Skip to main content

Privacy Policy

INFORMATION MEMORANDUM

Dear customers, dear business partners, This document contains basic information about the processing of your personal data in our company. We appreciate that you allow us to handle your personal data and we do everything possible to protect this data to the highest possible extent. We strive to be as transparent as possible so that you have an overview of what we do with your data and what rights you have regarding the processing of your personal data.

This Information Memorandum has been created in accordance with the Regulation (EU) 2016/679 of the European Parliament and the Council on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR Regulation).

In this document, you will find the following information:

  • Who is the data controller,
  • Who is the data protection officer,
  • What are the purposes of processing personal data,
  • What are the legal bases for processing personal data,
  • What are the legitimate interests for processing personal data,
  • What personal data is processed,
  • From which sources the personal data was obtained,
  • How long personal data will be stored,
  • Who is the recipient of personal data,
  • Whether personal data is transferred outside the EU,
  • What rights you have in relation to the processing of personal data,
  • Whether there is any automated decision-making.

• This Information Memorandum contains basic information that the data controller is required to provide to the data subject according to the GDPR Regulation. The Information Memorandum is available on the company's website: https://kmitex.cz/

If you have any questions regarding the processing of your personal data, feel free to contact us at the email address: gdpr@kmitex.cz.

1. INTRODUCTORY PROVISIONS

The purpose of this Information Memorandum is to provide the data subjects with basic information about the processing of personal data.

For the purposes of this Information Memorandum:

  • controller:
    The controller is the company KMITEX s.r.o., based at Novovysočanská 537/31, 190 00 Prague 9, ID: 62917455 (hereinafter referred to as the controller),

  • Data Subject:
    The data subject is you, the individual who filled out the registration form on the e-shop or communicated via email with KMITEX (hereinafter referred to as the Data subject)

  • • Data Protection Officer:
    Not appointed

The data controller hereby informs you of the manner and scope of personal data processing, including the scope of your rights related to personal data processing.

The controller is a manufacturer and seller of measuring instruments and tools, and for this purpose operates an online store and a physical store in Prague and Stehelčeves. In connection with this activity, the controller processes personal data:

  • To the extent that it has been provided in relation to the order of products or services or in the process of contract negotiations with the controller,
  • For the purposes mentioned in Section 3 of this Information Memorandum.

Personal data is not processed by any other entity, and only the controller has access to it

2. PERSONAL DATA PROTECTION AND INFORMATION ABOUT PROCESSING

The personal data of data subjects is governed by act No. 101/2000 Coll. on the protection of personal data, as amended, and other relevant legal regulations.

The data subject acknowledges that submitting an order, inquiry, or filling out the registration form on the e-shop will initiate the processing of personal data by the controller.

If the data subject does not provide their personal data, it will not be possible to conclude a contract with the controller or provide a service based on the provided consent. Personal data is necessary in this context to provide a specific service or product from the controller.

Providing personal data to the controller is generally a contractual and legal requirement. Regarding the provision of personal data for marketing purposes, which does not represent a fulfillment of the controller's contractual and legal obligations, consent from the data subject is required. If you have not granted consent to the controller for processing personal data for marketing purposes, this will not affect the provision of other services.

The data subject is obliged to provide the controller with only truthful and accurate personal data.

The controller will make maximum efforts to prevent unauthorized processing of personal data.

Personal data is and will be processed in an electronic form by non-automated means.

The data subject acknowledges that their personal data is stored in KMITEX's data centers. The data subject also acknowledges that cookies may be stored on their device by GOOGLE LLC and SEZNAM.cz a.s..

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

Providing personal data is a contractual and legal requirement.

The processing of your personal data is for the purpose of sending marketing and business communications, fulfilling contracts between the controller and the data subject. You can refuse consent to receiving marketing and business communications at any time, and this will not affect our other mutual relations.

This notice can be sent via email to gdpr@kmitex.cz or in writing to KMITEX s.r.o., GDPR, Pivovarská 97, 273 42 Stehelčeves, Czech republic.

4. LEGITIMATE INTERESTS

Personal data is processed for the purpose of providing direct marketing based on the legal basis of legitimate interest (Article 6(1)(f)).

5. PERSONAL DATA

Personal data will never be stored longer than the maximum period allowed by law. After this period, personal data will be securely and irreversibly destroyed in accordance with the GDPR Regulation to prevent misuse.

6. PERSONAL DATA PROCESSING DURATION

Personal data will be processed for the duration of negotiations for the conclusion of a contract between the controller and the data subject, for the purpose of concluding the contract, as well as for the duration of the contractual relationship or the period specified in the consent.

In the case of a concluded contract according to the controller's terms and conditions, personal data will be processed and stored for the next 10 years from the consent granted, in case of a dispute related to the relationship between the controller and the data subject, in order to protect the legitimate interests of the controller.

For the purpose of fulfilling the legal obligation of archiving accounting documents under Act No. 563/1991 Coll., on Accounting, as amended, personal data (except for email address and phone number) will be further processed and stored for 5 years starting from the year following the year in which the contract was concluded between the controller and the data subject.

After the expiration of the periods mentioned in this article, the controller will securely destroy the personal data.

7. ACCESS TO PERSONAL DATA

Your personal data is processed by the controller, and in the activities listed below, the recipients of this data my be processers involved in:

  • Companies involved in the supply of goods,
  • Companies operating the e-shop,
  • Companies providing marketing services.

8. CROSS-BORDER DATA PROCESSING

There will be no further transfer of personal data to third countries or international organizations.

9. DATA SUBJECT RIGHTS

The controller processes your personal data in a way that ensures its correct and secure processing. Data subjects’ rights are guaranteed and can be exercised with the controller.

Data subjects can exercise their rights by sending a specific request electronically to gdpr@kmitex.cz or in writing to KMITEX s.r.o, GDPR, Pivovarská 97, 273 42 Stehelčeves, Czech Republic.

Responses and additional information regarding the actions taken will be provided to the data subject as soon as possible, but no later than one month from the submission of their request. This period may be extended by up to two months depending on the complexity and number of requests. The controller will inform the data subject of any extension and the reasons for it.

If a data subject believes that the controller is processing their personal data in violation of their privacy rights or applicable legal regulations, particularly if the personal data is inaccurate in relation to the purpose of processing, they may:

  • Request an explanation from the controller via email at gdpr@kmitex.cz
  • Raise an objection to the processing and request that the controller rectify the situation (e.g., blocking, correcting, supplementing, or deleting the personal data). The controller will promptly decide on the objection and inform the data subject. If the controller does not comply with the objection, the data subject has the right to contact the Office for Personal Data Protection directly. This does not affect the data subject's right to submit a complaint to the Office for Personal Data Protection.

Right to access:

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed. If it is, you have the right to access this data and the following information:

  • The purposes of processing,
  • The categories of personal data being processed,
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organizations,
  • The planned retention period or criteria for determining it,
  • The existence of the right to request rectification or erasure of personal data, or to request the restriction of processing or to object to such processing,
  • The right to lodge a complaint with a supervisory authority,
  • Any available information about the source of the personal data if it was not obtained from you.

Right to correction:

You have the right to request that the controller rectify your inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by providing an additional declaration.

Right to delete:

You have the right to request that the controller erase your personal data without undue delay and the controller is obliged to erase the personal data without undue delay if one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
  • you withdraw your consent and there is no further legal basis for the processing,
  • you object to processing which is carried out on grounds of public interest and the exercise of official authority or legitimate interests of the Controller, including profiling, and there are no overriding legitimate grounds for the processing,
  • you object to processing for direct marketing purposes,
  • personal data have been unlawfully processed,
  • the personal data must be erased to comply with a legal obligation under Union or Member State law to which the Controller is subject

You may contact the Administrator at any time to request deletion. Upon receipt of such a request, the Controller will assess the legitimacy of your right (the Controller may have legal obligations or legitimate interests to process your Personal Data on the basis of which it may continue to process your Personal Data) and will inform you of its processing.

Right to portability:

You have the right to obtain the personal data concerning you that have been provided to the controller in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if:

  • processing is based on consent or contract

    This right cannot be exercised where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object:

You have the right to object at any time to the processing of your Personal Data that is processed on the basis of public interest and the exercise of public authority or the legitimate interests of the controller. The controller shall no longer process the Personal Data unless it demonstrates compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this marketing, which includes profiling insofar as it relates to this direct marketing.

As required under the GDPR, this right has been explicitly mentioned and is set out clearly and separately from any other information.

Right to withdraw consent:

You have the right to withdraw your consent (or explicit consent) to the processing of your personal data at any time. You can revoke your consent by:

  • by sending an electronic request to gdpr@kmitex.cz
  • by sending a written withdrawal of consent to KMITEX s.r.o, GDPR, Pivovarská 97, 273 42 Stehelčeves, Czech Republic

Right to lodge a complaint with the supervisory authority:

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of employment or place of alleged infringement, if you believe that the processing of your Personal Data violates the GDPR.

The supervisory authority in the Czech Republic is the Office for Personal Data Protection, which can be contacted at Pplk. Sochora 27, 170 00 Prague 7, telephone number +420 234 665 111 (switchboard) or e-mail posta@uoou.cz. For more information, please contact https://www.uoou.cz/.

10. AUTOMATED DECISION-MAKING

Personal data processing does not involve profiling. Personal data processing does not involve automated decision-making.

11. FINAL PROVISIONS

All legal relationships arising in connection with the processing of personal data are governed by the laws of the Czech Republic, regardless of where access to them occurs. In case of disputes related to privacy protection between the data subject and the controller, Czech courts are competent. Data subjects who provide their personal data for the purpose of concluding a contract with the controller or grant consent to personal data processing voluntarily do so on their own behalf and the controller does not manage their actions. The controller may modify or supplement this Information Memorandum. The controller will inform of any such changes on its website.

This Information Memorandum is effective from May 25, 2018.

Basket0

Loading

Error
To the checkout

Searching...