Personal data processing rules

1.

This document contains information regarding the processing of personal data of buyers, which they communicate to the seller in connection with the purchase or reservation of goods in the headandbeard.eu online store, in accordance with Article 13 of Regulation of the European Parliament and Council No. 2016/679 of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (General Regulation on the Protection of Personal Data) (hereinafter referred to as the “Regulation”), which is directly legally binding also in the territory of the Czech Republic, as well as Act No. 110/2019 Coll., on the processing of personal data, as amended.

2.

According to the Regulation, all information about an identified or identifiable natural person is considered personal data; in particular by reference to, for example, the name, identification number, location data, network identifier or one or more special elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person (hereinafter referred to as “Personal Data”). The seller does not process special categories of personal data, such as data indicating racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sex life or sexual orientation of the subject, etc.

3.

The seller is the administrator of the personal data that it collects for the following purposes, disposes of them, and is responsible for their proper and legal processing. The administrator of personal data determines the purpose and means of processing.

4.

Before the buyer makes a purchase or reservation of goods, he is obliged to carefully study these Rules. If he does not understand any point or condition, he can contact the administrator.

5.

The Seller processes the following Personal Data:

name and surname
phone connection
email address
address for delivery of goods
billing address
bank connection number
The seller collects and processes the above personal data in connection with the fulfillment of the purchase contract, i.e. for the purpose of processing the order, delivery of the goods, issuance of the accounting document, withdrawal from the contract and possible complaints about the goods, as well as for the purpose of fulfilling legal obligations arising from, among other things, Act No. 563 /1991 Coll., on accounting, as amended, when paying by payment card, this is the fulfillment of obligations arising from Act No. 370/2017 Coll., on the payment system and Act No. 253/2008 Coll., on the legalization of criminal proceeds activities and financing of terrorism, as amended. The processing of personal data for these purposes is not subject, in accordance with Article 6, paragraph 1, letter b) and Article 6 paragraph 1 letter c) Ordering the consent of the data subject, as their processing is necessary for the fulfillment of the concluded contract, as well as the fulfillment of legal obligations.

Personal data will be kept for a maximum of 5 years from the moment of their provision.

6.

The administrator may use personal data for the purposes of disseminating commercial communications in the form of electronic contact (e-mail), on the basis of which he informs customers of current information about the company, product offers, discount events and other news, but only if the e-mail in question acquired in connection with the previous purchase of goods on the headandbeard.eu online store, all in accordance with Act No. 480/2004 Coll., on certain information society services, as amended.

7.

The administrator processes personal data in an automated and manual manner with the help of the administrator’s own employees or by persons in the position of processors who have been entrusted with the processing of personal data on the basis of personal data processing contracts. Processors have access to Personal Data to the extent necessary for performance arising from the relevant processing contract. These are processors operating in the following areas:

marketing,
accounting, auditors, legal services,
IT,
web and mobile application development;
online communication, social networks;
client service;
persons carrying consignments;
persons operating the method of payment for goods chosen by the customer.

8.

In order to provide the best possible services and create content of interest to the given customer, the administrator processes the customer’s personal data and uses it to personalize the website (e.g. display of recently viewed goods, suggestions of goods of interest to the customer) so that they correspond as closely as possible to the interests of the customer.
The customer’s personal data is processed to the extent necessary to fulfill the above-mentioned purpose, namely to the following extent:

customer email;
name and surname
address
telephone number
data about the use of the site (data about viewing goods and about the frequency of visiting the site);
data about online identifiers (e.g. IP address, MAC address, device or browser fingerprint).
The legal basis for such processing of personal data is the express consent of the customer as the person in question, which is granted separately when using that particular service or fulfilling a contract to which you are a party. The customer’s personal data will be processed for the above purpose for a period of up to 3 years from the last transaction the customer made in the e-shop.

9.

The controller processes personal data only to the extent specified in this document and in accordance with Regulation and Act No. 110/2019 Coll., on the processing of personal data, as amended. In relation to Personal Data, the data subject has the following rights:

the right to obtain confirmation as to whether or not Personal Data is being processed and, if so, the right to obtain access to such Personal Data,
the right to correct your Personal Data,
the right to delete your Personal Data,
the right to restrict the processing of Personal Data,
the right to portability of Personal Data.
The right to confirm processing and to access information
The right to obtain confirmation as to whether or not Personal Data is being processed, and if so, the right to request information on the purpose, categories, source, recipients, processing time, existence of the right to correction, erasure, restrictions, objections and filing a complaint with the supervisory authority.

Right to rectification
The right to correct Personal Data in the event that any inaccuracies are discovered, without undue delay. In addition, it is the right to supplement incomplete Personal Data.

Right to erasure

Right to erasure of Personal Data relating to the applicant. The administrator is obliged to delete personal data without undue delay under the following conditions:

Personal data are no longer needed for the purposes for which they were collected or otherwise processed;
the consent on the basis of which the Personal Data was processed has been withdrawn and there is no further legal reason for the processing;
Personal data has been processed unlawfully;
Personal data must be deleted to fulfill a legal obligation established by law;
Personal data was collected in connection with the offer of information society services in the case of a person under the age of 15, for whom the person exercising parental responsibility must give consent to the processing in accordance with applicable legislation.
The above does not apply if the processing is necessary:

for the exercise of the right to freedom of expression and information;
for the fulfillment of a legal obligation that requires processing according to legal regulations, or for the fulfillment of a task carried out in the public interest or in the exercise of public authority with which the company is entrusted;
for reasons of public interest in the field of public health;
for the purposes of archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, if it is likely that the aforementioned right would make it impossible or seriously jeopardize the fulfillment of the objectives of the said processing;
for the determination, exercise or defense of legal claims.
Right to restriction of processing
The right to restriction of processing in any of the following cases:

denying the accuracy of the Personal Data for the time required for the Company to verify the accuracy of the Personal Data;
the processing is unlawful and the data subject refuses the erasure of the Personal Data and requests the restriction of its use instead;
the company no longer needs the Personal Data for processing purposes, but will require it for the determination, exercise or defense of legal claims;
if the data subject objects to the processing and it has not yet been verified whether the legitimate reasons of the company prevail over the legitimate reasons.
If the processing of Personal Data has been restricted according to the above-mentioned “Rights to Restriction of Processing”, these Personal Data, with the exception of their storage, may only be processed with the consent of the data subject, or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of others natural or legal persons or for reasons of important public interest of the European Union or a member state.

Right to data portability
The right of the data subject to obtain the Personal Data relating to him/her that he/she has communicated to the Company in a structured, commonly used and machine-readable format, and the right to transfer such data to another administrator without the Company preventing this, in the event that:

the processing is based on consent or on a contract; or
processing is done automatically.
The subject of “Rights to Portability” is not data obtained by the company’s activities.

When exercising the right to data portability, the data subject has the right to have the Personal Data transferred directly by the company to another administrator, if this is technically feasible.

The exercise of the above-mentioned “Right to data portability” does not affect the above-mentioned “Right to erasure”.
The right to object
The right to object at any time to the processing of Personal Data that concern the data subject and that are processed on the basis of a legal reason consisting in the legitimate interest of the controller.

If the Personal Data is processed for the purposes of direct marketing (on the basis of a legitimate interest), the data subject has the right to object at any time to the processing of the Personal Data concerning him/her for such purpose. If you object to processing for direct marketing purposes, Personal Data will no longer be processed for these purposes.

If the Personal Data is processed for the purposes of defense against the subject’s claims, the recovery of the controller’s claims, to demonstrate compliance during the inspection by the supervisory authority, the data subject has the right to raise an objection at any time. Based on this objection, the administrator will review the processing and will not process the personal data further, unless there are serious legitimate reasons for the processing that outweigh the interests or rights and freedoms of the data subject, or for the determination, exercise or defense of legal claims.

10.

In relation to Personal Data, there will be no automatic individual decision-making within the meaning of Article 22 of the Regulation.

In the event that you do not agree with the way in which we process your Personal Data, you can contact the supervisory authority, which is the Office for the Protection of Personal Data (address: Pplk. Sochora 27, 17000 Prague 7, website: www.uoou.cz)

Rules for the use of cookies
Cookies are small text files that the headandbeard.eu website sends to the visitor’s internet browser (e.g. Google Chrome, Safari, Mozilla Firefox, Opera, Edge, Internet Explorer) and which the internet browser then stores on the visitor’s device (e.g. computer, phone or tablet). Information is stored in cookies that connect the end devices used, which makes it possible to adapt the content of the website to your needs and preferences. Based on the stored cookies, however, the website operator is not able to directly determine the identity of the visitor.

Cookies also enable us to analyze website traffic, provide social network functions, facilitate the purchase of products, protect data, personalize content and marketing messages and other settings. The use of cookies is common within almost every website. Website visits can thus be easier and more efficient for visitors.

Depending on the type of cookies and the settings of the Internet browser, they can be permanent or temporary (for the time the browser is turned on, or for the time specified in its settings). Persistent cookies help to identify the visitor’s device when visiting the website and prevent repeated display of the same content. Temporary cookies are automatically deleted when the internet browser is closed. Cookies can always be deleted regardless of whether they are permanent or temporary.

The following types of cookies are used on the headnadbeard.eu website:
-Necessarily

These cookies are not optional. They are necessary for the website to function.

– Statistics
So that we can improve the functionality and structure of the website based on how the website is used.

– User experience
To make our website work as well as possible during your visit. If you reject these cookies, some functions will disappear from the website.

– Marketing
By sharing your interests and behavior when visiting our site, you increase the chance of displaying personalized content and offers.

In addition to our own cookies, cookies from third parties may also be used, which are needed in particular for statistical surveys on the use of websites, obtaining marketing information, making content from other websites available, and streamlining marketing activities (tracking cookies, optimization cookies and partner cookies). Third-party cookies are created and subsequently used by service providers such as Google Analytics, Google AdSense, Facebook, etc.

Obsah: