Personal identification information

  1. BASIC PROVISIONS

1.1. The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is MX 777 s.r.o., ID: 19265913, with registered office at: 1. máje 185, 385 01 Vimperk, registered in the Commercial Register kept by the Regional Court in České Budějovice, Section C, Insert No.: 33 152, email:  info@mx777.cz (hereinafter referred to as the "controller").

1.2. The controller stores personal data in accordance with applicable laws of the Czech Republic and the European Union, in particular with Act No. 101/2000 Coll., on the Protection of Personal Data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Personal data are further processed in accordance with the legitimate interest as defined by the Regulation, i.e., for the purpose of fulfilling the contract concluded between MX 777 s.r.o. and the consumer, in particular for the purpose of delivering goods, further processed for the purpose of direct marketing, and also for the purpose of addressing individuals with preferences similar to customers. When ordering, personal data necessary for processing the order (name, address, and contact) are required. By concluding a purchase contract, the consumer acknowledges that the seller will process and collect data.

1.3. All information about a natural person, whether identified or identifiable, is considered personal data. An identifiable natural person is a person who can be identified, directly or indirectly, particularly by reference to an identifier such as name, ID number, location data, network identifier, or one or more specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.4. The controller processes data necessary for the performance of the contract, as well as data received from the consumer in connection with the performance of the order, particularly those entered by the consumer when filling in the form for purchase, and further processes data for security reasons, including checking the IP address, as well as data related to payment.

1.5. The legal basis for processing personal data is the performance of the contract between the controller and the consumer pursuant to Article 6(1)(b) GDPR; the legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR; the consumer's consent to the processing of personal data for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, if no order for goods or services has been placed.

 

  1. PERIOD OF PERSONAL DATA RETENTION

2.1. The controller retains personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the consumer and the controller and to assert claims arising from these contractual relationships (for a period of 15 years after the termination of the contractual relationship).

2.2. The controller further retains personal data until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 10 years if personal data are processed based on consent.

2.3. Upon expiration of the retention period of personal data, the controller shall erase the personal data.

 

  1. DISCLOSURE OF PERSONAL DATA 

3.1. For the purpose of ensuring proper delivery of goods, the controller discloses personal data to individuals who:

3.1.1. are involved in the delivery of goods/services/payment processing based on a contract,

3.1.2. provide services for the operation of the e-shop and other services related to the operation of the e-shop,

3.1.3. provide marketing services.

3.2. The controller may provide the consumer's personal data to selected third parties (lawyer, tax advisor, IT system administrator, auditor, etc.) for the purpose of fulfilling state requirements, legal regulations, state standards, etc., in connection with the protection of the legitimate interests of MX 777 s.r.o. These will always be individuals who undertake to comply with the protection of personal data to the extent at least specified by these conditions.

3.3. The controller does not intend to transfer the consumer's personal data to a third country (outside the EU).

 

  1. CONSUMER RIGHTS

4.1. Under the conditions set forth in the GDPR, the consumer has the right to access personal data (according to Article 15 of the GDPR), i.e., the right from the controller – to obtain information as to whether his/her personal data are being processed, and if so, what data are concerned and how they are processed. The consumer also has the right to request the controller to correct inaccurate personal data concerning him/her without undue delay upon request (pursuant to Article 16 of the GDPR). The consumer also has the right to supplement incomplete personal data at any time.

4.2. Furthermore, the consumer has the right to erasure of personal data (pursuant to Article 17 of the GDPR), the right to object to processing (pursuant to Article 21 of the GDPR), and the right to data portability (pursuant to Article 20 of the GDPR). If any personal data are processed for a specific processing purpose only based on the explicit consent of the consumer, the consumer may request the deletion of personal data from such a database at any time.

4.3. If the consumer believes that his/her right to the protection of personal data has been infringed, the consumer also has the right to lodge a complaint with the Office for Personal Data Protection.

 

  1. SECURITY OF PERSONAL DATA

5.1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.

5.2. The controller declares that only persons authorized by it have access to personal data.

 

  1. FINAL PROVISIONS

6.1. By submitting an order via the online order form, the consumer confirms that he/she is familiar with the terms of personal data protection and accepts them in full. 

6.2. The consumer agrees to these terms by checking the consent box via the online form. By checking the consent box, the consumer confirms that he/she is familiar with the terms of personal data protection and accepts them in full.

6.3. The controller is entitled to amend these terms. The new version of the terms of personal data protection will be published on its website and at the same time, the new version of these terms will be sent to the consumer's email address provided to the controller by the consumer.