1. These personal data protection rules (hereinafter referred to as the "Rules") set out the rules for the processing of personal data in accordance with legal regulations, in particular EU Regulation No. 2016/679, the General Data Protection Regulation (hereinafter referred to as the "GDPR"). The purpose of these rules on the processing of personal data is to enable you to exercise control, ensure you are informed, and familiarize you with what personal data we collect, why we collect it, and how we use it. We provide a summary in plain language solely for ease of reading and it is not legally binding. To get a complete picture of your rights and obligations, please read the full text of these Rules. By completing the web form, you confirm that you understand these Rules, that you agree with their wording, and that you accept them in their entirety.

​

2. Reason, scope, and purpose of personal data processing

The controller of your personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR") is Klára Kovačíková, Libochovičky 14, 273 42 (hereinafter referred to as the "controller"). Please direct any questions regarding the processing of your personal data to the controller's contact details info@clarita.cz Personal data means any information relating to an identified or identifiable natural person; An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The controller has not appointed a data protection officer. The controller processes your personal data that you have provided to it or personal data that the controller has obtained on the basis of your filling in orders or other relevant forms. The controller processes your identification and contact details and data necessary for the performance of the contract, i.e. name, surname, email address, telephone number and, if necessary, also the company registration number, tax identification number, registered office or place of business. The legal basis for the processing of personal data is the performance of a contract between you and the controller pursuant to Article 6(1)(b) of the GDPR. Your consent to processing for the purposes of direct marketing (in particular for sending commercial communications and newsletters) pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in the event that no goods or services have been ordered. The purpose of personal data processing is to process your order and exercise the rights and obligations arising from the contractual relationship between you and the controller; When placing an order, personal data necessary for the successful processing of the order (name and address, contact details) is required. The provision of personal data is a necessary requirement for the conclusion and performance of the contract. Without the provision of personal data, it is not possible to conclude the contract or for the controller to perform it, send commercial communications, or carry out other marketing activities. The controller does not make automatic individual decisions within the meaning of Article 22 of the GDPR. The controller stores your personal data: for the period necessary to exercise the rights and obligations arising from the contractual relationship between you and the controller and to enforce claims arising from these contractual relationships (for a period of 15 years from the termination of the contractual relationship). until consent to the processing of personal data for marketing purposes is revoked, for a maximum of 5 years. After the retention period for personal data has expired, the controller will delete your personal data. Personal data is information that identifies a specific natural person. From the moment you fill out and send us an inquiry, order, or other web form, we process your personal data. We only process the data you have provided to us. We will only use your data to process your request, fulfill the contract, fulfill legal obligations such as issuing invoices, and to send newsletters or other informational emails.

 

3. Recipients of personal data (subcontractors of the controller)

a. The recipients of personal data are persons involved in the provision of services/payment processing on the basis of a contract, providing emailing services and other services related to the operation of the website, providing accounting, tax, and legal services, and providing marketing services.

 

4. Vaše práva

Under the conditions set out in the GDPR, you have the right to access your personal data pursuant to Article 15 of the GDPR, the right to rectify personal data pursuant to Article 16 of the GDPR, or to restrict processing pursuant to Article 18 of the GDPR. the right to erasure of personal data pursuant to Article 17 of the GDPR. the right to object to processing pursuant to Article 21 of the GDPR and the right to data portability pursuant to Article 20 of the GDPR. the right to withdraw consent to processing in writing or electronically at info@clarita.cz You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated. As a person interested in using our services by filling out the contact web form: you agree to the use of your personal data for the purposes of electronic sending of commercial communications, advertising materials, direct sales, market research, and direct product offers by the controller, and at the same time you declare that you do not consider the sending of information according to the previous point to be unsolicited advertising within the meaning of Act No. No. 40/1995 Coll., as amended, as you expressly agree to the sending of information in accordance with the previous point in conjunction with Section 7 of Act No. 480/2004 Coll. You can revoke your consent under this paragraph at any time in writing at info@clarita.cz, or unsubscribe from commercial communications. In order to improve user-friendliness and analytics, the website operator uses cookies – text files that are stored on the visitor's computer when they visit the website. These cookies do not fall within the scope of the GDPR. Website visitors can disable cookies in their browser settings. During our cooperation, you can contact us at any time with questions about how we process your data. We are required by law to keep personal data used in contract documents and invoices and to archive it for a certain period of time, which means we cannot delete it. However, we can delete your personal data used for sending newsletters at your request or when you unsubscribe, which you can do in the footer of each newsletter.

 

5. Organizační a technická opatření k zabezpečení osobních údajů

The administrator undertakes to ensure the processing of your personal data in the following manner: Your personal data is processed in accordance with legal regulations and for the performance of all activities necessary for the provision of services. The administrator will ensure the technical and organizational protection of the processed personal data so that there can be no unauthorized or accidental access to your personal data, alteration, destruction or loss, unauthorized transfers, other unauthorized processing, or other misuse, and that all obligations arising from legal regulations regarding personal data will be continuously secured in terms of personnel and organization for the duration of data processing. The technical and organizational measures taken correspond to the level of risk. The controller uses them to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. Only authorized persons of the controller and subcontractors in accordance with these Rules, who have agreed with the controller on the conditions and scope of data processing, will have access to personal data. Only authorized persons of the controller and subcontractors in accordance with these Rules, who have agreed with the controller on the conditions and scope of data processing and who are obliged to maintain confidentiality regarding personal data and security measures, the disclosure of which would jeopardize their security, shall have access to personal data. The Provider shall adopt and maintain up-to-date security measures for the protection of personal data adequate to the nature and scope of your personal data.

​

6. Final provisions

​

a. By completing and submitting the online order form or other relevant form and ticking the box "I agree to the Terms and Conditions," you confirm that you are familiar with the personal data protection rules, that you agree with them, and that you accept them in their entirety.​

 

b. The administrator is entitled to change these Rules. The administrator will publish the new version of the Rules on its website and will also send you the new version of these terms and conditions to the email address you provided to the administrator. These terms and conditions are valid from 01/01/2021.