Bestsellers
everything in stock
Pursuant to Act No. 110/2019 Coll., the Act on the Processing of Personal Data, in conjunction with the Regulation of the EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation), hereinafter the "Regulation" or the "GDPR"
Provided by the data controller:
MILPEX s.r.o., with registered office in Hradec Králové, Piletice 55, represented by the executive director, Company ID: 48172600, VAT ID: CZ48172600 registered in the Commercial Register in file C 3852 maintained by the Regional Court in Hradec Králové, hereinafter the "controller"
When processing personal data we will always act so that the data subject does not suffer harm to their rights, in particular the right to human dignity, and also to protect against unlawful interference with private and personal life. We do not provide information society services directed specifically at children. If you are under 16 years of age, please contact us at e-mail: [email protected], and we will arrange the handling of your order in accordance with the principles of the GDPR after individual consultation. This statement is intended for customers over 16 years of age.
For the purposes of this statement and notice, the following shall be understood:
a) personal data any information relating to an identified or identifiable data subject. A data subject is considered identified or identifiable if the data subject can be identified directly or indirectly, in particular by reference to an identification number, code or one or more elements specific to his physical, physiological, mental, economic, cultural or social identity; all information relating to an identified or identifiable natural person (hereinafter the "data subject"); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to a specific identifier, such as a name, identification number, location data, network identifier or to one or more special elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) sensitive data personal data revealing national, racial or ethnic origin, political opinions, membership of trade unions, religion and philosophical beliefs, convictions for criminal offences, the data subject's health and sexual life and the data subject's genetic data; sensitive data also includes biometric data that enables direct identification or authentication of the data subject,
c) anonymous data such data which, either in its original form or after processing, cannot be related to an identified or identifiable data subject,
d) data subject a natural person to whom the personal data relate,
e) processing of personal data any operation or set of operations which the controller or processor systematically carries out with personal data, whether by automated means or otherwise. Processing of personal data particularly includes collection, storage on information carriers, making available, modification or alteration, retrieval, use, transmission, dissemination, publication, retention, exchange, sorting or combination, blocking and destruction,
f) collection of personal data a systematic procedure or set of procedures aimed at obtaining personal data for the purpose of their further storage on information carriers for immediate or later processing,
g) retention of personal data maintaining the data in such a form that allows further processing,
h) blocking an operation or set of operations by which the manner or means of processing personal data are restricted for a specified period, except for necessary interventions,
i) destruction of personal data means the physical destruction of their carrier, their physical erasure or their permanent exclusion from further processing,
j) controller any entity which determines the purposes and means of the processing of personal data, carries out processing and is responsible for it. The controller may authorise or commission a processor to process personal data, unless otherwise provided by a special law,
k) processor any entity which, on the basis of a special law or authorization by the controller, processes personal data according to this law,
l) published personal data personal data made available particularly by mass media, other public announcements or as part of a public list,
m) register or data file of personal data (hereinafter "data file") any set of personal data arranged or made available according to common or special criteria,
n) consent of the data subject a free and informed expression of the will of the data subject by which the data subject agrees to the processing of personal data,
o) recipient any entity to whom personal data are made available; an entity that processes personal data necessary for the controller to fulfill obligations laid down by special laws to ensure the exercise of control, supervision, oversight and regulation associated with the exercise of public authority is not considered a recipient,
p) restriction of processing the marking of stored personal data with the aim of limiting their processing in the future;
q) profiling any form of automated processing of personal data consisting of their use to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
r) pseudonymisation processing of personal data so that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that they are not attributed to an identified or identifiable natural person;
s) register any structured set of personal data accessible according to special criteria, whether centralized, decentralized, or split by reference to function or geography;
As the controller of your personal data we inform you that we receive your data only for the purposes of fulfilling the contract, mandatory statutory records of transactions and accounting, ensuring our and your rights arising from the concluded transaction, and for trade and marketing purposes. We process your personal data only for ourselves; we will not make them available to anyone for further use nor transfer them to other recipients, except on the basis of obligations imposed by law. For our needs, processors who have access are accountants, tax advisors during accounting audits, carriers, and IT service providers. We have agreements on the protection of personal data with all these persons. In this notice we provide information about your right of access to personal data, the right to rectification of personal data, as well as other rights. If you enter into business relations with us, providing the required data is mandatory, because otherwise it would not be possible to conclude the transaction, properly record it for tax purposes, process and fulfil it. If you provide us with your personal data outside of concluded transactions, for example by subscribing to commercial information from us, providing personal data is voluntary; without the provided data we will not be able to send you information. If you do not want to provide personal data to us, we cannot deliver goods to you or send commercial information and offers. We do not collect or process any sensitive personal data or special categories of personal data within the meaning of the GDPR. We do not transfer data to other recipients; we exclude the transfer of data outside the Czech Republic, outside the European Union and to international organizations. The same applies to data and information we obtained in the course of our activities.
Your data are processed in the enterprise information system, electronically. We strive to work only with accurate personal data that we have obtained. If necessary, please update your personal data. If we find that processed personal data are not accurate with regard to the stated purpose, we will, without undue delay, take appropriate measures, in particular we will block processing and will try to correct or complete the personal data, otherwise we will destroy the personal data. We will mark inaccurate personal data if we become aware of doubts about their accuracy. We undertake to collect personal data corresponding only to the stated purpose and to the extent necessary to fulfil the stated purpose, to retain personal data only for the period necessary for the purpose of their processing, and to process personal data only in accordance with the purpose we have stated and for which the data were collected. We do not collect or process personal data for other purposes. Personal data are collected only for our needs, for the purposes stated above and openly; we undertake not to collect data under the guise of another purpose or activity, not to combine personal data that were obtained for different purposes. We will process personal data only with your consent; without this consent we may process them a) if processing is necessary for compliance with our legal obligations b) if processing is necessary for the performance of a contract to which the data subject is a party, or for negotiations on the conclusion or amendment of a contract at the request of the data subject, c) if it concerns personal data lawfully made public in accordance with a special legal regulation. d) if it is necessary for the protection of our rights and legally protected interests.
All handling of customers' personal data is governed by Act No. 110/2019 Coll., the Act on the Processing of Personal Data, as amended, and other legal regulations in force in the territory of the Czech Republic, in particular the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation). By their free decision and by completing the data, the customer indicates that they are aware of all of the above facts and acknowledges further processing of their personal data for the purposes of record keeping, statutory obligations and the supplier's commercial activity. Processing takes place electronically in the information system. We do not transfer personal data to anyone; only persons designated for the execution of transactions and for the administration and maintenance of our systems have access to them. Providing personal data is voluntary; without providing them we are not able to realize the transaction. If you choose registration for a future purchase, your personal data will be stored indefinitely. Consent to the use of personal data for marketing is required separately. Every customer has the right to access their data, to block, to make corrections, to supplement or to destroy personal data; they are entitled to protection of rights to the extent set by law. You may withdraw consent to processing at any time in writing or by electronic communication. The supplier is the controller of the website and at the same time the processor of personal data within the meaning of the above law. These pages contain valid identification details of the operator of the online store and an updated list of contacts for communication with customers. The customer is entitled to correct and change stored personal data according to the options provided on the website; for requests to delete a record or change the contact e-mail address it is necessary to contact the supplier's technical support at: [email protected]. If you wish to arrange with us the processing of personal data differently from the basic settings, please contact us at [email protected], we will endeavor to accommodate you. The basic settings ensure the storage of your consent.
If you request information from us about the processing of your personal data, we are obliged to provide this information to you without undue delay. The content of the information will be a statement on
a) the purpose of processing personal data,
b) the personal data, or categories of personal data, that are the subject of processing, including all available information about their source,
c) the nature of automated processing in connection with its use for decision-making, where acts or decisions are taken on the basis of such processing which affect the rights and legitimate interests of the data subject,
d) the recipients, or categories of recipients. We have the right to request reasonable reimbursement for providing the information not exceeding the costs necessary to provide the information.
We continuously adopt such measures so that there can be no unauthorized or accidental access to your personal data, their alteration, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse of personal data. We continually assess risks and seek to prevent them through the measures adopted. No unauthorized person has access to our systems. Measures have been adopted to prevent unauthorized reading, creation, copying, transmission, modification or deletion of records containing personal data. We monitor how your data are handled. Our systems are secured and may be used only by authorized persons; individuals authorized to use systems for automated data processing have access only to personal data corresponding to their authorizations, and this is based on special user permissions set up exclusively for these persons. We track electronically when and by whom and for what reason personal data were recorded or processed; unauthorized access to data carriers is prevented. Our employees and other persons who process personal data under contract with us may process personal data only under conditions and to the extent specified by us. Our employees and other natural persons who process personal data under contract, or who come into contact with them, are bound and obliged to maintain confidentiality about personal data and about security measures, the disclosure of which would jeopardize the security of personal data. The confidentiality obligation continues even after termination of employment or relevant work.
The supervisory authority is the Office for Personal Data Protection.
Any data subject who finds or believes that we are processing their personal data in a manner contrary to the protection of the private and personal life of the data subject or contrary to the law, in particular where personal data are inaccurate with regard to the purpose of processing, may request an explanation and require that we remove such a state. In particular, this may involve blocking, correction, completion or destruction of personal data. If your request is found to be justified, we will remove the defective state without undue delay.
If personal data concerning you are obtained from you, we inform you that our details as the controller are set out in the heading of this document; contact details for data protection: [email protected].
In addition to what has been said, we provide you with the following information:
You have the right to obtain from us confirmation as to whether personal data concerning you are being processed, and, where that is the case, you have the right to access those personal data. To this end we will provide a copy of the processed personal data. For additional copies at the request of the data subject we may charge a reasonable fee based on administrative costs. If you submit the request electronically, we will provide the information in a commonly used electronic form, unless the data subject requests another manner. The right to obtain the copy referred to in paragraph 3 must not adversely affect the rights and freedoms of others.
You have the right to have inaccurate personal data concerning you rectified without undue delay. Taking into account the purposes of processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to have personal data concerning you erased without undue delay, and we have the obligation to erase personal data without undue delay if one of the following grounds applies:
a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
c) the data subject objects to processing pursuant to Art. 21(1) of the Regulation where processing is based on consent or where processing is carried out for the purposes of the controller's or a third party's legitimate interests, and there are no overriding legitimate grounds for the processing, or the data subject objects to processing pursuant to Art. 21(2) of the Regulation where processing is for direct marketing purposes;
d) personal data have been unlawfully processed;
e) personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject;
f) personal data were collected in connection with the offer of information society services referred to in Art. 8(1) of the Regulation in relation to the offering of information society services to children;
This provision shall not apply where processing is necessary:
a) for compliance with a legal obligation which requires processing under Union or Member State law applicable to the controller,
b) for the establishment, exercise or defence of legal claims.
You have the right to obtain restriction of processing in any of the following cases:
a) you contest the accuracy of personal data, for a period enabling the controller to verify the accuracy of the personal data;
b) processing is unlawful and you oppose erasure of the personal data and request restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
d) you have objected to processing pursuant to Art. 21(1) of the Regulation pending verification whether the controller's legitimate grounds override those of the data subject. If processing has been restricted under the preceding paragraph, such personal data, with the exception of storage, may be processed only with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If you wish the restriction of processing pursuant to this Article to be imposed, we are obliged to inform you in advance that the restriction of processing will be lifted.
We are not obliged to notify other recipients of rectifications and erasures because we do not make personal data available to others and do not share them. All processing takes place only for us and our needs.
You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format.
You have the right, for reasons relating to your particular situation, to object at any time to processing of personal data concerning you, where processing is necessary for the purposes of the controller's or a third party's legitimate interests, including profiling based on those provisions. As controller we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We may continue to process the data if they are necessary for the establishment, exercise or defence of legal claims. If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, personal data will no longer be processed for those purposes. We explicitly draw your attention to this right and it is presented clearly and separately from any other information, at the latest at the time of the first communication with the data subject. In connection with the use of information society services, and without prejudice to Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply where the decision is necessary for entering into or performance of a contract between you and us, or is authorised by law, or is based on your explicit consent. In such cases we will implement appropriate measures to safeguard your rights and freedoms and your legitimate interests, at least the right to human intervention on our part, the right to express your point of view and the right to contest the decision.
Where processing is based on consent, we will record information about your consent so that we can demonstrate that you have given consent to the processing of your personal data. If consent is given in a written declaration which also concerns other matters, the request for consent will be presented in a manner clearly distinguishable from those other matters and will be intelligible and easily accessible using clear and simple language. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal. Prior to giving consent, the data subject will be informed about this. Withdrawal of consent must be as easy as giving it.
If a child gives consent to the processing of personal data, although we do not offer information society services directly to children, the processing of the child's personal data is lawful if the child is at least 16 years old. If the child is under 16 years old, such processing is lawful only if and to the extent that the consent is given or authorised by the person holding parental responsibility over the child, unless a lower age is permitted. We will make reasonable efforts to verify, in such cases, that consent was given or authorised by the holder of parental responsibility over the child.
We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, and we do not process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. We do not process personal data relating to criminal convictions and offences.
Where the purposes for which we process personal data do not require, or no longer require, the identification of the data subject, we shall have no obligation to keep, obtain or process additional information for the purpose of identifying the data subject solely for the sake of compliance with this Regulation. If we are required in the cases referred to in this Article to demonstrate that we are not able to identify the data subject, we will inform the data subject of this fact, if possible. In such cases the right of access to data, rectification and erasure shall not apply, except in cases where you provide us, for the purpose of exercising your rights under the said Articles, with additional information enabling identification.
