1.2 The provider is the controller of the personal data of users pursuant to art. 4 paragraph 7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR“). The provider undertakes to process personal data in accordance with the laws, regulations and GDPR.
1.3. Personal data are Any information relating to an identified or identifiable natural person; An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, locator data, network identifier or one or more specific elements of a physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.
1.4 When ordering, personal data required for successful processing of the order (name and address, contact) are requested. The Purpose of processing personal data is to process the user’s order and exercise the rights and obligations arising from the contractual relationship between the provider and user. The purpose of processing personal data is to send commercial communications and other marketing activities. The lawful reason for the processing of personal data is the performance of the contract pursuant to art. Article 6 (a) (1) b) GDPR, fulfilment of legal obligation of the controller pursuant to art. Article 6 (a) (1) c) GDPR and legitimate interest of the provider under art. Article 6 (a) (1) f) GDPR. The provider’s legitimate interest is the processing of personal data for direct marketing purposes.
1.5 The provider for the fulfilment of the license Agreement uses the services of subcontractors, in particular the provider of mailing services (personal data are stored in 3rd countries) and the web host provider. Subcontractors are vetted for the safe processing of personal data. The provider and the subcontractor of the web host have concluded a contract for the processing of personal data, according to which the subcontractor is responsible for properly securing the physical, hardware and software perimeter, and therefore is directly responsible to the user for any leakage or Personal data breaches.
1.6 The provider stores the user’s personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and the application of claims from these contractual relationships (for 15 years after the termination of the contractual relationship). After it expires, the data will be erased.
1.7 The user has The right to require the provider to access his personal data pursuant to art. 15 GDPR, rectification of personal data pursuant to art. 16 GDPR, or restriction of processing pursuant to art. 18 GDPR. The user has the right to erasure of personal data pursuant to art. Article 17, paragraph (1) (a), and (c) to (f) GDPR. In addition, the user has the right to object to processing pursuant to art. 21 GDPR and the right to data portability pursuant to art. 20 GDPR.
1.8 The user has the right to lodge a complaint with the Office for Personal Data protection if he/she considers that his or her right to the protection of personal data has been infringed.
1.9 The user is not obliged to provide personal data. However, the provision of personal data is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data it is impossible to conclude or fulfill the contract by the provider.
1.10 There is no automatic individual decision by the provider within the meaning of 22 GDPR.
1.11 Interested persons interested in using the provider services by completing the contact form:
- 1. Agrees to use its personal data for the purpose of electronic sending of commercial communications, advertising materials, direct sales, market surveys and direct offers of products by the provider and third parties, but not more than 1x a week, and While
- 2. Declares that the sending of information according to point 1.11.1 does not constitute an unsolicited advertising in the sense of the Cust. No. 40/1995 Sb. In the wording of the novel, since the user is sending information according to the item 1.11.1 in conjunction with § 7 Cust. No. 480/2004 Sb. expressly agrees.
- 3. The user may at any time revoke the consent provided for in this paragraph at [email protected].
- Necessary cookies -cookies strictly necessary to ensure the operation of the website and Internet services. No consent is required to use these cookies.
- Analytics and Marketing cookies -consent is required to use other cookies. Cookies in this category are used primarily for anonymous monitoring of traffic and user activity on our website. This allows us to track what customers like and improve our services.
Ii. Rights and obligations between the Controller and the processor (processing contract)
2.1 The provider is in relation to the personal data of the user’s clients by the processor pursuant to art. 28 GDPR. The user is the controller of this data.
2.2 These terms govern the reciprocal rights and obligations in the processing of personal data to which the provider has obtained access to the performance of the license agreement concluded by agreeing the general terms and conditions at www.versailles.cz (hereinafter “License Agreement“) concluded with the user on the date of establishment of the Internet form submission.
2.3. The provider undertakes to process personal data for the user to the extent and for the purposes set out in art. 2.4-2.7 of these conditions. The processing resources will be automated. As part of the processing, the provider will collect, store, store, block and dispose of personal information. The provider is not entitled to process personal data contrary to or beyond the scope of these terms.
2.4 The provider undertakes to process personal data to the user within the following range:
- Normal personal data,
- Specific categories of data pursuant to art. 9 GDPR,
Acquired by the user in connection with his or her own business activities.
2.5. The provider undertakes to process personal data for the user in order to implement his request or order.
2.6. Personal data may only be processed in the workplaces of the provider or its subcontractors under art. 2.8 of these conditions, within the European Union.
2.7. The provider undertakes to process the personal data of the user’s clients for the period of time necessary to exercise the rights and obligations arising from the contractual relationship between the provider and the user and from the application of claims from these contractual relationships (for a period of 15 From the end of the contractual relationship).
2.8 The user grants authorisation with the involvement of a subcontractor as another processor pursuant to art. Article 28 (a) 2 GDPR, which is the hosting provider of the site versalles.cz. In addition, the user grants the provider a general authorisation to engage in the processing of another processor of personal data, but the provider must inform the user in writing of any proposed changes concerning the acceptance of other processors or their substitution and give the user the opportunity to object to such changes. The provider must impose the same data protection obligations on its subcontractors as a processor of personal data as set out in these terms.
2.9. The provider undertakes that the processing of personal data will be ensured in particular as follows:
- Personal data are processed in accordance with the laws and instructions of the user.
- The provider undertakes to ensure the technical and organisational protection of the personal data processed in such a way that unauthorised or incidental access to data, alteration, destruction or loss, unauthorised transmission, to their other Unauthorized processing, as well as other misuse, and to ensure that all obligations of the processor of the personal data, arising from the legislation, are provided by personnel and organizationally throughout the period of processing of the data.
- The technical and organisational measures adopted correspond to the level of risk. The provider uses them to provideThe constant confidentiality, integrity, availability and robustness of processing systems and services, and in a timely manner restores the availability of and access to personal data in the event of physical or technical incidents.
- The provider hereby declares that the protection of personal data is subject to the internal security regulations of the provider.
- The personal data will only be accessible to the authorised persons of the provider and subcontractors pursuant to art. 2.8. The terms and conditions and the scope of the data processing shall be established by the provider and any such person will access the personal data under his or her unique identifier.
- Authorised persons of the provider who process personal data under these conditions shall be obliged to maintain confidentiality of personal data and security measures, the disclosure of which would jeopardise their security. The provider shall ensure their demonstrable commitment to this obligation. The provider shall ensure that this obligation for both the provider and the authorized persons will survive the termination of employment or other relationship with the provider.
- The provider shall assist the user through appropriate technical and organisational measures, where possible, to meet the user’s obligation to respond to requests for the exercise of the data subject’s rights under the GDPR; As well as In ensuring compliance with the obligations under art. 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to the provider.
- At the end of the provision of the transaction, which is linked to processing, pursuant to art. 2.7 of these terms and conditions, the provider is obliged to erase all personal data or to return it to the user if he is not obliged to store personal data under a special law.
- The provider shall provide the user with all information necessary to demonstrate that the obligations under this Agreement and the GDPR have been complied with, allow audits, including inspections, performed by the user or by another auditor that the user has delegated.
2.10 The user undertakes to notify promptly all known facts which could adversely affect the proper and timely fulfilment of the obligations arising from these conditions to and provide the provider with the assistance necessary for Fulfilment of these conditions.
Iii. Final provisions
3.1. These conditions shall cease to be valid for the expiry of the period referred to in 1.6. 2.7 of these conditions.
3.2 The user agrees to these terms By checking the consent via the Internet form. By ticking the consent, the user indicates that they have read the terms and conditions and accepts them in their entirety.
3.3 The provider is entitled to amend these terms. The provider is obliged without undue delay to publish a new version of the terms on its website, or. Sends the new version to the user at his or her e-mail address.
3.4. Contact details of the provider in matters relating to the following conditions: + 420 736 671 784, [email protected].
3.5 The relations of these Terms and conditions not expressly modified are governed by the GDPR and the laws of the Czech Republic, in particular Act No. 89/2012 Coll., the Civil Code, as amended.
These terms shall become effective on the date of 17.2.2018.