CONTENTS:
1. INTRODUCTION
2. PERSONAL DATA CONTROLLER AND CONTACTS
3. PROCESSING OF PERSONAL DATA WHEN BROWSING THE WEBSITE
4. FORGOTTEN CART
5. PROCESSING OF PERSONAL DATA WHEN PURCHASING IN THE E-SHOP
6. PROCESSING OF PERSONAL DATA WHEN SENDING A NEWSLETTER TO OWN CUSTOMERS
7. PROCESSING OF PERSONAL DATA WHEN SENDING A NEWSLETTER BASED ON CONSENT, COMPLETING A QUIZ AND A QUESTIONNAIRE
8. PROCESSING OF PERSONAL DATA WHEN USING CONTACTS ON THE WEBSITE
9. PROCESSING OF PERSONAL DATA TO FULFIL LEGAL OBLIGATIONS
10. PROCESSING OF PERSONAL DATA TO PROTECT THE RIGHTS OF THE ADMINISTRATOR AND DEFENSE AGAINST CLAIMS
11. INFORMATION ON DATA SUBJECTS' RIGHTS
12. SAFETY
13. PROCEDURE FOR EXERCISING RIGHTS, FILING COMPLAINTS
14. FINAL PROVISIONS
1. Introductory information
1.1. This document, the Personal Data Processing Statement (" Information "), serves to provide all necessary information about the processing of personal data within the website and e-shop https://aniball.cz/ (" Website ").
1.2. By browsing the website and, where applicable, providing consent to this Information, you declare that you have read, understand and agree to the Information.
1.3. The company processes personal data in accordance with effective legal regulations, in particular in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (" GDPR ").
2. Personal data controller and contacts
2.1 The personal data controller is RR Medical sro , with its registered office at Jihlavská 671/7, 664 41 Troubsko, Company ID: 01999541, entered in the Commercial Register kept by the Regional Court in Brno, Section C, Insert 79982 (hereinafter referred to as the “ Controller ” or the “ Company ”)
2.2. Contact details of the administrator:
2.2.1. Delivery address: RR Medical sro, 664 41 Popůvky, Vintrovna 433/3e;
2.2.2. e-mail address info@aniball.cz;
2.2.3. telephone +420 734 751 794.
2.3. Person authorized to handle requests regarding the processing of personal data: info@aniball.cz
3. Processing of personal data when browsing the website
3.1. No personal data is processed when browsing the website.
3.2. Information about cookies and similar technologies is available here.
4. Forgotten basket
4.1. Purposes of processing for which personal data are intended: if you provide us with an e-mail and agree to this, we will launch the forgotten cart function to facilitate the completion of the purchase. If the purchase is not completed, a reminder of the completion of the purchase will be sent to your e-mail twice.
4.2. Legal basis for processing: consent, this is voluntarily granted by filling out the e-mail without sending the order, providing the e-mail is voluntary, but without providing it, it is not possible to use the function.
4.3. Categories of personal data concerned: e-mail, data on ordered goods.
4.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
4.5. Period for which personal data will be stored: for 2 calendar days.
4.6. Source from which personal data originates: subject.
5. Processing of personal data when purchasing in the e-shop
5.1. Purposes of processing for which personal data are intended: if an order is placed or a contract is concluded, it is necessary to retain personal data for the purpose of fulfilling the contract, i.e. processing the order, checking, delivery, any complaints or claims for defects and related actions to secure the order.
5.2. Legal basis for processing: performance of the contract, without this processing it is not possible to place an order.
5.3. Categories of personal data concerned: identification data, contact data, data on the ordered goods, data on the date and time of the order, other data relating to the contract and related communications.
5.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
5.5. Transfer outside the EU: express checkout suppliers: Google Ireland Limited, data may be transferred to the USA based on standard contractual clauses (terms of service are available here and information on the processing of personal data here) , Shopify International Limited, data may be transferred to the USA based on standard contractual clauses (terms of service are available here and information on the processing of personal data here ), to use express checkout services it is necessary to be registered with the service provider, who is a separate personal data controller and is separately responsible for the handling of personal data.
5.6. Period for which personal data will be stored: for the duration of the contract and two years thereafter due to claimed defects and other claims.
5.7. Source from which personal data originates: subject.
6. Processing of personal data when sending newsletters to our own customers
6.1. Purposes of processing for which personal data are intended: if you make a purchase in the e-shop, we will regularly send you selected and tailored other similar offers of our products, electronically or by post. The offers are chosen according to your identified interests and previous purchases. To ensure the effectiveness of the information sent, we track whether the newsletter is opened and whether the relevant links are clicked.
6.2. Legal basis for processing: legitimate interest, against which it is possible to object.
6.3. Categories of personal data concerned: identification and contact data, purchase data.
6.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
6.5. Transfer outside the EU: email service provider Klaviyo, Inc., USA, the level of protection is ensured by standard contractual clauses, terms of service are available here.
6.6. Period for which personal data will be stored: indefinitely, no longer than until a request to stop sending commercial communications.
6.7. Source from which personal data originates: subject.
7. Processing of personal data when sending the newsletter based on consent, completing a quiz and questionnaire
7.1. Purposes of processing for which personal data are intended: if you give us your consent, we will regularly send you selected, tailor-made offers of our products, information about the activities of our company and cooperating companies and other interesting information and offers, electronically or by post. Offers are chosen according to the identified interests, activities of the subject within the e-shop and website and, if applicable, also according to previous purchases. To ensure the effectiveness of the information sent, we track opening of the newsletter (quiz or questionnaire) and clicking on the relevant links.
7.2. Legal basis for processing: legitimate interest, against which it is possible to object.
7.3. Categories of personal data concerned: identification and contact data, purchase data, answers obtained in a quiz or questionnaire.
7.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services. The supplier of the questionnaire service is Typeform, Spain, the level of protection is ensured by standard contractual clauses, the terms of service are available here ( https://www.typeform.com/help/a/security-at-typeform-360029259552/ ).
7.5. Period for which personal data will be stored: indefinitely, no longer than until a request to stop sending commercial communications.
7.6, Source from which personal data originates: subject.
8. Processing of personal data when using contacts on the website
8.1. Purposes of processing for which personal data are intended: if you contact us via the contact form or published contact details (whether by telephone, e-mail or in writing, e.g. by post), we will process your personal data for the purpose of handling your inquiry/request or ensuring another response. We generally do not publish your inquiries.
8.2. Legal basis for processing: consent expressed by sending the relevant request/letter or other message. Consent is voluntary and can be withdrawn at any time.
8.3. Categories of personal data concerned: identification data, contact details (e-mail), subject and content of the inquiry/request/message, date of delivery of the information, in the electronic case, IP address and exact time.
8.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
8.5. Period for which personal data will be stored: personal data will be stored only for the duration of follow-up and related communication to handle the inquiry/request/other message and for a maximum of 1 year thereafter in the event of further follow-up communication.
8.6. Source from which personal data originates: subject.
9. Processing of personal data for the fulfillment of legal obligations
9.1. Purposes of processing for which personal data are intended: If the Administrator is required by effective legal regulation to store specific documents, he does so for the purpose specified in that legal regulation. An example is the storage of documents in the field of accounting and taxes.
9.2. Legal basis for processing: compliance with a legal obligation.
9.3. Categories of personal data concerned: only such data or documents whose storage is required by a specific legal regulation.
9.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
9.5. Period for which personal data will be stored: The Administrator stores the data collected in this way only for the period specified by the relevant legal regulation.
9.6. Source from which personal data originates: subject.
10. Processing of personal data to protect the rights of the Controller and defend against claims
10.1. Purposes of processing for which personal data are intended: If the Administrator carries out the above-mentioned processing, then after its completion, it collects a limited range of documents and personal data for the purpose of protecting its own rights, defending against claims, and also for the purpose of defending itself in judicial/administrative/supervisory and other proceedings. An example is the storage of a purchase contract after its fulfillment or termination.
10.2. Legal basis for processing: : the legitimate interest of the Controller in protecting its rights, demonstrating compliance and defending itself against supervisory authorities. You have the right to object to this legitimate interest at any time.
10.3. Categories of personal data concerned: documents proving legal actions such as granted consents, relevant logs, sent requests to exercise rights, etc.
10.4. Recipients/categories of recipients: only contractually authorized processors from the categories: suppliers of technical solutions, clouds, IT services, transport companies, auditors, legal services, accounting services.
10.5. Period for which personal data will be stored: The Administrator stores the data collected in this way for a period of 3 years from the expiry of the processing period specified for another purpose according to this Information. The period will not end before the commencement of legal or other proceedings and the related deadlines for remedies.
10.6. Source from which personal data originates: subject.
11. Information on the rights of data subjects
11.1. The Administrator hereby informs the Data Subjects of the basic principles and rules in accordance with the provisions of Article 13 et seq. of the GDPR, on the basis of which the Company, as the Personal Data Administrator, processes the personal data of the Data Subject.
11.2. The Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data are being processed, and if they are being processed, the Data Subject has the right to access the personal data.
11.3. The data subject has the right to have the Administrator correct inaccurate personal data without undue delay, or, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing an additional statement.
11.4. The data subject has the right to have the Administrator erase personal data if the personal data are no longer necessary for the purpose of processing, the data subject has withdrawn consent to their processing, has objected to the processing of personal data and there are no overriding legitimate reasons for the processing,
11.5. The Data Subject has the right to have the Controller restrict the processing if the Data Subject disputes the accuracy of the personal data for the period necessary to verify the accuracy of the personal data, the Controller no longer needs the personal data for the purpose of the processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims, or the Data Subject has objected to the processing of the personal data.
11.6. The data subject has the right to withdraw consent to the processing of personal data at any time without any penalty. The data subject may withdraw consent in any of the ways specified above in the individual contact details of the Controller. The withdrawal of consent by the data subject does not affect the lawfulness of the processing based on consent before its withdrawal.
11.7. The Subject has the right to receive personal data concerning the Subject, which the Subject has provided to the Controller, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller ( right to portability ), without hindrance from the controller to whom the personal data were provided, where:
11.7.1. the processing is based on consent or a contract; and
11.7.2. processing is carried out automatically.
11.8. The data subject has the right to file a complaint with the competent supervisory authority if the data subject believes that the processing of personal data is in violation of legal regulations. The competent supervisory authority in the Czech Republic is the Office for the Protection of Personal Data – www.uoou.cz.
11.9. The data subject has the right to object to the processing of personal data concerning him or her, if the controller processes personal data for the following reasons:
11.9.1. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
11.9.2. processing is necessary for the purposes of the legitimate interests of the controller or a third party,
11.9.3. for direct marketing purposes,
11.9.4. for the purposes of scientific or historical research or for statistical purposes.
12. Security
12.1. The Company hereby declares that the handling of personal data is carried out in full compliance with applicable legal regulations. The personal data of the data subject are kept safe by the Company through the technical and organizational measures in place.
12.2. The personal data of the Data Subject are processed manually or partially automatically by the Company's employees.
12.3. All personal data in electronic form are stored in databases and systems that are accessible only to persons who need to handle the personal data directly for the purposes specified in these rules, and only to the extent necessary. Access to this personal data is protected by a password and a firewall.
13. Procedure for exercising rights, filing complaints
13.1. You can exercise all rights by contacting the Administrator.
13.2. We will process all your requests without undue delay, in justified cases within 30 days at the latest.
13.3. The contact details of the Administrator, which can be used, among other things, for requests, withdrawal of consent, submission of objections or complaints to the Administrator, are listed in Article 2.
13.4. You have the right to file a complaint with the Administrator, without prejudice to the right to file a complaint with a supervisory authority pursuant to Article 10.
14. Final provisions
14.1. The processing of personal data of data subjects is governed by the legal order of the Czech Republic.
14.2. The Administrator has the right to change the Information if necessary. The change is effective on the date of notification or on a later date specified in the notification of the change. The change does not affect processing already initiated on the basis of a previous legal action, unless otherwise specified in the notification. In such a case, the subject has the right to reject the change and request the termination of the processing of personal data.
14.3. This Information is effective from 1 September 2024.