Privacy Policy
HAKSNA BREWERY s.r.o.
with registered office at Svornosti 737/100, Ostrava, 700 30
ID: 07673710
Company registered in the Commercial Register kept by the Regional Court in Ostrava under the Commercial Register No. B 4434
email: info@haksna.cz
phone: +420 771 263 622
(hereinafter referred to as the "Administrator")
In connection with the fulfilment of the Administrator's obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR"), the Administrator issues the following
Personal Data Protection Policy
(hereinafter referred to as the "Policy")
- INTRODUCTION
- This policy is for you who shop on our e-shop at: https://eshop.haksna.cz/ (hereinafter referred to as the "E-shop").
- When the Controller refers to the second person plural as "you", it means any person purchasing goods on the E-shop, about whom the Controller will process data, as a data subject.
- The Controller processes personal data in a fair, lawful and transparent manner. The purpose of this Policy is to inform you about the scope, content and manner in which the Controller processes personal data.
- The personal data processed by the Controller is adequate, relevant and limited to the extent necessary for the fulfilment of the stated purpose in relation to the contractual relationship.
- The Controller processes personal data in a manner that ensures their appropriate security, including their protection by appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- Personal data is any information about an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Other concepts (terms) such as "special categories of personal data", "data subject", "processing of personal data", "controller", "processor", "risk-based processing", "automated individual decision-making, including profiling" and "appropriate technical and organisational measures" have meaning and should be interpreted in accordance with and in the context of the GDPR.
- CATEGORIES OF PERSONAL DATA PROCESSED
- The controller processes the following data in connection with the performance of its activities:
- identification data: name, surname, e-mail, telephone number
- Personal data may be retained by the Controller for a longer period of time than that indicated in the table below, provided that it is processed solely for the purposes of the Controller's legitimate interests (tort liabilities), archiving in the public interest, for scientific or historical research purposes or for statistical purposes.
Personal data processed |
Purpose of processing |
Legal basis for processing |
Duration of processing |
Identification data |
performance and implementation of the contractual relationship according to the terms and conditions |
performance of the contract; legitimate interest of the controller |
for the duration of the purchase contract, and after its termination, the data will be handled in accordance with the applicable legislation, in particular tax regulations, Act No. 499/2004 Coll., on archiving and filing services and on amendments to certain acts and the GDPR Regulation. |
- RECIPIENTS OF PERSONAL DATA AND INTENTION TO TRANSFER INFORMATION
- The Controller may also transfer personal data to a third party as a recipient in justified cases. It may transfer personal data to the following recipients:
- to processors who process personal data on the instructions of the Controller and whose relationships are governed by the requirements of Article 28 of the GDPR; for example, providers of programs used for better security and operation of services; these will have access only to the extent necessary and for the purpose of administration and technical support of the programs use
- public authorities and other bodies where required by applicable law;
- other entities in the event of an unexpected event in which the provision of data is necessary in order to protect life, health, property or other public interest, or if it is necessary to protect rights, property or safety (e.g. Police, Fire Brigade, Emergency Medical Service).
- The controller does not intend to transfer personal data to a third country or an international organisation.
- YOUR RIGHTS
- Your rights are an important element of data protection. If you exercise any of your rights set out below, the Data Controller will provide you with information on the measures taken without undue delay and in any event within one month of receipt of your request. This period may be extended by up to two months by the Controller in exceptional cases.
- Your personal data is processed automatically in electronic form.
- You have the rig
- to be informed about the processing of your personal data
Information about the processing of your personal data is communicated by the Controller through this Policy.
- to access your personal data
If you request it, you will receive information (confirmation) from the Controller as to whether or not your personal data is being processed. If personal data is processed, you have the right to obtain the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been or will be disclosed; the intended period for which the personal data will be stored; the existence of a right to request from the Controller the rectification or erasure of personal data; the right to object; the right to lodge a complaint with a supervisory authority; any available information about the source of the personal data, unless it is obtained from you; the fact that automated decision-making, including profiling, is taking place. You can find out most of this information from this Policy, but you can also ask about the above if you wish.
- for repair or completion
If you are aware or believe that the Controller is processing inaccurate personal data about you, you have the right to notify the Controller and the Controller will be obliged to rectify this. If you wish to amend any incomplete personal data in light of the purpose of the processing, you should notify the Controller, who will correct it.
- for erasure
This right imposes an obligation on the Controller to erase your personal data in accordance with Article 17(1) of the GDPR if at least one of the following conditions is met:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw your consent and there is no further legal basis for the processing;
- you object to processing and there are no overriding legitimate grounds for processing;
- the personal data have been unlawfully processed;
- the personal data must be erased to comply with a legal obligation;
- the personal data was collected in connection with the offer of information society services pursuant to Article 8(1) of the GDPR;
and at the same time none of the exceptions listed in Article 17(3) GDPR can be applied.
- to restriction of processing
Under this right, you have the possibility to ask the Controller to restrict the processing of your personal data. If the conditions under Article 18(1) GDPR are met, he must do so
- to data portability
As a data subject, you have the right to obtain, i.e. in particular to download, your personal data from the Controller in a structured, commonly used and machine-readable format and you also have the right to directly provide your personal data to another controller.
- object
In some cases, you have the possibility to object to processing. These are mainly situations where you have not been able to influence the fact that his or her data is processed, and at the same time it is not for the fulfilment of a legal obligation or vital interest, where this impossibility is defensible. In this way, you have the possibility to object to the processing in three ways. These are objections to:
- processing on the basis of a legitimate interest and the performance of a task carried out in the public interest or in the exercise of official authority;
- processing for direct marketing purposes on the basis of a legitimate interest;
- processing for scientific or historical research purposes or for statistical purposes.
If an objection is raised, the Controller shall not further process the data unless it can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.
If the controller objects to the processing of personal data for direct marketing or profiling purposes, the controller must stop processing the personal data.
- not be subject to automated individual decision-making, including profiling
The processing of your personal data is never subject to automated individual decision-making, including on the basis of profiling.
- withdraw your consent to the processing of personal data where the processing is based on consent
You may withdraw your consent to the processing of your personal data processed by the Controller on the basis of this consent at any time.
- obtain information about a breach of security of your personal data
If there is a likelihood of a high risk to your rights and freedoms as a result of a breach of our security, the Controller will notify you without undue delay.
- lodge a complaint with a supervisory authority
If you have the impression that the Controller is violating its obligations in processing your personal data, you have the right to file a complaint with the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7; e-mail: posta@uoou.cz; www: https://www.uoou.cz; tel.: +420 234 665 111.
- CONTACT DETAILS
- If you wish to contact the Controller in connection with the processing of your personal data, please contact the following contacts:
- in writing to the address of the registered office: Svornosti 737/100, Ostrava, 700 30
- by e-mail to the following e-mail address: info@haksna.cz
THIS PRIVACY POLICY COMES INTO FORCE AND EFFECT ON 1.6.2022
HAKSNA BREWERY s.r.o.