Conditions for the protection of personal data
I. Basic provisions
- Pursuant to Art. 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR” henceforth), the controller of personal data is HW group s.r.o. Company ID/Ident. No. 28200373 with registered office Křtinská 617/3, PSČ 149 00, Prague 4, Czech Republic. (the “Controller” henceforth).
- The Controller’s contact data are as follows:
Address: Křtinská 617/3, PSČ 149 00, Prague 4, Czech Republic
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: (+420) 723 069 809
- Personal data are understood as any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a certain identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- No data protection officer has been appointed by the Controller.
II. Sources and categories of personal data processed
- The Controller processes the personal data provided by you or the personal data that the Controller has obtained on the basis of the performance of your order..
- The Controller processes your identification and contact data and data necessary for the performance of a contract.
III. Lawful reason and purpose of personal data processing
- Lawful reasons for personal data processing are
- performance of a contract between you and the Controller under Art. 6(1)(b) of the GDPR,
- the Controller’s legitimate interest in the provision of direct marketing (especially for sending commercial communication and newsletters) under Art. 6(1)(f) of the GDPR,
- your consent to processing for the purpose of the provision of direct marketing (especially for sending commercial communication and newsletters) under Art. 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services in case no order for goods or services has been placed.
- Purposes of personal data processing are
- attending to your order and the exercise of rights and obligations arising from a contractual relationship between you and the Controller; when placing an order, you are required to provide personal data that are necessary for a successful performance of your order (name and address, contact data); the provision of personal data constitutes a necessary requirement for the conclusion and performance of a contract, which cannot be entered into or performed by the Controller without your personal data,
- sending of commercial communication and performance of other marketing activities.
- The Controller does not conduct automatic decision-making in the sense of Art. 22 of the GDPR. You have provided your express consent to such processing.
IV. Data retention period
- The Controller retains personal data
- for a period necessary for the exercise of rights and obligations arising from a contractual relationship between you and the Controller and for the assertion of claims from such contractual relationships (for 15 years of the termination of the contractual relationship).
- for a period until the consent to personal data processing for marketing purposes is withdrawn, no more than 15 years if personal data are processed based on your consent.
- After the retention period of personal data expires, personal data will be deleted.
V. Recipients of personal data (the Controller’s subcontractors)
- Recipients of personal data are persons who
- participate in the delivery of goods / services / performance of payments based on a contract,
- render online store operating services and other services related to www operations,
- provide marketing services.
- The Controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organization.
- Operated services, consisting in marketing and ancillary services
- Google analytics - records cookies and information about the use of the website
VI. Your rights
- In accordance with the conditions set forth in the GDPR, you have the following rights:
- right of access to your personal data under Art. 15 of the GDPR,
- right to rectification of your personal data under Art. 16 GDPR, or the right to restriction of processing under Art. 18 of the GDPR.
- right to erasure of your personal data under Art. 17 of the GDPR.
- right to object to processing under Art. 21 of the GDPR a
- right to data portability under Art. 20 of the GDPR.
- right to withdraw consent to processing either in writing or electronically to the Controller’s address or email specified in Cl. III hereof. You may withdraw your consent at any time using your customer’s account
- In addition, you have a right to lodge a complaint with the Office for Personal Data Protection in case you believe that your right to protection of personal data has been breached.
VII. Conditions for security of personal data
- The Controller declares that all suitable technical and organizational measures have been adopted with the view of securing personal data.
- The Controller has adopted technical measures to secure data storages and personal data storages in paper form, including, in particular, a secured / encrypted access to the Internet, coding customers’ passwords in the database, regular system updates, and regular system backups.
- The Controller affirms that personal data can be accessed only by persons authorized by the Controller.
VIII. Final provisions
- By sending an order in the Internet order form, you confirm that you acknowledge and fully accept the conditions for the protection of personal data.
- You accept these conditions by checking the consent box in the Internet form. By checking the consent box, you confirm that you acknowledge and fully accept the conditions for the protection of personal data.
- The Controller has a right to amend these conditions. A new wording of the conditions for the protection of personal data will be available on the Controller’s website and also sent to the email address provided by you to the Controller.
These terms come into effect on the day 25.5.2018.