GDPR

I. Basic Provisions

The data controller according to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR") is Roman Michenka, Company ID: 00786039, located at Karola Šmidkeho 1827/17, Ostrava 8, 708 00 (hereinafter: "data controller").
Contact details of the data controller are:
Address: Karola Šmidkeho 1827/17, Ostrava 8, 708 00
Email: michenka@romistore.cz
Phone: +420 608 865 357

Personal data refers to any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
The data controller has not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

The data controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order.
The controller processes your identification and contact details, as well as data necessary for the fulfillment of the contract.

III. Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data is:

  • the performance of a contract between you and the data controller pursuant to Article 6(1)(b) GDPR,
  • the legitimate interest of the controller in direct marketing (especially for sending business communications and newsletters) pursuant to Article 6(1)(f) GDPR,
  • your consent to process personal data for direct marketing purposes (especially for sending business communications and newsletters) pursuant to Article 6(1)(a) GDPR in connection with Section 7(2) of Act No. 480/2004 Coll. on certain information society services, in the case that no goods or services have been ordered.

The purpose of processing personal data is:

  • to handle your order and to exercise the rights and obligations arising from the contractual relationship between you and the data controller; personal data necessary for the successful completion of an order (name, address, contact) is required, and providing personal data is a necessary condition for concluding and fulfilling the contract. Without providing personal data, it is not possible to conclude or fulfill the contract,
  • to send business communications and carry out other marketing activities.
    The controller does not carry out automatic individual decision-making as per Article 22 of GDPR.

IV. Data Retention Period

The controller will store personal data for:

  • the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the data controller and to assert claims from these contractual relationships (for a period of 15 years from the termination of the contractual relationship),
  • the period until consent for marketing purposes is revoked, up to a maximum of 15 years, if personal data is processed based on consent.
    After the retention period has elapsed, the controller will delete the personal data.

V. Recipients of Personal Data (Sub-processors)

Recipients of personal data include:

  • persons involved in the delivery of goods/services/payment execution based on the contract,
  • service providers managing the e-shop and other services related to the operation of the e-shop,
  • service providers for marketing services.
    The controller does not intend to transfer personal data to a third country (outside the EU) or to an international organization.
    Operated services ensuring marketing and supporting services include:
  • Google Analytics – records cookies and website usage.

VI. Your Rights

Under the conditions set forth in GDPR, you have the following rights:

  • the right to access your personal data pursuant to Article 15 of GDPR,
  • the right to correct personal data pursuant to Article 16 of GDPR, or to restrict processing pursuant to Article 18 of GDPR,
  • the right to erasure of personal data pursuant to Article 17 of GDPR,
  • the right to object to processing pursuant to Article 21 of GDPR,
  • the right to data portability pursuant to Article 20 of GDPR.
  • the right to withdraw consent to processing, either in writing or electronically, to the address or email of the controller provided in Article III of these terms. You can withdraw your consent at any time in your customer account.

Additionally, you have the right to lodge a complaint with the Office for Personal Data Protection if you believe your rights regarding personal data protection have been violated.

VII. Data Security Conditions

The controller declares that all appropriate technical and organizational measures have been taken to secure personal data.
The controller has implemented technical measures to secure data storage systems and storage of personal data in physical form, including secure/encrypted access to the website, encryption of customer passwords in the database, regular system updates, and regular system backups.
The controller declares that only authorized persons have access to personal data.

VIII. Final Provisions

By submitting an order through the online order form, you confirm that you are familiar with the conditions of personal data protection and that you accept them in full.
You agree to these conditions by ticking the consent box in the online form. By ticking the consent box, you confirm that you are familiar with the privacy conditions and accept them in full.
The controller is authorized to change these conditions. The new version of the privacy policy will be published on the website, and you will be sent the updated version of the conditions to the email address you provided to the controller.

These conditions are effective as of June 1, 2018.