I. Initial Provisions
- Sahm s.r.o., business ID 41193962, registered address: Podbělohorská 1434/50, Smíchov, 150 00 Praha 5, is a personal data controller under the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) (“the Controller”).
- The Controller’s contact details are as follows:
address: Sahm s.r.o., Podbělohorská 1434/50, Smíchov, 150 00 Praha 5
- Personal data means all information about an identified or an identifiable individual; an identifiable individual is an individual who can be identified directly or indirectly, especially by reference to a certain identifier, such as a name, an identification number, location data, an on-line identifier or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
- The Controller has not designated a data protection officer.
II.Categories and Sources of Processed Personal Data
- The Controller processes data provided by you or obtained in connection with performing your order.
- The Controller processes your identification and contact details and data necessary for performing the contract, also including data from public registers.
III. Lawful Reason and Purpose of Personal Data Processing
- The lawful reason for personal data processing is
- performance of the contract between you and the Controller,
- legitimate interest of the Controller in providing direct marketing (especially for distributing marketing messages and newsletters),
- your consent to personal data processing for direct marketing purposes (especially for distributing marketing messages and newsletters) if you have not ordered any goods or services.
- The purpose of personal data processing is
- processing your order and exercising any rights and obligations arising from the contractual relationship between you and the Controller. While placing an order, you will be asked to provide personal data necessary for successful processing of the order (name, address, contact details), and the provision of personal data is a precondition for concluding and performing the contract; the contract cannot be concluded or performed by the Controller without your personal data,
- distributing marketing messages and other marketing activities.
- The Controller does not perform automated individual decision-making as per S. 22 of GDPR.
IV. Data Retention Period
- The Controller retains personal data
- for a period which is necessary for exercising rights and obligations arising from the contractual relationship between you and the Controller and for making legal claims related to such contractual relationships (for 10 years after the contractual relationship is terminated).
- until the consent to personal data processing for marketing purposes is withdrawn, not longer than 5 years from the moment the consent was granted, where personal data is processed based on a consent.
- After the personal data retention period expires, the Controller will erase personal data.
V. Personal Data Recipients (the Controller’s Sub-Suppliers)
- Personal data recipients are persons
- involved in supplies of goods / services / making payments based on a contract,
- Česká pošta, s.p.
- Geis Parcel CZ s.r.o.
- Geis CZ s.r.o.
- General Logistics Systems Czech Republic s.r.o.
- Česká spořitelna, a.s.
- providing e-shop administration services and other services related the e-shop,
- W D T, spol. s r.o.
- The Controller has no intention of transferring personal data to a third country (non-EU member state) or to an international organization.
VI. Rights of personal data subjects
- Under the terms of GDPR
- you have the right to access your personal data,
- right to personal data rectification or restriction of their processing,
- right to deletion of personal data,
- right to object against personal data processing,
- right to data portability,
- right to revoke the consent to processing in writing or electronically by sending notification to the Controller’s address or e-mail address listed in S. I hereof.
- The above rights may be exercised at contact details listed in S. I par. 2.
- You may file a complaint with the Personal Data Protection Authority (Úřad pro ochranu osobních údajů) if you believe that your rights to personal data protection have been breached.
VII. Personal Data Security
- The Controller declares that it has adopted all the appropriate technical and organizational measures to ensure personal data security.
- The Controller has introduced technical measures for securing data warehouse security and security of facilities where personal data is stored in hard copies.
- The Controller declares that only authorized persons have access to personal data.
VIII. Final Provisions
- By sending an order via an Internet order form you confirm that you have read these Personal Data Protection Terms and you accept them entirely.
- You confirm that you agree by checking consent field in the Internet form. By checking consent field, you confirm that you have read these Personal Data Protection Terms and you accept them entirely.
- The Controller reserves the right to modify these Terms. The new version of Personal Data Protection Terms will be published on the Controller’s website and, at the same time, the new version hereof will be sent to the e-mail address you provided to the Controller.
These Terms came into force on 25/05/2018.