Provisions for Processing Personal Data
Van Aspen, s.r.o., registered at Roubalova 453/3, 602 00 Brno, Company Registration No.: 269 60 559, inscribed under file number C 48068 in the Commercial Register kept by the Regional Court in Brno, is the controller of your personal data pursuant to Article 4, paragraph 7 of Regulation (EU) 2016/679 (EU) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR).
You may contact the controller via the contact form.
The controller will store the following personal data: name, surname, address, and email address.
Sources and Categories of Processed Personal Data
The controller will process personal data that you have provided, or any personal data received on the basis of your order.
The controller will process your personal and identifying data and any other data only necessary to fulfil the conditions of the contract.
Lawful Reasons and Purposes for Processing Personal Data
Lawful reasons for processing personal data are:
- Fulfilling a contract between you and the controller in accordance with Article 6, paragraph 1, point (b) of the GDPR.
- Legitimate interests pursued by the controller in providing direct marketing in accordance with Article 6, Paragraph 1, point (f) of the GDPR.
- Your consent to the processing of your personal data for direct marketing purposes in accordance with Article 6, Paragraph 1, point (a) of the GDPR in conjunction with Article 7, paragraph 2 of Act No. 480/2004 Coll. on certain information society services, in the absence of an order for goods or services.
The purposes of processing personal data are:
- Responding to your order and exercising the rights and obligations arising from the contractual relationship between you and the controller; requesting personal data during the ordering process is a necessary requirement for successfully responding to orders (name and address, contact information), providing personal data is a necessary requirement for the acceptance and fulfilment of your order, without the provision of personal data it is not possible for the controller to accept or fulfil the order.
- Sending commercial communication in the context of direct marketing by the controller.
There is no automated individual decision-making by the controller within the meaning of Article 22 of the GDPR.
Period of Storage
The controller will retain your personal data:
- For the period necessary to exercise the rights and obligations arising out of any contractual relationship between you and the controller, and the exercise of claims arising from these contractual relationships.
- Unless your consent is withdrawn, for a maximum of 10 years if we have processed your personal data for marketing purposes with your consent.
At the end of the retention period, the controller will delete the personal data.
Recipients of Personal Data (Subcontractors to the Controller)
Recipients of the personal data are those:
Involved in the delivery of goods/services/realisation of payments on the basis of a contract.
The controller does not intend to transfer personal data to a third country (outside the EU).
Under the conditions laid down in the GDPR, you have the following rights:
- The right to access your personal data in accordance with Article 15 of the GDPR
- The right to the rectification of your personal data in accordance with Article 16 of the GDPR, and the right to the restriction of processing in accordance with Article 18 of the GDPR
- The right to the erasure of your personal data in accordance with Article 17 of the GDPR
- The right to object to processing in accordance with Article 21 of the GDPR
- The right to data portability in accordance with Article 20 of the GDPR
- The right to withdraw your consent to processing either in writing to the controller’s above-mentioned address or via email to firstname.lastname@example.org.
You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your rights to personal data protection have been violated.
Terms and Conditions for Personal Data Security
The controller declares that they have taken all appropriate technical and organisational measures to safeguard personal data.
The controller has taken technical measures to protect data storage and personal data stored in paper form, and encrypted communications in particular.
The controller declares that personal data may only be accessed by authorised persons.
By sending a message via the web contact form, you acknowledge that you are familiar with the terms and conditions for data protection and that you accept them in their entirety.
These conditions came into force on 25 May 2018.