- Home
- About shopping
- GDPR
Privacy Policy
Dear friends, customers, business partners, fans,
we appreciate each and every one of you very much, our relationship is very important to us. GDPR is nothing new to us, we have always taken great care to protect personal data.
It is a great honor to send you our newsletters not only about bee products, but also about recipes, trends and other information about skin care, cosmetics, health and healthy lifestyle. In order to bring all of this information to you, we will use some of your personal information.
You can be absolutely sure that we treat personal data with great care and in accordance with our obligations under applicable law and protect it to the maximum extent which is possible with the technical level of the means available.
2. Sources, purposes and categories of personal data processed
3. Processors of personal data of the Pleva family firm
4. What are your rights in relation to the General Data Protection Regulation (GDPR)
5. Personal data security conditions
7. Consent to Terms and Conditions
1. Basic provisions
1.1 The data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: „GDPR”) is Pleva s.r.o. IČ: 48153061 with its registered office at Českých bratří 325, 517 43 (hereinafter: „controller“). By filling out an order, registering, subscribing to commercial communications or browsing our website, you allow the Controller to use your personal data. This page informs you, in accordance with the GDPR, what information we collect about you, for what reason and how we use your information, what your rights are regarding our use of your personal data and how you can exercise them with us in accordance with the GDPR.
1.2 The contact details of the Controller are:
Address: Českých bratří 325, 517 43,
E-mail: gdpr@pleva.cz,
Phone: +420 739 045 380
1.3 Definition of terms:
Personal data means any information about an identified or identifiable natural person.
Processing of personal data - any operation with personal data
Controller - the entity which determines the purposes and means of processing, is responsible for
Processor - the entity that processes personal data for the controller (e.g. external payroll processor)
Data subject - the natural person to whom the personal data relate
1.4 The controller has not appointed a data protection officer.
2. Sources, purposes and categories of personal data processed
2.1 The controller will only process personal data to the minimum extent and for the time necessary to fulfil the purpose of the processing or for the time specified in the purpose of the processing. The controller does not process special (sensitive) categories of personal data. No automated individual decision-making within the meaning of Article 22 of the GDPR takes place on the part of the controller.
2.2 What personal data do we process?
-
name and surname
-
the delivery address, if applicable, the billing address
-
name of the company, registered office, place of business, VAT number
-
telephone number and contact e-mail
2.3 The lawful basis for processing personal data is:
-
Performance of the contract between you (the data subject) and our company (the controller) pursuant to Article 6(1)(b) GDPR,
-
the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(f) GDPR, this procedure is enabled by Section 7(3) of Act No.480/2004 Coll., on Information Society Services, on the basis of a concluded contract; the legitimate interest of the controller may be objected to. These communications may only relate to similar goods or services and can be opted out at any time by a simple means - by sending an e-mail or clicking on a link in a commercial communication. The e-mail address will be processed by the controller for this purpose for a period of 5 years.
-
Fulfilling a legal obligation,
-
the protection of the vital interests of the data subject,
-
consent to the processing of personal data for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services - in the event that no order for goods or services has been placed.
2.4 The purpose of processing personal data is:
-
The processing of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the controller; personal data required for the successful processing of the order (name and address, contact) are required when placing an order. The provision of personal data is a necessary requirement for the conclusion and performance of the contract; without the provision of personal data, the contract cannot be concluded or performed by the controller,
-
sending commercial messages and doing other marketing activities,
-
delivery of the promised content (ebook, email, letter),
-
evaluation of the competition
2.5. Retention period of personal data
For the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to assert claims arising from that contractual relationship (for a period of 10 years from the termination of the contractual relationship).
For as long as consent to the processing of personal data for marketing purposes is withdrawn, or for a maximum of 5 years if personal data is processed on the basis of consent. Specific retention periods for personal data according to the purpose of processing:
- Personal data processed on the basis of consent:
• Sending email series 30 days
• Sending / downloading ebook 7 days
• Processing contest data 30 days
• Sending email updates 5 years
- Personal data processed on the basis of the legitimate interest of the controller:
• Sending updates to email 5 years
• Sending price list to email 1 year
• Responding to job applications 3 months
After the expiration of the retention period, the controller deletes the personal data.
2.6. Use of Personal Data:
Personal data will be processed for the purpose of providing performance under the contract and for the purpose of recording the contract and for the purpose of any future exercise and defence of the rights and obligations of the parties (for example, in the event of a complaint procedure). The retention and processing of personal data for the above purpose is for a period of 5 years from the completion of the last part of the performance under the contract, unless another legal regulation requires the retention of contractual documentation for a longer period. The aforementioned processing is permitted on the basis of Section 5 (2) (b) of the Data Protection Act - processing necessary for the performance of the contract and Section 5 (2) (e) of the Act - for the protection of the rights and legally protected interests of the controller or other person concerned.
3. Processors of personal data of the Pleva family firm
3.1 The controller processes personal data and is responsible for any processing of personal data. Data protection regulation allows the controller to entrust the processing of personal data to a processor. A processor of personal data is any entity that processes personal data for the controller on the basis of a mandate or authorisation from the controller.
3.2. The processors of personal data are persons and companies involved in the delivery of goods/services or the execution of payments under contract, the operation of the e-shop and other services in connection with the operation of the e-shop and internet marketing. Controllers and processors of personal data:
EVici webdesign s.r.o., Petra Bezruče 139, 747 91 Štítina, Czech Republic, ID: 28598661
PPL CZ s.r.o., K Borovému 99, Jažlovice, 251 01, Říčany, ID: 25194798
Geis Parcel CZ s.r.o., Zemská 211/I, 337 01 Ejpovice, okres Rokycany, ID: 63077051
Česká pošta, s.p., IČO: 47114983, sídlem Praha 1, Politických vězňů 909/4, PSČ 22599
Seznam.cz, a.s., IČ: 26168685, Radlická 3294/10, 150 00, Praha 5
Google Czech Republic, s.r.o., Stroupežnického 3191/17, Praha 5, 150 00, ID: 27604977
OLYMPIC s.r.o., Brozany 136, Staré Hradiště, 533 52, ID: 27480381
SmartSelling a.s., Netroufalky 797/5, 625 00 Brno, ID: 29210372
Heureka Shopping s.r.o., Karolinská 650/1, 186 00 Praha 8 – Karlín, ID: 02387727
Zásilkovna s.r.o., Českomoravská 2408/1a, 190 00 Praha 9, ID: 28408306
Direct Parcel Distribution CZ s. r. o., Modletice 135, 251 01 Říčany u Prahy, ID: 61329266
Balíkobot, s.r.o., Revoluční 1200/16, 110 00 Praha 1 – Nové Město, ID: 06283799
3.3 The controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organisation. The above mentioned personal data will be processed solely for the purposes listed above and will not be transferred to other persons (except for the exceptions set out above), nor will it be made available for inspection by any other recipients of personal data.
3.4 The controller shall ensure sufficient technical and organisational security, to prevent unauthorised or accidental access to, alteration, destruction or loss of, or unauthorised transfer or processing of, or other misuse of, the personal data of data subjects.
4. What are your rights in relation to the General Data Protection Regulation (GDPR)
4.1 Consent is voluntary, therefore you have the following rights as a data subject at all times. As the controller, we will be happy to provide you with all the information you require, please email your request to: gdpr@pleva.cz.
You have the right to:
-
Request information from us about what personal data we process about you.
-
Request access to this data and have it updated or corrected, or request a restriction of processing.
-
Request us to delete this personal data.
-
Data portability and the right to request a copy of the personal data processed.
-
Object to processing in the case of processing carried out on the basis of the legitimate interest of the controller (pursuant to Article 6(1)(f) GDPR).
4.2 The controller does not have to delete the data if the processing is necessary for compliance with a legal obligation or the exercise and defence of legal claims.
4.3 You also have the right to lodge a complaint with the Data Protection Authority and the right to effective judicial protection if you believe that your rights under the GDPR have been infringed as a result of the processing of your personal data in breach of the GDPR.
5. Personal data security conditions
5.1 The controller declares that it has taken all appropriate technical and organisational measures to safeguard personal data.
5.2 The Controller has taken technical measures to secure data storage and storage of personal data in documentary form, in particular: passwords, secure operating system - encryption and updated antivirus software.
5.3 The controller declares that only persons authorised and trained by the controller have access to personal data.
6. Cookie Policy
6.1 We use technologies such as cookies to personalise content and ads, provide social media features and analyse traffic on the site. We also share information about your use of the site with our trusted social media, advertising and analytics partners. All data is anonymized and aggregated.
7. Consent to Terms and Conditions
7.1 By submitting an order from the e-shop or by checking the consent box via the online form, you confirm that you are aware of the privacy policy and that you accept it in its entirety.
These terms and conditions will take effect on 25 May 2018.
„We are confident that the new GDPR regulation will not have a negative impact on our existing relationship.“
On behalf of the entire Family Firm