Personal data protection principles
Personal Data Protection Principles (hereinafter referred to as the “Principles”)
I.
Basic Provisions
- The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is White bird spol. s.r.o., Company ID: 27570304, with its registered address at Voskovcova 1075/57, 15200 Prague 5, entered in the register kept by the Municipal Court in Prague, file no. C 115069 (hereinafter referred to as the “Controller”).
- The contact details of the controller are:
Address: shisharium.com store, K Žižkovu 282/9, 19000 Prague 9, or registered address Voskovcova 1075/57, 15200 Prague 5
E-mail: info@shisharium.com
Telephone: 7773939210 - Personal data means any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
II.
Sources and categories of processed personal data
- The controller processes personal data that you have provided to it or personal data that the controller has obtained based on the fulfillment of your order.
- The administrator processes your personal data in the following cases:
- when sending a query via the contact form;
- if you subscribe to the newsletter via a pop-up window from the Koloo.cz service;
- when registering on our website to order goods;
- when ordering goods;
- if you write a review.
- In the case of sending a query via the contact form or chat, the administrator processes the following personal data of yours:
- name and surname;
- e-mail;
- message text – query.
- If you subscribe to the newsletter via a pop-up window from the Koloo.cz service, the administrator processes your e-mail.
- In the case of registration on our website, the administrator processes the following personal data of yours:
- e-mail;
- password;
- name and surname;
- date of birth;
- address details – street name and number, city, postal code, country;
- telephone number.
- When ordering goods, the administrator processes the following personal data:
- identification data - name and surname;
- address data - street name and descriptive number, city, postal code, country;
- delivery data (if the address data differs from the delivery data) - street name and descriptive number, city, postal code, country;
- contact data - telephone number and e-mail;
- business registration number - if you are purchasing as an entrepreneur;
- VAT number - if you are purchasing as an entrepreneur;
- company name - if you are purchasing as an entrepreneur - legal entity.
If you do not provide the administrator with this personal data, the administrator will not be authorized to process your order and deliver the ordered goods to you. Providing this personal data is a necessary requirement for concluding and fulfilling the contract (without providing this personal data, it is not possible to conclude the contract or for the administrator to fulfill it).
- The administrator also processes information about your purchases.
- If you write a review, the administrator processes the following personal data:
- name;
- e-mail;
- review content;
- star rating.
III.
Legal grounds and purpose of personal data processing
- The legal grounds for processing personal data to the extent specified in the previous article of these principles are as follows:
- processing is necessary for the conclusion of a contract and for the fulfillment of the contract concluded between you and the administrator (purchase and delivery of goods)
- processing is necessary for the purposes of the legitimate interests of the administrator in carrying out direct marketing (in particular for sending commercial communications and newsletters),
- you have given your consent to the processing of your personal data for the purposes of carrying out direct marketing (in particular for sending commercial communications and newsletters)
- Purpose of personal data processing:
- the personal data described in Art. II. paragraph 3. of these principles are needed by the administrator in order to be able to address you correctly, answer your question and to know what you asked us about and what you were interested in.
- personal data described in Art. II. paragraph 4. of these principles, the administrator needs to be able to send you an overview of events and news and to be able to address you correctly. You have the option to unsubscribe from these messages in each e-mail.
- The administrator needs the personal data specified in Art. II. paragraph 5 of these principles to enable you to create and subsequently log in to your customer account.
- personal data described in Art. II. paragraph 6. of these principles, the administrator needs to successfully process your order and exercise the rights and obligations arising from the contractual relationship between you and the administrator; the administrator also needs this personal data for the purposes of further performance arising from the contract;
- identification data - the administrator needs this data to identify you in order to enable you to place an order and purchase goods;
- address data and delivery data - the administrator needs this data to send the ordered goods to the correct address, or in case he needs to contact you in writing;
- contact data - the administrator needs this data to inform you about the delivery of the ordered goods, or in other necessary matters (failure of online payment, changes regarding the ordered goods, etc.);
- busines registration number or VAT number: the administrator needs this data to identify you as an entrepreneur and to issue a tax document for the purchase of goods.
- personal data specified in Art. II. paragraph 7. of these principles, the administrator needs to know what you have mutually committed to;
- the personal data referred to in Art. II. paragraph 7 of these principles, the administrator needs to respond to your review, and to know how satisfied you were with its goods and what it can improve, if any. It also uses these personal data to promote its goods on its website.
- the personal data referred to in Art. II, the processing of which you have given the administrator consent to (in particular e-mail or SMS and information about purchases and services), the administrator also processes for the purpose of sending direct marketing communications. If you are a customer and have not refused to receive commercial communications, then the administrator may also send you commercial communications based on its so-called legitimate interest. If you have given the administrator consent to this, he is entitled to retain your e-mail for other purposes (for example, to communicate information about events and services that are not related to the goods that the administrator has provided to you). The administrator also processes cookies to facilitate and make the use of the website more enjoyable.
- In each email, you have the option to unsubscribe from direct marketing communications. You can refuse to receive direct marketing communications in advance by sending an email to info@shisharium.com or by checking the button before confirming the order of goods.
The administrator does not make automatic individual decisions within the meaning of Article 22 of the GDPR.
IV.
Data retention period
- The administrator stores personal data
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the administrator and to assert claims from these contractual relationships (for a period of 5 years from the termination of the contractual relationship).
- for the period until you withdraw your consent to the processing of personal data for the purposes of sending direct marketing, but no longer than 3 years.
- The administrator stores personal data for the period specified in the previous paragraph in order to be able to respond in the event of any dispute.
- After the retention period for personal data expires, the administrator will destroy your personal data.
- If we process any data based on your consent, you can revoke it at any time by sending an e-mail to info@shisharium.com. If you receive commercial communications from us, you can simply refuse to receive them at any time in each individual e-mail you receive.
V.
Recipients of personal data
- Recipients of personal data are persons:
- participating in the delivery of goods / services / payment processing under the contract,
- providing e-shop operation services (Shoptet) and other services in connection with the operation of the e-shop,
- providing marketing services.
- providing accounting services.
- The administrator does not transfer your personal data to a third country (to a country outside the EU) or an international organization.
- On the administrator's website www.shisharium.com there is also a pop-up window from the Koloo.cz service - the service provider is the processor of your personal data; If you enter your email and spin the wheel of fortune, you also give the administrator your consent to process your email for the purpose of sending direct marketing communications.
- Furthermore, on the administrator's website www.shisharium.com there is a chat window from the serviceSmartsupp.com - the service provider is the processor of your personal data; if you write to the administrator via the chat window, the administrator processes the content of the message so that I can answer your question and so that he knows what you asked us and what you were interested in. If you enter an email as part of communication via the chat window, you also give the administrator your consent to process your email for the purpose of sending direct marketing communications.
- The administrator does not transfer your personal data to other persons and does not trade with databases.
VI.
Your rights
- Under the conditions set out in the GDPR, you have
- the right to access your personal data – you can ask what personal data the controller records, how the controller has processed it in the past and how it will process it in the future;
- the right to rectification of personal data – if your personal data is incorrect;
- the right to restriction of processing of personal data – the controller may store your personal data, but may not process them;
- if you dispute the accuracy of the data and the controller needs to verify your communication;
- if your personal data is processed unlawfully, but you do not want the controller to delete it - instead of deletion, you only request restriction of processing;
- if the controller no longer needs your personal data, but you ask them to retain it for the exercise of your legal claims;
- if you object to processing, until the controller verifies whether the personal data will continue to be processed in its important interests or will no longer process it.
- the right to erasure of personal data – this is the so-called the right to be forgotten – the administrator must delete all of your personal data that it records at your request; the administrator is not authorized to delete data that it must retain according to legal regulations (for example, according to the Accounting Act);
- the right to object to processing – if you believe that the administrator has processed your personal data beyond the scope of its legitimate interests;
- the right to data portability – the administrator will provide you with your personal data upon request, which it processes on the basis of contracts concluded with you and your consent;
- the right to withdraw consent to the processing of personal data;
- the right to refuse in advance the sending of commercial communications.
You can exercise your rights under this paragraph in writing at shisharium.com, K Žižkovu 282/9, 19000 Prague 9, or electronically via e-mail sent to the administrator’s e-mail address info@shisharium.com.
- You also have the right to file a complaint with the Office for Personal Data Protection if you believe that the administrator is violating the rules for processing personal data. Of course, the administrator will be happy if you first discuss your comments together and try to resolve them to your satisfaction.
VII.
Personal data security conditions
- The administrator declares that it has taken all appropriate technical and organizational measures to secure personal data.
- The administrator has taken technical measures to secure data storage and personal data storage in documentary form.
- The administrator declares that only authorized persons have access to personal data.
VIII.
Final provisions
- By clicking the "Send order" button, you confirm that you are familiar with the personal data protection conditions and that you accept them in their entirety.
- The administrator is authorized to change these conditions. The new version of the personal data protection conditions will be published on its website.
These conditions come into effect on November 23, 2024.