1. The data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") is DSi studio, sro, with its registered office at Kaštanová 965/1, Prague 8, 18200, IČ: 28795008, entered in the Commercial Register kept by the Municipal Court in Prague, Section C, Insert No. 334762 in accordance with the provisions of 1751 of Act No. 89/2012 Coll. the Civil Code as amended (hereinafter referred to as the "Administrator").
2. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sources and categories of personal data processed
1. The administrator shall process personal data provided to him by the user or personal data obtained by the administrator on the basis of the fulfillment of the user's order.
2. The administrator processes basic identification data (name, surname), contact data (e-mail), history of visits to the websites krychlic.cz and krychlic.online, history of activities in e-mail campaigns.
Legal reason and purpose of personal data processing
1. The legal reason for processing personal data is:
o the need to fulfill a legal obligation,
o the need for the preparation and performance of the contract,
o necessity for the purposes of the legitimate interests of the administrator,
o on the basis of revocable, informed, unambiguous and free consent.
2. The purpose of the processing of personal data is:
on the settlement of the order and the exercise of rights and obligations arising from the contractual relationship between the service user and the administrator. When ordering, personal data are required, which are necessary for successful processing of the order (name and address, contact), providing personal data is a necessary requirement for concluding and fulfilling the contract, without providing personal data it is not possible to conclude the contract or perform it.
o analysis of website visitor behavior data; finding out the preferences of website visitors; testing new functions and applications to improve services as well as to improve web content and to protect against ICT infrastructure attacks,
about sending business messages and doing other marketing activities.
Email business messages
1. The user may be the addressee of information, offers and news related to the seller or his products sent on behalf of the seller to the customer's e-mail address. These e-mail business communications are not unsolicited commercial communications. The administrator sends them because of a legitimate interest.
2. E-mail business communication that is not related to the offered services is sent by the administrator with the consent.
3. The subscription of e-mail business messages sent on the basis of a legitimate interest or consent can be unsubscribed at any time via the unsubscribe link located in the e-mail business message or by adjusting the settings in the user account on the krychlic.cz or krychlic website. online.
1. The administrator's website stores small text cookies in the short-term or long-term browser or website visitor's device or contains image transparent pixel tags and similar technologies for collecting data from the website visitor's browsers and devices (hereinafter "cookies").
2. The data obtained on the basis of the necessary functional cookies are processed by the administrator out of the necessity for the fulfillment of the purchase contract and out of the legitimate interest to ensure the functionality of the product offer and their eventual purchase.
3. The data obtained on the basis of functional cookies, which are not necessary, are used to evaluate traffic and allow you to improve the function of the website, remember the language and other user settings. The administrator uses web analytics tools, especially Google Analytics, to optimize the website, create user profiles and improve his services. The data obtained from the analytical cookies used by these tools are anonymized. This data is processed by the administrator for the purpose of legitimate interest.
4. When functional cookies are turned off, the website visitor cannot take full advantage of its functionalities. When analytical cookies are turned off, the website visitor loses the possibility of customizing the offer. The visitor to the website expresses consent to the transfer of data from remarketing cookies to advertising and social networks by setting the browser. It also affects the function of other cookies by setting the browser.
Data retention period
1. The administrator shall keep
o data obtained from cookies only for the time strictly necessary, maximum 2 years,
on contract preparation and performance data and personal lifestyle and demographic data obtained on an optional basis from a personal data subject in connection with the preparation and performance of a contract (processed on the basis of a legitimate interest) for 5 years from the issue of the last tax document or certificate reservation, order, purchase), respectively 5 years from the date of cancellation of the user account or similar registration of the customer,
o data processed for the purpose of fulfilling the obligations imposed by law, especially contracts, invoices and other accounting and tax documents with identification and contact data, are processed by the administrator for a period of 10 years, unless otherwise provided by the relevant legal regulation,
o data processed on the basis of consent for a period of 10 years or until the consent is revoked.
2. At the end of the retention period, the controller shall delete the personal data.
Recipients of personal data
1. The recipients of personal data are persons
o Participating in the delivery of the service and the implementation of payments under the contract
o providing marketing services
2. The controller does not intend to transfer personal data to a third country (non-EU country) or to an international organization.
1. Under the conditions set out in the GDPR, the user has the right to
for access to their personal data pursuant to Article 15 of the GDPR
on the correction of personal data pursuant to Article 16 of the GDPR, or restrictions on processing pursuant to Article 18 of the GDPR
on the deletion of personal data pursuant to Article 17 of the GDPR
o to object to the processing pursuant to Article 21 of the GDPR
on data portability according to Article 20 of the GDPR
on the withdrawal of consent to processing in writing or by e-mail
2. Furthermore, the user has the right to lodge a complaint with the Office for Personal Data Protection if he / she considers that his / her right to personal data protection has been violated.
3. The User may request the deletion of all data and data held about him by the Personal Data Administrator by e-mail at firstname.lastname@example.org. The Administrator of personal data shall process the User's request pursuant to Article 17 of the GDPR without undue delay.
Terms of personal data security
1. The controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
2. The controller has taken appropriate technical measures to secure data repositories and personal data repositories in paper form.
3. The controller declares that only persons authorized by him have access to personal data.
1. The administrator reserves the right to change this policy at any time.
2. These principles are valid and effective from 1.2.2022.