Cookies
medicalseeds
These websites use cookies to provide their services, personalize ads, and analyze traffic. Please give your consent to the use of cookies by clicking on the appropriate button with the type of use according to your preference. More information
 
Verification of your age
medicalseeds
You are about to enter a page with content unsuitable for persons under the age of 18.

By entering, you confirm that you are over 18 years of age.

Registration Registration
Log in Log in
English - € EN
0 pcs 0 € Shopping cart
Fotografie
Fotografie
Fotografie
Fotografie
Fotografie
Fotografie
Fotografie
Fotografie
Fotografie
PPL
PERSONAL COLLECTION
Please specify the place of delivery:
Medical Seeds Brno Centrum
Medical Seeds Brno
Medical Seeds Olomouc
Medical Seeds Opava
Hodnocení obchodu na Zboží.cz

FB
IG

Privacy Policy

Personal Data Processing Policy

adopted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data andon the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as "GDPR") and in accordance with Act No. 110/2019 Coll., on the processing of personal data

1. Introduction

Entrepreneur Kamil Závodný, with registered office at Vídeňská 1025/20, Brno - Štýřice, 639 00, ID No.: 66168279,
VAT No.: CZ7507275479, as the operator of the online store www.medicalseeds.cz (hereinafter referred to asthe "Controller") processes the personal data of so-called data subjects – natural persons who:

  • are interested in purchasing in the online store (potential customers);

  • purchase or have purchased in the online store (customers).

The Administrator ensures that the processing of personal data of data subjects is lawful, fair, transparent, accurate, confidential, and that personal data is processed only to the extent necessary. The controller also ensures that personal data is properly secured and that all rules set out in the GDPR and other legal regulations in the area of personal data processing are complied with when processing personal data.

These principles have been adopted, among other things, to demonstrate the compliance of the Controller's processing of personal data with legal regulations. Explanations of individual terms related to the processing of personal data in accordance with these principles are provided in Article 12 below.

2. Personal Data Controller

The personal data controller is Kamil Závodný, with registered office at Vídeňská 1025/20, Brno - Štýřice, 639 00,
ID No.: 66168279, VAT No.: CZ7507275479.

The controller can be contacted in any of the following ways:

  • in person (or in writing) at the registered office of the Controller, Medical Seeds, Nákladní 438/17, 746 01 Opava, Czech Republic;

  • electronically via the email address info@medicalseeds.cz;

  • by telephone at +420 736 294 694.

3. Purposes of processing for which personal data are intended and legal basis for processing

3.1. Performance of the purchase contract

The controller processes personal data primarily for the purpose of concluding and performing a purchase contract, i.e., at a minimum, so that the controller can deliver goods purchased in the online store to the customer.

The legal basis for this processing is Article 6(1)(b) of the GDPR – performance of a contract to which the data subject is party.

3.2. Fulfilment of the Controller's legal obligations

The Controller processes personal data for the purpose of fulfilling the Controller's legal obligations arising, for example, from accounting and tax laws, the Consumer Protection Act, etc., including the Controller's obligation to be able to prove that it processes personal data in accordance with generally binding legal regulations, in particular in accordance with the GDPR.generally binding legal regulations, in particular in accordance with the GDPR.

The legal basis for this processing is Article 6(1)(c) of the GDPR – compliance with a legal obligation to which the Controller is subject.



3.3. Legitimate interests of the Controller

The Controller may process personal data for the purpose of:

  • direct marketing (see Article 5 below);

  • determining, exercising, or defending legal claims (in particular legal claims arising from a concluded purchase contract).

The legal basis for this processing is Article 6(1)(f) of the GDPR – the legitimate interest of the Controller.

3.4. Consent of the data subject

Based on the consent of the data subject, the Controller may process personal data for the purpose of:

  • direct marketing (see Article 5 below);

  • creating and maintaining a customer account (see Article 10 below).

The legal basis for this processing is Article 6(1)(a) of the GDPR – consent of the data subject.

4. Processing of personal data based on consent

4.1. Voluntary nature

Consent to the processing of personal data is entirely voluntary. Failure to give consent will not have any adverse consequences for the data subject.

4.2. Withdrawal of consent

Every data subject has the right to withdraw their consent to the processing of personal data at any time, in particular by one of the following means.

  • through their customer account;

  • by electronic notification sent to the Controller's email address (see Article 2 above);

  • by written notice sent to the address of the Administrator's registered office or place of business/one of the places of business (see Article 2 above);

  • by telephone using the Administrator's contact details (see Article 2 above).

Consent to the maintenance of a customer account may also be revoked by canceling the customer account (see Section 10.2 below).

The withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

5. Direct marketing

5.1. General

The processing of personal data for direct marketing purposes means the processing of personal data for the purpose of sending commercial communications within the meaning of Act No. 480/2004 Coll., on certain information society services, as amended (hereinafter referred to as"Act No. 480/2004 Coll.").

A commercial communication is understood to mean any form of communication, including advertising and invitations to visit an online store, intended to directly or indirectly promote goods or services or the image of the Controller (in particular, newsletters).

5.2. How does it actually work?

The processing of personal data for the purpose of sending commercial communications to potential customers (i.e., persons who have not yet made a purchase in the online store but have decided to receive commercial communications) is only possible on the basis of their consent to the processing of personal data. Similarly, sending commercial communications to potential customers can only be carried out on the basis of consent (in accordance with Section 7(2) of Act No. 480/2004 Coll.).

The processing of personal data for the purpose of sending commercial communications to customers ( i.e., persons who have already made a purchase in the online store) is also possible without their consent, based on the existence of a legitimate interest of the Controller (see section 3.3 above or recital 47 of the GDPR). Similarly, the sending of commercial communications to customers, if these commercial communications relate to the Controller's own similar products or services, may in such a case be carried out without their consent (in accordance with Section 7(3) of Act No. 480/2004 Coll.), provided that the customer has not initially refused or subsequently refuses to do so. [For more details, see https://www.uoou.cz/gdpr-a-nbsp-primy-elektronicky-marketing/d-30715]

5.3. Termination of processing for direct marketing purposes

The controller shall terminate the processing of personal data for direct marketing purposes immediately after the customer or potential customer expresses their disagreement with such processing. Disagreement may be expressed, for example, in one of the following ways:

  • withdrawal of consent to the processing of personal data (see Article 4 above);

  • expressing disagreement with the processing of personal data in the same way as consent to the processing of personal data can be revoked (see Article 4 above);

  • unsubscribing, which can be done in any commercial communication;

  • by raising an objection to such processing (under the conditions of Article 21 of the GDPR).

Notwithstanding the above, the Controller shall terminate the processing of personal data for direct marketing purposes no later than 3 years after the last purchase in the online store (conclusion of the purchase contract). Any further purchase therefore extends the processing period by another 3 years.

If no purchase is ever made in the online store, the Controller will terminate the processing at the same time as the customer account is deleted (see section 10.2 below).

6. Categories of recipients of personal data

The recipient of personal data is anyone to whom the Controller provides personal data.

The Controller will transfer personal data in particular to the following recipients: entities providing accounting or tax services, postal or transport services, newsletter distribution services, legal services, IT services, payment gateway operators, payment system operators, domain administrators, technical support providers, etc. These recipients will process personal data either as independent controllers (i.e., entities that determine the purposes and means of personal data processing independently of the Controller) or as processors (i.e., entities that process personal data for the Controller based on its instructions).

In addition, the Controller will provide personal data to public authorities if required to do so by generally binding legal regulations. These recipients will always process personal data as independent controllers. However, public authorities are not considered recipients within the scope of their investigative powers.

7. Transfer to third countries or international organizations

The Controller will not transfer personal data to third countries or international organizations within the meaning of Article 44 et seq. of the GDPR.

8. Period of personal data processing

Personal data will only be processed for as long as is necessary for the purpose of its processing. The expiry of one of the legal bases for the processing of personal data does not affect the processing of personal data (to the extent necessary) on the basis of another legal basis.

8.1. Performance of the purchase contract

For this purpose, the Controller will process personal data for up to 30 days after the termination of the last obligation arising from the purchase contract. This does not affect the Controller's ability to subsequently process this personal data on other legal bases and for the purposes set out in this policy.

8.2. Fulfilment of legal obligations by the Controller

For this purpose, the Controller will process personal data for the duration of the relevant legal obligation of the Controller established by generally binding legal regulations.

8.3. Legitimate interests of the Controller

8.3.1. Direct marketing

For this purpose, the Controller may process personal data until such time as you object to such processing, but for no longer than 3 years from your last purchase in the online store (see section 5.3 above).

8.3.2. Legal claims

For this purpose, the Controller may process personal data for the duration of the relevant legal claim, but for a maximum of 1 year after the expiry of the limitation period under generally binding legal regulations. In the event of the initiation and duration of judicial, administrative, or any other proceedings in which the rights or obligations arising from the relevant legal claim are resolved, the period of processing of personal data for this purpose shall not end before the final conclusion of such proceedings.

8.4. Consent of the data subject

8.4.1. Direct marketing

For this purpose, the Controller may process personal data until:

  • the withdrawal of consent to the processing of personal data (see Article 4 above);

  • the expression of disagreement with the processing of personal data, in the same manner as consent can be revoked (see Article 4 above);

but no later than the moment of cancellation of the customer account ( see paragraph 10.2 below).

8.4.2. Customer account management

For this purpose, the Controller may process personal data until the customer account is canceled (see section 10.2 below).

8.5. Deletion of personal data

Immediately after the expiry of the processing period according to paragraphs 8.1, 8.2, or 8.3.2 above, the Controller shall anonymize or destroy the relevant personal data for which the purpose of processing has ceased to exist.

In the cases referred to in paragraphs 8.3.1 or 8.4 above, the Controller shall terminate the processing of personal data for the specified purposes immediately after the withdrawal of consent, expression of disagreement, or cancellation of the customer account.

9. Rights of data subjects

Every data subject has, among other things, the following rights:

  • the right to request access to their personal data (under the conditions of Article 15 of the GDPR);

  • the right to rectification or erasure of personal data (under the conditions of Article 16 or Article 17 of the GDPR);

  • the right to restrict the processing of personal data (under the conditions of Article 18 of the GDPR);

  • the right to object to processing (under the conditions of Article 21 of the GDPR);

  • the right to data portability (under the conditions of Article 20 of the GDPR);

  • the right to withdraw consent to the processing of personal data (see Article 4 above).

Any data subject who believes that the Controller is processing their personal data in a manner that is contrary to the protection of the data subject's private and personal life or to the relevant legal regulations, in particular if the personal data are inaccurate with regard to the purpose of their processing, may

a) request an explanation from the Controller (see Article 2 above for contact details), or

b) request that the Controller remedy the situation, in particular by correcting, supplementing, or deleting the personal data (see Article 2 above for contact details).

If the data subject believes that their right to personal data protection has been violated, they also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, Holešovice, 170 00 Prague 7.

10. Customer account

10.1. Creation of a customer account

The creation of a customer account is entirely voluntary, as the Controller allows purchases to be made in the online store even without creating a customer account (i.e., without registration).

In order for the Administrator to store personal data entered into the form for setting up and maintaining a customer account (or entered into the customer account at any time later), it needs consent to do so.

Until the potential customer concludes a purchase contract with the Administrator (i.e., becomes a customer) and subsequently fulfills all obligations under the concluded purchase contract, the Administrator will not use personal data for any purpose other than to maintain the customer account; However, this does not affect the Administrator's ability to process personal data on other legal grounds, in particular on the basis of consent given for the purposes of direct marketing (sending commercial communications).

10.2. Cancellation of a customer account

A customer account may be canceled at any time via the customer account or by sending a request for cancellation of the customer account to one of the contact addresses listed in Article 2 above.

Notwithstanding the above, the Administrator may cancel a customer account 3 years after the customer's last purchase in the online store, and the Administrator may also cancel a customer account if the customer breaches their obligations under the purchase contract.

If no purchase is ever made in the online store, the Administrator may cancel the customer account 3 years after its creation.

11. Cookies and other technical data

More detailed information about cookies and other technical data processed when visiting the online store's website is provided in a separate document entitled Cookies.

12. Basic terms

Personal data is any information about an identified or identifiable natural person ( the data subject); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, date of birth, place of residence, email address, telephone number, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The processing of personal data is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or any other disclosure, alignment or combination, restriction, erasure or destruction.

A customer is a natural person who has concluded a purchase contract with the Administrator via the online store, i.e., a person who has a so-called customer relationship with the Administrator.

A potential customer is a natural person who has not yet concluded a purchase contract with the Administrator via the online store, i.e., a person who does not have a so-called customer relationship with the Administrator.

13. Further information on the processing of personal data

The Controller is obliged to take such technical and organizational measures to prevent unauthorized or accidental access to personal data, their alteration, destruction, loss, unauthorized transfer or other unauthorized processing or misuse. This obligation remains in force even after the processing of personal data has ended.

If you have any questions regarding the processing of personal data, you can contact the Controller via one of the contact addresses listed in Article 2 above.

General information on the processing of personal data can also be found on the website of the Office for Personal Data Protection available at www.uoou.cz.

This policy shall take effect on June 7, 2023.



PPL
PERSONAL COLLECTION
Please specify the place of delivery:
Medical Seeds Brno Centrum
Medical Seeds Brno
Medical Seeds Olomouc
Medical Seeds Opava
Hodnocení obchodu na Zboží.cz

FB
IG
Products
Pages