These Data Protection Principles according to the GDPR (hereafter “Principles”) issued by iPhysios s.r.o., with residence at Rybářská 839/2, Stará Role, 360 17 Karlovy Vary, company number: 108 62 960, registered with a Commercial Register kept by the Municipal Court in Plzni under file no. C 40729 (hereafter “iPhysios s.r.o.”), are aimed at provision of basic principles of personal data protection, i.e. what type of information iPhysios s.r.o. as a data controller processes about natural persons with regard to the sale, in the online shop of iPhysios s.r.o., when visiting websites operated by iPhysios s.r.o. and in terms of contact with potential customers. The Principles include also the purpose and the length of a retention period of the processing of personal data in accordance with applicable law as well as information about the rights of the natural persons with regard to the processing of personal data.
These Principles are in force since May 25, 2018 and they are issued in accordance with Regulation (EU) 2016/679 on the protection of natural persons (hereafter “Regulation” or “GDPR”) in order to ensure information obligation of iPhysios s.r.o. as a data controller under Article 13 of the GDPR.
These Principles concern protection of personal data of iPhysios s.r.o. customers, users of iPhysios s.r.o. services, potential buyers of iPhysios s.r.o. goods and visitors of websites operated by iPhysios s.r.o. always in the extent of the protection of personal data keeping with the GDPR in relation to iPhysios s.r.o.
1. WHAT TYPE OF PERSONAL DATA DO WE PROCESS?
We process only the personal data you provide us with regard to your interest in our products and their purchase (e.g. within registration, order or granting consent with the processing of personal data and sending information about news, special offers and others), or conclusion of a contract for sale of goods.
This is usually the data you provide us with regard to registration and/or purchase of goods.
A. Basic personal identification data and address
This data is necessary for conclusion and performance of a contract. This is usually:
a) Email address
b) Encrypted password
c) First name and surname
d) Telephone number
e) Contact and/or delivery address
f) Payment data (payment card number) to be/not to be saved with your account (only in case of paid services, e.g. online shopping on our websites, etc.)
g) Other personal data you voluntarily provide in the note section when filling out an order form.
B. Other data obtained from you in relation to use of our services and processed on the basis of your consent
a) IP address
b) cookie files (in case of online services)
c) (Records on behaviour on websites administered by iPhysios s.r.o. gathered by cookies if cookies enabled in the web browser. The records are processed in order to improve operation of the websites run by iPhysios s.r.o. and online advertising).
d) Another online identifier, if appropriate.
D. Data on the purchased goods and payment behaviour
a) The iPhysios s.r.o. online shop includes a list of your orders and your favourite products.
2. WHY DO WE PROCESS YOUR PERSONAL DATA?
a) Compliance with legal tax obligation (fulfilling legal obligations)
b) Recovery of claims on behalf of customers as buyers and other customer disputes (legitimate interest of iPhysios s.r.o.)
c) Recording of debtors (legitimate interest of iPhysios s.r.o.)
d) Marketing purposes (consents of customers)
3. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
iPhysios s.r.o. processes personal data of persons that have granted consent to be approached for marketing purposes by means of electronic contact for the period stated in the consent that the person makes available for marketing purposes, and to be sent information on products, news and special offers of iPhysios s.r.o. If this consent is granted by means of the websites operated by iPhysios s.r.o., also the data gathered by cookies placed on the websites, where consent was granted, is processed together with these contacts provided that cookies are enabled in the web browser of the person. You can unsubscribe from receiving information on news and special offers in the setting of the service for which the users registered themselves in order to receive such information, or by means of email: [email protected].
4. PROCESSING OF PERSONAL DATA THROUGH COOKIES FROM WEBSITES OPERATED BY SEVER – VOSTOK s.r.o
If cookies are enabled in a person´s web browser, we process records of their behaviour through cookies placed on the websites run by iPhysios s.r.o. in order to improve operation of the websites of iPhysios s.r.o., to perform analyses and measurements with the aim to find out how our services are used and for the purpose of online advertising of iPhysios s.r.o.
5. WHAT IS THE LENGTH OF A RETENTION PERIOD OF THE PROCESSING OF YOUR PERSONAL DATA?
You personal data will be processed throughout the whole period you use our services (i.e. duration of our contractual relationship) and subsequently on the basis of your granted consent for the period of further 24 months unless you withdraw your consent to the processing of personal data.
However, please note that we must process this personal data necessary for proper provision of your ordered products, or in order to fulfil all our obligations, whether obligations under our agreement or general binding provisions, regardless of your granted consent for the period laid down by the relevant legislation or in compliance with it, even if you withdraw your consent.
6. WHAT ARE YOUR RIGHTS REGARDING PERSONAL DATA PROTECTION?
You have mainly the following rights in relation to your personal data:
a) The right to information;
b) The right to access personal data;
c) The right to rectify or complete inaccurate personal data;
d) The right to have personal data deleted (the right to be forgotten) in certain cases;
e) The right to restrict the processing;
f) The right to notification of correction, deletion or restriction of the processing;
g) The right to transfer personal data;
h) The right to object to or complain about the processing in certain cases;
i) The right to withdraw your consent at any time;
j) The right to be informed about personal data breach in certain cases;
k) Other rights laid down in the act on personal data protection and the GDPR after the entry into force.
7. WHAT DOES THE RIGHT TO OBJECT MEAN?
If you do not want to receive any more commercial communication or information on news in our product portfolio from our party, you have the right to object to further processing of your personal data for the purpose of direct marketing. If you do so, we will not process your personal data for this purpose and send you further commercial communication or newsletters.
You find more information about this right in Article 21 of the GDPR.
8. HOW CAN YOU CONTACT US?
If you have any questions concerning personal data protection or withdrawal of consent to further processing please use this email: [email protected].
In this context please note that we may ask you to prove your identity in an appropriate manner in order to check your identity. This is a preventive security measure aimed at preventing unauthorized persons from accessing your personal data. In order to improve the quality of services and to maintain the records of performance of our obligations resulting from legislation every communication with you is monitored.
Since May 25, 2018 this contact of the data protection officer according to the GDPR is available.
iPhysios s.r.o., data protection officer, address: Rybářská 839/2, Stará Role, 360 17 Karlovy Vary, or email: [email protected].