policy has been devised in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) with and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
1.2 This policy has been devised in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) with and in accordance with Act No. 110/2019 Coll., on the processing of personal data.
1.3 Other terms such as “special categories of personal data”, “data subject”, “processing of personal data”, “controller”, “processor”, “risky processing”, “automatic individual decision-making including “profiling” and “appropriate technical and organizational measures” have meaning and must be interpreted in accordance with and in the context of the GDPR.
2. WHAT PERSONAL DATA THE CONTROLLER PROCESSES
2.1 The Controller processes the following data about the Data Subject:
- address and identification data: name and surname, address, email, telephone
- billing and payment information: optionally ID, VAT number, registered office address
- data on purchased products, data on the use of products, data on communication with the Controller
2.3 Personal data may be stored for a longer period than specified in the table below if it is processed solely for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes.
2.4 If you have used the option to subscribe to the newsletter, you grant the Controller your consent to the use of your email address for the purpose of sending commercial and marketing communications related to the products or services on offer. Your email address will be processed in accordance with the data protection regulations and in compliance with this policy. You can withdraw your consent to the processing of your email address for marketing purposes at any time by an email sent to the address firstname.lastname@example.org, or by sending it to the address of the Controller’s registered office.
3. PURPOSE AND LEGAL BASIS OF PROCESSING – PROCESSING TIME
|Processed personal data||Purpose of the processing||Legal ground for processing||Processing time|
|Address and identification data||processing of orders and communication regarding the conclusion and performance of the contract||implementation of measures taken prior to the conclusion of the contract (negotiations prior to the conclusion of the contract), performance of the contract||for the period necessary to negotiate before the conclusion of the contract and subsequently for the performance of the contract|
|Payment and billing information||processing of orders and performance of the contract, bookkeeping||performance of the contract, fulfillment of legal obligations||for a period of 10 years from the last payment|
|Data on purchased products, their use, communication data||contract performance, customer care||performance of the contract, legitimate interest||for the duration of the contract and for a period of one year after it ends|
|Your name and email granted outside the performance of the contractual relationship only for newsletter subscribers||regular sending of commercial communications contain offers, information and news in accordance with Act No. 480/2004 Coll.||consent granted when registering for newsletters||until the consent is withdrawn; or until the recipient unsubscribes|
|Address and identification data||handling messages sent via a web form||implementation of measures taken prior to the conclusion of the contract (negotiations prior to the conclusion of the contract), performance of the contract||for the time necessary to handle the communication|
4. PRINCIPLES OF PERSONAL DATA PROCESSING
4.1 The Controller processes personal data in a fair, lawful and transparent manner. These Principles acquaint the Data Subject with the scope, content and manner in which the Controller processes personal data.
4.2 The personal data processed by the Controller is reasonable, relevant and restricted to the extent necessary to fulfil the specified purpose in relation to the contractual relationship.
4.3 The Controller needs the personal data of the Data Subject to be accurate and up-to-date. If any of the data provided is out of date, the Data Subject is obliged to modify it in the user account after registration.
4.4 The Controller processes personal data in a manner that properly safeguards it, including protecting it using the appropriate technical or organizational measures against unauthorized or unlawful processing and against any accidental loss, destruction or damage.
5. RECIPIENTS OF PERSONAL DATA AND INTENTION TO TRANSMIT INFORMATION
5.1 The Controller may also transfer the personal data of the Data Subject to a third party as the recipient. However, the Controller always proceeds in this manner only in justified cases. The Controller may transfer personal data to the following recipients:
a) to processors who process the personal data of the Data Subject according to the instructions of the Controller and the relationships with which they are treated according to the requirements of Article 28 of the GDPR; in particular, to providers of programs used by the Controller for the better security and operation of its services; to providers of transport, accounting and tax advisory services; they will have access only to the extent necessary and for the purpose of the administration and technical support of the programs used;
b) to public authorities and other bodies where required by applicable law;
c) to other entities in the event of an unexpected event in which the provision of data is necessary for the purpose of protecting life, health, property or other public interest or if it is necessary to protect our rights, property or safety.
5.2 The Controller does not intend to transfer personal data to a third country or to an international organization.
6. RIGHTS OF THE DATA SUBJECT
6.1 The rights of the Data Subject are an important component of protecting personal data. If the Data Subject claims any of his or her rights listed below, the Controller shall provide him or her with information on the measures taken without undue delay and in any case within one month of receiving the Data Subject’s request. In exceptional cases, the Controller may extend this period by up to two months. The Controller shall inform the Data Subject about the extension of the deadline and the reason for the extension.
6.2 Personal data is processed automatically in electronic form.
6.3 The Data Subject has the right:
a) to be informed about the processing of personal data
b) to access personal data
c) to rectification or completion
If the Data Subject knows or believes that the Controller is processing his or her personal data inaccurately, the Data Subject may draw attention to this and the Controller is obliged to rectify the data. If the Data Subject wants to complete any incomplete personal data, taking into account the purpose of processing, he or she may notify the Controller and the Controller is obliged to complete the data.
d) to erasure
This right of the Data Subject imposes on the Controller the obligation to delete his or her personal data in accordance with Article 17(1) of the GDPR if at least one of the following conditions is met:
- the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- the Data Subject withdraws his or her consent and there is no other legal ground for processing;
- the Data Subject objects to the processing and there are no overriding legitimate grounds for processing;
- the personal data has been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation;
- the personal data was collected in connection with the offer of the services of an information company pursuant to Article 8(1) of the GDPR;
and at the same time none of the exceptions provided for in Article 17(3) of the GDPR may be applied.
e) to restrict processing
Within the framework of this right, the Data Subject has the possibility to request the Controller to restrict the processing of his or her personal data. If the conditions under Article 18(1) of the GDPR are met, the Controller must do so.
f) to data portability
The Data Subject has the right to obtain, in particular to download, his or her personal data from the Controller in a structured, commonly used and machine-readable format, and also has the right to the direct provision of his or her personal data to another controller.
g) to object
In some cases, the Data Subject has the possibility to raise an objection to processing. These are in particular situations where the Data Subject has not had the opportunity to influence the fact that his or her data has been processed, and at the same time it is not a matter of fulfilling a legal obligation or vital interest, where the lack of this option is defensible. The Data Subject thus has the possibility to raise three types of objections to the processing. These are objections to:
- processing on the basis of the legal title of a legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
- processing for direct marketing purposes on the basis of the legal title of a legitimate interest;
- processing for scientific or historical research purposes or for statistical purposes.
If an objection is raised, the Controller shall no longer process the data unless the Controller demonstrates compelling legitimate grounds for the processing that override the interests of the Data Subject or the rights and freedoms, or for the establishment, exercise or defense of legal claims. If an objection is raised against the processing of personal data for direct marketing or profiling purposes, the Controller must stop processing the personal data.
h) not to be subject to automated individual decision-making, including profiling
When processing personal data, the Data Subject is never a part of automated individual decision-making, even on the basis of profiling.
i) to withdraw consent to the processing of personal data if the processing takes place on the basis of consent
The Data Subject may at any time withdraw his or her consent to the processing of his or her personal data processed by me on the basis of this consent.
j) to obtain information about a breach of security of your personal data
If there is a likelihood that there is a high risk to the rights and freedoms of the Data Subject as a result of a breach of security of the Controller, the Controller shall notify the Data Subject without undue delay.
k) to lodge a complaint with a supervisory authority
Should the Data Subject get the impression that the Controller is violating its obligations in the processing of his or her personal data, the Data Subject has the right to file a complaint with the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Praha 7; email: email@example.com; www: https://www.uoou.cz; phone: +420 234 665 111.
7. CHANGES TO THE POLICY
8. OUR CONTACT DETAILS
8.1 If the Data Subject wants to contact the Controller in connection with the processing of his or her personal data, he or she may contact the following:
a) in writing to the address of the registered office: FORTEMIX s.r.o., with its registered office at Kirilovova 812, 739 21 Paskov, Czech Republic
b) by email to the email address: firstname.lastname@example.org