Privacy policy
- INTRODUCTORY PROVISIONS
1.1 This Personal Data Processing Policy (hereinafter referred to as "PDPP") has been issued by KROKIDO GROUP s.r.o., ID No. 17270197, with registered office at B.Egermanna 322, 473 01 Nový Bor, Czech Republic (hereinafter referred to as "Controller"). This TOS describes how the Controller collects, processes and shares information of users (hereinafter referred to as "User") of the www.krokido.cz website (hereinafter referred to as "Website"), and of customers (hereinafter referred to as "Customer") using its services.
1.2 The Controller processes the personal data of customers who provide it when ordering goods and services, joining a loyalty program or subscribing to a newsletter and users of the www.krokido.cz website.
1.3 The Controller may use other processors, listed below, to process personal data. We encourage you to read the entire TOS and to ensure that you fully understand the information provided. If you have any questions about this TOS or the Company's collection, processing and sharing of Personal Data, please contact us at [email protected].
- WHAT DATA WILL BE PROCESSED
2.1 The Controller processes data collected as a result of the use of the website and through cookies. Some cookies are necessary to provide the basic functions of the website, for example to log into a user account ("basic cookies"). For the use of other cookies by the Controller, for example to better target advertising campaigns and improve the website, the consent of the user or customer on the website is required. The user or customer can always adjust their preferences for the use of cookies.
2.2 More information about all cookies used by the Administrator can be found here.
2.3 The Controller processes, or may process, social media data. If login, discussion or rating and sharing options are implemented on the website with the help of social networks (Facebook, Google, LinkedIn, etc.), and the user makes use of these options, he/she will also allow the Company to access the public information on his/her profile in the respective social network, and, where applicable, his/her e-mail address. The public social network profile may include the user's first and last name, profile picture, age category, gender and other public information according to the user's preferences.
2.4 The controller primarily processes the data you provide when creating and using a user account, creating an order or registering for a loyalty program, and when subscribing to the newsletter. Some personal data is necessary for registration (name and email address) and is used for basic identification of the user or customer login to the account. The data processed by the Administrator when registering for the newsletter or creating a user account may be as follows:
- First and last name or, where applicable, business name,
- Residence (street, address, city, postcode, country) or registered office,
- date of birth,
- e-mail address,
- telephone number,
2.5 The Administrator does not knowingly collect information from children under the age of 15, and children under 15 cannot use its services. If you become aware that a child has provided us with personal information in violation of this TOU, you may notify us at [email protected].
- FOR WHAT PURPOSES THE PERSONAL INFORMATION WILL BE USED
3.1 The Controller will always process personal data solely for the purposes for which it was collected, based on a legitimate interest, legal obligation or consent given. We process personal data for various purposes, in particular:
- performance and execution of contracts and orders,
- the performance of legal obligations in the field of accounting, in the field of taxation, or as required by other applicable laws and regulations, or required by any legal process or government agency,
- communicating with customers, updating terms and conditions, and for marketing and promotional purposes,
- responding to website users' inquiries,
- analyze website traffic to improve the services and offerings,
- to process transactions and detect fraud,
- targeting potential customers through online advertising. To better target advertising and optimize the website, the Administrator uses information about users' activity on the website. This information includes data obtained through the use of cookies.
- PROCESSORS AND RECIPIENTS
4.1 The Controller may also use so-called processors for the processing of personal data. These entities may only process personal data for the purposes and in the manner specified by the Company and may not disseminate it without further consent. We only pass on to processors the data that they necessarily need to provide their services. The Controller uses the following as processors:
carrier
- external companies to whom the Controller transfers personal data (external accountants, lawyers)
- Google LLC (web analytics and online marketing tools);
- Facebook Ltd (tools for online marketing);
- Seznam.cz, a.s. (tools for online marketing);
- possibly others.
4.2 In justified cases, the Controller may also transfer personal data to other recipients, such as public authorities, if required by applicable law (Police, courts, etc.).
- THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE KEPT
5.1 Personal data for the purposes referred to in point 3 are processed to the extent necessary for the fulfilment of these purposes and for the period necessary to achieve them or for the period directly provided for by law. Thereafter, the personal data shall be erased or anonymised. After that period, personal data may be retained only for the purposes of the National Statistical Service, for scientific purposes and for archiving purposes. The basic time limits for processing personal data are available below.
- The controller processes the personal data of registered customers until their registration is cancelled. Customer contact data is processed for the duration of the business relationship or until the customer updates the data.
- For service customers, the Controller is entitled to process their basic personal, identification, contact, service and communication data with the Company for a period of 3 years from the date of termination of the last contract.
- In the case of purchase of goods from the Company, the Controller is entitled to process the customer's basic personal, identification and contact data, data about the goods and data from communications between the customer and the Company for a period of 3 years from the date of expiry of the warranty period for the goods.
- Invoices issued by the Administrator are archived for 10 years from the date of issue in accordance with Section 35 of Act No. 235/2004 Coll., on value added tax. Contracts are also archived for 10 years from the date of termination of the contract due to the need to prove the legal reason for issuing invoices.
- The data collected for marketing purposes are processed for the entire duration of the consent, i.e. also for as long as the user allows storage within the cookie settings on the website or in his browser. The processing may also continue after the withdrawal of consent, at the latest until the expiry of the respective type of cookie.
- Sales and marketing communications via electronic contact are sent until the consent is withdrawn or until the user unsubscribes.
- GIVING AND WITHDRAWING CONSENT
6.1 Customers or users can give consent on the website to receive marketing and commercial communications to their electronic address.
6.2 Customers who have purchased goods from the Administrator via the website acknowledge that commercial communications related to goods already purchased may be sent to them without consent.
6.3 Customers may withdraw consent to any marketing and commercial communications at any time, by:
- by sending a request to [email protected].
- The user can disable the targeting of advertising (cookies) by changing it directly in their browser. If you disable the storage of selected Cookies, some parts of the website may not work properly. For more information, please see the page on the use of Cookies.
- METHODS OF PROCESSING AND STORAGE OF PERSONAL DATA
7.1 Personal data will be processed and stored:
- by machine (automated) through computer hardware and software,
- in written form.
- RIGHTS OF THE DATA SUBJECT
8.1 The controller informs you that you have the following rights in accordance with the relevant provisions of the GDPR, in particular Articles 15 to 22 GDPR:
- access to personal data
- to rectification
- to erasure (right to be "forgotten")
- to restrict processing
- to data portability
- to object.
8.2 Upon request, the controller shall provide the user or customer with the requested information without undue delay, at the latest within one month of receipt of the request. The controller shall do so free of charge.
RIGHT OF ACCESS TO PERSONAL DATA
Pursuant to Article 15 GDPR, the data subject has the right of access to personal data, which includes the right to obtain from the Controller:
- Confirmation as to whether he/she processes personal data,
- information about the purposes of the processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, the intended duration of the processing, the existence of the right to request the controller to rectify or erase personal data relating to the subject or to restrict or object to the processing, the right to lodge a complaint with a supervisory authority, any available information about the source of the personal data if not obtained from the data subject, the fact that automated decision-making, including profiling, takes place, appropriate safeguards in the event of transfer of data outside the EU,
- where the rights and freedoms of others will not be adversely affected, a copy of the personal data.
The right to confirmation of the processing of personal data and to information will be exercised in writing to the address of the Controller's registered office.
THE RIGHT TO RECTIFICATION OF INACCURATE DATA
Pursuant to Article 16 of the GDPR, the data subject has the right to rectification of inaccurate personal data processed about him/her by the Data Controller. The Controller will carry out the rectification without undue delay, but always taking into account the technical possibilities.
RIGHT TO EXCLUSION
Pursuant to Article 17 of the GDPR, the data subject has the right to erasure of personal data concerning him or her, unless the Controller demonstrates legitimate grounds for processing such personal data. If the data subject considers that his or her personal data have not been erased, he or she may write to the Controller's registered office.
RIGHT TO RESTRICTION OF PROCESSING
Pursuant to Article 18 of the GDPR, the data subject has the right, until the complaint is resolved, to obtain a restriction of processing if he or she contests the accuracy of the personal data, the grounds for processing or objects to processing, in writing to the address of the Controller's registered office.
THE RIGHT TO NOTIFICATION OF RECTIFICATION, ERASURE OR RESTRICTION OF PROCESSING
According to Article 19 of the GDPR, the data subject has the right to be notified by the Data Controller in the event of rectification, erasure or restriction of the processing of personal data. If personal data are rectified or erased, the Controller will inform the individual recipients, except where this proves impossible or requires disproportionate effort.
RIGHT TO THE PORTABILITY OF PERSONAL DATA
Pursuant to Article 20 of the GDPR, the data subject has the right to the portability of the data concerning him or her that he or she has provided to the controller in a structured, commonly used and machine-readable format, and the right to request the controller to transfer such data to another controller.
THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of his or her personal data on the grounds of legitimate interest of the Controller. If the controller does not demonstrate that there is a compelling legitimate reason for the processing which overrides the interests or rights and freedoms of the data subject, the controller shall terminate the processing without undue delay on the basis of the objection. The objection may be sent in writing to the address of the Controller's registered office.
AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
The data subject has the right not to be subject to any decision based solely on automated processing, including profiling, which would have legal effects concerning him or her or similarly significantly affect him or her. The controller states that it does not carry out automated decision-making without the influence of human judgement having legal effects on data subjects.
THE RIGHT TO HAVE RECOURSE TO THE DATA PROTECTION AUTHORITY
The data subject has the right to contact the Data Protection Authority (www.uoou.cz).
- SECURITY
The controller is committed to protecting personal data and other information about its customers and users of its services. To do this, it uses a range of security technologies and measures designed to protect information from unauthorized access, use or disclosure. The measures it uses are designed to provide a level of security appropriate to the risk of misuse of personal information. The security of personal information is regularly tested by the Data Controller and the protection is continuously improved. However, please keep in mind that 100% security cannot be guaranteed on the Internet. All personal data in electronic form is stored in databases and systems that can only be accessed by those who have an immediate need to handle the personal data for the purposes set out in this policy, and only to the extent necessary.
- CONTACT
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected]. The controller of your personal data is KROKIDO GROUP s.r.o., company registration number 17270197, with registered office at B.Egermanna 322, 473 01 Nový Bor, Czech Republic.
- EFFECTIVENESS
These GTCA are effective from 8 November 2022.