The personal data controller pursuant to Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is Ortho Front s.r.o., company number O3929876, with its registered office at Bystrcká 612/15, 624 00 Brno, registered in the Commercial Register at the Regional Court in Brno, Section C, File 87445, as the operator of the E-shop www.evitabeachwear.com, (hereinafter referred to as the “Data Controller”).
The contact details of the Data Controller:
The personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Data Controller has not appointed the Data Protection Officer.
Sources and categories of processed personal data
The Data Controller processes the personal data you have provided to him or the personal data obtained by the Data Controller based on the performance of your order with the purchase of goods or use of services. It concerns the following personal data:
- Name and surname
- Email address
- Telephone number
- Address of the residence or address for service
- Password in encrypted version
- Profile information such as age and gender
The Data Controller also processes your data which he obtains during the purchase of goods or use of his services. It concerns the following data:
- IP address
- Cookie files
- Data regarding the browser and the device
- Geographical data
- Data concerning the realized purchases (such as the type and price of the goods, date of the purchase, data regarding the state of the customer account)
- or any other online identifier
Legal grounds and purpose of personal data processing
Legal grounds for personal data processing
- performance of a contract between you and the Data Controller pursuant to Article 6 (1)(b) GDPR
- legitimate interest of the Data Controller in provision of direct marketing (in particular in sending the commercial communications and newsletters) pursuant to Article 6 (1)(f) GDPR
- your consent to processing for the purpose of providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6 (1)(a) GDPR in conjunction with Section 7 (2) of Act No. 480/2004 Sb., on Certain Information Society Services, in case that the order of goods or services has not been realized.
Purpose of personal data processing
- processing your order and exercising the rights and obligations arising from the contractual relationship between you and the Data Controller; when ordering, personal data are required for the successful execution of the order (name and address, contact details), the provision of personal data is a necessary requirement for the conclusion and performance of the contract; without providing the personal data, the contract may not be concluded or be fulfilled by the Data Controller,
- sending commercial communications and performance of other marketing activities.
On the part of the Data Controller, there is an automatic individual decision-making within the meaning of Article 22 GDPR. You have given your explicit consent to such processing.
Cookies and their use
Cookies are small data files that the website you visit sends to your browser, that stores them on your computer, and they are normally used to distinguish the individual users. However, the user is not identifiable based on this information. Cookies help you remember your activities and preferences for a certain period of time, so you do not have to reinsert them when you return to or go from one website to another website.
Cookies serve, in particular, to:
- ensure that our website works correctly to complete the ordering process with the least difficulty;
- provide secure login, user authentication, prevention of fraudulent use of login authorizations and protection of user data from the access of unauthorized parties;
- store the login data of our customers, so that they do not have to reinsert them repeatedly;
- remember the contents of the shopping cart;
- ensure the appearance of the websites in relation to the preferences and requirements of the visitors;
- analyze user traffic, behaviour, preferences and interests;
- offer advertising for goods according to user's interest.
Period of data retention
The Data Controller shall retain the personal data
- for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the Data Controller and to assert claims arising from these contractual relationships (for a period of 15 years as of the termination of the contractual relationship).
- for the period until the consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years if the personal data are processed based on the consent.
After the personal data retention period has expired, the Data Controller shall delete the personal data.
Personal Data Recipients (sub-contractors of the Data Controller)
The recipients of the personal data are the persons that
- participate in supplying the goods / services / realization of payments based on the contract,
- provide e-shop operation services and other services related to e-shop operation,
- provide marketing services.
The Data Controller does not intend to transfer the personal data to a third country (to a non-EU country) or to an international organization.
Under the conditions set out in GDPR, you have the
- right of access to personal data concerning you pursuant to Article 15 GDPR,
- right to rectification of the personal data pursuant to Article 16 GDPR, or right to restriction of processing pursuant to Article 18 GDRP,
- right to erasure of personal data pursuant to Article 17 GDPR,
- right to object to processing pursuant to Article 21 GDPR,
- right to data portability pursuant to Article 20 GDPR,
You also have the right to lodge a complaint at the Office for Personal Data Protection in case you consider that your right to personal data protection has been infringed.
Conditions of security of personal data
The Data Controller represents that it has taken all the technical and organizational measures necessary to secure the personal data.
The Data Controller has taken technical measures to secure data and personal data repositories in paper form.
The Data Controller represents that only the persons authorized thereby have access to the personal data.