GDPR data protection
GDPR (General Data Protection Regulation) is a new comprehensive European data protection regulation that will provide greater data protection for individuals in the European Union (EU).
Data protection terms and conditions
I. Basic Provisions
1. These data protection terms and conditions provide information, within the meaning of Article 13(1) of Regulation (EU) No 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (hereinafter referred to as the "Regulation"), to personal data subjects - buyers making a purchase from the Majkl3D.eu, Majkl3D-Technology s.r.o. online shop, who are natural persons and who provide their personal data to the controller for the purpose of concluding and performing the relevant purchase contract.
2. The controller of the personal data pursuant to Article 4 point 7 is Majkl3D-Technology s.r.o. (hereinafter: "the controller").
3. The contact details of the controller are the address: Majkl3D-Technology s.r.o., No. 411, 34004 Železná Ruda. Email: email@example.com phone: +420 773 802 800 , ID No. 10818651. Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
4. the controller has not appointed a data protection officer.
II. Sources and categories of personal data processed
1. The controller processes personal data that you have provided to the controller or personal data that the controller has obtained as a result of the fulfilment of your order.
Buyer - consumer (B2C)
- name and surname
- telephone number
- account number (withdrawal, claim, overpayment...)
Buyer - entrepreneur - natural person (B2B)
- name and surname
- phone number
- address of the place of business
- registration number and VAT number
- account number (withdrawal, claim, overpayment...)
III. Legal basis and purpose of processing personal data
1. The lawful reason for processing personal data is
- performance of a contract concluded between you and the controller pursuant to Article 6(1)(b) of the Regulation,
- the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) of the Regulation,
- your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the Regulation in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in the absence of an order for goods or services.
2. The purpose of the processing of personal data is
- within the scope of the legal basis pursuant to Article 6(1)(b) of the Regulation: o the processing of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the controller; when placing an order, the personal data required for the successful processing of the order (name and address, contact) are required, the provision of personal data is a necessary requirement for the conclusion and performance of the contract, without the provision of personal data it is not possible to conclude the contract or its performance by the controller
- within the scope of the legal basis pursuant to Article 6(1)(f) of the Regulation for the sending of commercial communications concerning services and events offered or operated by the controller, to your e-mail address indicated in the order.
3. There is no automatic individual decision-making by the controller within the meaning of Article 22 of the Regulation which would have legal effects on you or affect you in a similarly significant way.
IV. Data retention period
1. The controller retains personal data
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the controller and the exercise of claims arising from that contractual relationship.
2. After the expiry of the personal data retention period, the controller shall delete the personal data from all storage facilities, unless the legal regulations stipulate the obligation to archive documents containing personal data for a longer period of time (in particular pursuant to Act No. 563/1991 Coll. on Accounting or Act No. 235/2004 Coll. on Value Added Tax.
V. Recipients of personal data (subcontractors of the controller)
1. The recipients of personal data are:
a) corporate accountants,
b) EVici webdesign s.r.o. - provider of software for the creation and management of online shops,
d) Czech Post,
- involved in the delivery of goods/services/payments under the contract,
- providing services for the operation of the e-shop at www.majkl3d.cz and other services in connection with the operation of the e-shop,
- providing marketing services.
2. The controller does not intend to transfer personal data to a third country (to a country outside the EU) or to an international organisation.
VI. Your rights
1. Under the conditions set out in the Regulation, you have
- the right to access your personal data in accordance with Article 15 of the Regulation, - the right to rectification of personal data in accordance with Article 16 of the Regulation or restriction of processing in accordance with Article 18 of the Regulation.
- the right to erasure of personal data pursuant to Article 17 of the Regulation.
- the right to object to the processing of data processed for the purposes of the controller's legitimate interests pursuant to Article 21
- the right to data portability pursuant to Article 20 of the Regulation
2. You also have the right to lodge a complaint with the Data Protection Authority if you believe that your right to data protection has been violated.
VII. Conditions for the security of personal data
1. The controller declares that it has taken all appropriate technical and organisational measures to secure personal data. The controller is entitled to process your personal data manually or by automated means through its authorised employees or through a processor in the capacity of a data processor. Personal data is processed in the form of electronic databases on secure data storage facilities of the controller or its contractual partners in the capacity of data processors.
2. the controller has taken technical measures to secure data storage and personal data storage facilities. The controller and the processor shall secure the personal data processed by means of organisational, physical and software security measures, in particular by setting up access rights for employees to the relevant information systems, by physically securing premises and data storage media and by means of software protection against unauthorised access to data via the Internet.
3. The controller declares that only persons authorised by it have access to personal data.
VIII. Final provisions
1. By submitting an order from the online order form, you confirm that you are aware of the terms and conditions of data protection and that you accept them in their entirety.
These terms and conditions will take effect on 21.07.2022