Privacy Statement of Chefcourse s.r.o.
We, the company Chefcourse s.r.o., with registered office at Jeronymova 325/7, 130 00, Prague 3, ID:02415615, registered in the Commercial Register kept at the Municipal Court in Prague, Section C, Insert 218425, have prepared this Privacy Statement to inform you, our customers, about how we collect, process, use and protect your personal data and thus help protect your privacy.
All handling of your personal data is carried out in accordance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), Act No. 101/2000 Coll., on the protection of personal data, as amended, Act No. 127/2005 Coll., on electronic communications, as amended, and Act No. 480/2004 Coll., on certain information society services, as amended.
1) What is personal data?
Personal data is any information on the basis of which we can identify you. It is therefore information that is specifically attributable to you. Personal data is not anonymous data, i.e. data that we cannot unambiguously link to your person.
Personal data is divided into:
Basic data such as your name, surname, date of birth, address, etc.
Special categories of personal data, which are data of a very personal and sensitive nature, such as racial or ethnic origin, religion or health data.
When you make a purchase on our e-shop and subscribe to our newsletter, we only require basic data from you that are necessary to fulfil the respective purpose.
2) Controller and processor of personal data
The data controller is the one who determines the purposes and means of the processing of personal data. For example, we are the controller of your personal data when you make a purchase through our e-shop or when you subscribe to our newsletter. As the controller, we are responsible for compliance with all obligations related to the protection of your personal data.
The contact details for us as the data controller are as follows:
Jeronymova 325/7, 130 00, Prague 3
E-mail: [email protected]
phone line: +420 739 451 492
A personal data processor is one who only processes personal data for us as a controller, but does not determine the purposes or means of the processing. Typically, this will be external partners through whom, for example, we send commercial communications. We always enter into a written contract with processors for the processing of personal data and ensure that they meet the appropriate data protection requirements.
3) Personal data processing principles
We approach the processing of personal data with the utmost seriousness and awareness of responsibility. We handle your personal data with appropriate care and caution and in accordance with applicable law and protect it to the highest possible degree corresponding to a high level of security.
We follow the following principles when processing your personal data:
The principle of lawfulness, fairness and transparency, which requires us to always process your personal data in accordance with the law, on the basis of at least one legal ground. It also requires us to provide you with information about how your personal data will be processed, to whom your personal data will be passed on, or to inform you in cases of serious security breaches or leaks.
The purpose limitation principle, which requires us to collect your personal data for specific, explicit and legitimate purposes and prohibits us from further processing such data in a way that is incompatible with those purposes.
The data minimisation principle, which requires us to process only adequate and relevant personal data in relation to the purpose for which it is processed.
The Accuracy Principle, which requires us to take all reasonable steps to keep your information up to date and accurate and to correct or delete inaccurate information.
The principle of storage limitation, which requires us to keep your personal data only for as long as necessary for the specific purpose for which it is processed. Therefore, as soon as the purpose of the processing ceases or the specified period expires, we will delete your personal data or anonymize it (i.e. modify it so that it is not in any way associated with your person).
The principle of integrity and confidentiality, which requires us to process your personal data in a way that ensures its proper security and protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
4) Purposes and legal grounds for processing personal data
We only ever obtain and process your personal data from you to the extent necessary and on the basis of at least one legal ground. We also always process your personal data for a specific, explicit and legitimate purpose. Processing of personal data without such a clear purpose or in a way that is incompatible with such purpose is not permitted.
The following are the specific legal grounds on which we process your personal data.
Performance of a contractual obligation - in these cases, we process your personal data for the conclusion of a contract and for the subsequent performance of such contract. Typically, this will involve processing your personal data in connection with an order from our e-shop.
Consent - in these cases we process your personal data on the basis of your consent. Consent is always given for each purpose separately and always clearly states the extent to which personal data is processed, for what purpose and for how long. The granting of consent always presupposes your active action; therefore, for example, a tick box is required to grant consent. You always have the right to withdraw your consent.
Legitimate interest - in these cases, we process your personal data because it is necessary for the purposes of our legitimate interest. However, this does not apply where our legitimate interest takes precedence over your interest or your fundamental rights and freedoms.
5) Your rights
As a so-called data subject, you have certain rights under the law, specifically:
The right to information about the processing of personal data - through this right you can obtain information concerning our identification as the controller of your personal data. At the same time, you are entitled to know the legal title of the processing (for example, the performance of a contract), the purpose (for example, contracts for the purchase of our goods) or information about the retention period of the personal data. We will always inform you in advance of the legal title and purpose of the processing before we start processing your personal data.
Right of access to personal data - this right gives you the opportunity to request confirmation from us as to whether we are processing your personal data and, where applicable, more detailed information about that data and its processing. You can also request a copy of the personal data we process from us.
Right to rectification - this right allows you to request the rectification of any inaccurate personal data and, taking into account the purposes of processing, the completion of incomplete personal data. Please note that we, as the controller, are not obliged to actively ascertain whether your personal data is correct or complete. Your right to rectification is precisely to ensure that your data is always up-to-date.
The right to erasure - also known as the right to be forgotten - means that in certain cases we are obliged to destroy your personal data. Specifically, if your data is no longer necessary for the purpose for which it was processed, or if you withdraw your consent to the processing of your personal data and there is no other legal basis for processing it, or if you successfully object to the processing of your personal data, or if we are required to do so by law.
Right to object - this right is available to you if we process your personal data for the performance of a task carried out in the public interest or in the exercise of official authority (which we do not do) or on the basis of our legitimate interest. In such a case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of our legal claims. You may also object if we process your personal data for direct marketing purposes. In this case, we will no longer process your data for these purposes without further consent.
The right to data portability - this right allows you to obtain your personal data in a structured, commonly used and machine-readable format and to transfer this personal data to another controller. This right is only available to you if the processing of your personal data is based on consent or contract, or if it is carried out by automated means (that is, if it is carried out wholly or partly by automated processes).
Right to restriction of processing - this right allows you to request that we restrict the processing of your personal data in certain cases. Specifically, this includes the following:
if you deny the accuracy of the personal data, for as long as necessary for us to verify its accuracy;
if the processing is unlawful, but you do not request the erasure of the personal data, but only the restriction of the processing;
if we no longer need your personal data for processing purposes but you need it to establish, exercise or defend legal claims;
if you object to the processing of your personal data until it is verified that our legitimate grounds outweigh your legitimate grounds.
If we restrict the processing of your personal data, we may only process it (with the exception of storage) with your explicit consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or one of its Member States.
The right not to be subject to a decision based solely on automated processing that has legal effects on you or similarly significantly affects you - in other words, this right means that any decision affecting you must be made with human intervention and not just on the basis of, for example, an assessment by a computer program.
6) Recipients of your personal data
The recipient of personal data is the person to whom we provide your personal data for a specific reason. We use the following categories of recipients of your personal data in the course of our business:
Persons involved in the delivery of the goods (e.g. postal licence holders, courier services). We pass on to the carriers the information necessary for the delivery of the ordered goods to you. In this case, the carriers have the status of controller of your personal data transmitted in this way.
Persons providing services necessary for the operation of the e-shop (hosting company).
Persons providing e-mailing services related to sending the newsletter.
7) Security of personal data
To protect your personal data, we take appropriate technical and organizational measures to ensure its maximum security. Only persons authorised by us have access to your personal data.
Should a situation arise (however we believe it will not arise) where there is a breach of security of your personal data, we are obliged to notify the Data Protection Authority within 72 hours. If there is a breach of your personal data in such a way that it poses a significant risk to you, we are also obliged to notify you if we have up-to-date contact details for you.
8) Final provisions
We are entitled to amend or change this declaration at any time. The current version of this declaration is always published on our website.
If you disagree with the way we process your personal data, you can contact the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, tel.: 234 665 111, www.uoou.cz.
This declaration is effective from 25 May 2018