Privacy Policy

I.
Fundamental Provisions
1. The personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”) is KREUZIGER project s.r.o., IČ (company ID No.): 05964296, DIČ (company tax ID No.): CZ05964296, registered seat: Foglarova 1696/8, Severní Předměstí, 323 00, Plzeň, registered in the Commercial Register at the Regional Court in Plzeň under reference C 34368 (hereinafter as the “Controller”).

2. Controller’s contact details:
KREUZIGER project s.r.o.
address: Foglarova 1696/8, Severní Předměstí, 323 00 Plzeň, Czech Republic
e-mail: helpdesk@kreuzigerproject.com
phone: +420 604 635 176
website: www.damrespekt.cz 

3. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.

4. The Controller has not appointed a data protection officer.

II.
Sources and Categories of the Personal Data Processed

1. The Controller processes the following personal data provided by you or personal data obtained by filling your order:
● name and surname,
● e-mail address,
● age

2. The Controller shall process your identification and contact details and other information essential for performing a contract.

3. Your personal data shall be processed in both manual and automated ways.

III.
Legal Grounds for and Purpose of Personal Data Processing

1. The legal grounds for personal data processing are
● performance of a contract between you and the Controller pursuant to point (b) of Article 6(1) of the GDPR,

 
● performance of the Controller’s legal obligation pursuant to point (c) of Article 6(1) of the GDPR,
● the Controller’s legitimate interest to provide direct marketing (especially to send commercial communications and newsletters) pursuant to point (f) of Article 6(1) of the GDPR,
● your consent to processing for direct marketing purposes (especially for sending commercial communications and newsletters) pursuant to point (a) of Article 6(1) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on Certain Information Society Services, provided that no goods or services have been ordered.

2. The purpose of personal data processing is
● filling your orders and exercising the rights and obligations arising from a contractual relationship between you and the Controller; in the context of an order, we need personal data required for meeting your order successfully (name and surname, e-mail address, correspondence address, phone number); personal data provision is a necessary requirement for entering into and performing a contract; without providing personal data, it will not be possible to enter into a contract or the Controller will not be able to perform it,
● performance of legal obligations towards government,
● sending commercial communications and performing other marketing activities under the project, Ukaž respekt [Show Respect], which aims to increase cycling safety in road traffic in collaboration with partners, public institutions, and Ukaž respekt project suppliers, who are funding and supporting the project (“Project”), namely in the following forms:
● informing about Project news and activities,
● sending optimized commercial communications and offers of the Project or its current or potential partners or suppliers,
 
● transferring personal data to the Project’s current or potential partners or suppliers for the purpose of sending optimized commercial communications and offers.

3. The Controller does not engage in any automated individual decision-making within the meaning of Article 22 of the GDPR.

IV.
Retention Period

1. The Controller shall retain your personal data
● for the time required to exercise rights and obligations arising from a contractual relationship between you and the Controller and to pursue claims derived from such contractual relationships (for 15 years after the contractual relationship has ended),
 
● until your consent to personal data processing for marketing purposes is revoked, and up to a maximum of 15 years, if your personal data are processed on the basis of a consent.

2. The Controller shall erase your personal data after the expiry of the retention period.

V.
Personal Data Recipients (Controller’s Subcontractors)

1. The personal data recipients are parties
● engaging in delivering goods or making payments on the basis of a contract,
● providing e-shop operation services and other services related to e-shop operation,
● providing marketing services,
● collaborating with the Controller on its Project activities, which are listed on the Controller’s website.

2. The Controller does not intend to transfer your personal data to a third country (one outside of the EU) or an international organization.
 

VI.
Personal Data Processors

1. Personal data processing is performed by the Controller, but the Processors named below are also authorised to process personal data for the Controller:
● Mailchimp service provider,
● Wix service provider,
● or any other providers of processing software, services and applications that are, however, not being used by the Controller at present.

VI.
Your Rights

1. Subject to the conditions laid out in the GDPR, you have the right
● to access your personal data pursuant to Article 15 of the GDPR,
● to rectification of your personal data pursuant to Article 16 of the GDPR or to restriction of processing pursuant to Article 18 of the GDPR,
● to erasure of your personal data pursuant to Article 17 of the GDPR,
● to object to processing pursuant to Article 21 of the GDPR,
● to the portability of your data pursuant to Article 20 of the GDPR, and
● to revoke your data processing consent given in accordance to Article III of this Policy, namely in writing or electronically to the Controller’s address or e-mail.

2. You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated, or to engage in legal proceedings.

VII.
Personal Data Security Terms

1. The Controller declares that it has implemented all appropriate technical and organisational measures to ensure the security of personal data.

2. The Controller has implemented technical measures to secure its data repositories and repositories of personal data on paper.

3. The Controller declares that only persons authorised by the Controller shall have access to the personal data.

VIII.
Final Provisions

1. The Controller shall process your personal data in accordance with general binding rules, and in particular with the GDPR and Act No. 110/2019 Coll., on Personal Data Processing, as amended.

2. By submitting an online order form, you confirm that you have read the Personal Data Protection Policy and consent to it in its entirety.

3. You also consent to this Policy by ticking the consent box in the online form. By ticking “I agree”, you confirm that you have read the Personal Data Protection Policy and consent to it in its entirety.

4. The Controller is entitled to alter this Policy unilaterally at any time. The Controller shall publish the amended version of the Personal Data Protection Policy on its website and, at the same time, send you the amended version of this Policy to the e-mail address you have provided to the Controller. This Policy shall come into force and take effect on 1 April 2021.
 
This translation is purely for information purposes and in the event of any uncertainty the Czech version prevails.