General data protection regulation
for the website www.duxio.com (hereinafter the “Website“) operated by the company Wish-Platform s.r.o., ID No.: 06243711, with its seat at Kostelec u Křížků 205, 251 68 Kostelec u Křížků, the Czech Republic, the company is registered with the Commercial Register maintained by the Municipal Court in Prague under file no. C 278776, e-mail address: email@example.com (hereinafter the “Data Controller“). The company collects, processes and stores personal data as the Data Controller in accordance with Article 4 paragraph 7 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”).
1. INTRODUCTORY PROVISIONS
2. SOURCES AND CATEGORIES OF PERSONAL DATA
2.1. The Data Controller processes exclusively personal data obtained from data subjects (users) via the Website when filling in the registration form for setting up a user account.
2.2. The Data Controller processes following personal data of the data subjects: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address, (v) history of requests and offers lodged through the Website, (vi) ID number of individuals and (vii) VAT number of individuals.
3. LEGAL GROUNDS AND PURPOSES OF PERSONAL DATA PROCESSING
3.1. The Data Controller processes personal data on the following legal grounds: (i) performance of the contract pursuant to Article 6, paragraph 1, letter b) of the GDPR, (ii) legitimate interest of the Data Controller pursuant to Article 6, paragraph 1, letter f) of the GDPR (direct marketing), and (iii) compliance with the legal requirements under Article 6, paragraph 1, letter c) of the GDPR.
3.2. The Data Controller processes personal data for the following purposes:
3.2.1. maintaining a user account and obtaining feedback – required data: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address, (v) ID number of an individual and (vi) VAT number of an individual;
3.2.2. handling of requests of third party services or products through the Website based on a concluded contract – required data: (i) name, (ii) surname, (iii) telephone number, (iv) e-mail address;
3.2.3. sending notifications about changes in requests lodged on the Website in accordance with the preferences communicated to the Data Controller – required data: (i) a name, (ii) a surname, and (iii) an e-mail address;
3.2.4. sending a newsletter (commercial communication) – required data: (i) a name, (ii) a surname, and (iii) an e-mail address in order to send the newsletter (commercial communication);
3.2.6. Handling of request for registration of user account – required data: (i) name, (ii) surname, (iii) email address, (iv) phone number, (v) position, (vi) website, (vii) ID number, (viii) VAT number.
4. RETENTION PERIOD OF THE PERSONAL DATA
4.4. The Data Controller will destroy the personal data at the end of the retention period.
5.1 Personal data of the data subjects are not provided to any recipient (article 4 paragraph 9 of the GDPR) with the exception of fulfilment of obligations stated by the legal regulation of the Czech Republic.
5.2 Personal data will not be transferred to third countries outside of the European Union or to international organizations.
6. PERSONAL DATA SECURITY
6.1. The Data Controller declares that it has taken all necessary technical, organizational and security measures to adequately secure personal data with regard to their confidentiality, integrity and availability.
6.2. Only persons authorized by the Data Controller have access to personal data.
7. COMMERCIAL COMMUNICATION
7.1. The Data Controller is entitled to send to registered users newsletter and other commercial communication related to the Website and its services to the e-mail address of the data subjects registered on the Website. Commercial communication is governed by Section 7, paragraph 3 of the Act No. 480/2004 Coll., as amended. The data subject may reject receiving commercial communication at any time – for example, by clicking the unsubscribe link in the commercial communication.
8. YOUR RIGHTS
8.1. Remember that you have the following rights: (i) the right to access your personal data (Article 15 of the GDPR), (ii) the right to update your personal data (Article 16 of the GDPR), (iii) the right to delete your personal data (Article 17 of the GDPR), (iv) the right to restrict the processing of your personal data (Article 18 of the GDPR), (v) the right to data portability (Article 20 of the GDPR), and (vi) the right to raise an objection to the processing of your personal data (Article 21 of the GDPR).
8.2. In case of a request to delete personal data, it will be necessary to delete your user account and you data will be deleted only if our interest as the Data Controller will not prevail over your interest according to the GDPR.
8.3. You also have the right to withdraw your consent to the processing of your personal data (if consent is the legal ground for processing of personal data) at any time, either in writing or electronically to the address or e-mail address of the Data Controller.
8.4. If you have reasonable doubts about compliance with the obligations of the Data Controller to process your personal data properly, you can file a complaint with the Office for Personal Data Protection. Alternatively, you can also apply to the relevant court.
9.2. Cookies used for targeting marketing communication messages are processed on the basis of user’s consent, which given through the settings of its Internet browser. The user grants consent for the period specified below for individual cookies; the consent can be revoked at any time by changing the settings of the Internet browser.
9.3. In order to display relevant marketing communication and connect with social network services of the Data Controller, cookies are processed by the following processors:
9.4. The Data Controller uses the following cookies:
9.4.1. Temporary cookies – temporary files that allow the Data Controller to monitor the activity of an individual on the Website. They are deleted after closing the internet browser window.
9.4.2. Permanent cookies – permanent files that allow the Data Controller to identify the user when browsing on the Website and thus improve the data subject’s experience. These files can be deleted at any time in the internet browser settings.
10. FINAL PROVISIONS