1. The personal data controller referred to in Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) is T o m á š B o h d a l, Company registration number 7 3 8 0 4 9 0 8, with his registered office at: L i p t o v s k á 1 9, O p a v a 6, 7 4 7 0 6 (hereinafter referred to as “Controller”).
2. The contact information of the Controller is
address: FIGHTEXPERT, Frydecka 1094, Vratimov, 739 32, Czech republic
3. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. The Administrator did not appoint a Data Protection Officer.
Sources and categories of processed personal data
1. The Controller handles the personal data you have provided to him or the personal data he has received as a result of your order.
2. He processes the identification and contact details and data necessary for the performance of the contract.
The legitimate reason for and the purpose of the processing of personal data
1. The legitimate reason for the processing of personal data is
the performance of the contract between you and the Controller under Article 6 (1) b) GDPR,
the legitimate interest of the Controller in providing direct marketing (in particular for sending business messages and newsletters) under Article 6 (1) f) GDPR,
your consent to the processing for the purpose of providing direct marketing (in particular for sending business messages and newsletters) pursuant to Article 6 (1) a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Coll., on Certain Information Society Services in the event there was no order of goods or services.
2. The purpose of the processing of personal data is
the executing of your order and exercising the rights and obligations arising from the contractual relationship between you and the Controller; personal data is required for the successful execution of the order (name and address, contact), personal data provision is a necessary requirement for the conclusion and performance of the contract, without providing your personal data, it is not possible to conclude the contract or fulfil it by the Controller,
sending business messages and doing other marketing activities.
sending a reminder that you have not completed the purchase and that your cart contents are still stored and that you can complete it at any time after logging in.
3. No automatic individual decision-making within the meaning of Article 22 of the GDPR is made by the Controller.
Data retention time
1. The Controller keeps personal data
for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and the Controller as well as the claims under these contractual relationships (for 15 years from the termination of the contractual relationship).
until the consent to the processing of personal data for marketing purposes is revoked, for a maximum of 15 years if personal data is processed on a basis of a consent.
2. At the end of the retention period, the administrator will dispose of the personal data.
The recipients of personal data (the Controller’s subcontractors)
1. The recipients of personal data are persons
contributing to the supply of goods/services and/or making payments on the basis of a contract,
providing e-shop services (Shoptet) and other services in connection with the operation of an e-shop,
providing marketing services,
providing accounting services.
2. The Controller intends to transfer personal data to a third country (to a non-EU country) or an international organization. The recipients of personal data in third countries are providers of mailing and cloud services for which e-mail communications and data backups can be stored.
1. Under the terms of GDPR you have
the right to access your personal data under Article 15 of GDPR,
the right to correct personal data under Article 16 of GDPR, or restrict processing under Article 18 of GDPR,
the right to delete personal data under Article 17 of GDPR,
the right to object to processing under Article 21 of GDPR and
the right to data portability under Article 21 of GDPR,
the right to withdraw the consent with processing either in writing or electronically using the address or
e-mail of the Controller specified in Article III of these Terms.
2. If you believe that your right to privacy has been violated, you also have the right to file a complaint with the Personal Data Protection Office.
1. The Controller declares that he has taken all appropriate technical and organizational measures to safeguard personal data.
2. The Controller has taken technical measures to secure data repositories and personal data repositories in paper form, in particular via antivirus protection, data backup, encryption of computers and databases, etc.
3. The Controller declares that personal data are accessible only to persons authorized by him.
These conditions come into force on 1st September, 2018.