politica sulla riservatezza
Issued by the online store for the sale of goods https://www.colazio.com through Colaz Group s.r.o., registered office Sadov 37, Sadov 362 61, ID No.: 19943768, registered in the Commercial Register kept by the Regional Court in Plzeň, Section C, Insert 44520, represented by Bc. Filip Kolaci as the executive, who is also the data controller (hereinafter also referred to as "we" or "controller").
The purpose of this document is to acquaint you with all the information regarding the processing of your Personal Data. We recommend that you read these Personal Data processing principles. If you have any further questions regarding the processing of your Personal Data, please contact us at info@colazio.com or call +420 606 887 846.
We process your Personal Data for reasons established by law, for the purpose of fulfilling a contract, or based on our legitimate interests. If the processing of Personal Data does not fall under any of these three reasons, we will request your consent. We ensure that your Personal Data is processed in accordance with the following principles:
1. Reasonable limits, meaning that we use your Personal Data to the extent necessary to fulfill the purpose for which they are provided;
2. Transparency, meaning that we inform you in advance about what Personal Data we process, why, for how long, and to whom we disclose your Personal Data; and
3. Security, we always work with technologies and internal procedures to ensure that your Personal Data is secure; it goes without saying that we monitor, evaluate, and adopt our internal settings in line with the development of modern technologies.
For better clarity and orientation, below are the terms that are frequently repeated in these principles.
|
E-shop |
ChatGPT E-shop: An online store operated by the controller, available at https://www.colazio.com |
|
GDPR |
Regulation (EU) 2016/679 of the European Parliament and of the Council; |
|
Commercial Communication |
Typically an email or SMS message sent to the User for the purpose of promoting similar products and services; |
|
Order |
Completed transaction by the customer by pressing the "ORDER" button with the intention of concluding a purchase agreement; |
|
Personal Data |
Any information about the User, based on which they can be directly or indirectly identified; |
|
User |
A natural person to whom Personal Data relates, most commonly a customer or potential customer, or a user of our website, also referred to as "You" |
|
Processor |
Carries out processing activities of Personal Data based on a contract or other authorization for the controller; |
|
Processing of Personal Data: |
Any operation or set of operations with Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; |
|
Special Categories of Personal Data |
"Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life, or sexual orientation of a natural person. Genetic and biometric data, when processed to uniquely identify an individual, are also considered special categories of data. |
What Personal Data do we process, how do we obtain it, for what purpose, and for how long do we retain it?
We process the following Personal Data about you:
Name and surname;
Contact details (especially email, phone number)
Invoicing details and bank connection (information necessary for accounting and payment processing for goods);
Order note;
Information provided during communication with us (especially your questions and answers to your inquiries, communication with you);
Login to the user account and behavior in the user account (especially user-entered data in the user account, purchase history, registration time, date of last profile update);
Comments added by you to our posts on social media (especially Facebook, Instagram, Pinterest, TikTok, Twitter, LinkedIn, Snapchat, and Youtube), as well as the name (nickname) of your profile on these social media platforms and publicly accessible information on your profiles;
IP address;
Cookies.
We do not process Special Categories of Personal Data
How do we process Personal Data?
Generally, regarding the duration of Personal Data Processing. We process your personal data to the extent necessary for the entire duration of the purchase agreement and further for the period necessary to perform the rights and obligations arising from the contractual relationship between you and us and the possible assertion of claims from these contractual relationships (e.g., assertion of rights from goods defects within a complaint, assertion of warranty claims for goods, etc.).
For what purpose do we process Personal Data?
Website of the E-shop. We also process information about when you visit and browse our website. This information may include, for example, IP address, date and time of access to our website, information about your web browser, operating system, or language settings. We may also look into the history of your behavior on websites, such as which links on our websites you visit and which offered goods are displayed to you. However, information about your behavior on the web is anonymized for your maximum privacy.
If you access our website from a mobile phone or similar device, we may also process information about your mobile device (data about your mobile phone, etc.).
We may collect this data as part of a log or using cookies or other tracking technologies. The rules for using cookies and other tracking technologies are described in more detail in our Cookies Policy.
We can collect this data as part of the protocol or using cookie files or other tracking technologies. Rules for the use of cookie files and other tracking technologies are described in more detail in our Cookies Policy.
Registration, setting up a user account. You provide us voluntarily with Personal Data by setting up a user account in the E-shop and subsequently updating it. By setting up a user account, you can take advantage of the benefits that the user account offers.
Fulfillment of the contractual relationship. The legal basis for the Processing of personal data is the fulfillment of the purchase agreement, i.e., proper processing of the Order and related obligations.
Improvement of providing our services, product promotion. We may process Personal Data from publicly available sources, our contractual partners, and combine them with Personal Data voluntarily provided to us. We take measures to ensure that third parties are legally authorized to provide us with this information. For example, this may include demographic information, IP addresses, and cookie files. The reason is to improve the provision of our services and promote our products.
Personalized advertising. We collaborate with third parties to manage and display our advertising on third-party websites.
Contests and other promotional activities. On our websites or through social networks, we may conduct surveys, hold contests, or other promotional activities. Your participation in our promotional activities is voluntary. Within these surveys, contests, and promotional activities, we may ask for Personal Data, such as name, address, date of birth, phone number, email address, username, and similar data, from you. Personal Data you provide will be used to manage these promotional activities or for another purpose, as specified in the terms of the specific promotional activity.
Social networks. We have profiles on Youtube, Instagram, Facebook, Twitter, LinkedIn, TikTok, Pinterest, and Snapchat. All information, messages, or materials provided through social media platforms are provided in accordance with the principles of personal data processing of these platforms. Personal data protection is addressed separately within each of the mentioned platforms.
Sending vouchers. We want to reward our loyal customers, and therefore, based on our legitimate interest, we may send discount vouchers to addresses provided by our customers in their Order.
Communication with customer support or other inquiries. If you have contacted us via chatbot, email, called us, or reached out to us on social networks, then we process your personal data for the purpose of handling your inquiry.
Business communication (newsletter). We may send business communications based on our legitimate interest in promoting our products and services to customers until they unsubscribe from receiving business communications themselves. This allows for an easy unsubscribe link in each business communication sent via email. Based on our legitimate interest in promoting our products and services, we may also use the registered user's phone number to distribute business communications via SMS. In such cases, users can unsubscribe from SMS by sending a short message to info@colazio.com. You may object to the processing of your personal data based on our legitimate interests at any time (more details in the section concerning your rights). If you subscribe to our newsletter, we will send you interesting information and offers to promote our products and services based on your consent.
Customer reviews. You can share your shopping experiences and evaluate individual products in the Reviews section on our website. We may use other processors to evaluate your feedback on individual purchased products.
Card payment. If you provide us with details of your credit card, we do not have access to complete data. We only know that you are paying by card, and the card details are processed by the recipients of this information who process the payment for us.
|
Which Personal Data is involved |
Purpose of Personal Data processing |
Legal reason for processing Personal Data |
Processing time |
|
name, surname, e-mail, telephone number, delivery address and information about the ordered goods |
Order processing, user account management, customer support |
Performance of the contract |
For the duration of the customer's contractual relationship with us |
|
invoicing data, bank details and information about the ordered goods |
Bookkeeping |
Fulfillment of contract and fulfillment of legal obligations |
Tax documents for 15 years |
|
customer's first name, last name, e-mail and phone number, address |
Direct marketing (especially sending newsletters to customers) |
Legitimate interest in promoting similar services
Consent to sending commercial messages |
2 years from the last active viewing of the newsletter, unless you unsubscribe earlier |
|
pseudo-anonymized identifiers of registered users, IP address |
Routine analysis of website traffic, security of our website, detection of server errors and prevention of fraud and server attacks |
Legitimate interest |
The specific storage time of a cookie file varies according to the specific type of cookie file |
|
first name, last name, e-mail, phone number |
Reply to a message sent via chatbot, email or social media |
Consent to processing for the purpose of handling the query |
Personal data will be deleted after processing your inquiry, this does not apply if you become our customer |
|
first and last name, e-mail, telephone number of potential customers, IP addresses, cookies and other technical identifiers |
Marketing and promoting our website |
Agreement |
For the duration of consent, the storage time of cookies may vary depending on the type of cookies |
|
name, surname, e-mail of the customer and information about the ordered goods |
Providing a customer's email to a third party to evaluate customer satisfaction |
Legitimate interest |
For the duration of the customer's contractual relationship with us and subsequently for a period of 4 years after its termination |
OUR OBLIGATIONS FROM THE PERSPECTIVE OF ACCOUNTING AND TAXATION
Please note that we process a number of Personal Data for reasons which we are legally obliged to do so. We have an obligation to archive accounting documents and records (invoices) for a period of 5 years starting from the end of the accounting period to which they relate. We also have an obligation to retain an invoice for a period of 3 years from the end of the taxation period in which the tax obligation related to the invoice arose. The invoice contains the following Personal Data: name, surname, email address, billing address, or other user identification and details of the purchased goods.
Please also note that we have an obligation to archive tax documents for a period of 10 years from the end of the taxation period in which the performance was made. The tax document contains the following Personal Data: name, surname, email address, billing address, or other user identification and details of the purchased goods and/or provided digital services.
MEASURES WE HAVE TAKEN TO PROTECT YOUR PERSONAL DATA
Technical measures. We have adopted and undertake to maintain appropriate technical measures taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing Personal Data, as well as the various probabilities and severity of risks to the User, in all areas where Personal Data is processed (especially the operation of websites, operation of the E-shop, employee agenda, communication with customers). The technical measures adopted include:
regular backup of user data;
updating antivirus software systems;
access passwords to information systems (where Personal Data will be processed) and access permissions are controlled at the individual level.
Organizational measures. We have adopted and undertake to maintain the following measures:
our employees who have access to Personal Data are bound by confidentiality; and
our employees are familiar with the rules of safe work on work equipment, including the principle of protection of Personal Data.
WHEN DO WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?
Your Personal Data may be transferred to our business partners (Processors) or other third parties if required by law.
Processors. We only use verified Processors with whom we have concluded a written agreement, and who provide us with at least the same guarantees as we provide to you. These are only Processors from the European Union or to countries declared and recognized as safe, or to countries with which we have concluded standard contractual clauses in accordance with Article 46 of the GDPR and who provide your Personal Data with a level of protection comparable to that provided by the GDPR and Czech laws. All these Processors are bound by confidentiality and may not use the provided Personal Data for any other purposes than those for which we have made them available in accordance with these principles. Specific Processors will be provided upon your request for each individual reason and purpose of Personal Data Processing. If necessary, contact us by email.
Legal obligations. We may transfer Personal Data to third parties, other than Processors, if required by law or in response to legal requirements of public authorities or at the request of the court in legal disputes.
WHAT ARE YOUR RIGHTS?
You may request access to Personal Data and request correction, alteration, erasure, or restriction of processing of Personal Data where they are inaccurate or have been processed in violation of applicable data protection laws. You have the right to data portability, to object to the processing of Personal Data, the right to withdraw consent to the processing of Personal Data, and the right not to be subject to automated individual decision-making, including profiling.
Your rights regarding the processing of Personal Data can be exercised by email to info@colazio.com personally, or by mail to our address.
We endeavor to promptly accommodate your requests, but no later than within 1 month. However, circumstances may arise under which access cannot be provided (for example, if the requested information jeopardizes the privacy of others or other legitimate rights, or where the costs of providing access would be disproportionate to the risks to privacy of the individual concerned). We may take reasonable steps to verify the identity of the user before taking any steps regarding the rights of data subjects.
Right of access to Personal Data
Under Article 15 of the GDPR, you have the right to access Personal Data, which includes the right to obtain from the controller:
confirmation whether Personal Data are being processed,
information about the purposes of processing, categories of Personal Data concerned, recipients to whom Personal Data have been or will be disclosed, planned duration of processing, the existence of the right to request from the controller rectification or erasure of Personal Data concerning Users or restriction of their processing or to object to such processing, the right to lodge a complaint with a supervisory authority, all available information about the source of Personal Data if they are not obtained from Users, the fact that automated decision-making, including profiling, is taking place, and adequate safeguards for the transfer of data outside the European Union,
if the rights and freedoms of other persons are not adversely affected and a copy of Personal Data.
In the case of repeated requests, the controller may charge a reasonable fee for a copy of Personal Data.
Right to rectification of inaccurate data
Under Article 16 of the GDPR, you have the right to rectification of inaccurate Personal Data. You also have an obligation to report changes to your Personal Data (e.g., user profile information). At the same time, you are obliged to provide cooperation if it is found that the Personal Data we process are not accurate. We will make the correction without undue delay, but always taking into account the technical possibilities.
Right to erasure
Under Article 17 of the GDPR, you have the right to erasure of Personal Data concerning you unless we demonstrate legitimate grounds for the processing of such Personal Data. We have mechanisms in place to ensure automatic anonymization or erasure of Personal Data if they are no longer needed for the purposes for which they were processed.
Right to restriction of processing
Under Article 18 of the GDPR, you have the right to restriction of processing until the matter is resolved if you dispute the accuracy of Personal Data, the reasons for their processing, or if you object to their processing.
Right to be informed of rectification, erasure, or restriction of processing
Under Article 19 of the GDPR, you have the right to be informed of rectification, erasure, or restriction of processing of Personal Data. If rectification or erasure of Personal Data occurs, we will inform individual recipients, except in cases where it proves impossible or requires disproportionate effort.
Right to data portability
Under Article 20 of the GDPR, you have the right to data portability of Personal Data concerning you and which you have provided to the controller, in a structured, commonly used, and machine-readable format, and the right to request the transfer of such data to another controller.
If you provide Personal Data in connection with our contractual obligations or based on consent, and their processing is carried out automatically, you have the right to obtain such data in a structured, commonly used, and machine-readable format. If technically feasible, the data can also be transferred to a controller designated by you, provided that the person acting on behalf of the relevant controller is properly identified and authorized.
If exercising this right could adversely affect the rights and freedoms of third parties, your request cannot be granted.
Right to object to the processing of Personal Data
Under Article 21 of the GDPR, you have the right to object to the processing of your Personal Data for reasons related to your particular situation.
If we do
not demonstrate that there are compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, we will cease processing upon objection without undue delay.
If the objection is raised in the case of processing related to direct marketing, we will cease processing without undue delay.
Right to withdraw consent to the processing of Personal Data
Consent to the processing of Personal Data for marketing and business purposes can be withdrawn at any time. Withdrawal must be explicit, clear, and specific.
Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects concerning you or similarly significantly affects you. However, we specify that we do not carry out automated decision-making without human intervention with legal effects for the Data Subjects.
CONCLUSION
These Personal Data Processing Principles may only be amended in writing. Users will be informed about this through our website.
For any questions regarding our Personal Data Processing Principles, please contact us at info@colazio.com.
If you are dissatisfied, you may submit a complaint or appeal to the Office for Personal Data Protection, located at Pplk. Sochora 727/27, 170 00 Prague 7 - Holešovice (more at https://www.uoou.cz/).
These Personal Data Protection Principles are effective from April 22, 2024.