Principles of processing and protection of personal data
Principles of processing and protection of personal data CAPPA 2, Ltd.
I. General provisions
- 1. The company CAPPA 2, Ltd., ID No .: 60111470, with its registered office at Podnikatelská 565, 190 11 Praha 9 – Běchovice, issues, for purpose of informing its customers, supporters and friends (hereinafter collectively „members“) about the processing of their personal data based on consent, these principles relating to processing of personal data when granting or renewing consent (hereinafter referred to as " principles").
- The company CAPPA 2, Ltd. has in the processing of personal data pursuant to article 4 point 7 of Regulation of the European Parliament and of the Council (EC) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as GDPR) the position of „an Administrator“ of personal data (hereinafter referred to as „Administrator“.
- Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as a name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.
- The administrator did not appoint a Data Protection Officer.
II. Sources and categories of processed personal data
1. The administrator processes the personal data you have provided to him / her, or the personal data that the administrator has received on the basis of performance of your order.
2. The administrator processes your identification, contact details and data necessary for performance of the contract.
III Legitimate reason and purpose of processing personal data
1. The legitimate reason for the processing of personal data is
● the performance of the contract between you and the administrator under Article 6
par.1 letter b) of GDPR,
2. The purpose of processing personal data is
● the execution of your order and exercise of rights and obligations arising from the contractual relationship between you and the administrator; (personal name, address, contact) is the personal data necessary a successful conclusion and performance of the contract, without provision of personal data it is not possible to conclude the contract or to perform it by the administrator,
3. The administrator does not have an automatic right of individual decision within the meaning of Article 22 of GDPR.
IV. Retention period of personal data
- The administrator keeps personal data
- for a period necessary to exercise the rights and obligations resulting from the contractual relationship between you and the administrator and claiming rights under these contractual relationships (for a period of 15 years from the termination of the contractual relationship).
- At the elapse of data retention period, the administrator will erase personal data.
V. Recipients of personal data (subcontractors of the administrator).
Recipients of personal data are persons,
- involved in the delivery of goods / services / making payments on the basis of a contract: Geis, DPD, Zásilkovna (mail order shop).
- ensuring other services related to the operation of the e-shop: (Forpsi) and other services related to the operation of the e-shop: (Seznam cz, Heuréka, Google, MOTOportal, s.r.o.)
- The administrator does not intend to transfer personal data to a third country (to a non-EU country) or to an international organization.
VI. Your rights
- . Under conditions stated in GDPR you have
- the right of access to your personal data under Article 15 of the GDPR,
- the right to correction of personal data pursuant to Article 16 of the GDPR, or to the restriction of processing pursuant to Article 18 of GDPR.
- the right of cancellation of personal data pursuant to Art.17 of GDPR.
- the right to lodge an objection against processing under Article 21 of GDPR and
- the right to data portability under Article 20 of GDPR.
- the right to withdraw consent to processing in writing or electronically to the address or email of the administrator referred to in Article III of these Conditions.
- The Administrator declares that he has taken all appropriate technical and organizational measures to safeguard personal data.
- The administrator has taken technical measures to secure data repositories secured by an antivirus program, by an access password, and personal data repositories in paper form with access only for authorized persons.
- The Administrator declares that personal data are only accessible to persons authorized by him / her.
VIII. Final Provisions
These terms come into effect on May 25, 2018.