Information about customers is stored in accordance with valid laws of the Czech Republic, especially with the Act on Personal Data Protection No. 101/2000 Sb., as amended. PLASMA PLACE, s.r.o., uses all data acquired from customers exclusively for the company’s internal needs, and it does not provide them to third persons. Without an explicit consent of the customers, PLASMA PLACE, s.r.o., treats their personal data exclusively within the scope permitted by the Act on Personal Data Protection, namely in Section 5, Subsection 2, Letter b), and in Section 5, Subsection 6.
Conditions Governing Personal Data Protection
Pursuant to Article 4 (7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), PLASMA PLACE s.r.o. company ID No. 05323673, with a registered office in Prague – Chodov, Kloknerova 1245/1, postal code 148 00, is the data controller (hereinafter referred to as the “Controller”).
- Contact details of the Controller are as follows:
Address: Prague – Chodov, Kloknerova 1245/1, postal code 148 00
Telephone: +420 226 289 070
- Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an on-line identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sources and categories of processed personal data
- The Controller processes personal data provided by you and/or personal data acquired based on performing your order.
- The Controller processes your identification and contact data and data necessary to perform the contract.
Legal basis and purpose of processing personal data
- The legal basis for personal data processing is represented by
• The performance of a contract entered into between you and the Controller, pursuant to Article 6 (1) point b) of GDPR,
• Legitimate interest of the Controller to provide direct marketing (in particular to send business information and newsletters) pursuant to Article 6 (1) point f) of GDPR,
• Your consent with the processing for the purposes of providing direct marketing (in particular for sending business information and newsletters) pursuant to Article 6 (1) point a) of GDPR in association with Section 7, Subsection 2 of Act No. 480/2004 Sb., on certain information society services in case there was no order of goods or services.
- The purpose of personal data processing is to:
• Deal with your order and to perform rights and obligations ensuing from a contractual relationship between you and the Controller; placing an order requires personal data necessary for a successful fulfilment of the order (name and address, contact); the provision of personal data represents a necessary requirement for entering into and performing a contract; without providing personal data, it is impossible to enter into the contract or to perform the contract on the side of the Controller,
• Send business information and engage in other marketing activities.
- There is no automatic individual decision-making on the side of the Controller in terms of Article 22 of GDPR.
Data storage period
- The Controller stores personal data
• For a period necessary to perform rights and obligations ensuing from a contractual relationship between you and the Controller and to enforce claims from these contractual relationships (for a period of 15 years after the termination of the contractual relationship).
• For a period until the consent with personal data processing for the purposes of marketing is withdrawn, not to exceed 5 years, if the personal data processing takes place on the basis of a consent.
- The Controller shall delete personal data upon the expiry of the data storage period.
Recipients of personal data (Controller’s suppliers)
- Recipients of personal data are the following persons:
• Persons participating in the delivery of goods / services / realization of payments based on contract,
• Persons providing for services of operating an e-shop and other services associated with operating an e-shop,
• Persons providing for marketing services.
- The Controller intends to hand over personal data to third countries (countries outside EU) or to an international organization. Recipients of personal data in third countries are providers of mailing services / cloud services.
- Under the conditions defined in GDPR, you have
• The right of access to your personal data pursuant to Article 15 of GDPR,
• The right to rectification of personal data pursuant to Article 16 of GDPR, or eventually to restriction of processing pursuant to Article 18 of GDPR.
• The right to erasure of personal data pursuant to Article 17 of GDPR.
• The right to object against processing pursuant to Article 21 of GDPR, and
• The right to data portability pursuant to Article 20 of GDPR.
• The right to withdraw the consent with data processing either in writing or electronically to the Controller’s address or e-mail specified in Section III of these Conditions.
- Further on, you have the right to file a complaint with the Office for Personal Data Protection in case you believe your right to personal data protection has been violated.
Conditions to provide for personal data security
- The Controller hereby declares that he adopted all suitable technical and organizational measures to secure personal data.
- The Controller adopted technical measures to secure data storage and personal data storage in documentary form.
- The Controller hereby declares that only persons authorized by him have access to personal data.
- By sending the order from the Internet order form, you confirm having read the conditions of personal data protection and accepting them fully.
- The Controller is entitled to change these Conditions. He will publish the new version of Conditions of Personal Data Protection on his website, and at the same time, he will send the new version of these Conditions to your e-mail address you provided to the Controller.
These Conditions take effect as of 25 May 2018.