Information GDPR06.09.2020 2023-01-17 0:57
PRINCIPLES OF PERSONAL DATA PROCESSING FOR CUSTOMERS ACCORDING TO THE GDPR
These Principles of Personal Data Processing for Customers according to the GDPR (hereafter “Principles”) issued by iPhysios s.r.o, with residence at Rybářská 839/2, Stará Role, 360 17 Karlovy Vary, company number: 108 62 960, registered with a Commercial Register kept by the Municipal Court in Plzni under file no. C 40729 (hereafter “iPhysios s.r.o”), are aimed at provision of information on what personal data (hereafter “Data”) iPhysios s.r.o as a data controller processes about natural persons with regard to the sale of goods at branded shops, in the online shop of iPhysios s.r.o, when visiting websites operated by iPhysios s.r.o and in terms of contact with potential customers. The Principles include also the purpose and the length of a retention period of the processing of personal data in accordance with applicable law, information about to whom and for what reason the data can be transferred as well as information about the rights of the natural persons with regard to the processing of personal data.
These Principles are in force since May 25, 2018 and they are issued in accordance with Regulation (EU) 2016/679 on the protection of natural persons (hereafter “Regulation” or “GDPR”) in order to ensure information obligation of iPhysios s.r.o as a data controller under Article 13 of the GDPR.
These Principles concern processing of personal data of iPhysios s.r.o customers, users of iPhysios s.r.o services, potential buyers of iPhysios s.r.o goods and visitors of websites operated by iPhysios s.r.o always in the extent of the protection of personal data keeping with the GDPR in relation to iPhysios s.r.o
1. WHO PROCESSES YOUR PERSONAL DATA?
Personal data is processed by iPhysios s.r.o, with residence at Na Vyhlídce 760/23, 360 01 Karlovy Vary, company number: 07959826,as a data controller according to the GDPR. Your personal data will be processed under the conditions specified below.
2. WHAT IS PERSONAL DATA?
Personal data is any type of information concerning an identified or identifiable natural person to which the personal data relates. The natural person is considered identified or identifiable if they can be directly or indirectly identified particularly on the basis of a number, a code with one or more features, specific for their physical, physiological, psychological, economical, cultural or social identity. Data processing can be restricted in relation to the right to privacy. Personal data protection is governed by the GDPR.
3. WHAT TYPE OF YOUR PERSONAL DATA DO WE PROCESS?
We process only the personal data you provide us with regard to your interest in our products and their purchase (e.g. within registration, order or granting consent with the processing of personal data and sending information about news, special offers and others), or conclusion of a contract for sale of goods.
This is usually the data you provide us with regard to registration and/or purchase of goods.
3.1 Basic personal identification data and address
This data is necessary for conclusion and performance of a contract. This is usually:
a) Email address
b) Encrypted password
c) First name and surname
d) Telephone number
e) Contact and/or delivery address
f) Payment data (payment card number) to be/not to be saved with your account (only in case of paid services, e.g. online shopping on our websites, etc.)
g) Other personal data you voluntarily provide in the note section when filling out an order form.
3.2 Other data obtained from you in relation to use of our services and processed on the basis of your consent
a) IP address
b) cookie files (in case of online services)
c) (Records on behaviour on websites administered by iPhysios s.r.o gathered by cookies if cookies enabled in the web browser. The records are processed in order to improve operation of the websites run by iPhysios s.r.o and online advertising).
d) Another online identifier, if appropriate.
3.3 Data on the purchased goods and payment behaviour
a) The iPhysios s.r.o online shop includes a list of your orders and your favourite products.
4. WHY DO WE PROCESS YOUR PERSONAL DATA?
a) Compliance with legal tax obligation (fulfilling legal obligations)
b) Recovery of claims on behalf of customers as buyers and other customer disputes (legitimate interest of iPhysios s.r.o)
c) Recording of debtors (legitimate interest of iPhysios s.r.o)
d) Marketing purposes (consents of customers)
5. PROVISION OF PERSONAL DATA
Provision of personal data necessary for performance of a contract, fulfilment of legal obligations of iPhysios s.r.o and protection of legitimate interests of iPhysios s.r.o is obligatory. It is impossible to ensure fulfilment of obligations to customers without provision of personal data. Consent to the processing of personal data for these purposes is not required. This arises from performance of a contract.
In this context personal data is processed in the extent necessary for performance of these activities and for the period required for this performance or for the period directly laid down by legislation.
5.1 Processing of personal data for marketing purposes
iPhysios s.r.o processes personal data of persons that have granted consent to be approached for marketing purposes by means of electronic contact for the period stated in the consent that the person makes available for marketing purposes, and to be sent information on products, news and special offers of iPhysios s.r.o If this consent is granted by means of the websites operated by iPhysios s.r.o, also the data gathered by cookies placed on the websites, where consent was granted, is processed together with these contacts provided that cookies are enabled in the web browser of the person. You can unsubscribe from receiving information on news and special offers in the setting of the service for which the users registered themselves in order to receive such information, or by means of email: [email protected]
5.2 Processing of personal data through cookies from websites operated by iPhysios s.r.o
If cookies are enabled in a person´s web browser, we process records of their behaviour through cookies placed on the websites run by iPhysios s.r.o in order to improve operation of the websites of iPhysios s.r.o, to perform analyses and measurements with the aim to find out how our services are used and for the purpose of online advertising of iPhysios s.r.o
6. WHAT ARE COOKIES AND WHAT TYPE OF COOKIES DO WE USE?
Cookie files enable us e.g. to recognize a user as a current user (e.g. when logging into an email account, when authorising a payment, etc.) or to adjust websites to user preference. Cookies files are used also for displaying behaviourally targeted online advertisement on iPhysios s.r.o websites and outside, i.e. in simple terms for displaying only such advertisement that is relevant for a particular user without being bothered by an advertisement which is not interesting for them.
7. WHO CAN ACCESS YOUR PERSONAL DATA?
iPhysios s.r.o uses professional and specialized services of other entities in order to meet obligations specified in agreements. If these suppliers process personal data transferred from iPhysios s.r.o, they become processors of personal data and they process personal data only within the guidelines of iPhysios s.r.o and they cannot use it in another way.
We choose carefully our partners to whom we entrust your data. These partners are able to ensure such technical and organisational data security which prevents your data from unauthorised or accidental access or abuse. Protection of you data is our priority. All our partners are bound by an obligation of confidentiality and they cannot use the provided data for any other purposes than those we make available.
Third parties that have access to your personal data include:
a) Persons we provide with data in order to track the attendance of our websites;
b) Persons ensuring technical operation of a particular service for us or operators of the technologies we use for our services;
c) Persons recommending purchased goods, printed promotional materials, or gifts within marketing events to you;
d) Persons ensuring sufficient security and integrity of our services and websites and this security system is regularly tested;
e) Payment gate providers (payment card providers);
f) Trading partners or sponsors taking part in holding our events;
g) Collection agencies recovering claims or collecting debts of iPhysios s.r.o;
h) Advertisement system operators in relation to targeted advertising;
i) Providers of technical solution thanks to whom only relevant content and advertising is displayed to you;
Under particular well-defined terms and on the basis of applicable legislation we are obliged to transfer your personal data to e.g. the Police of the Czech Republic, or other law enforcement authorities including specialized units (Department for Detection of Organized Crime, Customs, etc.) and other public authorities.
8. WHAT IS THE LENGTH OF A RETENTION PERIOD OF THE PROCESSING OF YOUR PERSONAL DATA?
You personal data will be processed throughout the whole period you use our services (i.e. duration of our contractual relationship) and subsequently on the basis of your granted consent for the period of further 24 months unless you withdraw your consent to the processing of personal data.
However, please note that we must process this personal data necessary for proper provision of your ordered products, or in order to fulfil all our obligations, whether obligations under our agreement or general binding provisions, regardless of your granted consent for the period laid down by the relevant legislation or in compliance with it, even if you withdraw your consent.
9. CAN WE PROCESS YOUR PERSONAL DATA WITHOUT YOUR CONSENT?
Yes, your personal data can be processed without your consent but only for the following purposes:
a) Provision of a product (performance of an agreement concluded between you and iPhysios s.r.o);
b) Compliance with legal obligations resulting from general binding rules;
c) Processing necessary for the purpose of our legitimate interests (e.g. direct marketing, ensuring security of our websites).
Possibility and legality of such processing results directly from applicable legislation and your consent to the processing is not necessary.
10. ON THE BASIS OF WHAT CAN WE PROCESS YOUR PERSONAL DATA?
As explained above your personal data can be processed either on the basis of your granted consent or on grounds of our legitimate interest (specifically processing for the purpose of direct marketing) or in order to perform a contract agreement concluded between you and us in the extent of personal data necessary for such performance. Last but not least we can process your personal data without your consent for reasons resulting from legislation. The particular purposes for which we process your personal data are described above.
11. HOW IS MY PERSONAL DATA SECURED?
All personal data you provide us is secured by means of standard procedures and technologies. However, it is not objectively possible to ensure security of your personal data. Therefore, it is not possible to fully ensure that any third party gains access to your personal data or that your personal data is copied, released, modified or damaged by breach of our security measures.
However, in this context we want to make you sure that we regularly check whether our system is free of weaknesses and whether it is not exposed to an attack. We use such security measures that can detect potential unauthorized access to your personal data and that provide sufficient security with regard to the current state of technology. The adopted security measures are regularly updated.
In order to improve security of your personal data access to the data is protected by a password and sensitive data transferred between your web browser and our websites is encrypted.
Nevertheless, we are not able to fully ensure security of your data without your help and responsible behaviour. Please help us to ensure security of your personal data by keeping your unique passwords and login data in secret and by respecting basic principles of security. Keep always in mind that emails do not have to be encrypted. We strongly advise you not to use this form of communication when providing confidential information.
12. HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA?
Your voluntarily granted consent to the processing of personal data can be withdrawn at any time free of charge by means of email: [email protected] Withdrawing consent does not affect the possibility to continue to process your personal data on the basis of your consent granted before withdrawal. Withdrawal of consent does not affect the processing of personal data we process under a different legal basis (i.e. particularly processing for the purpose of performance of a contract, legal or other obligations specified in applicable legislation).
13. AM I OBLIGED TO PROVIDE MY PERSONAL DATA? WHAT IF I DO NOT PROVIDE MY PERSONAL DATA?
You provide us with your personal data voluntarily (however, providing personal data for some services is required, i.e. if you do not provide it, you will not be allowed to use a particular service).
Processing of your personal data, often in disidentified form, without being able to identify a particular user, enables us to supply you with our products and to continue to improve and develop new ones. If you do not grant us your consent, or if you withdraw it subsequently, we may not be able to provide you with some products to the full extent. However, you are not obliged to use all our free services.
14. WHAT ARE YOUR RIGHTS REGARDING PERSONAL DATA PROTECTION?
You have mainly the following rights in relation to your personal data:
a) The right to information;
b) The right to access personal data;
c) The right to rectify or complete inaccurate personal data;
d) The right to have personal data deleted (the right to be forgotten) in certain cases;
e) The right to restrict the processing;
f) The right to notification of correction, deletion or restriction of the processing;
g) The right to transfer personal data;
h) The right to object to or complain about the processing in certain cases;
i) The right to withdraw your consent at any time;
j) The right to be informed about personal data breach in certain cases;
k) Other rights laid down in the act on personal data protection and the GDPR after the entry into force.
15. WHAT DOES THE RIGHT TO OBJECT MEAN?
If you do not want to receive any more commercial communication or information on news in our product portfolio from our party, you have the right to object to further processing of your personal data for the purpose of direct marketing. If you do so, we will not process your personal data for this purpose and send you further commercial communication or newsletters.
You find more information about this right in Article 21 of the GDPR.
16. HOW CAN YOU CONTACT US?
If you have any questions concerning personal data protection or withdrawal of consent to further processing please use this email: [email protected]
In this context please note that we may ask you to prove your identity in an appropriate manner in order to check your identity. This is a preventive security measure aimed at preventing unauthorized persons from accessing your personal data. In order to improve the quality of services and to maintain the records of performance of our obligations resulting from legislation every communication with you is monitored.
Since May 25, 2018 this contact of the data protection officer according to the GDPR is available.
iPhysios s.r.o.., data protection officer, address: Rybářská 839/2, Stará Role, 360 17 Karlovy Vary, or email: [email protected]