Personal data protection
1. Information on the processing of personal data
The company VanCo.cz s.r.o., with its registered office in Prague 1, Vojtěšská 17, ID No.: 25762702, registered no. no. C, vl. 67978, the operator of the e-shop WiFiShop.cz (hereinafter referred to as the "Administrator"), processes personal data provided by the user by telephone, in person, in writing or electronically in accordance with Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR").
The Controller operates the following websites for communication with its customers and partners (hereinafter referred to as "customers"), through which it provides the necessary information about the products, products and services offered and carries out their sales or other business activities.
VanCo.cz s.r.o. is a data controller in the processing of personal data.
In order to inform its customers about the processing of personal data provided by them, the controller issues this personal data processing policy (hereinafter referred to as the "Policy").
In this Policy, each customer is provided with all the necessary information about the processing of personal data concerning them in connection with a purchase through the e-shop, so that each customer knows what personal data is processed about them and for what purpose. This policy also provides each customer with all necessary information about the processing of personal data on the basis of consent to the processing of personal data.
The Controller hereby declares that the processing of customers' personal data is carried out in accordance with the legal regulations of the Czech Republic and with the European legislation governing the protection of personal data.
2. Legal grounds, purposes, scope and duration of the processing of personal data
2.1. Conclusion of the purchase contract and performance of the contractual relationship
The legal basis for the processing of personal data is based on the conclusion of the purchase contract. The purpose of the processing of personal data is the implementation of the concluded purchase contract - in particular the processing of the order, delivery of the goods, handing over the goods for transport and the performance of all other obligations arising from the contractual relationship.
In particular, but not exclusively, the following personal data are processed about the customer for the above purpose: identification and address data, contact data and other data provided for the purpose of fulfilling the contract - bank account number, etc.
The personal data about the customer are processed by the administrator for the above purpose for the duration of the obligations arising from the concluded purchase contract, the obligations stipulated by law and the protection of the rights of the customer and the administrator.
2.2. Sending an offer/responding to an enquiry
The legal basis for the processing of personal data is based on the process prior to the conclusion of the purchase contract. The purpose of the processing of personal data is to process the customer's enquiry, draw up an offer for the customer and send it to the customer.
The following personal data are processed about the customer for the above purposes: identification and address data, contact data, for example.
The personal data about the customer are processed by the controller for the above purpose for the period of processing the enquiry and implementation of the offer, or its validity, and for a period of 60 months from the date of sending the offer to the customer, whichever is later.
2.3. Purchase advice
The legal basis for the processing of personal data is based on the provision of a service by the controller to a customer who requests a purchase advice service. The purpose of the processing of personal data is the personalisation of the request and its processing.
The following personal data is processed for the above purposes for each customer: name and surname, email address, IP address.
The personal data about the customer is processed by the controller for the above purpose for the duration of the processing of the customer's request.
2.4. Marketing purposes
The legal basis for the processing of personal data is based on consent. Only personal data about each customer that the customer has provided or will provide to the controller for marketing purposes (see below) are processed.
On the basis of the customer's consent to the processing of personal data, personal data is processed for the purposes of sending commercial communications related to the goods offered by VanCo.s.r.o. and sending newsletters related to VanCo.cz s.r.o. (hereinafter collectively referred to as "marketing purposes"). The processing of personal data for marketing purposes involves direct contact with customers.
The following personal data is processed about the customer for marketing purposes: email address.
The processing of personal data in the context of subscribing to the customer's email address, in particular, is also considered to be processing of personal data for marketing purposes.
3. Method of processing personal data
In most cases, personal data is processed automatically in electronic form. In addition, personal data may be processed manually in written form.
The controller processes personal data to the smallest possible extent in order to fulfil the purpose of processing personal data.
Such personal data will not be subject to automated individual decision-making, including profiling.
The customer provides the controller with personal data for processing on a completely voluntary basis. However, if the customer does not provide the controller with personal data for the purposes of concluding a purchase contract, making an offer or providing purchase advice, the purchase contract cannot be concluded or services provided for the above purpose.
On the other hand, failure to provide the controller with consent to the processing of personal data for marketing purposes has no effect on the formation of a purchase contract, the making of an offer or the provision of purchase advice. The full extent of the personal data processed is obtained by the customer by making an enquiry in accordance with Article 9 of this Policy.
4. Security statement
The Controller declares that it treats all personal data it obtains from customers as strictly confidential in accordance with data protection legislation.
The Controller has taken all necessary security and organisational measures to protect the personal data of customers from misuse, loss or destruction.
The controller's website is secured using an SSL certificate. This encrypts the network transmission of data between the website user and the server and protects customers.
5. Recipients of personal data
In addition to the controller, external processors may be involved in the processing of personal data, in particular shipping companies used for sending goods, mailing service providers, hosting service providers and online communication platform providers.
The controller declares that all data is processed in the EU and all recipients are subject to the applicable data protection regulations.
The controller does not exclude that in the future some personal data of customers will be transferred to other processors. The customer can obtain an up-to-date list of processors by following the procedure set out in Article 9 of this Policy.
6. Period of processing of personal data
Personal data of customers is processed for the period of time specified in Article 2 of this Policy. Prior to the expiry of this period, the processing of personal data shall be stopped or interrupted to the greatest extent possible once the customer withdraws his/her consent to the processing of personal data or exercises any of his/her rights set out in Article 9 of this Policy, if such exercise will result in the restriction, interruption or cessation of the processing of personal data.
Once an event has occurred that will result in the restriction, interruption or cessation of the processing of personal data, the controller will process the customer's personal data only to the extent necessary, for the necessary period of time and only for the purpose of protecting the rights and legitimate interests of the controller. As soon as this purpose of processing the personal data has ceased, the controller will dispose of the personal data.
7. Withdrawal of consent
The customer acknowledges that the consent to the processing of personal data granted to the controller for marketing purposes lasts until the consent is withdrawn.
The customer can easily withdraw his/her consent granted for marketing purposes by sending an email to: firstname.lastname@example.org informing that the customer does not want his/her personal data to be processed for marketing purposes and that he/she withdraws his/her consent to the processing of personal data.
8. Rights of data subjects
- Right of access. The customer has the right to obtain confirmation from the controller as to whether his or her personal data is being processed and, if so, the right to access this information and, in this context, to request, in particular, the disclosure of the recipients to whom this personal data has been or will be disclosed.
- Right to a copy. In the event that the rights and freedoms of third parties are not adversely affected, the customer has the right to request from the controller a copy of the personal data processed concerning him.
- Right to rectification and completion. The customer shall have the right to have inaccurate personal data concerning him corrected by the controller without undue delay, on the basis of his own notification or other credible findings by the controller. In addition to the right to rectification of the personal data concerning him, the customer shall also have the right to have them completed if the personal data already provided and processed are incomplete.
- Right to erasure. In the event that the controller no longer needs the processed personal data relating to the customer for the above-mentioned purposes and there is no further legitimate reason for their processing by the controller, the personal data are processed unlawfully, the consent to their processing has been withdrawn, or there are no grounds for their further processing after an objection has been raised, the customer has the right to request the controller to delete such personal data, or to sufficiently secure them from processing, or to make them inaccessible. The controller has the right to refuse this request if the reason for processing still exists. Erasure will not be carried out if the personal data concerning the customer must be processed by the controller for the establishment, exercise or defence of claims or the performance of a legal obligation by the controller.
- Right to limited processing. Should the customer become aware that his/her personal data processed by the controller are inaccurate or their processing is unlawful or unnecessary, or if an objection has been lodged, the customer may, until the controller's duly justified action or decision on the objection has been taken, request that the controller restrict the processing of such personal data to the extent indicated, but only to the smallest extent permissible.
- Right to data portability. The customer has the right to obtain the personal data that he or she has provided to the controller in a structured, commonly used and machine-readable format and the right to transmit that data to another controller. Similarly, the customer has the right to have the controller transmit the personal data directly to the other controller, if technically feasible.
- Right to object. The controller hereby expressly informs the customer of the possibility to object to the processing of personal data concerning him/her, but only if such processing is carried out on the basis of a legitimate interest of the controller or in the public interest. Furthermore, the customer has the right to object if his or her personal data is processed for the purpose of direct marketing, and for such marketing. This objection shall be lodged directly with the controller. In the objection, the customer must describe the negative impact of the processing on him.
- Right to lodge a complaint. The customer has the right to lodge a complaint with the Data Protection Authority if he or she believes that the processing of personal data concerning him or her has infringed data protection legislation.
9. Exercise of rights
The customer may exercise all the rights set out in this Policy and arising from the processing of personal data concerning him/her by email to: www.vanco.cz