General Data Protection Regulation

Controller of general data according to act 4 article 7 regulation of the European parliament and the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and of free movement of such data (hereinafter “GDPR”) is the company Balkanova, s.r.o., business address Karoliny Světlé 321/23, 110 00 Praha – Staré Město, IČ (identification number) 28531299 (hereinafter „Controller“).

You may contact the controller on the address Balkanova, s.r.o., Karoliny Světlé 321/23, 110 00 Praha 1 – Staré Město or the phone number 776 332 522 or the electronic address info@balkanova.eco.

The controller did not name a representative for the general data protection.

While ordering from the controller ’s internet shop, the controller requires a provision of purchaser ’s personal data that are necessary for a successful arrangement of the order, that is the first name, the family name, the address, the e-mail address, the phone number. The purchaser is not obliged to provide the personal data, but without the provision of the personal data it is not possible to conclude the contract or to fulfil it by the controller.

The purpose of the personal data processing is the arrangement of the purchaser’s order and the procedure of rights and duties that arise from the purchase contract concluded between the controller and the purchaser. The aim of the personal data processing is to manage the personal account, if the purchaser registrated in the controller´s internet shop. The aim of personal data protection is also sending commercial information and offering trade and service. The legal aim for personal data processing it the necessity for contract fulfilment according to article 6 paragraph 1 letter b) GDPR, the necessity for contract fulfilment according to article 6 paragraph 1 letter c) GDPR, and legitimate interest of the controller according to article 6 paragraph 1 letter f) GDPR. The legal interest of the controller is personal data processing with the aim of direct marketing.

From the side of the controller there is not decision based on automatice processing in the sense of article 22 GDPR.

The controller saves purchaser’s personal data for a period of time necessary for the execution of the rights and duties according to the contract of purchase concluded between the controller and the purchaser and exercised legal regulation, as are for instance the law about accountancy, the law about value added taxe or the law about archival and records management. If some juridical regulation does not require longer archiving time from the controller, the controller saves personal data for ten years the longest. Personal data concerning the customer account will be proceeding until the time the purchaser cancels it.

The personal data processing may be done by a processor with whom the controller has got a contract about personal data processing.

The recipients of the personal data may be carriers of the commodity ordered from the internet shop of the controller, persons who ensure the internet shop service management for the controller and persons who ensure marketing services for the controller.

The controller does not have the intention to transfer personal data to third countries (countries outside the EU) or international organisations.

According to the conditions stated in GDPR, the purchaser has the right to the access to data according to the article 15 GDPR, the right to correct personal data according to the article 16 GDPR, the right to delete personal data according to the article 17 GDPR, possibly the right to restrict the processing according to the article 18 GDPR, the right to transfer data according to the article 20 GDPR. The purchaser has the right to make a protest about the processing according to the article 21 GDPR.

The purchaser has the right to file a complaint at the Authority for personal data protection in case that the purchaser assumes that his/her right to personal data protection was infringed.

The controller declares that he/she implemented suitable technical and organisation measures to secure the protection of personal data. The controller adopted technical measures to secure the protection of data repository and repository of personal data in documentary form (especially measures to secure passwords, virus detection program, data reserves, lockable wardrobes and lockable offices in buildings with security guards). The controller declares that only authorised persons have access to the personal data.

By sending the order from the internet shop of the controller the purchaser declares that he/she is acquainted with these conditions of personal data protection and that he/she accepts them completely.

These conditions of personal data protection acquire effectiveness the 1.8.2018.