I. Basic provisions
1. Palladium Praha s.r.o., Identification no. 28452704, registered at Na Poříčí 1079/3a, Prague 1, 110 00 (hereinafter referred to as “Administrator”) shall be the administrator of all personal data pursuant to article 4, paragraph 7 of the European Parliament and Council (EU) regulation no. 2016/679 relating to the protection of natural persons with regard to the processing of their personal data and free movement of these data (hereinafter referred to as “GDPR”).
2. Contact information of the administrator:
Address: Palladium Praha s.r.o., Personal data administration, Na Poříčí 1079/3a, Prague 1, 110 00
Tel. no.: +420 225 770 110
3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The administrator did not appoint any commissioner for personal data protection.
II. Sources and categories of personal data processed
1. The administrator processes the following personal data provided by you, or the personal data which the administrator obtained in the processing of your order:
First name and last name
2. The administrator processes your identification and contact information and any other information necessary for performance of a contract.
III. Lawful reasons and objectives of personal data processing
1. The lawful reasons of personal data processing are
- Performance of a contract between you and the administrator pursuant to art. 6, par. 1, point b) of GDPR
- Legitimate interest of the administrator in providing direct marketing (especially for sending off commercial messages and newsletters) pursuant to art. 6, par. 1, point f) of GDPR
- Your consent to the processing for a purpose of providing direct marketing (especially for sending off commercial messages and newsletters) pursuant to art. 6, par. 1, point a) of GDPR in connection with art. 7, par. 2 of law no. 480/2004 of the Legal Code relating to some services of an information company, in case the order of goods or services was not performed..
2. The objective of the processing of personal data means
- • In the execution of your order and performance of rights and obligations arising from a contractual relationship between you and the administrator, personal data are required for a successful execution of the order (name and address, contact information). Since providing personal data is a necessary requirement for entering into and performing the contract, it is not possible to enter into or perform the contract by the administrator without providing personal data.
• Sending off commercial messages and performing other marketing activities.
3. On the part of the administrator, there is no automated individual decision-making within the meaning of art. 22 of GDPR.
IV. Data storage period
1. The administrator stores the personal data
For the period necessary for a performance of rights and obligations arising from a contractual relationship between you and the administrator and making claims from these contractual relationships (for a period of 15 years from the end of the contractual relationship).
For a period of 2 years, provided that the consent to personal data processing for marketing purposes has not been withdrawn earlier.
2. After the period for storing the personal data is up, the administrator shall erase these personal data.
V. Recipients of personal data (sub-suppliers of the administrator)
1. The recipients of personal data are persons
- Taking part in delivering goods / services / payment processing based on the contract
- Providing services related to running the e-shop (Shoptet) and other services in connection with running the e-shop
- Providing marketing services.
2. The administrator shall not deliberately hand over the personal data to third countries (to a non-EU country) or to an international organization.
VI. Personal data processors
1. Personal data processing is carried out by the administrator, but these processors can also process the personal data for him:
- Providers of the following services: Balíkobot, Zásilkovna, Google Analytics, Smartsupp
- Property Solutions s.r.o. (member of Property Solutions Group), Identification no. 27584259, registered at náměstí Republiky 1078/1, Prague 1, 110 00
- Property Management Solutions (member of Property Solutions Group), Identification no. 28396022, registered at náměstí Republiky 1078/1, Prague 1, 110 00
- United Signs, spol. s r.o., Na Louži 947/1, Prague 10, 101 00
- Or other providers of software processing services and applications which are currently not used by the administrator
VII. Your rights
1. Under conditions stated in GDPR you have the following rights
Right of access to personal data pursuant to art. 15 of GDPR
Right to personal data rectification pursuant to art. 16 of GDPR, or right to restriction of personal data processing pursuant to art. 18 of GDPR
Right to personal data erasure or right to be forgotten pursuant to art. 17 of GDPR
Right to object to personal data processing pursuant to art. 21 of GDPR
Right to data portability pursuant to art. 20 of GDPR
Right to withdraw consent to personal data processing in a written statement or electronically sent by mail or e-mail to the administrator’s mailing or e-mail address mentioned in art. III of these conditions.
2. You also have a right to file a complaint at the Office for Personal Data Protection in case you think that your right of personal data protection has been violated.
VIII. Conditions for personal data security
1. The administrator declares that they have implemented appropriate technical and organizational measures to ensure the personal data.
2. The administrator has implemented technical measures to ensure data warehouses and personal data warehouse in paper form, especially protection by password access, using an antivirus program, encryption, backups and safe for storage of personal data in paper form. He has informed everybody who is authorized to access the personal data about the process and rules for processing personal data in paper form.
3. The administrator declares that only persons acting under his authority have access to personal data.
IX. Final provisions
1. By sending off the online order form you confirm that you have been familiarized with the conditions of personal data protection and that you fully accept them.
2. By sending off the form you agree with these conditions and you are also notified by that “By sending off the order you agree with the Terms and Conditions and Personal Data Protection Conditions”, or by checking the consent box via online form. By sending off the form with the notification, or checking the consent box, you confirm that you have been familiarized with the conditions of personal data protection and that you fully accept them.
3. The administrator is entitled to alter these conditions. A new version of the personal data protection conditions shall be published on their website and they shall also send you the new version of these conditions via e-mail at the e-mail address you provided to the administrator.
These conditions apply as of 26. 11. 2020.