GDPR

 

Terms and Conditions of Personal Data Protection

 

I.

 

Basic Provisions

 

  1. Under § 5 letter o) of the Act No. 18/2018 Coll. on Personal Data Protection as amended (hereinafter the “GDPR”), the personal data controller is Avos trade International Ltd. 3 GOWER STREET WC1E 6HA LONDON UNITED KINGDOM, ID No.  10289388 (hereinafter the “Controller”).
  2. Avos trade International Ltd. 3 GOWER STREET WC1E 6HA LONDON UNITED KINGDOM
  3. Personal data means any information related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  4. The Controller has appointed the data protection officer. The contact data of the data protection officer: Norbert Fecko, email: nfecko@gmail.com.

II.

 

Sources and Categories of Processed Personal Data

 

  1. The Controller processes the personal data provided by you or personal data obtained by the Controller in the course of performing your purchase order.
  2. The Controller processes your identification and contact data and data necessary for the performance of the Agreement.

 

III.

 

Legal Reason and Purpose of Processing Personal Data

 

  1. The legal reasons for processing the personal data include
  • performing the Agreement between you and the Controller under § 13 par. 1 letter b) of GDPR,
  • Controller’s legitimate interest in performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter f) of GDPR,
  • your consent to processing for the purpose of performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter a) of GDPR in case no purchase order for goods or services has been placed.

 

  1. The purpose of processing the personal data is
  • performance of your purchase order and exercise of the rights and obligations resulting from the contractual relationship between you and the Controller; when placing a purchase order, you are requested to provide the personal data necessary for successful performance of the purchase order (name and address, contact data); the personal data must be provided for the purpose of conclusion and performance of the Agreement; if the personal data are not provided, the Controller cannot conclude nor perform the Agreement,
  • sending business communication and carrying out other marketing activities.

 

  1. The Controller makes automated individual decisions under § 28 of GDPR. You have provided your explicit consent to such processing.

 

 

IV.

 

Data Retention Period

 

  1. The Controller keeps personal data
    • for the period necessary to exercise the rights and obligations resulting from the contractual relationship between you and the Controller and asserting the claims from such contractual relationship (for a period of 15 years after termination of the contractual relationship).
    • for a period until the consent to processing the personal data for marketing purposes is withdrawn, not more than 15 years, if the personal data are processed with the consent.

 

  1. After expiry of the personal data retention period, the Controller will delete the personal data.

 

 

V.

 

Recipients of the Personal Data (subcontractors of the Controller)

 

  1. Recipients of the personal data include the persons
    • participating in supplying the goods / services / performance of payments under the Agreement,
    • providing the e-shop operation services and other services related to e-shop operation,
    • providing marketing services,
    • providing accounting services.

 

  1. The Controller intends to transfer the personal data to a third country (outside the EU) or to an international organization. Recipients of the personal data in the third countries include providers of e-mailing services.

 

 

VI.

 

Your Rights

 

  1. Under the provisions of GDPR, you have
    • the right of access to your personal data under § 21 of GDPR,
    • the right to rectification of personal data under § 22 of GDPR, or the right to restriction of processing under § 24 of GDPR,
    • the right to erasure of personal data under § 23 GDPR,
    • the right to object to processing under § 27 of GDPR,
    • the right to data portability under § 26 of GDPR,
    • the right to withdraw consent to processing in writing or electronically to the address or email address of the Controller referred to in Art. III of this document.

 

  1. You have the right to file a complaint with the Personal Data Protection Office if you believe that your right to privacy has been violated.

 

 

VII.

 

Terms and Conditions for Securing Personal Data

 

  1. The Controller declares that they have adopted all appropriate technical and organizational measures to secure the personal data.
  2. The Controller has taken the technical measures to secure the data storage and personal data storage in paper form, in particular passwords and backups.
  3. The Controller declares that the personal data can be accessed only by authorized persons.

 

 

VIII.

 

Final Provisions

 

  1. By sending a purchase order via the online order form, you acknowledge that you are familiar with the privacy policy and that you accept it in its entirety.
  2. You agree with these terms and conditions by ticking the consent via the online form. By confirming your consent, you acknowledge that you are aware of the privacy policy and that you accept it in its entirety.
  3. The Controller is entitled to change these terms and conditions. A new version of the privacy policy will be published on their website and a new version of these terms and conditions will be sent to the e-mail address that you have provided to your Controller.

 

These terms and conditions enter into application on 25 July 2018.