Enora s.r.o. processes personal data of its customers, because such processing is necessary for the performance of contracts regarding the sale of goods entered into with individual customers (or in order to take steps prior to entering into such contracts, as appropriate). Furthermore, Enora s.r.o. processes its customers’ personal data insofar as such processing is necessary to comply with the company’s public law obligations.
In addition to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “Regulation”), the processing is also governed by the applicable legislation of the Czech Republic.
1. DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS
1.1. Enora s.r.o., with its registered office at Bořivojova 1192/93, Žižkov, 130 00 Prague 3, ID No. (IČO): 140 11 441, registered in the Commercial Register maintained by the Municipal Court in Prague under file no. C 358858, shall act in the capacity of the data controller (hereinafter the “Controller”).
1.2. The contact details of the Controller are as follows: address for service: Široká 12, 110 00 Prague 1; email address: firstname.lastname@example.org.
1.3. The Controller has not appointed a data protection officer.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The legal basis for the processing of personal data is the fact that such processing is necessary for:
1.1. Performance of a contract between a customer and the Controller or in order to take steps prior to entering into such contract within the meaning of Article 6(1)(b) of the Regulation;
2.1. Compliance with legal obligations to which the Controller is subject, within the meaning of Article 6(1)(c) of the Regulation, specifically for the compliance with Controller’s obligations under generally binding legal regulations, particularly Act No. 235/2004 Coll., on Value added tax, as amended, Act No. 586/1992 Coll., on Income taxes, as amended, and Act No. 563/1991 Coll., on Accounting, as amended.
3. DATA WE PROCESS
We process the following personal data:
1.2. Identification data which include, in particular, first name and last name, user name and password, identification document number, identification number (IČO) and tax identification number (DIČ), as well as information about corporate title, as appropriate;
3.1. Contact details which include personal data that make it possible to contact others, particularly a telephone number, email address, mailing/shipping address, and billing address;
3.2. Data relating to ordered products which particularly include data about purchased products – whether from our online store or in our place of business, as appropriate. This category also includes payment details, payment account numbers, data about claims and complaints and service repairs;
3.3. Information about customer’s web behavior, including an IP address and derived location, identification of device and its technical parameters. This also includes data collected from cookies and similar device identification technologies;
3.4. Data related to the use of telephone contacts or visits to company premises, including, but not limited to, records of incoming calls, identification of received messages, incl. identifiers such as IP addresses, and recordings of camera systems installed within the company premises.
4. PURPOSE OF PERSONAL DATA PROCESSING
4.1. The purpose of personal data processing is the performance of a contract between a customer and the Controller, including the delivery of goods and resolution of liability for defects, or the implementation by the Controller of measures to be taken prior to entering into such contract, as well as the Controller’s compliance with any associated public law obligations.
4.2. Personal data may also be processed for the purpose of sending commercial communications and carrying out other marketing activities of the Controller in respect of its customers.
4.3. The Controller does not use automated individual decision-making within the meaning of Article 22 of the Regulation.
4.4. In particular, personal data are processed:
1.2.1. To allow the Controller to communicate with a customer about an order, complaint or service operations, e.g. to send a confirmation thereof;
1.2.2. For the purpose of payments relating to shipping or individual orders; in this context, the Controller may transfer personal data to shipping companies or other business partners (for more information, see Section 6. Other recipients of personal data);
1.2.3. With regard to complaints, servicing, buybacks;
1.2.4. In connection with other customer’s requests made to the Controller, e.g. with regard to social media reviews, etc.
5. PERSONAL DATA RETENTION PERIOD
5.1. Personal data shall be processed for the duration of any contractual rights and obligations and further for the period necessary for the purpose of archiving in accordance with the applicable generally binding legal regulations; however, no longer than for the period specified therein.
5.2. For the purpose of marketing activities, personal data shall be stored until the relevant consent is withdrawn, an objection is raised or a request is made for the deletion thereof in connection with such processing purpose. If a customer objects to the processing of his or her personal data for the purpose of direct marketing, such customer’s personal data shall no longer be processed for such purpose.
6. OTHER RECIPIENTS OF PERSONAL DATA
6.1. Other recipients of personal data may include shipping companies and other persons involved in the delivery of goods or execution of payments on the basis of individual contracts of purchase, as well as persons ensuring various technical services for the Controller in connection with online store operations, including the operation of software systems and data storage services. Other recipients of personal data may include partner shipping companies and delivery points. The current list of shipping companies and delivery points is available on the website.
6.2. Moreover, recipients of personal data processed for the purpose of complying with regulatory obligations may also include financial administration authorities or other competent authorities, where the Controller is required to disclose such personal data in compliance with the applicable generally binding legal regulations.
7. VISITING THE WEBSITE
8. COMMUNICATION OF CUSTOMERS WITH THE CONTROLLER
If customers and the Controller communicate via telephone, email or social media, the Controller processes any collected information on the basis of its legitimate interest (i.e. without customer’s consent) for the purpose of:
∙ Processing customer requests;
∙ Registering customer requests;
∙ Documenting the receipt and processing of customer requests;
∙ Analyzing such requests to improve the quality of services.
9. VISITS TO COMPANY PREMISES
During customers’ visits to the company premises, the Controller makes and collects camera system recordings that may capture customers; such personal data are collected on the basis of the Controller’s legitimate interest (i.e. without customer’s consent) for the purpose of protecting property and individuals present in the store and the surrounding areas thereof.
10. RIGHTS OF DATA SUBJECTS
10.1. Subject to the terms and conditions set out in the Regulation, a customer may request access to his or her personal data from the Controller. In connection with the right of access, he or she may request a copy of his or her personal data being processed; the first copy of such data shall be provided free of charge, with any additional copies provided
for an administrative fee.
10.2. Subject to the terms and conditions set out in the Regulation, a customer has the right to rectification, supplementation or erasure of his or her personal data, right to the restriction of processing of such personal data, right to object to processing of his or her personal data, and the right to data portability.
In connection with data portability, as defined in the Regulation, a customer shall have the right to receive his or her personal data in a structured, commonly used and machine readable format
11. EXERCISING INDIVIDUAL RIGHTS
With regard to any and all matters relating to the processing of your personal data – whether you have a question, wish to exercise a right, lodge a complaint or wish to address any other matter relating to this document – you can contact the Controller at email@example.com.
We will reply to and process your request without undue delay; however, no later than one month from the receipt thereof. In exceptional cases, that period may be extended by two additional months where necessary, taking into account the complexity of your request or excessive number of requests. You will always be informed about this accordingly.
Date: 1 October 2022