No products
GDPR - Personal Data Protection
Processing of personal data and information for data subjects
Terms and Conditions of Personal Data Protection
I. Basic provisions
The data controller in accordance with Section 4, clause 7 of the Regulation (EU) 2017/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) is Mighty Productions s.r.o. (hereinafter referred to as the “Controller”).
The Controller’s contact details are:
Address:
Mighty Productions s.r.o.
Seifertova 571/5
130 00 Prague 3
Czech Republic
Email: frantisek@mproductions.cz
Phone: +420777200258
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Controller has not appointed a data protection officer.
II. Sources and categories of processed data
The Controller processes personal data you have provided to the Controller or personal data the Controller has acquired on the basis of processing your order.
The Controller processes your identification and contact data and data necessary for the performance of the Purchase Contract.
III. The lawful reason and purpose for the processing of personal data
The lawful reasons for the processing of your personal data are:
– the performance of the Contract between you and the Controller pursuant to Section 6, par. 1(b) of the GDPR;
– the Controller’s legitimate interest in providing direct marketing (particularly for the purposes of sending promotional offers and newsletters) pursuant to Section 6, par. 1(f) of the GDPR;
– your consent with the processing of personal data for the purposes of providing direct marketing (particularly for the purposes of sending promotional offers and newsletters) pursuant to Section 6, par. 1(a) of the GDPR together with Section 7. par. 2 of Act no. 480/2004 Sb. (Certain Information Society Services Act) in the event no order of goods or services has taken place.
The purposes of the processing of personal data are:
– the processing of your order and the exercise of rights and obligations arising out of the Contract concluded between you and the Controller; the order requires the provision of personal data necessary for the execution of the order (name, address, contact details); the provision of such personal data is a necessary condition for the conclusion and performance of the Contract, and without the provision of such personal data, it shall not be possible to conclude the Contract or perform the Contract on the part of the Controller;
– sending promotional offers and performing other marketing activities.
The Controller performs automated individual decision-making pursuant to Article 22 of the GDPR. You have provided your consent with such processing.
IV. Personal data retention period
The Controller stores the personal data:
– for a period necessary to exercise the rights and obligations arising out of the Contract concluded between you and the Controller and to make claims based on this Contract (for 10 years following the termination of the Contract);
– for a period lasting until the date of revocation of the consent with the processing of personal data for marketing purposes, 3 years at the latest, if the data are processed on the basis of a consent.
After the lapse of the personal data retention period, the Controller shall erase these personal data.
V. Recipients of personal data (the Controller’s subcontractors)
Recipients of personal data are parties:
– taking part in the provision of goods or services or the execution of payments under the Contract;
– ensuring the operation of the online shop and other services necessary in connection with the online shop;
– performing marketing services;
in order to enter into account all tax documents issued in accordance with the Contract and with generally binding legal provisions in the following extent:
– first name and surname, title,
– shipping address,
– billing address,
– email address,
– phone number,
– bank account details,
– subject of performance.
The Controller has no intention of sharing personal data with countries outside the EU or international organizations.
VI. Your rights
Under conditions stipulated in the GDPR, you have:
– the right to access your personal data pursuant to Article 15 of the GDPR;
– the right to correct personal data pursuant to Article 16 of the GDPR or the right to restrict the processing of personal data pursuant to Article 18 of the GDPR;
– the right to erasure of personal data pursuant to Article 17 of the GDPR;
– the right to object to the processing of personal data pursuant to Article 21 of the GDPR;
– the right to data portability pursuant to Article 20 of the GDPR;
– the right to revoke consent with data processing in writing or electronically using the Controller’s postal or email address provided in Article III of these Terms and Conditions.
Furthermore, you have the right to submit a data protection complaint with the national data protection authority (Úřad pro ochranu osobních údajů) if you believe your right to the protection of personal data has been violated.
VII. Conditions for personal data security
The Controller declares that it has adopted all appropriate technical and organizational measures to ensure the security of personal data.
The Controller has implemented technical measures to ensure the safety of electronic data storages (login, password, anti-virus, and firewall) as well as other document storages (locked room).
The Controller declares that only authorized personnel have access to personal data.
VIII. Final provisions
By submitting the order using the online order form, you confirm that you have read and understood the Terms and Conditions of Personal Data Protection and that you accept these Terms and Conditions in full extent. You express your agreement with these Terms and Conditions by checking the confirmation box in the online order form.
The Controller has the right to change these Terms and Conditions. Any potential new version of the Terms and Conditions for Personal Data Protection shall be published at the Controller's website and sent to the email address you provided to the Controller.
These terms and conditions take effect on 25 May 2018.
GDPR – Personal Data Protection
Processing of personal data and information for data subjects