Proceed to cart
Customer support:739 712 246info@granat-shop.com
    Language
    English
    Home / Terms of personal data protection

    Terms of personal data protection

    General Data Protection Regulation (GDPR)

     

    Basic provisions

     

    You hereby grant consent to Granat-shop s.r.o. , IČO: 21519153 VAT number CZ21519153 , with registered office at Radostná 670, 463 12, Liberec (hereinafter referred to as the "Administrator"), for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data data and on the free movement of such data (hereinafter: "GDPR Regulation") to process the following personal data.

     

     

    Category and type of processed data

     

    Name and surname, email address, company name, postal address, telephone number can be processed based on consent and must be processed for the necessary performance of the contract.

     

     

    III. Legal reason and purpose of personal data processing

     

    The legal reason and purpose of personal data processing is:

     

    processing necessary for the fulfillment of the contract to which the data subject is a party pursuant to Article 6 paragraph 1 letter b) Regulation of the GDPR;
    the processing is necessary for the fulfillment of the legal obligation that applies to the administrator according to Article 6 paragraph 1 letter c) Regulation of the GDPR;
    the data subject has given consent to the processing of his personal data for one or more specific purposes according to Article 6 paragraph 1 letter a) Regulation of the GDPR;
    the processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, for example the provision of marketing in the form of a newsletter or business communications pursuant to Article 6 paragraph 1 letter f) Regulation of the GDPR and according to § 7 paragraph 2 of Act No. 480/2004 Coll.
    3.1 The purpose of personal data processing is:

    Fulfillment of the order resulting from the contractual relationship between the subject and the Administrator according to Act No. 89/2012 Coll., or according to another contractual relationship;
    Saving your shopping preferences and subsequent customization of the offer on the Administrator's website;
    Launching marketing and remarketing campaigns on advertising platforms Google, Seznam.cz, Microsoft, Facebook, but also using RTB systems Adform, Criteo, Pubmatic and others using advertising purchase via DSP (Demand Side Platforms) and SSP (Supply Side Platforms);
    Sending commercial messages (newsletters, push notifications and others) as part of marketing and remarketing campaigns using our own or third-party resources (platform for sending e-mails, software for notifying users).
    3.2 Automated individual decision-making takes place on the part of the controller in accordance with Article 22 of the GPDR Regulation. You give your express consent to this processing. Consent can be withdrawn at any time, for example by sending an email or letter to the contact details of the company info@granat-shop.com

     

    The retention period of your data is
    The retention period of your personal data depends on the purpose for which these personal data will be used, namely:
    For the purpose of fulfilling the contractual relationship between the entity and the Administrator: for the duration of the provision of fulfillment
    For marketing purposes: for 1 year
    For performance records: for a period of up to 10 years for accounting documents
    4.1 After the period defined for the retention of your personal data, these personal data are deleted by the Administrator.

     

    Processing of personal data
    The personal data of the subject may be processed by the administrator, as well as by the following processors:
    Software solution providers listed in Article III, paragraph 3.1, letters a), b), c) and d) of this Consent to the processing of personal data;
    A provider of software solutions, applications, services and other processors that may not currently be used by the Administrator;
    Company: Granát-shop.s.r.o.

     

    5.2 The administrator and the processor shall take measures to ensure that any natural person who acts on behalf of the administrator or the processor and has access to personal data, processes such personal data only on the instructions of the administrator, if their processing is no longer required by the law of the Union or a Member State.

     

    Recipients of the administrator's personal data
    Recipients of personal data are companies or persons who:
    Ensuring the implementation of the contract between the administrator and the subject concerned (e.g. forwarding companies, payment processing, over-standard services, etc.);
    Providing marketing services, see Article III. paragraph 3.1, letters a), b), c) and d) of this Consent to the processing of personal data;
    Ensuring the operation of the website www.granat-shop.cz (e.g. partner, marketplace entity, external suppliers, etc.);
    Ensuring the correct agenda of the company: ..., operating the website www.granat-shop.cz, from the point of view of the Act on (e.g. legal advice, accounting, etc.).
    6.1 The administrator intends to use services that are not part of the EU and thus intends to transfer personal data to third world countries. Recipients of personal data in third world countries are the platform providers listed in Article III, paragraph 3.1, letters a), b), c) and d) of this Consent to the processing of personal data.

    VII. Your rights

    According to the provisions in the GDPR Regulation, you have the right to:
    The right to access personal data according to Article 15 of the GDPR Regulation as well as Article 22 and Article 46 of the GDPR Regulation;
    The right to immediate correction of personal data according to Article 16 of the GDPR Regulation;
    The right to erasure of personal data ("the right to be forgotten") according to Article 17 of the GDPR Regulation;
    The right to limit the processing of personal data according to Article 18 of the GDPR Regulation;
    The right to portability of personal data according to Article 20 of the GDPR Regulation;
    The right to object to the processing of personal data concerning you, based on Article 6 paragraph 1 letter e) or f), including profiling based on these provisions, according to Article 20 of the GDPR Regulation;
    The right to revoke the granted consent to the processing of personal data;
    Right to complain to a supervisory authority.
    7.1 The controller does not process personal data further, unless it proves serious legitimate reasons for processing that outweigh the interests or rights and freedoms of the data subject, or for the determination, exercise or defense of legal claims.

    7.2 Only you or your authorized representative can obtain information about your personal data. If the Administrator is not sure of your identity, he may ask you for additional information to verify your identity.

    7.3 The administrator shall notify the individual recipients to whom the personal data has been made available of any correction or deletion of personal data or restriction of processing carried out in accordance with Article 16, Article 17 paragraph 1 and Article 18 of the GDPR Regulation, except in cases where this proves to be impossible or it requires disproportionate effort. The administrator informs the data subject of these recipients if the data subject so requests.

     

    VIII. Security of personal data

    Taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of the processing, as well as the variously probable and variously serious risks to the rights and freedoms of natural persons that the processing entails, the controller shall implement both at the time of determining the means for processing and in at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization, the purpose of which is to implement data protection principles such as data minimization in an effective way and to incorporate the necessary guarantees into the processing, so as to meet the requirements of this Regulation and protect the rights of data subjects.

     

    8.1 The Administrator shall implement appropriate technical and organizational measures to ensure that only personal data that is necessary for each specific purpose of the processing is processed by default. This obligation applies to the amount of personal data collected, the scope of their processing, their storage period and their availability. These measures will in particular ensure that personal data are not made available to an unlimited number of natural persons by default without human intervention.

     

    This consent to data processing takes effect on July 1, 2024