1. Data Controller, as defined in article 4, paragraph 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing („GDPR”) is Motylum s.r.o. IČ: 07997604, Valchařská 24/36, 614 00 Brno, Czech Republic („Controller“).
2. Controller’s contact details:
address: Valcharska 24/36, 614 00 Brno, Czech Republic
phone: +420 703 488 889
3. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
4. The Controller did not specify any appointed party for personal data protection.
Sources and categories of processed personal data
1. The Controller processes personal data provided by you or personal data obtained in connection with the fulfillment of your order.
2. The Controller processes your identification and contact information necessary for contract fulfillment.
Legitimate purpose and intent of personal data processing
1. Legitimate purpose for processing of personal data is:
- fulfillment of a contract between you and the Controller as per article 6, paragraph 1, letter b) of the GDPR,
- legitimate interest of the Controller in supplying direct marketing (particularly sending advertising messages and newsletters) as defined in article 6, paragraph 1, letter f) of the GDPR,
- your consent to processing for the purposes of supplying direct marketing (particularly sending advertising messages and newsletters) as defined in article 6, paragraph 1, letter f) of the GDPR in connection to § 7, paragraph 2 of the law no. 480/2004 Sb., about certain services of an information company in case no order of goods or services has been placed.
2. Intent for processing of personal data is:
- fulfillment of your order and application of rights and obligations arising from the contractual relationship between you and the Controller; during the process of ordering, personal information is required that is necessary for successful fulfillment of the order (name and address, contact); providing personal information is a necessary condition for entering into and the fulfillment of the contract; without providing personal data it is not possible to enter into the contract and the Controller cannot fulfill it,
- sending advertising messages and conducting other marketing activities.
3. The Controller does not make any automatic individual decisions in the sense of article 22 of the GDPR.
Duration of data retention
1. Controller retains the data:
- for the time necessary to fulfill rights and obligations arising from the contractual relationship between you and the Controller and to exercise claims resulting from these contractual relationships (for 15 years after the conclusion of the contractual relationship).
- until the consent with processing of personal data for marketing purposes is withdrawn, up to 15 years, if personal data is processed based on consent.
- in case of processing of personal data for for marketing purposes based on legitimate interest of the Controller, up to 15 years, unless an objection is raised in accordance with article 21 of the GDPR.
2. After the duration of personal data retention, Controller will delete personal data.
Personal data recipients (contractors of Controller)
1. Recipients of personal data are entities
- cooperating on delivery of the goods / services / processing payment in accordance with the agreement,
- providing online store services (Shoptet) and other services in connection to online store operations,
- providing marketing services.
2. The Controller intends to transmit personal data to a third country (country outside EU) or international organisation. Recipients of personal data in third countries are suppliers of mailing services (Mailchimp).
1. Under the conditions of GDPR you have
- right to access your personal data as per article 15 of the GDPR,
- right to correct personal data as per article 16 of the GDPR, and limit processing as per article 18 of the GDPR.
- right to erase personal data as per article 17 of the GDPR.
- right to raise an objection to processing of data as per article 21 of the GDPR.
- right to transfer data as per article 20 of the GDPR.
- right to withdraw your consent to processing in a written or electronic form, using the address or e-mail specified in article III of these terms.
2. Further, if you believe your right to protection of personal data has been breached, you have the right to submit a complaint with the Office for personal data protection.
Conditions of personal data security
1. Controller declares that suitable technical and organizational precautions have been taken in order to secure personal data.
2. Controller is employing technical means to secure both electronic and hardcopy storage of personal data.
3. Controller declares that personal data is accessible to parties appointed by the Controller.
1. By submitting an order through the online ordering form you confirm you have been made aware of the conditions of personal data protection and that you accept these without reservation.
2. Controller retains the right to change these conditions. Any new version of the terms of personal data protection will be made public on the Controller’s website and a copy of this new version of terms will be sent to your e-mail address, which you provided to the Controller.
These terms are valid from 18.3.2019.