1.1.1 “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
1.1.2 “Civil Code” - Act No. 89/2012 Coll., The Civil Code, as amended;
1.1.3 “Store” – the online store available at http://getsnuggs.com, which displays the Goods put up for sale by the Seller to the Buyer;
1.1.5 “Rules” – these rules of personal data protection, which govern the protection of personal data when using the Store and selling the Goods;
1.1.5 1.1.8 “Contract” – purchase contract made pursuant to section 2079 et seq. of the Civil Code, which is made on the basis of ordering the Goods;
1.1.6 - “Data Controller” – in accordance with Article 4 point 7 GDPR – snuggswear s.r.o., IN: 08238740, registered office: Běhounská 5/18 602 00 Brno, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File No 315344, e-mail address: firstname.lastname@example.org;
1.1.7 “Data Subject” – an identified or identifiable natural person within the meaning of GDPR (visitor and user of the Store) whose personal data are processed by the Data Controller;
1.1.8 “Act on Certain Services of the Information Society” – Act No. 480/2004 Coll., On Certain Information Society Services, as amended;
1.1.9 “Personal Data Protection Act” – Act No. 101/2000 Coll., On Personal Data Protection, as amended; and
1.1.10 “Goods” - goods (movables) displayed through the Store and intended for sale.
- Introductory provisions
2.1 The Rules inform about the way and extent of processing of personal data carried out by the Data Controller and about the rights of Data Subjects whose personal data are processed.
2.2 The Data Controller processes only accurate personal data obtained in accordance with the GDPR and the Data Controller collects and processes this personal data exclusively in accordance with the Rules in accordance with the GDPR and the Personal Data Protection Act. The Data Controller processes the personal data of the Data Subjects in a lawful and transparent manner, in compliance with the condition of minimizing personal data to the extent necessary for the purpose for which they are processed.
- Sources and categories of personal data
3.1 The Data Controller processes exclusively personal data obtained from the Data Subjects through the Store, namely:
3.1.1 by sending an order for the Goods through the Store interface;
3.1.2 by filling in the e-mail in the field for subscribing to the newsletter (commercial messages) of the Data Controller; or
3.1.3 by participating in a competition or other marketing event of the Data Controller.
3.2 The Data Controller processes the following personal data of the Data Subjects:
3.2.3 phone number;
3.2.4 e-mail address;
3.2.5 address (of residence); and
- Legal reasons and purposes of data processing
4.1 The Data Controller processes personal data for the following purpose:
4.1.1 performance of the contractual obligation – for this purpose, the Data Controller requires (i) name, (ii) surname, (iii) telephone number, address of residence and (iv) e-mail address;
4.1.2 statistical purposes – finding out website traffic (anonymous), monitoring the number of views of the Store's pages, time spent in the Store, the type of the Data Subject's equipment in order to improve the Data Controller's services;
4.1.3 sending commercial messages and offering products and services of the Data Controller(newsletter) – for this purpose, the Data Controller requires an e-mail address;
4.1.4 legitimate interest of the Data Controller – processing to the extent necessary to ensure effective defense of the Data Controller, record keeping of the Data Controller, improvement of the Data Controller's services, direct marketing of the Data Controller (in relation to the Data Controller'scustomers) and legitimate interests of the Data Controller (protection against fraud and attacks on the technical solution of the Store); and
4.1.5 fulfillment of legal obligations – especially for tax and accounting purposes and provision of information to public authorities (entities).
- Data retention time
5.1 The Data Controller retains personal data processed for the purposes of Articles 4.1.1 and 4.1.2 of the Rules for a period of ten (10) years from the realization (completion) of the last part of the contractual relationship, unless the law requires longer retention.
5.2 The Data Controller retains personal data processed for the purposes of Article 4.1.3 of the Rules until the consent is revoked or the newsletter (commercial communications) is unsubscribed.
5.3 The Data Controller will store personal data processed for the purposes of Article 4.1.4 of the Rules for a period of four (4) years from the expiration of the warranty period for the Goods, which in the event of a dispute (judicial or extrajudicial) will be extended accordingly.
5.4 The Data Controller will store personal data processed for the purposes of Article 4.1.5 of the Rules for a period of thirty (30) years from the time of their acquisition.
5.5 At the end of the retention period, the Data Controller will destroy personal data.
6.1 Personal data is processed for the Data Controller by the following processors:
6.1.2 service providers enabling the operation and working of the Store;
6.1.2 cloud storage operator – Google Cloud (https://cloud.google.com/security/gdpr/)
6.1.3 e-mail service provider – Google Mail (https://cloud.google.com/security/gdpr/)
6.1.4 mailing service provider (newsletter distribution) – Mailchimp (https://mailchimp.com/legal/privacy/)
6.1.5 sales system operator of the Store – Shopify (https://help.shopify.com/en/manual/your-account/GDPR)
6.1.6 payment system operator – 2Checkout (https://www.2checkout.com/legal/gdpr-commitment/)
6.1.7 CRM provider – Shopify (https://help.shopify.com/en/manual/your-account/GDPR)
Personal data will not be transferred to third countries outside the EU or to international organizations.
- Personal data security
7.1 The Data Controller declares that he has taken all necessary technical, organizational and security measures to adequately secure personal data with regard to their confidentiality, integrity and availability.
7.2 Only persons authorized by the Data Controller have access to personal data.
- Commercial communications (newsletter)
8.1 The Data Controller is entitled to send news and other commercial communications related to the Store and the Goods to the e-mail address of the Data Subject who has purchased Goods from him. The sending of commercial communications is governed by Section 7 para. 3 of the Act on Certain Services of the Information Society. The Data Subject may refuse further sending of commercial communications at any time – for example by clicking on the unsubscription link in the newsletter.
- Rights of the Data Subjects
9.1 Each Data Subject has the following rights:
9.1.1 the right of access to personal data (Article 15 of the GDPR);
9.1.2 the right of rectification of personal data (Art. 16 of the GDPR);
9.1.3 the right to have personal data erased (Art. 17 of the GDPR);
9.1.4 the right to restriction of processing of personal data (Art. 18 of the GDPR)
9.1.5 the right to data portability (Art. 20 of the GDPR); and
9.1.6 the right to object to the processing of their personal data (Art. 21 of the GDPR).
9.2 In the case of a request for the erasure of personal data, it will be possible to comply with the request only if the interest of the Data Controller will not outweigh the interest of the Data Subject.
9.3 The Data Subject has the right to withdraw his consent (if this is a legal reason for processing) to the processing of his personal data in writing or electronically to the address or e-mail of the Data Controllerat any time.
9.4 In case of reasonable doubts about compliance with the obligations of the Data Controller to process personal data properly, the Data Subject may file a complaint with the Office for Personal Data Protection. Alternatively, he may apply to the competent court.
10.2 Cookies for targeting marketing messages are processed on the basis of the consent of the Data Subject, which is represented by the settings of his Internet browser. The consent is granted by the Data Subject for the period specified below for individual cookies and can be revoked at any time by changing the settings of the Internet browser.
10.3 To display relevant marketing messages and connect with social network services, cookies are processed for the Data Controller by the following processors:
10.4 The Data Controller uses the following cookies on the Store's website:
10.4.1 Temporary cookies – these are temporary files that allow to monitor the activity of the Data Subjects on the Store's website and are deleted after closing the Internet browser window.
10.4.2 Permanent cookies – these are permanent files that allow to identify the Data Subject when browsing the Store's website and thus improve the Data Subject's user experience. These files can be deleted at any time in the Internet browser settings.
- Final provisions
11.1 By using the Store's interface and/or by placing an order, the Data Subject confirms that he has acquainted himself with the Rules and has no objections to them.
12.2 The Rules may be subject to unilateral changes by the Data Controller. The Store's website will always list the current version of the Rules. The Data Controller will inform the Data Subjects about any changes to the Rules via e-mail.
The Rules come into effect on January 16, 2019