Bohemia Crystal™

Free gift €75+

GDPR

Processing of personal data
Crystalex CZ, s.r.o.,
Masarykovo nábřeží 236/30, 110 00 Prague 1, Nové Město, ID No. 28542673,
company registered in the Commercial Register at the Municipal Court in Prague, section c, insert 149125

  1. Personal data controller
  2. Scope of processing of personal data
  3. Sources of personal data
  4. Categories of personal data subject to processing
  5. Categories of data subjects
  6. Categories of recipients of personal data
  7. Purpose of processing personal data
  8. Method of processing and protection of personal data
  9. Period of processing of personal data
  10. Notice

1. PERSONAL DATA CONTROLLER
Crystalex CZ, s.r.o., with registered office at Masarykovo nábřeží 236/30, 110 00 Prague 1, Nové Město, registered in the Commercial Register kept at the Municipal Court in Prague C 149125, ID No.: 28542673,
tel. +420 487 741 111, email: info@crystalex.cz, (hereinafter referred to as the “Controller”) hereby informs you about the processing of your personal data and your rights in accordance with Article 12 of the GDPR.

2.SCOPE OF PROCESSING OF PERSONAL DATA
Personal data is processed to the extent that the relevant data subject has provided it to the controller, in connection with the conclusion of a contractual or other legal relationship with the controller, or which the controller has otherwise collected and processes in accordance with applicable law or to fulfil the controller’s legal obligations.

3. SOURCES OF PERSONAL DATA:

  • directly from data subjects
  • wholesale / e-shop
  • distributor
  • publicly accessible registers,
  • lists and records (e.g. commercial register, trade register, land register, public telephone directory, etc.)

4. THE CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING:

  • address and identification data serving to uniquely and unmistakably identify the data subject (e.g. name, surname, title, birth number, date of birth, permanent address, identity document number, gender, ID number, VAT number) and data enabling contact with the data subject (contact data – e.g. contact address, telephone number, fax number, email address and other similar information)
  • descriptive data (e.g. bank connection, date)
  • other data necessary for the performance of the contract

5. CATEGORIES OF DATA SUBJECTS:

  • customer administrator
  • service provider
  • another person who has a contractual relationship with the controller

6. CATEGORIES OF RECIPIENTS OF PERSONAL DATA:

  • compiler
  • State i. authorities in the performance of their statutory obligations under the relevant legislation

7. PURPOSE OF THE PROCESSING OF PERSONAL DATA

  • the purposes contained in the data subject’s consent
  • negotiation of the contractual relationship
  • performance of the contract
  • protection of the rights of the controller, the beneficiary or other persons concerned (e.g. recovery of claims by the controller)
  • archives maintained on the basis of the law
  • the fulfilment of legal obligations by the administrator
  • protection of the vital interests of the data subject

8. PROCESSING AND PROTECTION OF PERSONAL DATA
The processing of personal data is carried out by the controller. The processing is carried out at the controller’s premises, branches and headquarters by individual authorised employees of the controller or by the processor. The processing is carried out by means of computer technology or, where applicable, manually for personal data in paper form, in compliance with all security principles for the management and processing of personal data. To this end, the controller has adopted technical and organisational measures to ensure the protection of personal data, in particular measures to prevent unauthorised or accidental access to, alteration, destruction or loss of personal data, unauthorised transfers, unauthorised processing and other misuse of personal data. All entities to which personal data may be disclosed shall respect the right of privacy of data subjects and shall comply with applicable data protection legislation.

9. PERIOD OF PROCESSING OF PERSONAL DATA
In accordance with the time limits specified in the relevant contracts, in the administrator’s file and shredding regulations or in the relevant legal regulations, this is the time necessary to ensure the rights and obligations arising from both the contractual relationship and the relevant legal regulations.

10. NOTICE
The controller processes data with the consent of the data subject, except in cases provided for by law where the processing of personal data does not require the consent of the data subject.

11. RECIPIENTS OF PERSONAL DATA AND DATA TRANSFER

Personal data may be transferred to third parties only to the extent necessary for the performance of the contract, the fulfilment of legal obligations or on the basis of the consent given.

Carriers

For the purpose of delivery of the ordered goods, personal data (in particular name, surname, delivery address, telephone number and e-mail address) are forwarded to selected carriers.

Payment service providers

For the purpose of making payments, personal data may be transferred to payment service providers. These providers process the data in accordance with their own privacy policy.

Hosting provider

The website is operated through an external hosting provider. Personal data may be processed on the servers of this provider to ensure the operation and security of the website.

12. TRANSFER OF DATA TO THIRD COUNTRIES

In the case of the use of marketing tools, in particular Meta Pixel, personal data may be transferred to third countries outside the European Union, in particular to the United States of America.

Such transfer only takes place on the basis of your consent pursuant to Article 6(1)(a) GDPR.

The transfer of data is secured through appropriate safeguards, in particular standard contractual clauses approved by the European Commission.

13. LEGAL BASIS FOR PROCESSING

Personal data is processed on the basis of the following legal titles:

  • performance of the contract pursuant to Article 6(1)(b) GDPR

  • compliance with the legal obligation under Article 6(1)(c) GDPR

  • the legitimate interest of the controller according to Article 6(1)(f) GDPR (e.g. protection of the controller’s rights, direct marketing to existing customers)

  • consent of the data subject pursuant to Article 6(1)(a) GDPR

Use of cookies and tracking technologies

Use of cookies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that enable the website to function properly, improve the user experience and allow us to evaluate traffic.

We use CookieScript to manage consent, which allows users to grant or refuse consent to the use of particular categories of cookies.

The storage of and access to non-technically necessary cookies is only based on your consent pursuant to Article 6(1)(a) GDPR.

You can change or withdraw your consent at any time by using the cookie settings available on our website.

Categories of cookies

Technically necessary cookies

These cookies are necessary for the proper functioning of the website and cannot be disabled.

Legal basis: Art. 6 para. 1 lit. f) GDPR (legitimate interest in the operation of a functional website).

Marketing and tracking cookies

These cookies are only stored on the basis of your consent.

Legal basis: Article 6(1)(a) GDPR (consent).

Meta Pixel

On our website we use the Meta Pixel tool of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Meta Pixel allows us to measure the effectiveness of advertising campaigns and show relevant advertising to users.

The processing of personal data (e.g. IP address and web behaviour data) only takes place after you have given your consent.

Personal data may be transferred to third countries, in particular to the USA. Meta uses standard contractual clauses approved by the European Commission.

You can withdraw your consent at any time via the cookie settings.

Ecomail

We use the Ecomail platform to send commercial communications.

The tracking of the behaviour of the newsletter recipients (e.g. email opens and clicks) only takes place if you have subscribed and given your consent.

Legal basis: Art. 6 para. 1 lit. a) GDPR.

You can withdraw your consent at any time via the unsubscribe link provided in each newsletter.

Right to lodge a complaint with the supervisory authority

If you believe that the processing of your personal data is in breach of data protection legislation, you have the right to lodge a complaint with the relevant supervisory authority.

In the Czech Republic, this authority is:

Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Czech Republic
www.uoou.cz

This is without prejudice to your right to take your claim directly to court.