Data Protection Policy pursuant to article 13 of EU Regulation 2016/679
Pursuant art. 13 of EU Regulation 2016/679 (hereinafter: “GDPR 2016/679”), laying down provisions for the protection of persons and other subjects relevant to the processing of personal data, we wish to inform you that your personal data will be processed in compliance with the aforementioned legislation and, in particular, any images you provide will be stored in compliance with the same legislation.
This Website and any services provided through the Website, are reserved to people who are 18 years of age or older. The Data Controller does not collect data concerning people who are under 18 years of age. Upon request by the Users, the Data Controller shall timely erase any personal data involuntarily collected or concerning people under 18 years of age.
The Data Controller is the company Naltep s.r.o. (hereinafter: “Company”)
Registered office: Ocelkova 643/20, Prague 9, 198 00 - Czech Republic, E-mail: firstname.lastname@example.org
Purpose for processing the data
• Necessary and mandatory processing of personal data
The Company will use the general personal data provided by you (i.e., name, surname, date and place of birth, tax code, vat number, address, phone number) for purposes relevant to commercial relations between us. The processing of the aforementioned personal data is necessary to provide the services requested and follow up on the relevant activities.
• Processing of optional personal data
The Company will use the optional personal data provided by you (i.e., favourite colours, preferred method of purchase, product lines) in order to improve and customise the offer of products and services and, in particular, for the following optional purposes for which your express consent is required:
- Profiling for a customised Client management: collection and analysis of the Client’s optional personal data (including quantities/spending amounts) in order to process, communicate and allow the Client to take advantage of company services designed according to their habits and propensity to consume.
- Sending of company promotions: sending via-email, mobile phone, fax, text message, picture message and other distance communication channels and/or social network (i.e. Facebook, Instagram, Pinterest, Youtube), promotional materials relevant to company products, services and offers.
- Survey of Client satisfaction and market research: use of data to survey the degree of client satisfaction compared to the use of company services, as well as market research at Points of Sale or by e-mail, phone, mobile, fax, text message, picture message and other distance communication channels and/or social network (i.e. Facebook, Instagram, Pinterest, Youtube) relevant to offers of company products and services.
- Sending of information and advertising relating third-parties: sending of educational and promotional material relevant to third-party products/services and offers, at the Points of Sale or via e-mail, telephone, mobile phone, fax and other distance communication channels and/or social network (i.e. Facebook, Instagram, Pinterest, Youtube).
Personal data, mandatory or optional, may be processed by means of both paper and electronic files (including portable devices) and processed in ways strictly necessary to satisfy the aforementioned purposes.
Legal basis for the processing
The Company processes your personal data lawfully, where the processing:
• is necessary for the execution of a contract to which you are a participant, or for the execution of pre-contractual measures adopted upon request;
• is necessary to fulfill a legal obligation impending on the Company;
- the data subject has given his/her consent to the processing of his/her personal data for one or more purposes, including but not limited to, the sending of a newsletter by the company.
Consequences of failure to communicate personal data
As regards the personal data relevant to the execution of the contract to which you are a participant or relevant to the fulfilment of a regulatory obligation, relevant to the keeping of accounting and tax records, as well as those relevant to the performance of the contract, failure to communicate your personal data prevents the execution of the contractual relationship.
Processing and storage methods
The processing shall be automated and/or manual, in compliance with the provisions of art. 32 of GDPR 2016/679 on the subject of security measures, carried out by parties specifically appointed and in compliance with the provisions of art. 29 GDPR 2016/679.
Please note that, in compliance with the principles of lawfulness, limitation of purposes and data minimization, according to art. 5 of GDPR 2016/679, prior your free and expressed consent, clearly given below this policy, the personal data provided by you while browsing the website or concerning web browsing, will be retained for a period of two years. Personal data processed to give a feedback to the data subject, or to provide a service, will be retained for the time necessary to provide the user with the feedback or service requested. Any data collected for marketing and profiling purposes will be retained for a limited period, no longer than two years, without prejudice to Naltep s.r.o. right to ask the user to renew his/her interest. After that, the data will be retained solely for the time the company is subject to retention obligations for tax purposes or for other purposes provided for by law or by the regulation.
Communication of data
Your personal data can be communicated to:
1. Internal and external personnel entitled, based on their positions and in compliance with the instructions given by the Controller, to process the data;
2. Parties that process data in execution of specific legal obligations;
3. Couriers and external logistic warehouse for activities related to the delivery of products;
4. Companies that manage digital platforms and/or programs and/or apps intended for data processing to improve the website, the e-commerce service, and more in general, for puporses related to our business activity.
Upon written request, we may provide you with the full list of the said companies via email.
Dissemination of data - Profiling
Your personal data will not be subject to disclosure or any fully automated decision making process. The Company specifies that all of the data provided can be used for profiling clients, in order to improve relations between the Company and the same (article 22, paragraphs 1 and 4, of Regulation EU 679/2016).
If you choose to access our website with a Facebook account, the Company may receive information on the account used to log in, such as full name and email address. You can however choose to limit or prevent access to your data through your Facebook privacy settings, also with reference to the monitoring of your activities on our website.
Transfer of personal data
You personal data may be transferred either to EU countries or third countries outside the EU for the purposes stated in this policy and in compliance with the current legislation as for both choice of countrys and manner of transfer.
Special categories of personal data
Pursuant to articles 9 and 10 of the Regulation EU 2016/679, you may provide, to the company, data qualified as “special categories of personal data” and which, therefore, identify “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data related to health or sex life”.
Such categories of data can be processed by the Company only subject to your prior free and explicit consent, in writing at the bottom of this document.
Rights of the data subject
It is possible to exercise the rights, at any time, recognised by current legislation (articles 15 to 22 of EU Regulation 2016/679) among which are the following:
a) request confirmation regarding the existence or not of your personal data;
b) obtain information relevant to the purposes of the processing, categories of personal data, recipients or categories of recipients to whom the personal data have been or may be communicated and, where possible, the period of storage;
c) obtain the rectification and erasure of the data;
d) obtain the restriction of the processing;
e) obtain data portability, i.e. receive them from the data controller, in a structured and commonly used format that is machine readable, and forward them to another data controller without impediments;
f) object, at any time, and also in the event of processing for direct marketing purposes;
g) object to an automated decision-making process relevant to individuals, including profiling.
h) request, from the Data Controller, access, the rectification or erasure of your personal data, or the restriction of processing which concerns you or object to their processing, as well as the right to data portability;
i) withdraw consent at any time without prejudicing the lawfulness of the processing based on the consent given prior to the withdrawal;
j) lodge a complaint to a supervisory authority.
Naltep s.r.o., Ocelkova 643/20, Prague 9, 198 00 - Czech Republic • E-mail email@example.com