I. Basic Provisions
The controller of personal data under GDPR (EU General Data Protection Regulation) is:
PARTORY s.r.o.
Company ID: 05365678
Registered office: Průmyslová 944/25, 500 02 Hradec Králové, Czech Republic
(hereinafter referred to as the “Controller”)
Controller’s contact details:
Phone: +420 497 770 180
Email: contact@partory.com
Personal data refers to all information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Controller has not appointed a Data Protection Officer.
II. Sources and Categories of Processed Personal Data
The Controller processes personal data that you have provided or personal data obtained based on the performance of your order. The Controller processes your identification and contact details and data necessary for the fulfillment of the contract.
III. Legal Reason and Purpose for Processing Personal Data
The legal reason for processing personal data is:
-Performance of the contract between you and the Controller pursuant to Article 6(1)(b) of GDPR.
-The legitimate interest of the Controller in direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(f) of GDPR.
-Your consent to the processing for the purposes of direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, if no goods or services have been ordered.
The purpose of processing personal data is:
-To process your order and exercise rights and obligations arising from the contractual relationship between you and the Controller. Personal data required for successful order fulfillment (e.g., name, address, contact information) must be provided; without this data, it is not possible to conclude or fulfill the contract.
-Sending commercial communications and conducting other marketing activities.
The Controller does not perform automated individual decision-making as per Article 22 of GDPR. Express consent has been provided for such processing.
IV. Retention Period
The Controller retains personal data for:
-The period necessary to exercise rights and obligations arising from the contractual relationship between you and the Controller, and to assert claims from these relationships (15 years from the termination of the contractual relationship).
-The period until consent to processing for marketing purposes is withdrawn, but no longer than … years if the personal data is processed based on consent.
After the retention period, the Controller deletes the personal data.
V. Recipients of Personal Data (Controller’s Subcontractors)
Recipients of personal data include:
-Persons involved in the delivery of goods/services or payment execution under the contract.
-Persons ensuring the operation of services and marketing services.
The Controller does not/will transfer personal data to a third country (outside the EU) or an international organization.
Recipients of personal data in third countries are providers of mailing/cloud services.
VI. Your Rights
Under GDPR, you have the following rights:
– Right of access to your personal data under Article 15 of GDPR.
– Right to rectification under Article 16 of GDPR or restriction of processing under Article 18 of GDPR.
– Right to erasure under Article 17 of GDPR.
– Right to object to processing under Article 21 of GDPR.
– Right to data portability under Article 20 of GDPR.
– Right to withdraw consent to processing, in writing or electronically, to the Controller’s address or email specified in Article III of these terms.
– Right to file a complaint with a supervisory authority if you believe your data protection rights have been violated.
VII. Personal Data Security Provisions
The Controller declares that:
– Appropriate technical and organizational measures have been taken to secure personal data.
– Technical measures are in place to protect data storage and physical data storage.
– Access to personal data is restricted to authorized persons only.
VIII. Final Provisions
By submitting an order via the online order form, you confirm that you have read the Privacy Policy and fully accept its terms.
You agree to these terms by checking the consent box in the online form. By doing so, you confirm that you have read and fully accept the Privacy Policy.
The Controller reserves the right to amend these terms. Any updated version of the Privacy Policy will be published on the Controller’s website or sent to your email address provided to the Controller.
These terms are effective as of January 1, 2020.