I. Basic Provisions
-
The controller of personal data according to Art. 4 point 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is Michal Haščyn, registered at Bezručova 1601/84, Říčany u Prahy 251 01 (hereinafter referred to as the “controller”).
-
The controller’s contact details are
Address: Bezručova 1601/84, Říčany u Prahy 251 01
Email: michalhascyn@evertile-roofing.com
Phone: +420 720 660 166
-
Personal data refers to any information about an identified or identifiable individual; an identifiable individual is a person who can be directly or indirectly identified, in particular by reference to a specific identifier, such as a name, identification number, location data, network identifier, or one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural, or social identity of that individual.
-
The controller has not appointed a Data Protection Officer.
II. Sources and Categories of Processed Personal Data
-
The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order.
-
The controller processes your identification and contact details as well as data necessary for the performance of the contract.
III. Legal Grounds and Purpose for Processing Personal Data
-
The legal grounds for processing personal data are:
-
fulfillment of the contract between you and the controller according to Art. 6 (1) (b) GDPR,
-
the controller's legitimate interest in direct marketing (especially for sending commercial communications and newsletters) according to Art. 6 (1) (f) GDPR,
-
your consent to processing for the purposes of direct marketing (especially for sending commercial communications and newsletters) according to Art. 6 (1) (a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Sb., on Certain Services of the Information Society, in cases where no goods or services were ordered.
-
The purpose of processing personal data is:
-
to handle your inquiry or order and to exercise rights and obligations arising from the contractual relationship between you and the controller; in the case of an inquiry/order, personal data necessary for the successful fulfillment of the order (name and address, contact information) is required. Providing personal data is a necessary requirement for sending an offer or establishing a contractual relationship.
-
to send commercial communications and perform other marketing activities.
-
The controller does not perform automated individual decision-making within the meaning of Art. 22 GDPR. You have expressly given your consent to such processing.
IV. Data Retention Period
-
The controller retains personal data:
-
for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years after the end of the contractual relationship).
-
for the duration of consent for processing for marketing purposes, but no longer than 5 years if personal data is processed based on consent.
-
After the retention period expires, the controller deletes the personal data.
V. Recipients of Personal Data (Controller's Subcontractors)
-
Recipients of personal data include:
-
individuals involved in the delivery of goods/services/payment processing based on the contract,
-
individuals providing marketing services.
-
The controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.
-
Services ensuring marketing and support activities:
-
Google Analytics - records cookies and usage of the website
-
Google Adwords - records cookies and usage of the website
-
Sklik - records cookies and usage of the website
VI. Your Rights
-
Under the conditions set out in the GDPR, you have:
-
the right to access your personal data under Art. 15 GDPR,
-
the right to rectify personal data under Art. 16 GDPR, or restrict processing under Art. 18 GDPR,
-
the right to delete personal data under Art. 17 GDPR,
-
the right to object to processing under Art. 21 GDPR, and
-
the right to data portability under Art. 20 GDPR,
-
the right to withdraw consent to processing in writing or electronically to the controller’s address or email specified in Art. III of these terms. You can withdraw consent at any time in your customer account.
-
You also have the right to file a complaint with the Data Protection Authority if you believe your rights to the protection of personal data have been violated.
VII. Personal Data Security Conditions
-
The controller declares that they have adopted all appropriate technical and organizational measures to secure personal data.
-
The controller has implemented technical measures to secure data storage and personal data storage in paper form, particularly secured/encrypted access to the web, encryption of customer passwords in the database, regular system updates, and regular system backups.
-
The controller declares that personal data is accessible only to authorized individuals.
VIII. Final Provisions
-
By submitting an inquiry or order through web forms, you confirm that you are familiar with the privacy policy and accept it in its entirety.
-
You agree to these terms by ticking the consent box through an online form. By ticking the consent box, you confirm that you are familiar with the privacy policy and accept it in its entirety.
-
The controller is entitled to change these conditions. The new version of the privacy policy will be published on the website www.evertile.net.
These conditions take effect on June 1, 2024.