Terms and Conditions of Personal Data Protection
- Under § 5 letter o) of the Act No. 18/2018 Coll. on Personal Data Protection as amended (hereinafter the “GDPR”), the personal data controller is Avos trade International Ltd. 3 GOWER STREET WC1E 6HA LONDON UNITED KINGDOM, ID No. 10289388 (hereinafter the “Controller”).
- Avos trade International Ltd. 3 GOWER STREET WC1E 6HA LONDON UNITED KINGDOM
- Personal data means any information related to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has appointed the data protection officer. The contact data of the data protection officer: Norbert Fecko, email: email@example.com.
Sources and Categories of Processed Personal Data
- The Controller processes the personal data provided by you or personal data obtained by the Controller in the course of performing your purchase order.
- The Controller processes your identification and contact data and data necessary for the performance of the Agreement.
Legal Reason and Purpose of Processing Personal Data
- The legal reasons for processing the personal data include
- performing the Agreement between you and the Controller under § 13 par. 1 letter b) of GDPR,
- Controller’s legitimate interest in performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter f) of GDPR,
- your consent to processing for the purpose of performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter a) of GDPR in case no purchase order for goods or services has been placed.
- The purpose of processing the personal data is
- performance of your purchase order and exercise of the rights and obligations resulting from the contractual relationship between you and the Controller; when placing a purchase order, you are requested to provide the personal data necessary for successful performance of the purchase order (name and address, contact data); the personal data must be provided for the purpose of conclusion and performance of the Agreement; if the personal data are not provided, the Controller cannot conclude nor perform the Agreement,
- sending business communication and carrying out other marketing activities.
- The Controller makes automated individual decisions under § 28 of GDPR. You have provided your explicit consent to such processing.
Data Retention Period
- The Controller keeps personal data
- for the period necessary to exercise the rights and obligations resulting from the contractual relationship between you and the Controller and asserting the claims from such contractual relationship (for a period of 15 years after termination of the contractual relationship).
- for a period until the consent to processing the personal data for marketing purposes is withdrawn, not more than 15 years, if the personal data are processed with the consent.
- After expiry of the personal data retention period, the Controller will delete the personal data.
Recipients of the Personal Data (subcontractors of the Controller)
- Recipients of the personal data include the persons
- participating in supplying the goods / services / performance of payments under the Agreement,
- providing the e-shop operation services and other services related to e-shop operation,
- providing marketing services,
- providing accounting services.
- The Controller intends to transfer the personal data to a third country (outside the EU) or to an international organization. Recipients of the personal data in the third countries include providers of e-mailing services.
- Under the provisions of GDPR, you have
- the right of access to your personal data under § 21 of GDPR,
- the right to rectification of personal data under § 22 of GDPR, or the right to restriction of processing under § 24 of GDPR,
- the right to erasure of personal data under § 23 GDPR,
- the right to object to processing under § 27 of GDPR,
- the right to data portability under § 26 of GDPR,
- the right to withdraw consent to processing in writing or electronically to the address or email address of the Controller referred to in Art. III of this document.
- You have the right to file a complaint with the Personal Data Protection Office if you believe that your right to privacy has been violated.
Terms and Conditions for Securing Personal Data
- The Controller declares that they have adopted all appropriate technical and organizational measures to secure the personal data.
- The Controller has taken the technical measures to secure the data storage and personal data storage in paper form, in particular passwords and backups.
- The Controller declares that the personal data can be accessed only by authorized persons.
These terms and conditions enter into application on 25 July 2018.