Privacy policy
Processing of personal data
The company Stanislav Doležal, Svět Publishing House, ID No.: 70545901, VAT No.: CZ6102151638, with registered office at Holečkova 366/13, 150 00 Praha 5, operator of the Atelier Drtikol brand, as the personal data controller (hereinafter referred to as the "Controller"), hereby informs its customers (hereinafter referred to as the "data subject") about the manner and extent of the processing of personal data by the Controller, including the extent of the data subject's rights related to the processing of their personal data.
The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as "GDPR"), as well as in accordance with the relevant national data protection legislation, in particular Act No. 110/2019 Coll., on the processing of personal data.
The controller collects and processes personal data only in accordance with the stated purposes and to the extent and for the period necessary to fulfil these stated purposes.
1. Purpose and legal basis for processing personal data
1.1 Performance of the contract
The processing of personal data is necessary for the negotiation of the conclusion or amendment of a contract to which the data subject is a party and for the subsequent performance of such contract (Article 6(1)(b) GDPR). The controller collects and processes the personal data of the data subject to the extent of:
name and surname
e-mail address
telephone number
delivery and billing address
company name (in case of entrepreneurs)
The provision of this personal data by the data subject is a prerequisite for the conclusion or modification of the contract for the provision of the supply, whereby the provision of personal data serves primarily to uniquely and unmistakably identify the data subject.
1.2 Compliance with legal obligations
The processing of personal data is necessary to comply with the legal obligations of the Data Controller (Article 6(1)(c) GDPR). These obligations arise in particular from:
Act No. 89/2012 Coll. (Civil Code)
Act No. 563/1991 Coll. (Accounting Act)
Act No. 235/2004 Coll. (Value Added Tax Act)
1.3 Legitimate interest
The controller may also process personal data on the basis of its legitimate interest (Article 6(1)(f) GDPR), in particular for the purpose of protecting its rights and legal claims.
1.4 Consent to processing
If the processing of personal data is based on the data subject's consent (Article 6(1)(a) GDPR), e.g. for the purposes of sending commercial communications and marketing offers, the data subject has the right to withdraw this consent at any time, without prejudice to the lawfulness of the processing based on the consent given prior to its withdrawal. The revocation can be done by sending a written request to the following email address: svet@nakladatelstvisvet.com.
2. Retention period of personal data
Personal data shall only be kept for as long as necessary for the purposes for which they are processed:
Personal data processed for the purpose of contract performance are stored for the duration of the contractual relationship and for 10 years after its termination in accordance with the relevant legislation (in particular Act No. 563/1991 Coll., on Accounting, and Act No. 235/2004 Coll., on Value Added Tax).
Personal data processed on the basis of consent are stored for the period of validity of the consent granted, but no longer than until its revocation.
Personal data processed on the basis of a legitimate interest are stored for the duration of that legitimate interest.
After the retention period has expired, the personal data is securely erased or anonymised.
3. Processors and recipients of personal data
In addition to the Controller and its employees, personal data may also be processed by the Controller's processors for the purposes described above on the basis of personal data processing contracts concluded in accordance with Article 28 of the GDPR. The Controller also transfers personal data to the entities through which it provides the service, in particular:
transport and logistics companies (arranging delivery of shipments)
providers of CRM systems and IT services
accounting and tax advisors
All of the above entities are contractually obliged to treat personal data in accordance with the GDPR. Personal data may also be transferred to public authorities with the legal authority to request it, upon lawful request.
4. Transfer of personal data to third countries
Personal data of data subjects are not routinely transferred to third countries outside the European Union or the European Economic Area. Should such a transfer exceptionally occur, it will only be done on the basis of an appropriate legal title pursuant to Article 44 et seq. of the GDPR (e.g. European Commission adequacy decision, standard contractual clauses), of which the data subject will be informed in advance.
5. Automated decision-making and profiling
The controller does not carry out automated decision-making or profiling within the meaning of Article 22 of the GDPR which would have legal effects on the data subject or would affect him/her in a similar way.
6. Personal data security conditions
The controller declares that it has taken all appropriate technical and organisational measures to safeguard the personal data in accordance with Article 32 of the GDPR. Specifically:
The controller has taken technical measures to secure data storage and storage of personal data in paper form.
Only authorised persons who are bound by the obligation of confidentiality have access to personal data.
The controller shall regularly review and update the security measures taken.
7. Rights of the data subject
In connection with the processing of personal data, the data subject has the following rights:
7.1 Right of access to personal data (Article 15 GDPR)
The data subject shall be entitled to obtain confirmation from the Controller as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to such personal data and to information on the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipient, the period of retention, the source personal data and whether automated decision-making, including profiling, is taking place. The controller shall provide the first copy of the personal data processed free of charge. For further copies on request, the Data Controller may charge a reasonable fee not exceeding the costs necessary to provide them.
7.2 Right to rectification (Article 16 GDPR)
The data subject has the right to have inaccurate personal data concerning him or her rectified or to have incomplete personal data completed.
7.3 Right to erasure - 'right to be forgotten' (Art. 17 GDPR)
The data subject has the right to have personal data concerning him or her erased if the conditions laid down by law are met.
7.4 Right to restriction of processing (Art. 18 GDPR)
The data subject has the right to have the controller restrict the processing of his or her personal data in the cases provided for by law.
7.5 Right to data portability (Art. 20 GDPR)
The data subject has the right to obtain the personal data concerning him or her which he or she has provided to the Data Controller in a structured, commonly used and machine-readable format and to transmit such data to another controller where technically feasible.
7.6 Right to object (Article 21 GDPR)
The data subject shall have the right to object at any time to processing of personal data concerning him or her carried out on the basis of a legitimate interest of the controller or for direct marketing purposes.
7.7 Right to withdraw consent
If the processing of personal data is based on consent, the data subject has the right to withdraw consent at any time, without prejudice to the lawfulness of the processing prior to its withdrawal. The revocation can be done by sending a written request to the email address or postal address of the Controller.
7.8 Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
The data subject has the right to lodge a complaint with the competent supervisory authority, which is.
Website: www.uoou.cz
The controller shall always inform the data subject of the processing of his/her request without undue delay, in any case within one month of receipt of the request. This time limit may be extended by a further two months if necessary and in view of the complexity and number of requests, of which the data subject will be informed.
8. Contact details of the Controller
Any requests, questions or complaints regarding the processing of personal data may be sent to:
Stanislav Doležal, Svět Publishing House, Holečkova 366/13, 150 00 Prague 5
E-mail: svet@nakladatelstvisvet.com
Phone: +420 602 108 393
This document is valid and effective from 1 May 2024 and has been prepared in accordance with the GDPR and Act No. 110/2019 Coll., on the processing of personal data.