Privacy Policy

I.

Basic Provisions

1. The controller of your personal data according to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) is the company: Phyto CZ, s.r.o., ID 26229021, with its registered office at Dukelská brána 5, 79601 Prostějov (hereinafter: “controller”).
2. The controller's contact details are:

   address: Dukelská brána 5, 796 01 Prostějov

   email: phyto@phyto.cz

   phone: +420 582 334 321

3. Personal data means all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, such as name, identification number, location data, network identifier, or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
4. The controller has not appointed a data protection officer. 

 

II.

Sources and Categories of Processed Personal Data

1. The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order.
2. The controller processes your identification and contact data and data necessary for the performance of the contract.

 

III.

Legal Ground and Purpose of Processing Personal Data

1. The legal ground for processing personal data is

• performance of the contract between you and the controller according to Article 6(1)(b) GDPR,
• the controller's legitimate interest in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6(1)(f) GDPR,
• your consent to processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in the event that no order for goods or services has been placed.

2. The purpose of processing personal data is:

• processing your order and exercising rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data required for successful order processing (name and address, contact) are requested, the provision of personal data is a necessary requirement for concluding and performing the contract, without providing personal data it is not possible to conclude the contract or for it to be performed by the controller,
• sending commercial communications and conducting other marketing activities.

3. The controller does not engage in automatic individual decision-making within the meaning of Article 22 GDPR.

 

IV.

Data Retention Period

1. The controller retains personal data

• for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years from the termination of the contractual relationship).
• for as long as consent to the processing of personal data for marketing purposes is not withdrawn, for a maximum of 10 years if personal data are processed based on consent.

2. After the data retention period has expired, the controller shall erase the personal data.

 

 

V.

Recipients of Personal Data (Subcontractors of the Controller)

1. Other recipients of your personal data will be shipping companies and other persons:

• involved in the delivery of goods or execution of payments based on the contract,
• providing technical services related to the operation of the e-shop for the controller, including software operation and data storage,
• providing marketing services, managing internet advertisements, sending newsletters, and data analysis.

2. Recipients of your personal data processed for the purpose of fulfilling obligations arising from legal regulations may also be tax authorities or other relevant authorities in cases where the controller is required to do so by generally binding legal regulations.
3. The controller does not intend to transfer your personal data to a third country (to a country outside the EU) or an international organization.

 

 

VI.

Your Rights

1. Under the conditions set out in the GDPR, you have

• the right to access your personal data according to Article 15 GDPR,
• the right to rectification of personal data according to Article 16 GDPR, or restriction of processing according to Article 18 GDPR.
• the right to erasure of personal data according to Article 17 GDPR.
• the right to object to processing according to Article 21 GDPR and
• the right to data portability according to Article 20 GDPR.
• the right to withdraw consent to processing in writing or electronically to the address or email of the controller specified in Article I of these terms.

2. Furthermore, you have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

 

VII.

Personal Data Security Conditions

1. The controller declares that they have taken all appropriate technical and organizational measures to secure personal data and data repositories.
2. The controller declares that personal data are only accessible to persons authorized by them.

 

VIII.

Final Provisions

1. By submitting an order from the online order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.
2. The controller is entitled to change these terms. They will publish a new version of the privacy policy on their website and at the same time send you a new version of these terms to the e-mail address you provided to the controller.

 

These terms take effect on May 25, 2018.