Privacy policy

The personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is Ortho Front s.r.o., company number O3929876, with its registered office at Bystrcká 612/15, 624 00 Brno, registered in the Commercial Register at the Regional Court in Brno, Section C, File 87445, as the operator of the E-shop www.evitabeachwear.com, (hereinafter referred to as the “Data Controller”).

The contact details of the Data Controller:

address:   Bystrcká 612/15, 624 00 Brno
email: info@evitabeachwear.com
telephone: +420 315 315 697

The personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Data Controller has not appointed the Data Protection Officer.

 

Sources and categories of processed personal data

The Data Controller processes the personal data you have provided to him or the personal data obtained by the Data Controller based on the performance of your order with the purchase of goods or use of services. It concerns the following personal data:

  • Name and surname
  • Email address
  • Telephone number
  • Address of the residence or address for service
  • Password in encrypted version
  • Profile information such as age and gender

The Data Controller also processes your data which he obtains during the purchase of goods or use of his services. It concerns the following data:

  • IP address
  • Cookie files
  • Data regarding the browser and the device
  • Geographical data
  • Data concerning the realized purchases (such as the type and price of the goods, date of the purchase, data regarding the state of the customer account)
  • or any other online identifier

 

Legal grounds and purpose of personal data processing

Legal grounds for personal data processing

  • performance of a contract between you and the Data Controller pursuant to Article 6 (1)(b) GDPR
  • legitimate interest of the Data Controller in provision of direct marketing (in particular in sending the commercial communications and newsletters) pursuant to Article 6 (1)(f) GDPR
  • your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1)(a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Sb., on Certain Information Society Services, in case that the order of goods or services has not been realized.

Purpose of personal data processing

  • processing your order and exercising the rights and obligations arising from the contractual relationship between you and the Data Controller; when ordering, personal data are required for the successful execution of the order (name and address, contact details), the provision of personal data is a necessary requirement for the conclusion and performance of the contract; without providing the personal data, the contract may not be concluded or be fulfilled by the Data Controller,
  • sending commercial communications and performance of other marketing activities.

On the part of the Data Controller, there is an automatic individual decision-making within the meaning of Article 22 GDPR. You have given your explicit consent to such processing.

 

Cookies and their use

Cookies are small data files that the website you visit sends to your browser, that stores them on your computer, and they are  normally used to distinguish the individual users. However, the user is not identifiable based on this information. Cookies help you remember your activities and preferences for a certain period of time, so you do not have to reinsert them when you return to or go from one website to another website.

Cookies serve, in particular, to:

  • ensure that our website works correctly to complete the ordering process with the least difficulty;
  • provide secure login, user authentication, prevention of fraudulent use of login authorizations and protection of user data from the access of unauthorized parties;
  • store the login data of our customers, so that they do not have to reinsert them repeatedly;
  • remember the contents of the shopping cart;
  • ensure the appearance of the websites in relation to the preferences and requirements of the visitors;
  • analyze user traffic, behaviour, preferences and interests;
  • offer advertising for goods according to user's interest.

The website www.evitabeachwear.com uses cookies that can be divided into two basic types in terms of their durability. Temporary cookies, called "session cookies" that are only temporary and remain stored on your device until the browser session ends, and the so-called "permanent cookies", that remain stored on your computer for longer. Temporary cookies allow you to store information while browsing from one website to another, and eliminate the need to re-enter some information. If the browser is closed, it is deleted from your device. The permanent cookies help you identify your computer when you visit our website again, but do not allow you to be identified personally.

 

Consent to the use of cookies and its withdrawal

By using this website you agree to the use of cookies. Consent to the use of cookies is voluntary. If you do not agree to the collection of some or all cookies, you can prevent them from being collected by changing your browser settings. However, if you do so, you may be forced to set some options manually each time you visit our website, and some services and features may not work.

 

Period of data retention

The Data Controller shall retain the personal data

  • for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Data Controller and to assert claims arising from these contractual relationships (for a period of 15 years as of the termination of the contractual relationship).
  • for the period until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years if the personal data are processed based on the consent.

After the personal data retention period has expired, the Data Controller shall delete the personal data.

 

Personal Data Recipients (sub-contractors of the Data Controller)

The recipients of the personal data are the persons that

  • participate in supplying the goods / services / realization of payments based on the contract,
  • provide e-shop operation services and other services related to e-shop operation,
  • provide marketing services.

The Data Controller does not intend to transfer the personal data to a third country (to a non-EU country) or to an international organization.

 

Your rights

Under the conditions set out in GDPR, you have the 

  • right of access to personal data concerning you pursuant to Article 15 GDPR,
  • right to rectification of the personal data pursuant to Article 16 GDPR, or right to restriction of processing pursuant to Article 18 GDRP,
  • right to erasure of personal data pursuant to Article 17 GDPR,
  • right to object to  processing pursuant to Article 21 GDPR,
  • right to data portability pursuant to Article 20 GDPR,
  • right to withdraw the consent to processing in writing or by electronic means to the address or email of the Data Controller referred to in Article I of this Privacy Policy

You also have the right to lodge a complaint at the Office for Personal Data Protection in case you consider that your right to personal data protection has been infringed. 

 

Conditions of security of personal data 

The Data Controller represents that it has taken all the technical and organizational measures necessary to secure the personal data.

The Data Controller has taken technical measures to secure data and personal data repositories in paper form.

The Data Controller represents that only the persons authorized thereby have access to  the personal data.

 

Final provisions

By submitting an order from the online order form, you confirm that you are familiar with the Privacy Policy and that you accept it in its entirety.

You give your consent to this Privacy Policy by checking your consent via Privacy Policy and accept it in its entirety.

The Data Controller is entitled to change this Privacy Policy. The Data Controller shall post a new version of the Privacy Policy on its website and at the same time send you a new version of the Privacy Policy to your email address that you provided to the Data Controller.

This Privacy Policy is effective as of 1 March 2020.