The main laws and regulations on which the text is based are
If you need even more detailed information about the rules, obligations and rights we follow, we recommend you consult these laws and regulations.
1. Identity and contact details of the Administrator
1.1 The Administrator of your personal data, pursuant to Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), is Korálky.cz, s.r.o., ID No. 24260452, with registered office at Třebohostická 564/9, Prague 10, 110 00, file number C 198378, registered with the Municipal Court in Prague ("we" or "Administrator").
1.2 The contact details of the Administrator are as follows:
1.3 According to Article 4(1) GDPR, personal data means any information about an identified or identifiable natural person ("you" or "data subject"); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 The Administrator has not appointed a data protection officer
2. Sources and categories of personal data processed
2.1 The Administrator processes personal data that you have provided to it or personal data that the Administrator has obtained as a result of fulfilling your order.
2.2 The Administrator processes your identification, contact and contract data necessary for the performance of the contract.
3. Legal grounds for processing personal data
3.1 The lawful grounds for the processing of personal data are or may be (which will always apply depending on your particular situation):
4. Purposes of the processing of personal data
4.1 The purposes of the processing of personal data are or may be (always depending on your specific situation):
4.2 There is no automatic individual decision-making by the Administrator within the meaning of Article 22 of the GDPR.
5. Legitimate interests of the data Administrator
5.1 The legitimate interests of the Administrator in relation to the processing of personal data are defined in accordance with Article 6(1)(f) of the GDPR and paragraph 47 of the GDPR Preamble
5.2 These legitimate interests of the Administrator include:
6. Other recipients of personal data
6.1 The other recipients of your personal data are mainly freight forwarding companies or other persons involved in the delivery of goods or the execution of payments under the purchase contract.
6.2 Other recipients of your personal data may also be service providers who perform activities related to the operation of the Administrator, such as companies providing programming services, information technology services (e.g. database, economic system), accounting services or marketing services. In such cases, the Administrator declares that it has taken and will take all necessary organizational and technical measures to ensure proper protection of personal data in accordance with the GDPR.
6.3 The Administrator processes data in the Czech Republic or in other EU countries, as appropriate. For legitimate reasons (for example, an order with delivery outside the EU and the necessary transfer of data to a local carrier), processing may also occur outside the EU. In the context of cooperation with global entities, data may also be processed outside the EU, but in such a case, such entity is always a participant in Privacy Shield, ensuring an adequate level of protection.
6.4 We determine your satisfaction with your purchase through email questionnaires as part of the Customer Verified program in which our e-shop participates. These are sent to you on the basis of our legitimate interest in ascertaining your satisfaction with your purchase with us, each time you make a purchase with us, unless you refuse to receive them (one refusal means that you will not be sent one with any further purchase). We use a processor, which is the operator of the Heureka.cz portal, to send the questionnaires and evaluate them. For this purpose, we may pass on information about the purchased goods and your e-mail address. Your personal data is not passed on to any third party for its own purposes when sending email questionnaires. You can object to the sending of e-mail questionnaires within the framework of the Verified by Customers programme at any time by rejecting further questionnaires, for example by using the link in the e-mail with the questionnaire or in your user profile.
7. Storage period for personal data
7.1 If the data are processed for legal reasons, then they will be processed for the duration of the effects of the rights and obligations under the contract, and for the time necessary for archiving purposes according to the relevant generally binding legal regulations, but no longer than the time period specified by generally binding legal regulations.
7.2 If personal data is processed on the basis of consent, it shall be processed until the consent to the processing of personal data is withdrawn, but no longer than 10 years from the date of consent or the last order placed (whichever is later)
8. Rights of the data subject
8.1 You are under no obligation to provide personal data to the Administrator. However, if the provision of your personal data is a necessary requirement for the conclusion and performance of a contract (e.g. email for order confirmation, name and physical address for delivery of goods, etc.), without the provision of your personal data, the contract cannot be concluded (i.e. the order cannot be completed) or fulfilled by the Administrator.
8.2 In accordance with Article 21 (1) and (2) GDPR, you have the right to object to the processing of your personal data or to withdraw your consent to the processing of your personal data at any time, in particular if it is processed for direct marketing purposes. The Administrator will then no longer process the personal data, unless compelled to do so by other legitimate reasons that override the interests or rights of the data subject.
8.3 Furthermore, under the conditions set out in the GDPR, you have the right to:
8.3.1 to access your personal data in accordance with Article 15 of the GDPR,
8.3.2 to rectify your personal data pursuant to Article 16 of the GDPR,
8.3.3 to erasure of personal data pursuant to Article 17 GDPR,
8.3.4 to restrict processing pursuant to Article 18 GDPR,
8.3.5 for data portability pursuant to Article 20 GDPR.
8.3.6 to object to processing pursuant to Article 21 GDPR,
In the event of such requests, please contact the Administrator at the contact details above.
8.4 If you believe that the processing of your personal data has violated or is violating the GDPR, you also have the right to lodge a complaint with the supervisory authority, which is the Data Protection Authority.
9. Personal data security conditions
9.1 The Administrator declares that it has taken all appropriate technical and organisational measures to secure personal data and its storage in electronic and paper form and that only persons authorised by it have access to the personal data processed.
10. Final provisions
Date of last update: 25 June 2020