INFORMATION ON PROCESSING OF PERSONAL DATA
if using the application www.razitko.cz
Supplier and manufacturer
Identification of the business entity that manufactures and supplies products sold at this e-shop, handles orders and possible complaints (hereinafter referred to as the “Supplier”):
Osiková 3/2644, Praha 3,13000
UID#: 45270961, VAT#: CZ45270961
+420 284 829 696
Below we summarize the basic principles of processing the Buyer’s personal data, which will be provided to us by the application via the application www.razitko.cz , hereinafter referred to as the “Application”. The aim of these principles is to provide the Buyer with information about what personal data we process about him as a natural person in connection with the performance of our contractual or legal obligations, services, sales of goods, business offers, for what purposes or how long we will process this data, to whom and for what reason we can hand them over and also inform the Buyer about the rights of natural persons in connection with the processing of their personal data.
These principles apply to the processing of the Buyer’s personal data and, as appropriate, their representatives or contact persons using the Application.
Administrator and Data Processor:
The administrator of personal data is always the Supplier chosen by the Buyer. Their processor is also MEGAFLEX, spol. s ro, IČ 45270961, with its registered office at Osiková 3, 130 00 Prague 3, (hereinafter referred to as “MEGAFLEX”), which is the operator of the Application that connects the needs of a person interested in purchasing goods, products or services (hereinafter referred to as “Buyer”) with the Buyer by a selected entrepreneur who is interested in selling them through the Application (hereinafter referred to as the “Supplier”).
The Supplier and MEGAFLEX (collectively also the “Supplier’s Party”) always process all personal data in accordance with valid legal regulations, ie currently in accordance with Act no. No. 101/2000 Coll. on the protection of personal data, as amended (hereinafter referred to as the “Act”); with effect from 25 May 2018 also in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data (hereinafter “the Regulation” or “GDPR”).
According to the Regulation, the Supplier’s Party is not obliged to appoint a data protection officer due to the use of the Application. However, it undertakes to keep personal data always in accordance with the Regulation in such a way that, with regard to the degree of risk of misuse, their confidentiality, integrity, availability and resilience of the systems for their storage are always adequately ensured.
Personal data in physical form must always be made inaccessible to strangers by storing them in lockers. Data in electronic form must be protected by a regularly changing password. Making copies of databases for your own use is not permitted. The person processing the data is always responsible for storing and preventing misuse.
The Supplier’s building is consistently protected against unauthorized entry. The MEGAFLEX building is protected against unauthorized entry by an electronic system connected to the security service. Access to the building is possible only after entering the employee’s password. All employees of the Supplier’s Party are obliged to take the utmost care in all activities related to data protection.
Category of Buyer personal data being processed:
Personal data is any information that relates to a natural person that the Supplier Party is able to identify. In connection with the provision of services and the sale of goods, the following categories of Buyer’s personal data may be processed by the Supplier:
- Basic personally identifiable information , which is the information needed to enter into and perform a contract (transaction):
- Academic Degree
- first name (s), last name
- Business Name
- IČO, DIČ
- Permanent residence address
- Address of the registered office or place of business
- Billing address
- Identification of the Buyer’s representative or contact person designated by the Buyer
- Payment ID
- Bank connection
- Contact and location information, information that is appropriate for the proper performance of the contract and for resolving any disputes arising out of the provision of the Service:
- Contact phone numbers
- Contact emails
- Personal information related to electronic access to the Website and other applications
MEGAFLEX – IP address and / or cookies
- Data required to fulfill Buyer’s order:
- personal data of all kinds, if the Buyer wishes them to be part of the delivered service (eg production of stamps, business cards, graphic material, etc.)
- Contact information for purchased goods, subscribed services , service usage, and payment morale:
- Type and specifications of the service or goods
- Volume of services provided and their price
- Payment morale information
- The Supplier’s Party does not perform the processing of sensitive personal data / special categories of personal data, except in exceptional cases where it is authorized in writing for such processing by the competent entity.
Scope, purpose, and legal reason for processing personal information:
- Processing for performance, performance of legal obligations and legitimate interests of the Supplier Party
The provision of personal data necessary for the performance of the contract, the fulfillment of the legal obligations of MEGAFLEX and the Supplier and for the protection of their legitimate interests is mandatory, without this data it would not be possible to provide services. We do not need the Buyer’s consent to process personal data for these purposes. Processing for the purpose of fulfilling the contract and fulfilling legal obligations cannot be refused. These are mainly the following basic sub-purposes:
- performance of the contract, exercise of rights and obligations under the contract and related legal rights under the contract (performance of the contract);
- Compliance with legal tax and accounting obligations (compliance with legal obligations)
- purposes stipulated by special laws for the needs of criminal proceedings and for fulfilling the obligation of co-operation with the Police of the Czech Republic and other state bodies (fulfillment of legal obligations);
- operation of any camera and monitoring systems in the premises used by the Supplier Party for the purpose of damage prevention (legitimate interest of the Supplier Party);
- evaluation of the Buyer’s behavior in using the services of the Supplier’s party and its payment morale for the purpose of preventing receivables, which may affect decisions on the conditions of concluding other contracts with the Buyer, while deciding whether or not to conclude a contract automatically (legitimate interest of the Supplier) ;
- recovery of receivables from the Buyer and other commercial disputes (legitimate interest of the Supplier’s Party);
- Processes associated with the identification of the Buyer (performance of the contract);
- securing evidence in case of defense (legitimate interest of the Supplier’s Party);
- Debtor records (legitimate interest of the Supplier Party).
- Processing of Buyer Data with Business Consent as effective May 25, 2018:
The Buyer may use the Application at any time and choose any registered Supplier in it. By such use, however, he gives the necessary consent to the Business Conditions for the purchase of goods through the Application.
If Buyer , in addition to agreeing to the Terms and Conditions:
- does not consent to the processing of personal data for business purposes, and its order will be processed and delivered. Personal data will be anonymized in the Application after 30 days from the download of data for production by the Supplier. The Buyer will not be able to take advantage of any saved graphic templates or easy access to the Supplier during the next visit to the Application. The supplier will keep personal data only for the period specified by other regulations, ie especially for the period of the complaint period or the period specified by tax laws.
- give consent to the processing of personal data for business purposes, his data will be available in the Application for a maximum of 5 years from the order. At this time, he will be able to easily modify or replicate the data for new orders and use them in communication with the Supplier. The Supplier will be able to use personal data and use their formats for easy fulfillment of new orders of the Buyer. The granted consent applies to MEGAFLEX as well as to the Supplier. The Supplier is not entitled to provide personal data to third parties for advertising and similar purposes, even with this consent.
Buyers who ordered goods or services before the entry into force of the EU Regulation will be asked to consent to the processing of any further purchases. If they do not provide it or do not log in to the Application, their data will be anonymized by MEGAFLEX three years after the entry into force of the Regulation. Data stored with the Supplier will be deleted or anonymized within the time limits in accordance with applicable laws.
Giving consent for business purposes is voluntary and Buyer may revoke it at any time . This consent remains valid for the period of use of the Application and for at least the next 5 years thereafter or until the Buyer revokes it. All categories of data listed above (with the exception of the signature) can be processed for business purposes with the consent.
Sources of personal information:
The processed personal data are obtained from the Buyer, especially in connection with establishing business contacts and registration of the Buyer in the Application and possibly in further communication with the Buyer, whether personal, telephone, written or otherwise, and from other documents and documents that the Buyer Provided to the Supplier’s side or from public sources (processed only for the purpose specified by this public source).
Personal data processors:
Personal data is processed by MEGAFLEX in electronic form and the Supplier in paper and / or electronic form, manually and automatically.
Make your information available to others:
Personal data may also be made available to entities authorized under special legal regulations (eg law enforcement agencies, tax authorities, etc.) and, to the extent necessary, for example, companies involved in or providing transportation of goods to the Buyer, or a company cooperating in the production of the delivered product. Starna Supplier will not provide the Buyer’s personal data to other persons.
Period for which the subject consents to the processing and storage time of the personal data:
Personal data are processed by the Supplier to the extent necessary for the performance of activities in accordance with the purpose of processing, as stated above, for the time necessary to achieve the purpose of personal data processing or for a period directly stipulated by law, taking into account contractual or legal deadlines for application. rights for defects / for damage, due to complaint periods. Then the personal data is deleted or anonymized. Personal data of the Buyer, if he has fulfilled all contractual obligations towards the Supplier and the Supplier has fulfilled all contractual obligations towards the Buyer, the deadlines for exercising contractual or legal rights have expired, and at the same time has fulfilled all legal obligations for which he processes, documents or anonymises MEGAFLEX .
Information on the rights of data subjects in connection with the processing of personal data valid from 25.5.2018:
The Supplier shall endeavor to assist the data subjects in the exercise of these rights as far as possible. According to the Regulation, if the data subject has an identifiable natural person and proves his / her identity to the Supplier, he / she has the following rights in particular:
- Right of access to personal data : Pursuant to Article 15 of the Regulation, the Buyer has the right of access to personal data, which includes the right to obtain from the Supplier:
- Confirm whether and what personal data it processes
- information on the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, the planned processing time, the existence of a right to request or rectify from the controller personal data relating to the data subject or to restrict their processing; this processing, the right to lodge a complaint with the supervisory authority, of all available information on the source of the personal data, if not obtained from the data subject, of the fact that automated decision-making, including profiling, is taking place,
- provided that the rights and freedoms of third parties as well as copies of personal data are not adversely affected.
The right to confirmation of the processing of personal data and to information may be exercised in writing at the address of the Supplier’s registered office.
- Right to correct inaccurate data :
Pursuant to Article 16 of the GDPR, the data subject has the right to correct inaccurate personal data that the Supplier Party will process about him. A request for the correction of personal data may be made in writing at the address of the Supplier’s registered office, provided that the justification for the said request is substantiated.
- Right to delete :
According to Article 17 of the GDPR, the data subject has the right to delete personal data (right to be forgotten) concerning him, unless the Supplier proves legitimate reasons for the processing of such personal data. The Supplier’s party has mechanisms in place to ensure anonymization or deletion of personal data in the event that they are no longer needed for the purpose for which they were processed. If the data subject believes that his personal data has not been deleted, he may contact the address of the Supplier’s registered office for clarification.
- Right to restrict processing :
Pursuant to Article 18 of the GDPR, the data subject has the right to limit the processing until the complaint is resolved, if he denies the accuracy of personal data, the reasons for their processing or if he objects to their processing, in writing to the address of the Supplier’s registered office.
- Right to be notified of a correction, deletion, or restriction of processing
Pursuant to Article 19 of the GDPR, the data subject has the right to be notified by the Supplier in the event of correction, deletion or restriction of the processing of personal data. If personal data is corrected or deleted, we will inform the individual recipients, except in cases where this proves impossible or requires a disproportionate effort.
- Right to portability of personal information
Under Article 20 of the GDPR, the data subject has the right to the portability of the data concerning him provided to the controller in a structured, commonly used and machine-readable format, and the right to request the Supplier to transfer this data to another controller.
- Right to object to the processing of personal data
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of his personal data due to the legitimate interest of the Supplier Party.
If the Supplier’s Party does not prove that there is a serious legitimate reason for processing that outweighs the interests or rights and freedoms of the data subject, the Supplier’s Party shall terminate the processing on the basis of the objection without undue delay. The objection can be sent in writing to the address of the Supplier’s registered office.
- Right to withdraw consent to the processing of personal data
The consent to the processing of personal data for business purposes effective from 25 May 2018 can be revoked at any time after this date. The appeal must be made an explicit, comprehensible and certain expression of will, to the address of the Supplier’s registered office.
- Automated individual decision making, including profiling
The data subject has the right not to be the subject of any decision based solely on automated processing, including profiling, which would have legal effects for him or her in a similar way. The Supplier declares that, in addition to the process of reminding outstanding payments, it does not carry out automated decisions without the influence of human judgment with legal effects for data subjects.
- Right to contact the Privacy Office
The data subject has the right to lodge a complaint with the supervisory authority if he considers that the processing of his personal data has violated the Regulation. This supervisory authority will be the Office for Personal Data Protection for data subjects residing in the Czech Republic.
If you have any questions on the above information, please do not hesitate to contact us.