The e-shop Vevelin on the website vevelin.com, based in Czech Republic processes personal data provided by Customer to fulfil and additionally confirm Terms and Conditions, to process electronic orders and shipments and for the necessary communication during a period required by law.
1. Personal data controller, in compliance with GDPR (hereinafter referred to as „Regulation“) is Vevelin, based in Czech Republic (hereinafter referred to as „Controller“);
2. The contact details of the Controller are: e-mail: firstname.lastname@example.org;
3. Personal data is any information that relates to an identified or identifiable natural person.
The source of personal data
1. Controller processes personal data obtained with consent from Customer and collected through the contract to purchase and fulfilment of the electronic order created in the e-shop vevelin.com.;
2. Controller processes only the identifying and contact details of Customer which are necessary for the fulfilment of the contract to purchase;
3. Controller processes personal data for the shipping and accounting purposes and for the necessary communication between the contracting parties for the duration required by law. Personal data will not be made public and will not be transferred to other countries.
Purpose of data processing
Controller processes personal data of the Customer for following purposes:
1. Registration on the website vevelin.com in compliance with Chapter 4, Section 2 of GDPR;
2. For fulfilment of the electronic order created by Customer (name, address, e-mail, telephone number);
3. To observe law and regulations arising from the the contractual relationship between Customer and Controller;
4. Personal data are necessary for the fulfilment of contract to purchase. Contract cannot be concluded without the personal data.
Duration of personal data storage
1. Controller stores personal data for the period necessary for fulfilment of rights and obligations arising from the contractual relationship between Controller and Customer and for the duration of 3 years following the conclusion of contractual relationship;
2. Controller must delete all personal data after the expiration of the period required for the storage of personal data.
Recipients and processors of personal data
Third parties processing personal data of the Customer are subcontractors of the Controller. Services of these subcontractors are indispensable for the successful fulfilment of the contract to purchase and processing of the electronic order between Controller and Customer.
Subcontractors of the Controller are:
- Webnode AG (e-shop system);
- Shipping company; (Czech post);
- Google Analytics (website analytics);
Rights of Customer
In compliance with the Regulation, Customer is entitled to:
1. The right of access to personal data;
2. The right to rectification of personal data;
3. The right to erasure of personal data;
4. The right to object to processing of personal data;
5. The right to data portability;
6. The right to withdraw consent to the processing of personal data in writing or by e-mail sent to: email@example.com;
7. The right to lodge a complaint with the supervisory authority in case of suspected breach of the Regulation.
Security of personal data
1. Controller declares to take all technical and organizational precautions necessary for the protection of personal data;
2. Controller has taken technical precautions to secure data storage spaces, in particular securing access to computer with a password, using antivirus software and performing regular maintenance of computers.
1. By placing an electronic order on the website vevelin.com Customer confirms to be informed about all the conditions of personal data protection and accepts them to the full extent;
2. Customer accepts these rules by ticking the checkbox in the order purchase form;
3. Controller can update these Rules at any time. New, updated version has to be published on his website.
These Rules come into effect on [07/11/2021]