Terms and Conditions of Personal Data Protection
- Under § 5 letter o) of Act No. 18/2018 Coll. on Personal Data Protection as amended (hereinafter reffered to as the “GDPR”), the personal data controller is Avos Trade International Ltd., 3 GOWER STREET, LONDON, WC1E 6HA, UNITED KINGDOM, ID No. 10289388 (hereinafter reffered to as the “Controller”).
- Avos Trade International Ltd., 3 GOWER STREET, LONDON, WC1E 6HA, UNITED KINGDOM
- Personal data means any information related to an identified or identifiable natural person (“the data subject”). A identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has appointed a data protection officer. The contact data of the data protection officer is: Norbert Fecko, email: firstname.lastname@example.org.
Sources and Categories for Processed Personal Data
- The Controller processes the personal data provided by you or personal data obtained by the Controller in the course of performing your purchase order.
- The Controller processes your identification and contact data and data necessary for the performance of the Agreement.
Legal Reason and Purpose for Processing Personal Data
- The legal reasons for processing the personal data include
- performing the Agreement between you and the Controller under § 13 par. 1 letter b) of the GDPR,
- the Controller’s legitimate interest in performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter f) of the GDPR,
- your consent to processing for the purpose of performing direct marketing (in particular for sending business communication and newsletters) under § 13 par. 1 letter a) of the GDPR if no purchase order for goods or services has been placed.
- The purpose of processing the personal data is
- performance of your purchase order and exercise of the rights and obligations resulting from the contractual relationship between you and the Controller. When placing a purchase order, you are requested to provide the personal data necessary for successful performance of the purchase order (name and address, contact data). The personal data must be provided for the purpose of the conclusion and performance of the Agreement. If the personal data are not provided, the Controller cannot conclude nor perform the Agreement,
- sending business communication and carrying out other marketing activities.
- The Controller makes automated individual decisions under § 28 of the GDPR. You have provided your explicit consent to such processing.
Data Retention Period
- The Controller keeps personal data
- for the period necessary to exercise the rights and obligations resulting from the contractual relationship between you and the Controller and asserting the claims from such contractual relationship (for a period of 15 years after the termination of the contractual relationship).
- until the consent to processing the personal data for marketing purposes is withdrawn, but no more than 15 years, if the personal data are processed with consent.
- After the expiry of the personal data retention period, the Controller will delete the personal data.
Recipients of the Personal Data (subcontractors of the Controller)
- Recipients of the personal data include persons
- participating in the supply of goods/services/performance of payments under the Agreement,
- providing e-shop operation services and other services related to e-shop operation,
- providing marketing services,
- providing accounting services.
- The Controller intends to transfer the personal data to a third country (outside the EU) or to an international organisation. Recipients of the personal data in the third countries include providers of e-mailing services.
- Under the provisions of the GDPR, you have the right to
- access to your personal data under § 21 of the GDPR,
- rectification of personal data under § 22 of the GDPR, or the right to restriction of processing under § 24 of the GDPR,
- erasure of personal data under § 23 the GDPR,
- object to processing under § 27 of the GDPR,
- data portability under § 26 of the GDPR,
- withdraw consent to processing in writing or electronically via the address or email address of the Controller referred to in Art. III of this document.
- You have the right to file a complaint with the Personal Data Protection Office if you believe that your right to privacy has been violated.
Terms and Conditions for Securing Personal Data
- The Controller declares that they have adopted all appropriate technical and organisational measures to secure the personal data.
- The Controller has taken technical measures to secure data storage and personal data storage in paper form, in particular passwords and backups.
- The Controller declares that the personal data can be accessed only by authorised persons.
These terms and conditions enter into force on 25 July 2018.