Privacy Policy
I. Category and type of processed data
-
Name and surname, e-mail address, company name, postal address, telephone number can be processed based on consent and must be processed for the necessary performance of the contract.
II. Legal reason and purpose of personal data processing
2. The legal reason and purpose of personal data processing is:
-
processing necessary for the fulfillment of the contract to which the data subject is a party pursuant to Article 6 paragraph 1 letter b) Regulation of the GDPR;
-
the processing is necessary for the fulfillment of the legal obligation that applies to the administrator according to Article 6 paragraph 1 letter c) Regulation of the GDPR;
-
the data subject has given consent to the processing of his personal data for one or more specific purposes according to Article 6 paragraph 1 letter a) Regulation of the GDPR;
-
the processing is necessary for the purposes of the legitimate interests of the relevant controller or third party, for example the provision of marketing in the form of a newsletter or commercial communications pursuant to Article 6 paragraph 1 letter f) Regulation of the GDPR and according to § 7 paragraph 2 of Act No. 480/2004 Coll.
2.1 The purpose of personal data processing is:
-
Fulfillment of orders resulting from the contractual relationship between the entity and the Administrator pursuant to Act No. 89/2012 Coll., or pursuant to another contractual relationship;
-
Saving your shopping preferences and subsequent customization of the offer on the Administrator's website;
-
Launching marketing and remarketing campaigns on advertising platforms Google, Seznam.cz, Microsoft, Facebook, but also using RTB systems Adform, Criteo, Pubmatic and others using advertising purchase via DSP (Demand Side Platforms) and SSP (Supply Side Platforms);
-
Sending commercial messages (newsletters, push notifications and others) as part of marketing and remarketing campaigns using our own resources or third-party resources (platform for sending e-mails, sw for user notifications).
2.2 Automated individual decision-making takes place on the part of the controller in accordance with Article 22 of the GPDR Regulation. You give your explicit consent to this processing. Consent can be withdrawn at any time, for example by sending an email or letter to the contact details of LABSKY jwlr, s.r.o., Rybná 716/24, Staré Město, 110 00 Prague, info@labskyjewellery.com
III. The retention period of your data is
3. The retention period of your personal data depends on the purpose for which these personal data will be used, namely:
-
For the purpose of fulfilling the contractual relationship between the entity and the Administrator: for the duration of the provision of fulfillment
-
For marketing purposes: 8 years
-
For performance records: 15 years
3.1 After the period defined for the retention of your personal data, these personal data are deleted by the Administrator.
IV. Processing of personal data
4. Personal data of the subject can be processed by the administrator, the following processors can also process:
-
Software solution providers listed in Article III, paragraph 3.1, letters a), b), c) and d) of this Consent to the processing of personal data;
-
Provider of software solutions, applications, services and other processors that may not currently be used by the Administrator.
4.2 The administrator and the processor shall take measures to ensure that any natural person who acts on behalf of the administrator or the processor and has access to personal data, processes such personal data only on the instructions of the administrator, if their processing is no longer required by the law of the Union or a Member State.
V. Recipients of the administrator's personal data
5. Recipients of personal data are companies or persons who:
-
Ensuring the implementation of the contract between the administrator and the subject concerned (e.g. forwarding companies, payment processing, over-the-top services, etc.);
-
Providing marketing services, see Article III. paragraph 3.1, letters a), b), c) and d) of this Consent to the processing of personal data;
-
Ensuring the operation of the website https://www.labskyjewellery.com (e.g. partner, marketplace entity, external suppliers, etc.);
-
Ensuring the correct agenda of the company: LABSKY jwlr, sro, IČ 10983813, with registered office Rybná 716/24, Staré Město, 110 00 Prague, operating the website https://www.labskyjewellery.com from the point of view of the Act on (e.g. legal advice, accounting, etc.).
5.1 The administrator intends to use services that are not part of the EU and thus intends to transfer personal data to third world countries. Recipients of personal data in third world countries are the providers of the platforms listed in Article III., paragraph 3.1, letter a), b), c) and d) of this Consent to the processing of personal data.
VI. Your rights
6. According to the provisions of the GDPR Regulation, you have the right to:
-
The right to access personal data according to Article 15 of the GDPR Regulation and at the same time Article 22 and Article 46 of the GDPR Regulation;
-
The right to immediate correction of personal data according to Article 16 of the GDPR Regulation;
-
The right to erasure of personal data ("the right to be forgotten") according to Article 17 of the GDPR Regulation;
-
The right to limit the processing of personal data according to Article 18 of the GDPR Regulation;
-
The right to portability of personal data according to Article 20 of the GDPR Regulation;
-
The right to object to the processing of personal data concerning you, based on Article 6 paragraph 1 letter e) or f), including profiling based on these provisions, according to Article 20 of the GDPR Regulation;
-
The right to revoke the granted consent to the processing of personal data;
-
Right to complain to a supervisory authority.
6.1 The controller does not further process personal data, unless it proves serious legitimate reasons for processing that outweigh the interests or rights and freedoms of the data subject, or for the determination, exercise or defense of legal claims.
6.2 Only you or your authorized representative can obtain information about your personal data. If the Administrator is not sure of your identity, he may ask you for additional information to verify your identity.
6.3 The administrator shall notify individual recipients to whom personal data has been made available of any corrections or deletions of personal data or restrictions of processing carried out in accordance with Article 16,Article 17paragraph 1 and Article 18 of the GDPR, except where this proves to be impossible or requires a disproportionate effort. The administrator informs the data subject of these recipients if the data subject requests it.
VII. Security of personal data
7. Taking into account the state of the art, implementation costs, nature, scope, context and purposes of the processing, as well as the variously probable and variously serious risks to the rights and freedoms of natural persons that the processing entails, the administrator shall implement, both at the time of determining the means for processing, so at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization, the purpose of which is to implement data protection principles, such as data minimization, in an effective way and to incorporate the necessary guarantees into the processing, so as to meet the requirements of this regulation and protect the rights of data subjects.
7.1 The administrator will implement appropriate technical and organizational measures to ensure that only personal data that is necessary for each specific purpose of the processing is processed as a standard. This obligation applies to the amount of personal data collected, the extent of their processing, their storage period and their availability. These measures will in particular ensure that personal data are not made available to an unlimited number of natural persons by default without human intervention.