I.Privacy of personal data
1.1. By sending an order from the online order form for delivery of services, orders by phone
or by using the service itself, the user confirms that he / she understands the terms of personal data protection, that expresses its agreement to their wording and accepts it in its entirety.
1.2 The Provider is the User's Personal Information Manager under Article 4 (7) of Regulation (EU)
Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data the repeal of Directive 95/46 / EC (General Regulation on the protection of personal data) (hereinafter referred to as "GDPR"). The Provider agrees
process personal data in accordance with legal regulations, especially GDPR.
1.3. Personal information is any information about an identified or identifiable natural person; identifiable a natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier,
such as name, identification number, location data, network identifier, or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity of that individual.
1.4 When ordering, the personal information required for successful order execution (billing information, email, phone number). The purpose of processing personal data is to execute the user's order and exercise rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of processing personal data is further sending business messages and doing other marketing activities. The legitimate reason for processing personal
of the data is the fulfillment of the contract pursuant to Article 6 (1) b) GDPR, fulfillment of the statutory obligation of the administrator pursuant to Article 6 (1) C) GDPR and the legitimate interest of the Provider pursuant to Article 6 (1) f) GDPR. The Provider's legitimate interest is
processing of personal data for direct marketing purposes.
1.5 The Provider uses the services of subcontractors, especially the mailing provider, for the fulfillment of the license agreement services (personal data are not stored in third countries) and webhosting providers. Subcontractors are verified from security of personal data. Provider and subcontractor of the webhost have signed a contract for
processing of personal data according to which the subcontractor is responsible for the proper security of the physical, software perimeter, but does not bear direct responsibility for the user for any leakage or intrusion of personal data.
1.6 The Provider shall store the user's personal data for the period necessary to exercise the rights and obligations arising out of the User the contractual relationship between the provider and the user and the enforcement of the claims under these contractual relationships (for a period of 15 years from termination of the contractual relationship). After it expires, data will be erased.
1.7 The User has the right to request from the Provider access to his / her personal data pursuant to Article 15 GDPR, Personal Correction data according to Article 16 of the GDPR, or the restriction of the processing under Article 18 GDPR. The user has the right to delete personal information
pursuant to Article 17 (1) (a) and (c) to (f) of the GDPR. Furthermore, the user has the right to object to the processing according to Art. 21 GDPR and the right to data portability pursuant to Article 20 GDPR.
1.8 The User has the right to file a complaint with the Office for Personal Data Protection in the event that he / she considers that he has been breached his right to the protection of personal data.
1.9 The user is under no obligation to provide personal information. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, and without the provision of personal data, it is not possible to conclude the contract with the provider
1.10 The Provider does not automatically make an individual decision within the meaning of GDPR No. 22.
1.11 User by binding order confirmation:
1.11.1 agrees to the use of his or her personal data for the purpose of the electronic sending of commercial communications, advertising materials, direct sales, market surveys and direct offers of products by the Provider and third parties, not however, more often than once a week, at the same time
1.11.2 declares that sending information under paragraph 7.11.1 does not consider an unsolicited advertisement within the meaning of Act. No 40/1995 Collections as amended, as the user is sending information according to paragraph 7.4.1 in conjunction with § 7 of Act. No. 480/2004 Coll. expressly agree.
1.11.3 The user may at any time withdraw his / her consent in writing at firstname.lastname@example.org.
1.12 The Provider uses it to improve service quality, personalize the offer, collect anonymous data, and for analytical purposes in their presentation of so-called cookies. By using the site, the user agrees to use the said technology.
II. Rights and Obligations between Administrator and Processor (Processing Agreement)
2.1 The Provider is in relation to the Personal Data of Client Clients by the Client in accordance with Article 28 GDPR. The user is administrator of these data.
2.2 These terms govern the mutual rights and obligations in the processing of personal data to which the Provider has obtained access in the framework of the fulfillment of the license agreement concluded in the form of approval of the general business terms and conditions https://www.shop5.cz/obchodni-podminky.html (hereinafter referred to as the "License Agreement") concluded with the User on the date of establishment user account.
2.3. The Provider undertakes for the User to process personal data to the extent and for the purposes set out in Article 1.4 these conditions. Processing resources will be automated. Provider will process personal data within the processing collect, store, store, block and dispose of information carriers. Provider is not authorized to provide personal information
processed contrary to or in excess of the limits set by these terms.
2.4 The Provider undertakes for the user to process personal data in the following extent:
(a) normal personal data,
(b) special categories of data under Article 9 of the GDPR which the User obtained in connection with his own business (to which includes passwords and accesses, data that may contain additional personal information to fulfill the service
2.5. The Provider undertakes for the user to process personal data in order to provide the Shop5 eshop platform in the form of a license agreement.
2.6. Personal data may only be processed at the workplace of the Provider or its subcontractors, in accordance with the following
conditions, within the territory of the European Union.
2.7. Provider undertakes for the User to process personal data of the User's clients, all for the time necessary to the exercise of rights and obligations arising from the contractual relationship between the Provider and the User and the enforcement of the claims
of these contractual relationships (for 15 years from the termination of the contractual relationship).
2.8 The user grants permission to engage a subcontractor as a further processor under Article 28 (2) of the GDPR,
who is the Shop5 Hosting Provider. The User further grants the Provider the general permission to engage in processing of further personal data processors, however, the Provider must inform the user in writing about all intended changes to the acceptance or substitution of additional processors and give the user the opportunity to object to these changes. The Provider must store its subcontractors as processors personal data obligations as set out in these Conditions.
2.9. The Provider undertakes that the processing of personal data will be ensured in particular as follows:
1. Personal data is processed in accordance with legal regulations and on the basis of the User's instructions, ie for performance
of all activities required to provide the Shop5 eshop platform in the form of a license agreement.
2. The Provider undertakes to provide technically and organizationally the protection of the processed personal data in such a way that unauthorized or accidental access to, modification, destruction or loss of data, unauthorized access trafficking, other unauthorized processing, and other misuse, and to be personally and organisationally continuously throughout the processing of the data, ensure that all personal data processor obligations resulting from the
3. The technical and organizational measures adopted shall correspond to the level of risk. The Provider ensures them constantly confidentiality, integrity, availability and resilience of processing systems and services, and restoring the availability of personal data in good time;
access to them in the event of physical or technical incidents.
4. The Provider hereby declares that the personal data protection is subject to the Provider's internal security regulations.
5. Only authorized persons of the Provider and subcontractors will have access to personal data pursuant to Article 2.8 of these conditions that will determine the conditions and extent of data processing by the Provider and any such person will be access personal data under its unique identifier.
6. The authorized persons of the Provider who process personal data under these conditions are obliged to observe confidentiality of personal data and security measures whose disclosure would jeopardize their security. Provider shall ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation for Both the Provider and the Beneficiary will continue after the termination of the employment or other relationship with the Provider.
7. Provider will assist the user through appropriate technical and organizational measures, if any
possible to meet the user's obligation to respond to requests for the data subject's exercise of rights under the GDPR; as well as ensuring compliance with the GDPR Articles 32 to 36, taking into account the nature of the processing and of the information available to the Provider.
8. Upon termination of the provision of the performance associated with the processing under Article 1.6 of these Conditions, the Provider shall be the Provider is obliged to delete all personal data or return it to the User unless he / she is required to store personal data on the basis of
9. The Provider shall provide the User with all the information necessary to demonstrate that the obligations under this Agreement have been met contracts and GDPR will allow audits, including inspections, performed by the User or other auditor the user commissioned.
2.10 The User undertakes to promptly report all known facts of his / hers which could adversely affect proper and timely fulfillment of the obligations arising from these terms and to provide the Provider with the necessary cooperation fulfillment of these conditions.
III. Final Provisions
3.1 These Terms shall expire on the expiry of the time specified in Article 1.6 of these Terms.
3.2 The user agrees to these terms by ticking the consent via the online form. By ticking
consent is expressed by the user that he has read these terms and conditions, agrees with them and is in full accepts.
3.3 The Provider is entitled to change these terms. The Provider is obliged to publish a new one without undue delay a version of the terms on your website, or will send the new version to the User at its email address.
3.4 The Provider disclaims all liability for the loss or other misuse of the personal information of the eshop owner.
3.5 Contact Details of the Provider in matters relating to the following conditions: +420 608835829, email@example.com.
3.6 Relationships not expressly governed by these terms and conditions shall be governed by the GDPR and the legal order of the Czech Republic,
Act No. 89/2012 Coll., the Civil Code, as amended.
These terms and conditions will become effective on 1 May 2018