Terms of personal data protection
I. Basic Provisions
1. The controller of personal data pursuant to Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") and Act 110/2019 on the processing of personal data* is PNM International s.r.o., company ID No. 05060192, with registered office at Nádražní 385/34, Ostrava, Czech Republic. (hereinafter referred to as: "Controller").
2. Contact details of the Controller are address: Závodní 540/51, 73506 Karviná, Czech republic, mail: firstname.lastname@example.org, telephone +420 228 224 412*
3. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as a name, an identification number, location data, a network identifier, or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
II. Sources and categories of personal data processed
1. The Controller processes personal data that you have provided to it or personal data and other derived data that the Controller has obtained as a result of the fulfilment of your order, your behaviour on the website, data resulting from your communication.
2. The controller processes your identification, contact and data necessary for the performance of the contract.
This includes, but is not limited to:
- identification data, in particular the recipient's name, username and password if you have registered and email;
- contact details, such as the delivery address or contact address or your home address, email, phone number or your social media contact, if applicable;
- details about your orders and the goods you were interested in, bank account or other payment contact, information about your shipments and their receipt;
- rating data, which means, for example, comments or reviews of our services and goods
- data about your behavior on the site, particularly the goods and services you view, the links you click on, how you move around our site and scroll the screen, as well as data about the device from which you view our site, such as the IP address and its derived location, the identification of the device, its technical parameters such as the operating system and its version, the screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies to identify the device;
- data about your reading behaviour of the messages we send you, such as the times when messages are opened, as well as data about the device on which you read the messages, such as the IP address and derived location, the identification of the device, its technical parameters such as operating system and version, screen resolution, browser used and version, as well as data obtained from cookies and similar technologies;
- derived data, which means personal data derived from your settings, data about the services you order from us, data about your behaviour on the website and data about your behaviour when reading messages we send you; in particular, data about your purchasing behaviour and your relationship with different services;
- data relating to your use of the call centre and visits to our branches, which includes in particular records of telephone calls to the call centre, identification of messages you send us, including identifiers such as IP addresses, and recordings from CCTV systems in our branches.
III. Lawful basis and purpose for processing personal data
1. The lawful basis for processing personal data is:
- performance of the contract between you and the controller under Article 6(1)(b) of the GDPR, whereby if you create an account on one of our websites, we process your identification and contact details, your preferences and your order details (if you subsequently place an order with us), on the basis of the performance of our contract with you, in order to maintain your user account. The contract on which our processing is based is created when you create your account. If you place an order with us, we will use your personal data for the purpose of fulfilling your order means that we will use it in particular:
- to enable you to complete your order on the site, for example, so that your details are not deleted from an order in progress;
- to communicate with you about your order, for example to send you a confirmation;
- for the purpose of payment for goods; in this context, we may also pass your data to our payment system partners;
- for the purpose of transporting goods; in this context we may also pass your data to our partners operating freight forwarding services or dispatch points;
- in connection with the provision and complaint of the ordered service; in this context, we may also transfer your data to the service provider;
- in connection with your other requests, with which you contact us, e.g. via the call centre.
For this purpose, we use personal data for as long as necessary to process your order or to deal with a contractual requirement such as a complaint, but at least for the period of time resulting from the requirement to comply with a legal obligation.
- the legitimate interest of the controller in the provision of direct marketing (in particular for the sending of targeted and personalised commercial communications and newsletters or the customisation of the website to streamline communication and improve services) pursuant to Article 6(1)(a)(i) of Directive 95/46/EC. (f) GDPR, whereby if you create an account on our website, we process your identification and contact data, your preferences, your order data (if you later order from us) and data about your web and message reading behaviour also on the basis of our legitimate interest, for the purpose of:
- obtaining information on which we can improve our services to you in the future, in particular identifying your satisfaction with our services; our legitimate interest here is to improve our services to you; and
- providing you with tailored offers and targeted advertising, which we may send to you by email, text message, social media, communicate to you by telephone or other electronic means, send to you by post or display on our website; these offers may relate to our products and services as well as those of third parties; our legitimate interest here is the effective promotion of our products and services.
In order to tailor an offer to you, we analyse the above data and extract additional derived data from it, which we use for this purpose. In this way, we may also use data about your web behavior that we collected before you registered (unless you have previously turned off web personalization in your browser's Privacy Settings), and we may collect data about your web behavior even if you do not log in (e.g., if we identify you using a cookie). We also categorize our users into different groups based on this information, with each group receiving its own specific offer. Therefore, if you have viewed a product offer on our website or clicked on it in an email we sent you, we may show you that product on a page of our website or email you an offer for that product on your next visit. Similarly, if you have placed an order with us, we may compile a list of products you have previously purchased, for example, to facilitate re-ordering. Depending on the product you have viewed, we can also infer which customer group you belong to, and accordingly offer you additional services on the website or by email that we think may be of interest to you. This information may also be passed on to advertising system operators so that they can show you this product in advertising on other sites. However, we will not pass on any other personal data to these operators in order for them to contact or identify you further in this context (such as your email or name or address).
In order to protect legal claims and our internal records and controls, we process data for the duration of the limitation period (5 years) and one year after its expiry with respect to claims made at the end of the limitation period. In the event of the initiation of judicial, administrative or other proceedings, we process your personal data to the extent necessary for the duration of such proceedings and for the remainder of the limitation period after the end of such proceedings.
- your consent to the processing for the purpose of providing direct marketing (in particular for sending targeted and personalized commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in the absence of an order for goods or services. If you create a product review on our website, we process your identifying data and data from your evaluation of products offered by us, including embedded photos, also on the basis of your consent to the processing, for the purpose of sharing information about your satisfaction with products offered by us with other visitors to our website. We use personal data for this purpose until you withdraw your consent to processing.
- fulfillment of a legal obligation, where we process your identification, contact and order data on this legal basis, in particular to comply with the following laws:
- Law No. 89/2012 Coll., Civil Code,
- Law No. 634/1992 Coll., on consumer protection,
- Law No. 235/2004 Coll., on value added tax,
- Act No. 563/1991 Coll., on Accounting.
2. The purpose of processing personal data is:
- the execution of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, personal data are required that are necessary for the successful execution of the order (name and address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data, it is not possible to conclude the contract or its performance by the controller,
- sending commercial communications and other marketing activities.
3. Profiling within the meaning of Article 22 of the GDPR is carried out by the controller. You have given your explicit consent to such processing.
IV. Data retention period
1. The controller retains personal data:
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the controller and the exercise of claims arising from that contractual relationship (for a period of 10 years from the termination of the contractual relationship).
- for the period until consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 10 years if the personal data is processed on the basis of consent.
2. After the expiry of the retention period, the controller shall delete the personal data.
V. Recipients of personal data (subcontractors of the controller)
1. The recipients of the personal data are the following persons:
- involved in the delivery of goods/services/execution of payments under the contract,
- providing e-shop operation services and other services in connection with the operation of the e-shop,
- providing marketing services
2. The controller does not intend to transfer personal data to a third country (non-EU country) or an international organisation.
VI. Your rights
1. Under the conditions set out in the GDPR, you have:
- the right to access your personal data in accordance with Article 15 of the GDPR,
- the right to rectification of your personal data pursuant to Article 16 of the GDPR, or restriction of processing pursuant to Article 18 of the GDPR.
- the right to erasure of personal data pursuant to Article 17 GDPR.
- right to object to processing pursuant to Article 21 GDPR
- right to data portability pursuant to Article 20 GDPR.
- right to withdraw consent to processing in writing or electronically to the address or email of the controller specified in Article III of these terms and conditions.
2. You also have the right to lodge a complaint with the Office for Personal Data Protection, which is located at Pplk. Sochora 27, 170 00 Prague 7, if you believe that your right to personal data protection has been violated.
3. In all matters related to the processing of your personal data, whether it is a question, exercising a right, filing a complaint or anything else, you can contact our contact details. We will deal with your request without undue delay and within a maximum of one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will inform you of any such extension and the reasons for it.
VII. Personal data security conditions
1. The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
2. The controller has taken technical measures to secure data storage and storage of personal data in paper form.
3. The controller declares that only persons authorised by it have access to the personal data.
VIII. Final provisions
These terms and conditions will come into effect on 25/05/2018. For further information, please see here
* Update to the terms and conditions on 25.4.2019 - change of contact address, addition of applicable statutory regulation.