I. Introductory Provisions
- The personal data Administrator referred to Article 4 (7) of General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (further as "GDPR") is MY FLORIST, Ltd. , company registered in the Commercial Register of the Municipal Court in Prague, C 243662, ID No. 04185862, VAT No CZ04185862, with its registered office at Soukenicka 1095/24, 110 00 Prague 1, Czech Republic, further as “Administrator”.
- The contact details of the Administrator are:
Address: Soukenicka 1095/24, 110 00 Prague 1, Czech Republic
Phone: +420 732 447 647
- Personal data means any information about an identified or identifiable physical person; identifiable physical person is a physical person directly or indirectly identified by reference to a particular identifier, such as name, identification number, location data, network identifier, or one or more specific physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.
- The Administrator did not appoint a Data Protection Officer.
II. Sources and Categories of Processed Personal Data
- The Administrator processes the personal data have provided by the Customer, or the personal information that the Administrator has received on the basis of the Customer´s order.
- The Administrator handles Customer´s identification, contact details and data necessary for performance of the Purchase Agreement.
III. Legitimate Reason and Purpose of Processing Personal Data
- The legitimate reason for the processing of personal data is:
- fulfilment of the Purchase Agreement between the Customer and the Administrator under Article No. 6 (1) b) of GDPR,
- the legitimate interest of the Administrator in providing direct marketing (in particular for sending business messages and newsletters) under Article No. 6 (1) f) of GDPR.
- The purpose of processing personal data is:
- processing the Customer´s order and performing the rights and obligations arising from the contractual relationship between Customer and the Administrator; (name, address, contact), the provision of personal data is a necessary requirement for the conclusion and performance of the Purchase Agreement, without the provision of personal data it is not possible to conclude the Purchase Agreement or to fulfil it by the Administrator,
- sending business messages and doing other marketing activities.
- On the part of the Administrator there is an automatic, individual decision making in the sense of Article 22 of GDPR. The Customer has given his/her explicit consent to such processing.
IV. Storage Time of Data
- The Administrator keeps personal data:
- for the time necessary to exercise the rights and obligations arising from the contractual relationship between the Customer and the Administrator and the exercise of the claims under these contractual relationships (for 15 years from the termination of the contractual relationship),
- until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 15 years, if personal data is processed by consent.
- At the end of personal data storage period, the Administrator will erase personal information.
V. Recipients of personal data (subcontractors)
- The recipients of personal data are persons:
- contributing to the supply of goods / services/ making payments on the basis of a Purchase Contract,
- providing eshop services (Shopify) and other services related to the operation of eshop,,
- providing marketing services.
- The Administrator does not intend to transfer personal data to a third country (to a non-EU country) or an international organisation.
VI. Customer's Rights
- Under the terms of the GDPR, the Customer shall have:
- the right to access his/her personal data under Article 15 of the GDPR,
- the right to amend personal data pursuant to Article 16 of the GDPR or, where applicable, the processing restrictions under Article 18 GDPR,
- the right to delete personal data under Article 17 of the GDPR,
- the right to object to processing personal data under Article 21 GDPR,
- the right to personal data portability under Article 20 GDPR,
- the right to withdraw consent to processing personal data in writing or electronically to the address or email of the administrator referred to in Article III of these Terms.
- In addition, the Customer has the right to file a complaint with the Personal Data Protection Office if the Customer believes that his/her right to the protection of personal data has been violated.
VII. Security of Personal Data
- The Administrator declares that he has taken all appropriate technical and organisational measures to safeguard personal data.
- The Administrator has taken technical measures to secure personal data online storage and personal data in paper form, in particular passwords and antivirus program.
VIII. Final Provisions
These terms and conditions become effective on July 15, 2018.