effective from 01.05.2018
For the purposes of the information which you provide to us, ATEX s.r.o. acts as the data controller. Therefore we would like to inform users of our websites eshop.atexsport.cz how we process your personal data. We will at all times comply with the General Data Protection Regulations so called ‘GDPR’ that came into force by regulation of European Parliament and Council (EU) 2016/679.
We can always contact us with any of your queries via web form that can be found on our websites or by email. Our email address is firstname.lastname@example.org.
2. Why do we collect your personal data and based on what legal regulation?
ATEX process your private data in order to:
- provide goods and services and to conclude a business contract with you
- give you feedback or answer requests relating your personal data protection
- send you notifications
- protect your personal data
Above all we collect you data to be able to conclude a business contract and to legally offer you our services.
Legal justifications for collecting your data are:
- fulfilment of business contract with you on providing services
- meeting legal obligation to answer you requests relationg your personal data
- with your agreement, to contact you electronically with notifications
- market research purposes
- to enable ATEX s.r.o. to offer you our customer service;
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
3. What personal data do we collect and how long for?
We collect all of the information which enable us to manage customer service with you.
This information will include: name, surname, address, telephone, e-mail address, gender, password, username, order details and company name. This information help us to manage your order, reply to your questions, loyality program matters, preference setting and with your agreement, we can also contact you electronically with marketing notifications.
We will also collect information when you buy goods from us on our website to manage your order. This will include: name, surname, address, telephone, email address, information on the product, the time and date of your purchase, the goods you purchased, how happy you were with the service, changes in your order or complaints.
Your payment details are not collected directly by us but through our partenrs. Geolocation information is collected in order to provide you with better service and goods and for statistic reasons.
Regarding newsletters and advertisement notifications we can process this data: email address, name and surname.This information is only collected with your agreement.
Much of information is collected by cookies and it is used to secure good working order of our websites and its personalisation. We can collect: username and password, order history, geolocation info, IP address, browser and device details and other information for statistic purposes. All these are important tools in improvement of our websites and give us statistic information about our customers.
In order to set a good communication with our customers especially when it is to answer their enquiries, we can process: name, surname, telephone, e-mail address.
Unless we have this data, we cannot provide you with service as they are essential for our business contract.
We will not retain your data for longer than necessary for the purposes set out in this Policy. However the longest we will normally hold any personal data is 10 years from your order. In case the order was not completed, all your personal data will be deleted within 12 months in case our mutual relation will come into force again.
In some cases we can keep you personal data longer but only if we are legally entitled to and especially in terms of taxes, accountancy and archives.
4. Marketing notifications
We use your data to fulfil any orders you place with us. If you DID NOT tick a box: 'I don’t want to receive marketing communication’, we will send them to you. Your decision to receive or not receive marketing communication does not have any impact on our mutual business agreement. These notifications will include information on our services, products and offers that you may be interested in.
We can also send you marketing communication if you pre-approved it regardless whether you made a contract with us or not.
Either way, you can cancel this service at any time on our email address, online form or through cancellation link in every email.
5. Why we use profiling and automatic decision making?
Our company is striving to provide you with individually tailored offers and services. Therefore, based on your agreement, we profile your personal data. In order to do that we use automatic information system, web applications and calculators based on which we send you individualised notifications and offers, goods or services of ATEX s.r.o. This system allows us to meet your needs better, to estimate future trends and adjust our products adn services accordingly.
6. Who are our partners?
You also agreed to pass your personal data to our selected third parties partners when agreeing to receive marketing communication. Our partners follow the same regulation in protecting personal data and we signed contract on processing personal data with them. You can get a list of our business partner at request.
7. Who can acces your personal data?
For marketing purposes, we share your data with third party service providers who help us to do this and to generally operate our business effectively. For example, to improve the level of services which we provide you with, your data may be shared with third parties, so-called mediators. ATEX s.r.o. signed a legal contract with these parties on using personal data based on which they have to follow strict rules of dealing with personal data. We only share information that is necessary for their job. Third parties can be IT companies, hosting services and companies that secure HW running, external marketing agencies, external graphic designers and programmers. External companies providing payment portals.
8. Personal data of under 16
We do not collect data of people under 16 years of age.
9. Who receives your personal data
Our subcontractors or processors of personal data have access to your personal data. These can be people we closely cooperate with based on trade certificate or it can be our external IT administrator or companies that provide cloud or online marketing services or email services.
10. Disclosing data to third countries
In order to process personal data we can use online services such as Google LLC or Microsoft Corporation or e-mail services of The Rocket Science Group, LLC (publicly known as MailChimp). These companies are based in the USA and are registered within so called EU-USA privacy shield. You can access it on: https://www.privacyshield.gov. European Commission published an agreement on privacy setting related to the shield, Art. 45 par 9 GDPR therefore no other permission is needed.
11. Your rights
If we process your private data, you have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right of access);
- the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
You also have a right to object at supervisory office which is Office for Personal Data Protection. The website is: https://www.uoou.cz/.
12. Your rights explained
Right of access personal data means that you are entitled to get a confirmation whether your data is processed or not and you have a right to access this personal data including information on processing it, based on Art.15 GDPR.
- reason for processing,
- category of personal data,
- receiver or category of receivers of personal data,
- period during which the data will be processed or its criteria,
- right to correct, erasure, restrict processing, right to object processing,
- right to place a comlaint at supervisory office,
- all accessible informaion on resources of personal data if not provided by you,
- notification that automatic decision taking or profiling take place.
- information on suitable security as in Art. 46 GDPR (related to data discloser) and information on disclosing data to third countries and international organisations.
Right of rectification means that upon your request we have to correct inaccurate information or complete it in accordance with Art. 16 GDPR.
Right of erasure means that upon your request we have to erasure your personal data in accordance with Art. 17 GDPR. We can do so given that:
- personal data are no longer needed
- your consent was appealed and there is no other legal reason for processing your data
- you have objections to processing of your data
- data processing is illeagal
- erasure is needed to meet legal obligations, or
- personal data was collected in relation with an offer from information company to the effect of Art. 8 par.1 GDPR
Right to restrict processing means that upon your request we have to restrict processing your data in accordance with Art. 18 GDPR.
Further you have a right to data portability which means that upon your request we have to give your your information in machine-readable form in case the processing is based on agreement or on a contract ( fulfilment of the contract ). In the same time the processing is done in automatized way in accordance wiht Art. 20 GDPR.
13. Right to raise objection
We explicitly draw your attention to right to raise an objection. This means that you have a right to raise an objection against any direct marketing. If you do so we cease direct marketing straight away.
Right to raise an objection can be also generally applied against processing of your personal data based on a legal justification so called ‘authorised interest’or ‘fulfilment of a task in public interest or discharge of duties in public interest including profiling based on these legal resonings’.
You can raise your objection on our email address email@example.com.