Privacy statement of the e-shop „backtoletters.com“
1.1 This Privacy Statement about the processing of personal data of natural persons as data subjects (hereinafter referred to as the “Customer”) is issued for the purpose of informing Customers or those interested in the Services of the e-shop “backtoletters.com” operated by Mgr. Lucie Mejšnerová, with place of business: Schovaná 149, Sulice – Želivec, Postal Code 251 68, Czech Republic, European Union, identification number: 01622528, registered in the Trade Register at the Municipal Office in Říčany (hereinafter the “Provider”).
1.2 The personal data of the Customer who is a natural person are subject to the protection of personal data in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation; hereinafter referred to as “GDPR”).
1.3 The Provider is the controller of personal data processed for the purposes of:
1.3.1 Performance of the Contract and the execution of the Order made on the Provider’s website, incl. implementation of measures taken before the conclusion of the Contract at the request of the data subject. For this purpose, the Provider processes the Customer’s personal data in the following extent: name, surname, contact addresses, e-mail, or business name and Company ID, user name and password, as well as address data for delivery of the Product, i.e. name, surname and contact address of the recipient, which the Customer stated as the delivery address in the Order (these data will be stated on the shipment with the Product), and information relating to the subject of the Contract (e.g. Product specification, method of payment, etc.). The legal title for the processing of personal data is the performance of the Contract, whereas the provision of personal data by the Customer is voluntary and without this provision the Service cannot be provided.
1.3.2 Provider’s legitimate interests in direct marketing (sending commercial communications, both physically to the address specified by the Customer as part of the User Account registration process, in the Order or electronically by e-mail). For the purpose of sending commercial communications physically to the address of the Customer, personal data are processed to the extent: name, surname and address. For the purpose of sending commercial communications electronically by e-mail, only the Customer’s e-mail address is used. If the Customer does not agree with the said processing, he / she has the right to object to it (see Article 13).
1.3.3 For the purposes of the legitimate interests of the Provider in determining, exercising or defending the legal claims of the Provider and for the purpose of the inclusion of the Customer in the Provider’s customer records, personal data are processed in the following extent: name, surname, business name and company ID, user name and password, address information of the Customer, as well as information related to the subject of the Contract (e.g. identification of the Product, method of its payment, etc.). If the Customer does not agree with the said processing, he / she has the right to object to it (see Article 13).
1.3.4 For the purpose of implementing the Provider’s marketing campaigns based on the consent of those interested in the Service with sending commercial messages. For this purpose, the Provider processes the personal data of those interested in the Services in the following extent: name, surname, address, e-mail, or data on the business name, including the company ID. The person interested in Services grants his / her consent pursuant to Section 7 (2) of Act No. 480/2004 Coll., On Certain Information Society Services and on Amendments to Certain Acts (Act on Certain Information Society Services), as amended, to send commercial communications by Provider to the e-mail address. The Provider is entitled to contact the person interested in the Services with the details of the new Services within a certain time interval of maximum once every 30 days.
1.4 The only source of personal data are directly Customers or those interested in the Services.
1.5 The Provider shall store personal data for the duration of the Contract and for a maximum period of 5 years, or for a longer period, if justified by legal regulations in this case. The Provider shall process personal data based on the granted consent for processing for a maximum period of 2 years from the date of granting the consent.
1.6 The Provider stores, processes and maintains contact lists, recipient addresses, and other User Account data for the purpose of providing the Services. The Provider may contact the Customer through the contact information provided during registration to assist, process or submit the Order or in the event of any other problems relating to the Services. If the Customer sends an e-mail or other communication, the Provider may also process such communication in order to process Customer’s inquiries, respond to their requests and improve the quality of the Services.
1.7 The Customer acknowledges that the Provider may process all personal data by using computer technology, i.e. also automatically.
1.8 If the Customer requests information about the processing of their personal data, the Provider is obliged to provide this information. The Provider has the right to request adequate compensation not exceeding the costs necessary for providing the information pursuant to the previous sentence.
1.9 The Provider is entitled to update this Privacy Statement from time to time to reflect feedback from Customers. The Provider recommends that Customers periodically verify the information in this Privacy Statement to inform themselves how the Provider protects personal data.
1.10 The Customer acknowledges that he / she is obliged to provide his / her personal data (upon registration, in his / her User Account, in the Order made from the E-shop interface) correctly and truthfully.
1.11 The Provider may authorize a third party as personal data processors to process the Customer’s personal data, such as postal carriers, persons providing accounting, tax and legal services, employees of the Provider, provider of the services of information society (in particular Facebook / Google / Apple) or other providers of processing software, services and applications that are not currently used by the Provider.
1.12 Personal data shall be processed electronically in an automated manner or in printed form in a non-automated manner personally by the Provider or persons authorized by the Provider and further through the processor based on a contract on the processing of personal data. The current list of processors will be provided on the Provider’s website, as of the date of preparation of these Privacy Statement, the Provider has not authorized any processor to process personal data. Personal data may only be disclosed to third parties if they are authorized to do so by law. Personal data will not be transferred to other entities. Personal data will be processed and stored / stored in a secure manner (passwords, secure storage, secure physical storage location, accurate overview of persons having access to personal data).
1.13 The Customer has the right, under the conditions laid down by GDPR, to have access to his / her personal data, to have it rectified or erased, or to limit its processing, as well as to the portability of the data.
1.13.1 The Customer has the right to object to the processing of personal data for the purposes of the Provider’s legitimate interests, including direct marketing. In the absence of serious legitimate reasons for processing that outweighs the interests or rights and freedoms of the Customer, or for the determination, exercise or defence of legal claims, the Provider shall terminate the processing of personal data for such purposes.
1.13.2 The data subject shall be entitled to withdraw the consent to receive commercial communications at any time by sending a message “Do not send commercial communications” or similar to the email: lucie@backtoletters.com or in writing to the Provider’s address.
1.14 The Customer agrees to store so-called cookies on his computer. In the event that the order process on the relevant web page can be made and obligations of the Provider under the Contract to can be performed, without storing the so called “cookies” on the computer of the Customer, the Customer may its consent under the preceding sentence withdraw at any time. Cookies are not a danger, but are important for privacy. Cookies cannot be used to identify site visitors or to misuse login information. The use of cookies can be restricted or blocked in the web browser settings.