The data controller under Article 4(7) of Regulation (EU) 2016/679 (GDPR) is 1. Web IT s.r.o., ID: 24841633, with registered office at Vinohradská 2279/164, Prague 3 - Vinohrady (hereinafter: “controller”).
Personal data refers to any information about an identified or identifiable natural person. An identifiable person is one who can be directly or indirectly identified by reference to identifiers such as name, ID number, location, network identifier, or other elements.
The controller has not appointed a Data Protection Officer.
Sources and Categories of Processed Personal Data
The controller processes personal data provided by you or obtained based on fulfilling your order.
The controller processes your identification and contact data and data necessary for fulfilling the contract.
Legal Basis and Purpose of Data Processing
Legal basis for processing includes:
performance of a contract under Article 6(1)(b) GDPR,
controller’s legitimate interest in direct marketing under Article 6(1)(f) GDPR,
your consent for direct marketing under Article 6(1)(a) GDPR and §7(2) of Act No. 480/2004, if no goods or services were ordered.
The purposes of processing include:
fulfilling your order and exercising rights and obligations from the contract; personal data is required to complete the order (name, address, contact), and without it, the contract cannot be fulfilled,
sending commercial messages and engaging in marketing activities.
There is no automated individual decision-making by the controller as defined in Article 22 GDPR.
Data Retention Period
The controller stores personal data:
for the period necessary to exercise rights and obligations from the contract and to assert claims (up to 15 years after termination).
until consent for marketing is revoked, but no longer than 10 years if consent-based.
After the retention period, the data will be deleted.
Recipients of Personal Data (Controller’s Subcontractors)
Recipients of personal data may include:
parties involved in delivering goods/services or processing payments,
parties supporting the operation of services,
parties providing marketing services.
The controller does not intend to transfer data outside the EU or to international organizations. If applicable, recipients in third countries are providers of mailing or cloud services.
Your Rights
Under GDPR, you have the right to:
access your data (Article 15),
rectification or restriction (Articles 16, 18),
erasure (Article 17),
object to processing (Article 21),
data portability (Article 20),
withdraw consent by written or electronic request to address or email stated in section 1 of this agreement.
You may also lodge a complaint with the Data Protection Authority if you believe your rights were violated.
Data Security Measures
The controller has implemented appropriate technical and organizational measures to secure data.
Measures include antivirus software, secure backups, and regular security audits.
Only authorized personnel have access to personal data.
Final Provisions
The controller has implemented appropriate technical and organizational measures to secure data.
Measures include antivirus software, secure backups, and regular security audits.
Only authorized personnel have access to personal data.