This Privacy Policy describes how we handle the personal information of our customers and site visitors. The text is in line with current legislation.
The main laws and regulations from which the text is based are
- Act No. 480/2004 Coll., on certain information society services
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
1. Identity and contact details of the administrator
1.1 By the administrator of your personal data, according to Article 4, paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons in connection with the processing of personal data and on the free movement of such data ("GDPR”) je Bc. Alice Heinzová, IČ:09642498, se sídlem Závodní 1626, 735 06 Karviná.
1.2 The administrator's contact details are as follows:
- Address for delivery: Haštalská 27, 110 00, Prague 1
- email: alianasgold@gmail.com
- telephone: +420 777 531 388
1.3 According to Article 4, paragraph 1 GDPR, personal data means any information about an identified or identifiable natural person ("you" or ,,data subject"); an identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to a certain identifier, for example a name, identification number, location data, network identifier or to one or more special elements of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
1.4 The administrator has not appointed a personal data protection officer
2. Sources and categories of processed personal data
2.1 The administrator processes personal data that you have provided to him/her or personal data that the administrator has obtained based on the fulfillment of your order.
2.2 The administrator processes your identification and contact data and the data necessary for the performance of the contract.
3. Legal reasons for processing personal data
3.1 The legal reasons for processing personal data are or may be (they always apply according to your specific situation):
- Performance of the contract (most often processing the order) between you and the administrator, or the execution of measures by the administrator before the conclusion of such a contract, actions directly related to the performance of the contract and the fulfillment of rights and obligations directly arising from the contractual relationship. When placing an order, personal information is required that is necessary for the successful completion of the order (e.g. name in combination with address and other contact information). The provision of personal data is a necessary requirement for the conclusion and fulfillment of the contract, because without them it is not possible to conclude the contract and therefore not to be fulfilled by the administrator.
- The buyer acknowledges that he is obliged to provide his personal data correctly and truthfully (when registering, in his user account, when ordering from the store's web interface) and that he is obliged to inform the seller without undue delay of a change in his personal data.
- Legitimate interests controller, in accordance with the GDPR, as defined below.
- Your consent to processing for the purpose of providing direct marketing (in particular for sending commercial messages and newsletters) according to Article 6, paragraph 1 letter a) GDPR in connection with § 7 paragraph 2 of Act No. 480/2004 Coll., on certain information society services in the event that no goods or services have been ordered.
4. účely zpracování osobních údajů
4.1 The purposes of personal data processing are or may be (always depending on your specific situation):
- Fulfillment of contract concluded with the customer, most often processing the order, and legal obligations resulting from the performance of the contract
- Marketing activities, most often sending commercial messages, in accordance with legal reasons
- Adequate satisfaction survey with goods or services provided
4.2 There is no automatic individual decision-making by the administrator in the sense of Article 22 of the GDPR.
5. Legitimate interests of the personal data controller
5.1 The controller's legitimate interests in relation to the processing of personal data are defined in accordance with Article 6(1)(f) of the GDPR and Paragraph 47 of the preamble of the GDPR
5.2 These legitimate interests of the administrator include:
- Providing direct marketing (especially for sending commercial messages and newsletters) according to Article 6 paragraph 1 letter f) GDPR and paragraph 47 of the GDPR preamble,
- Questioning customers about their satisfaction with purchase and services provided
6. Other recipients of personal data
6.1 Other recipients of your personal data are mainly shipping companies, or other persons involved in the delivery of goods or the realization of payments based on a purchase contract.
6.2 Other recipients of your personal data may also be service suppliers who carry out activities related to the operation of the controller, for example companies providing programming services, information technology services (e.g. databases, economic systems), accounting services or marketing services. The controller declares that in such cases it has taken and will take all necessary organizational and technical measures for the proper protection of personal data in accordance with the GDPR.
6.3 The administrator processes data in the Czech Republic or in other EU countries. For legal reasons (for example, an order with delivery outside the EU and the necessary transfer of data to a local carrier) processing may also take place outside the EU. As part of cooperation with global entities, data may also be processed outside the EU, but in this case such an entity is always a participant Privacy Shield, ensuring an adequate level of protection.
6.4 We determine your satisfaction with the purchase through e-mail questionnaires as part of the Verified by customers program, in which our e-shop is involved. We send these to you based on our legitimate interest in ascertaining your satisfaction with your purchase from us, each time you purchase from us, unless you opt-out (one opt-out means they will not be sent to you with any further purchases). For sending questionnaires and evaluating them, we use a processor that is the operator of the Heureka.cz portal. For these purposes, we may pass on information about the purchased goods and your e-mail address. When sending e-mail questionnaires, your personal data is not passed on to any third party for its own purposes. You can object to the sending of e-mail questionnaires as part of the Verified by Customers program at any time by rejecting further questionnaires, for example using a link in the e-mail with the questionnaire or in the user profile.
7. Period of storage of personal data
7.1 If the data is processed for legal reasons, then it will be processed for the duration of the effects of the rights and obligations from the contract, and also for the time necessary for the purposes of archiving according to the relevant generally binding legal regulations, but no longer than for the period determined by generally binding legal regulations.
7.2 If personal data are processed on the basis of consent, then they are processed for the longest time until the consent to the processing of personal data is withdrawn, the longest then 10 years from the granting of consent, or from the last order placed (whichever occurs later applies )
8. Rights of the data subject
8.1 You are under no obligation to provide personal data to the administrator. However, if the provision of your personal data is a necessary requirement for the conclusion and fulfillment of the contract (e.g. e-mail for order confirmation, name and physical address for delivery of goods, etc.) without the provision of your personal data, it is not possible to conclude the contract (i.e. it is not possible to complete order) or to be fulfilled by the administrator.
8.2 In accordance with Article 21(1) and (2) of the GDPR, you have the right to object to the processing of personal data at any time or to withdraw your consent to the processing of personal data, especially if it is processed for direct marketing purposes. The controller then no longer processes this personal data, unless compelled to do so by other legal reasons that override the interests or rights of the data subject.
8.3 Furthermore, under the conditions set out in the GDPR, you have the right to:
8.3.1 to access your personal data according to Article 15 GDPR,
8.3.2 to correct personal data according to Article 16 GDPR,
8.3.2 to correct personal data according to Article 16 GDPR,
8.3.4 to restrict processing according to Article 18 GDPR,
8.3.5 on the portability of data according to Article 20 GDPR.
8.3.6 to object to processing according to Article 21 GDPR,
In case of such requests, please contact the administrator at the above contact details.
8.4 If you believe that the processing of your personal data has violated or is violating the GDPR, you also have the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection.
9. Terms of personal data security
9.1 The administrator declares that he has taken all appropriate technical and organizational measures to secure personal data and their storage in electronic and paper form and that only persons authorized by him have access to the processed personal data.
10. Final Provisions
10.1 By submitting an order from the online order form, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
10.2 You also agree to these terms and conditions if you check your consent via the online form. By checking consent, you confirm that you are familiar with the terms of personal data protection and that you accept them in their entirety.
10.3 The administrator is authorized to change these conditions. It will publish the new version of the personal data protection conditions on its website. In case of material changes, it will send you a new version of these conditions to your e-mail address, if it was provided to the administrator.
Date of last update: 20/11/2023 (DD/MM/YYYY)