TERMS AND CONDITIONS OF PERSONAL DATA PROTECTION
1 PERSONAL DATA PROTECTION
1.1 By submitting an inquiry using the online contact form, the User confirms that he/she understands the Terms and Conditions of Personal Data Protection, that he/she expresses his/her consent and accepts them to the full extent.
1.2 The Provider manages users’ personal data in accordance with Art. 4 Sec. 7 of Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons and on the free movement of such data, and the repealing Directive 95/46/ES (General Data Protection Regulation) (hereinafter referred to as “GDPR”). The Provider undertakes to process personal data in accordance with legal regulations, in particular GDPR.
1.3 Personal data is all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific features of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 When submitting an inquiry through the online contact form, personal data (name and address, contact) necessary for the successful completion of the order is required. The purpose of processing personal data is to process the user’s order and exercise the rights and obligations arising from the contractual relationship between the Provider and the User. The purpose of the processing of personal data is also to send advertising messages and perform other marketing activities. The legal reason for processing personal data is the execution of the contract according to Art. 6 (1) (b) of the GDPR, fulfillment of the legal obligation of the administrator according to Art. 6 (1) (c) of the GDPR and the legitimate interest of the Provider according to Art. 6 (1) (f) of the GDPR. The legitimate interest of the Provider is to process personal data for direct marketing purposes.
1.5 To fulfill the concluded contracts, the Provider uses the services of subcontractors, in particular, providers of mailing services (personal data is stored in third countries) and web hosting providers. Subcontractors are checked for the secure processing of personal data. The web hosting provider and subcontractor have concluded a contract on the processing of personal data, according to which the subcontractor is responsible for the proper security of the physical, hardware and software perimeter, and therefore bears direct responsibility to the User for any leakage or breach of personal data.
1.6 The Provider stores the User’s personal data for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Provider and the User and the assertion of claims under these contractual relationships (for a period of 15 years from the termination of the contractual relationship). After that, the data will be deleted.
1.7 The User has the right to request from the Provider access to his/her personal data pursuant to Article 15 of the GDPR, correction of personal data pursuant to Art. 16 of the GDPR, or restrictions on processing pursuant to Art. 18 of the GDPR. The user has the right to delete personal data according to Art. 17 (1) (a), and (c) to (f) of the GDPR. Furthermore, the User has the right to object to the processing according to Art. 21 of the GDPR and the right to data portability according to Art. 20 of the GDPR.
1.8 The User has the right to lodge a complaint with the Office for Personal Data Protection if he/she considers that his/her right to the protection of personal data has been violated.
1.9 The User is under no obligation to provide personal information. However, the provision of personal data is a necessary requirement for concluding and execution of the contract. Without the provision of personal data it is not possible to conclude the contract or to get it processed by the Provider.
1.10 There is no automatic individual decision-making by the Provider in the sense of Art. 22 of the GDPR.
1.11 By submitting the online contact form, the person interested in the Provider’s services:
1. agrees to the use of his/her personal data for the emailing purposes of advertising messages, advertising materials, direct sales, market research and direct product offers by the Provider and third parties, but not more often than once a week, and at the same time
2. declares that sending information according to 1.11.1 is not considered as unsolicited advertisement in the sense of Act 40/1995 Coll. as amended, as the user has expressed his/her consent to sending of this information according to 1.11.1 in connection with § 7 Act 480/2004 Coll.
3. According to this paragraph, the User may withdraw his/her consent at any time in writing at email@example.com.
2 RIGHTS AND OBLIGATIONS BETWEEN THE ADMINISTRATOR AND THE PROCESSOR (PROCESSING CONTRACT)
2.1 In relation to the Users’ clients’ personal data, the Provider is a Processor of this data in accordance with Art. 28 of the GDPR.
2.2 These terms and conditions regulate the mutual rights and obligations in the processing of personal data to which the Provider has gained access within the execution of the contract concluded with the User.
2.3 The Provider undertakes to process personal data for the User to the extent and for the purpose specified in Art. 2.4 – 2.7 of these Terms and Conditions. Processing resources will be automated. As part of the processing, personal data will be collected, stored on information carriers, blocked and disposed of by the Provider. The Provider is not entitled to process personal data in contravention or beyond the scope specified in these Terms and Conditions.
2.4 The Provider undertakes to process personal data for the Users to the following extent:
a) common personal data,
b) special data in accordance with Art. 9 of the GDPR,
2.5 which the Provider has gained in connection with his/her own business activities.
2.6 The Provider undertakes to process personal data for the Users only to manage the order placed by the User, and the exercise of rights and obligations arising form the contractual relationship between the Provider and the User. The purpose of the processing of personal data is further sending of messages and performing other marketing activities. The legal reason for the processing of personal data is the contract execution in accordance with Art. 6 (1) (b) of the GDPR, fulfillment of the Administrator’s legal obligation in accordance with Art. 6 (1) (c) of the GDPR and the Provider’s legitimate interest in accordance with Art. 6 (1) (f) of the GDPR. The Provider’s legitimate interest is the processing of personal data for direct marketing purposes.
2.7 Personal data may be processed only at the workplaces of the Provider or its subcontractors in accordance with Art. 2.8 of these Terms and Conditions, in the territory of the European Union.
2.8 The Provider undertakes to process the User’s clients’ personal data for the User only within the time necessary to exercise rights and obligations arising from the contractual relationships between the Provider and the User and asserting claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
2.9 The User grants a permission to involve a subcontractor as another Processor in accordance with Art. 28 (2) of the GDPR, who is Four Bros as the web hosting provider. The User further grants a general permission to involve another personal data processor, the Provider must, however, inform the User in writing of any intended changes related to their admission of other processors or their substitution, and provide the User with the opportunity to object to these changes. The Provider shall impose the same obligations for the protection of personal data as specified in these Terms and Conditions on his/her subcontractors.
2.10 The Provider further undertakes that the processing of personal data will be secured in the following way:
- Personal data is processed in accordance with legal regulations and on the basis of the User’s instructions, i.e. to perform all activities necessary for the provision of Four Bros marketing services.
- The Provider undertakes to provide both technical and organizational protection of personal data in such a way that no unauthorized access to the data, its change, destruction or loss, unauthorized transfer, its other unauthorized processing as well as other misuse shall occur, and to guarantee that all obligations of the personal data processor arising from legal regulations are ensured in terms of personnel and organization for the duration of data processing.
- The technical and organizational measures taken correspond to the degree of risk. Using them, the Provider ensures continuous confidentiality, integrity, availability and resilience of processing systems and services and restores the availability of the access to personal data in a timely manner in case of physical or technical incidents.
- The Provider hereby declares that the protection of personal data is subject to the Provider’s internal security regulations.
- Only authorized persons of the Provider and subcontractors according to Art. 2.8 of these Terms and Conditions will have access to personal data and their conditions and scope of data processing will be specified by the Provider. Each such person will access personal data under his/her unique identifier.
- Authorized persons of the Provider who process personal data according to these Terms and Conditions are obliged to maintain confidentiality of personal data and security measures the disclosure of which would jeopardize their security. The Provider shall ensure their demonstrable commitment to this obligation. The Provider shall ensure that this obligation for the Provider and the authorized persons will continue even after the termination of the employment or other relationship with the Provider.
- The Provider shall assist the User using suitable technical and organizational measures, where possible, to fulfill the User’s obligations to respond to requests for the exercise of the data subject’s rights specified in the GDPR; as well as to ensure compliance with the obligations under Art. 32 to 36 of the GDPR, taking into account the nature of the processing and information available to the Provider.
- Upon termination of execution which is connected with the processing, according to Art. 2.7 of these Terms and Conditions, the Provider is obliged to delete all personal data or return it to the User unless the Provider is obliged to store personal data based on a special Act.
- The Provider will provide the User with all information necessary to prove that all obligations under this Contract and GDPR have been fulfilled, he/she will allow audits, including inspections, performed by the User or another auditor authorized by the User.
2.11 The User undertakes to immediately report all facts known to him/her which could adversely affect proper and timely execution of the obligations arising form these Terms and Conditions and provide the Provider with the assistance necessary to fulfill these conditions.
3 FINAL PROVISIONS
3.1 These Terms and Conditions expire at the end of the period specified in Art. 1.6 and 2.7 hereof.
3.2 The User agrees to these Terms and Conditions by providing his/her consent using the online contact form. By providing his/her consent, the User expresses he/she has read these Terms and Conditions, and he/she expresses his/her consent and accepts them to the full extent.
3.3 The Provider is entitled to change these Terms and Conditions. The Provider is obliged to publish a new version of the Terms and Conditions on his/her website without delay, or email the new version to the User.
3.4 Contact details of the Provider in matters concerning these conditions: +420 607 206 834, firstname.lastname@example.org.
3.5 Relationships not explicitly regulated by these Terms and Conditions follow the GDPR and the Law of the Czech Republic, in particular Act No. 89/2012 Coll., The Civil Code, as amended.
3.6 These Terms and Conditions come into effect on 15.5.2018.