I. Fundamental Provisions
- 4PX Express CZ s.r.o., ID number 05122732, with the registered office located at Za Poricskou branou 365/21, 186 00 Prague, is the personal data controller pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) (hereinafter the “Controller”).
- The Controller’s contact information is as follows:
- Address: Lidicka 498, 252 61 Jenec
- Email: firstname.lastname@example.org
- Phone No.:734 756 039
- Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- The Controller has not designated a data protection officer.
II. Processed Personal Data Categories and Sources
- The Controller shall process personal data provided by you or obtained via the performance of your order.
- The Controller shall process your identification and contact data and data necessary for the performance of a contract.
III. Legal Ground and Purpose of Personal Data Processing
- The legal ground for the processing of personal data is
- the performance of a contract between you and the Controller pursuant to Article 6(1)(b) of the GDPR;
- The purpose of the processing of personal data is
- the processing of your order and the exercise of the rights and obligations arising from the contractual relationship between you and the Controller; when you place an order, you are required to provide personal data that are necessary for a successful fulfilment of the order (name and address, contact data); the provision of personal data is a necessary requirement for entering into and performing the contract; the contract cannot be entered into or performed by the Controller without the provision of personal data;
- the sending of commercial communications and other marketing activities.
- The Controller does not perform automated individual decision-making pursuant to Article 22 of the GDPR. You have given your express consent to such processing.
IV. Personal Data Retention Period
- The Controller shall retain the personal data
- for the period necessary for the exercise of the rights and obligations arising from the contractual relationship between you and the Controller and for making any claims under the contractual relationship (for a period of 15 years from the termination of the contract).
- After the expiry of the retention period, the personal data shall be erased by the Controller.
V. Personal Data Recipients (the Controller’s Subcontractors)
- Recipients of personal data include
- persons involved in the delivery of goods/services / processing of payments under the contract,
- persons involved in ensuring the operation of services,
- persons ensuring marketing services.
- The Controller does not intend to transfer personal data to a third country (outside the EU) or international organisation. Personal data recipients in third countries are mailing/cloud service providers.
VI. Your Rights
- Under the circumstances stipulated in the GDPR, you have the following rights:
- Right of access to your personal data pursuant to Art. 15 of the GDPR;
- Right to rectification of personal data pursuant to Art. 16 of the GDPR, or restriction of processing pursuant to Art. 18 of the GDPR;
- Right to erasure of personal data pursuant to Art. 17 of the GDPR;
- Right to object to the processing pursuant to Art. 21 of the GDPR; and
- Right to portability of data pursuant to Art. 20 of the GDPR;
- Right to withdraw your consent to the processing of personal data in writing or by email to the Controller’s address or email address provided in Article III above.
- You also have the right to lodge a complaint with the Personal Data Protection Authority if you believe your right to personal data protection has been infringed.
VII. Personal Data Security
- The Controller declares to have adopted all appropriate technical and organizational measures to ensure security of personal data.
- The Controller has adopted technical measures to secure data storage devices and repositories of personal data in paper form, particularly antivirus programs, thorough backups and passwords.
- The Controller declares that only persons authorised by the Controller have access to the personal data.
VIII. Final Provisions
- By placing your order via the online order form, you confirm that you have read and understood and fully accept the terms and conditions of personal data protection.
- You accept these terms and conditions by ticking the consent box via the online form. By ticking the consent box, you confirm that you have read and understood and fully accept the terms and conditions of personal data protection.
- The Controller is entitled to change these terms and conditions. The new version of the terms and conditions of personal data protection will be published on the Controller’s website, or send to you to the email address provided by you.
This Policy becomes effective on 1 October 2020.