Conditions of Personal Data Protection

I.

Basic provisions

1. The Data Controller is, according to Art. 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereinafter referred to as: “the GDPR”), the company “K.R.ELIXÍR, s.r.o.”, Company Reg. No. 251 25 061, having its registered office at Novákových 456/8, 180 00 Praha 8 - Libeň, Czech Republic, hereinafter referred to as: “the Data Controller”).

2. The contact data of the Data Controller are

Address: Novákových 456/8, 180 00 Praha 8 – Libeň, Czech Republic

E-mail: k.r.elixir@email.cz

Telephone: +420 271 750 090

3. The term “personal data” shall denote all information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified directly or indirectly, especially through a reference to an identifier, such as name, identification number, location data, network identifier or through one or more special elements of physical, physiological, genetic, psychical, economic, cultural or social identities of this natural person.

4. The Data Controller has not appointed any Data Protection Officer.

II.

Sources and categories of the personal data processed

1. The Data Controller processes personal data which you have provided to it or personal data which the Data Controller obtained on the basis of fulfilment of your order – contract.

2. The Data Controller processes your identification and contact data and the data necessary for fulfilment of the order – contract.

III.

Legal ground and purpose of personal data processing

1. The legal ground for the personal data processing is

     fulfilment of the order – contract between you and the Data Controller according to Art. 6(1)(b) of the GDPR.

2. The purpose of the personal data processing is

• Fulfilment of your order and execution of the rights and obligations implying from the contractual relation between you and the Data Controller, the filing of an order requires personal data necessary for successful fulfilment of the order (first name, surname and address, contact), provision of personal data is a necessary requirement for conclusion and fulfilment of an order - contract, without provision of personal data it is not possible for the Data Controller to fulfil the order.

3. There is no automatic individual decision making on the part of the Data Controller within the meaning of Article 22 of the GDPR.

IV.

Term of data storage

1. The Data Controller keeps personal data

• for the term necessary for execution of the rights and obligations implying from the contractual relation between you and the Data Controller and exercising of the claims from these contractual relations.

2. After the lapsing of the personal data storage term the Data Controller shall erase the personal data.

V.

Personal data recipients (Data Controller’s subcontractors)

1. The recipients of the personal data are persons

• taking part in the delivery of the goods/services execution of payments on the basis of a contract,

• ensuring services of the e-shop operation and other services in connection with the e-shop operation,

2. The Data Controller does not intend to pass the personal data to a third country (to the countries out of the EU) or to an international organisation.

VI.

Your rights

1. On the conditions specified in the GDPR you have

• the right to access to your personal data according to Article 15 of the GDPR

• the right to correction of your personal data according to Article 16 of the GDPR, or to limitation of processing according to Article 18 of the GDPR

• the right to erasure of the personal data according to Article 17 of the GDPR

• the right to raise an objection against processing according to Article 21 of the GDPR  

• the right to portability of the data according to Article 20 of the GDPR

• the right to withdraw your consent to processing, in writing or electronically at the address or e-mail of the Data Controller stated in Article III of the present Conditions. In addition, you have the right to file a complaint at the Office for Personal Data Protection in case that you think that your right to personal data protection has been breached.

VII.

Personal data security conditions

1. The Data Controller declares that it has adopted all suitable technical and organisational measures to secure personal data.

2. The Data Controller has adopted technical measures to secure data storage facilities and storage facilities of personal data in a documentary form.

3. The Data Controller declares that only the persons authorised by it have access to personal data.

VIII.

Final provisions

1. By sending an order from the Internet-based order form you confirm that you have made yourself familiar with personal data protection conditions and that you accept them in the entire range.

2. You agree with these conditions by checking the consent through the Internet-based order form. By checking the consent you confirm that you have rendered yourself familiar with the personal data protection conditions and that you accept them in the entire range.

3. The Data Controller is authorised to change these conditions. It shall publish a new version of the personal data protection conditions on its web site and at the same time it shall send you the new version of these conditions at your e-mail address which you have provided to the Data Controller.

These conditions shall become effective on 25 May 2018.