1. General provisions
1.1 The controller of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as „GDPR“) is Ing. Jan Šustr, with registered office at Palachova 1777/7, 591 01 Žďár nad Sázavou, ID No.: 05476356, VAT No.: 8407024780, registered in the Trade Register of the Municipal Office Žďár nad Sázavou since 11 October 2016, registration No.: MU/OŽ/2152/2016/kh/4, registered office of the Municipal Office Žďár nad Sázavou (hereinafter referred to as „controller“).
1.2 The controller does not have a designated data processing officer.
1.3 This document does not apply to third party websites and services that can be accessed via links located at hamparts.shop.
2. Sources of personal data processed
2.1 The controller processes personal data that you have provided to the controller or personal data that the controller has obtained as a result of the fulfilment of an order.
2.2 The controller processes your identification and contact data, descriptive data provided voluntarily, order and order fulfilment data, data on the use of the services and login data.
3. Personal data processed
3.1 The legal basis for the processing of personal data is:
a) the performance and conclusion of a contract between you and the controller,
b) the performance of legal obligations,
c) the legitimate interest of the controller, in particular for the providing of direct marketing (sending commercial messages and newsletters) and the protection of your rights,
d) your consent to processing for the purpose of providing direct marketing (in particular for sending commercial messages).
3.2 The purpose of processing personal data is:
a) the handling of your order and the exercise of rights and obligations arising from the contractual relationship between you and the controller, as well as the fulfillment of related legal obligations. After you have ordered good or services, your personal data that are necessary for the successful execution of your order are recorded (name and surname, delivery address and contact details in the sense of e-mail address, telephone number, etc.), providing this information is a necessary requirement to close purchase contract. Without these data, the purchase contract cannot be concluded or executed by the controller,
b) sending commercial messages, requesting evaluations of goods and doing other marketing activities
c) maintaining a user account and using other services operated by the controller, including support services.
3.3 There is no automatic individual decision-making by the controller within the meaning of Article 22 of the GDPR.
3.4 Your personal data may be processed by the controller for the exercise of rights and legal claims or for the purpose of control by public authorities and for other similarly compelling reasons.
4. Retention of personal data
4.1 The controller retains personal data:
a) for the duration of the contractual relationship and no longer than ten (10) years after the termination of the contractual relationship (for the fulfillment of obligations arising from the purchase contract or from generally binding legal regulations, the controller must retain this data regardless of the consent given),
b) until your consent is withdrawn, but no longer than ten (10) years after the consent is given – if the data is processed on the basis of consent,
c) otherwise for the period necessary to fulfil the purpose of the processing, but no longer than ten (10) years.
4.2 Upon expiry of the retention period, the personal data will be deleted by the controller.
5. Personal data and third parties
5.1 We transfer your personal data to the following parties in order to process your order and to exercise the rights and obligations arising from the contractual relationship between you and the controller:
a) those involved in the delivery of the goods,
b) those involved in the payment process,
c) providing the operation of the web interface of the website and other services related to the operation of the web shop,
d) providing marketing services.
5.2 The controller uses processing services (in particular analytical and marketing tools):
a) Google Analytics – records cookies and website usage.
5.3 The controller does not transfer personal data to third countries (non-EU countries) or international organizations other than those listed in this document. The data will not be further disclosed to the entities, but a copy of the processed data can be obtained through them.
6. Rights related to personal data protection
6.1 Subject to the conditions set out in the GDPR, you have right to:
a) access to your personal data in accordance with Article 15 of the GDPR,
b) correct your personal data in accordance with Article 16 of the GDPR,
c) erasure of your personal data pursuant to Article 17 of the GDPR,
d) limit processing pursuant to Article 18 of the GDPR,
e) data portability pursuant to Article 20 of the GDPR,
f) f) object under Article 21 of the GDPR to processing on the legal basis of legitimate interests or for direct marketing purposes,,
g) withdraw consent to the processing of personal data at any time. It is possible to unsubscribe from receiving commercial messages or withdraw consent to the related processing of personal data via firstname.lastname@example.org.
6.2 If you believe that your data protection rights have been violated, you have the right to file a complaint directly with the Office for Personal Data Protection (uoou.cz). However, we will be happy if you address any transgressions with us first via email@example.com.
7. Security of personal data
7.1 The controller has taken all appropriate technical and organizational measures to secure personal data.
7.2 The controller has taken technical measures to secure data repositories and data repositories in paper form, in particular encrypted access to the website interface, regular system updates, and regular system backups.
7.3 Only persons authorized by the controller have access to personal data.
7.4 The controller backs up the data and may use other similar measures to prevent accidental damage or destruction of personal data of clients.
7.5 The controller does not hold or store passwords used to access user accounts in any database.
8. Final provisions
8.2 A valid and effective version of this document is always available at https://hamparts.shop/content/privacy-policy.
8.4 The controller fulfills his legal obligations related to the possible storage of cookies on your device through a separate Cookies document.
8.5 Contact details:
headquarters: Palachova 1777/7, 591 01 Žďár nad Sázavou, Czech republic
establishment and delivery address: Brněnská 326/34, 591 01 Žďár nad Sázavou, Czech republic
e-mail address: firstname.lastname@example.org
telephone: +420 607 846 638