GDPR

I. General Provisions

The data controller, as defined by Article 4(7) of the European Parliament and Council Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (hereinafter: “GDPR”), is Alexmonhart s.r.o., company ID: 05910510, with its registered office at Jana Zajíce 24, 170 00 Prague 7 (hereinafter: “controller”).

Controller contact details:

• Address: Komunardů 32, 170 00 Prague 7
• Email: info@alexmonhart.com
• Phone: +420 777 621 296
• Website: https://www.alexmonhart.com

Personal data refers to any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, through reference to an identifier such as name, identification number, location data, network identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

The controller has not appointed a data protection officer.

II. Sources and Categories of Processed Personal Data

The controller processes personal data that you have provided or personal data that the controller has obtained based on the fulfillment of your order.

The controller processes your identification and contact details and data necessary to fulfill the contract.

III. Legal Basis and Purpose of Personal Data Processing

The legal basis for processing personal data is:

• Fulfillment of the contract between you and the controller according to Article 6(1)(b) of the GDPR,
• Legitimate interest of the controller in direct marketing (specifically for sending commercial communications and newsletters) according to Article 6(1)(f) of the GDPR,
• Your consent to the processing for the purposes of direct marketing (specifically for sending commercial communications and newsletters) according to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services in case no goods or services were ordered.

The purposes of processing personal data are:

• Processing your order and performing rights and obligations arising from the contractual relationship between you and the controller; personal data required for successful order fulfillment (name, address, contact) is mandatory for concluding and fulfilling the contract, without which the contract cannot be concluded or performed by the controller,
• Sending commercial communications and conducting other marketing activities,
• Transferring data to third parties for marketing targeting purposes.

The controller engages in automated individual decision-making under Article 22 of the GDPR. You have provided your explicit consent to such processing.

IV. Data Retention Period

The controller retains personal data:

• For the time necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years after the termination of the contractual relationship),
• For the time until the consent to process personal data for marketing purposes is revoked, no longer than 15 years, if personal data is processed based on consent.

After the retention period, the controller will delete personal data.

V. Recipients of Personal Data (Subcontractors of the Controller)

Recipients of personal data are:

• Persons involved in delivering goods/services/payment processing under the contract,
• Providers of e-shop operation services (Shopify) and other services related to e-shop operations,
• Providers of marketing services.

The controller intends to transfer personal data to a third country (outside the EU) or an international organization. Recipients of personal data in third countries are mailing service providers, cloud service providers, e-shop operation service providers, and other service providers involved in the delivery of goods/services/payment processing under the contract.

VI. Your Rights

Under the conditions set out in the GDPR, you have the right to:

• Access your personal data under Article 15 of the GDPR,
• Correct personal data under Article 16 of the GDPR or restrict processing under Article 18 of the GDPR,
• Request the deletion of personal data under Article 17 of the GDPR,
• Object to processing under Article 21 of the GDPR,
• Data portability under Article 20 of the GDPR,
• Withdraw your consent to processing in writing or electronically to the address or email of the controller provided in Section III of these conditions.

You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.

VII. Data Security Conditions

The controller declares that it has adopted appropriate technical and organizational measures to secure personal data.

The controller has implemented technical measures to secure data storage and personal data in paper form, including passwords and other types of encryption.

The controller declares that only authorized persons have access to personal data.

VIII. Final Provisions

By submitting an order through the online order form, you confirm that you are familiar with the personal data protection conditions and fully accept them.

You agree to these conditions by ticking the consent box via the online form. Ticking the consent box confirms that you are familiar with the personal data protection conditions and fully accept them.

The controller is entitled to modify these conditions. The new version of the personal data protection conditions will be published on its website, and you will receive the updated version of these conditions at the email address you have provided.

→ You can find the cookie usage policy here.

These personal data protection conditions are effective as of June 5, 2019.